Spelade

  • We admit we've posted some rather embarrassing posts on social media. In particular, my co-host, Mike Johnson, talks about a post he initially regretted, but then realized it's what brought all of us together. In fact, it's a post that initiated much of the discussion we're having today about the relationships between CISOs and security vendors.

    On this week's episode of the CISO/Security Vendor Relationship Podcast, we discuss:

    A CISO that eagerly wants to talk to security vendors: CISO of Mitel, and former guest, Allan Alford sent a shock through the industry when he said he was going to reserve time to actually speak with security vendors. Why was this announcement such a big deal? One CISO and one CTO admit to posts they regret: Turns out posts you wish you didn't write actually shake up the pot so much that they form relations, like the two you hear on this show. We play "What's Worse?!" Possibly our toughest round of the game ever. Hint: think security policies. What Do You Think of This Pitch? Mike and our guest dissect a pitch from a listener. They advise what should be taken out, and what should be put in its place. Ask a CISO: Do CISOs need consultative resellers? When are they valuable? If not now, were they valuable? And as always, we've got launch with a great 10-second security tip.

    Today's episode is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Mike D. Kail (@mdkail), CTO of Everest.org.

    This episode is sponsored by Thinkst, makers of Canary deception devices. Read how much their customers love their product here. We thank Thinkst for sponsoring this episode of the podcast.

  • Did Katy Perry provide sound security advice, or didn’t she? You’ll have to listen to the latest episode of the CISO/Security Vendor Relationship Podcast to find out. In this episode:

    A Third of UK Organizations Have Sacked Employees for Data Breach Negligence Younger Employees Identified as ‘Main Culprits’ of Security Breaches Who has your CEO’s credentials? – by Robert Herjavec, one of the sharks on “Shark Tank” NEW Segment: Please, Enough. No, More. This week we talk about identity management What do you think of this pitch? A pitch from Cobalt Ask a CISO. How many tools in your suite? Are you worried about integration?

    As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Richard Rushing (@secrich), CISO, Motorola Mobility. The written content for this podcast was first published on Security Boulevard.

  • Don’t bother trying to craft a potentially clever, funny and adorable email that you hope will tickle a security practitioner; it’s simply not going to work. When it comes to security pitches, practitioners just want the facts. While humor is appreciated, a cold email pitch is not the time to showcase your creative writing skills. As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Jeremiah Grossman (@jeremiahg), CEO, Bit Discovery. On this week’s CISO/Security Vendor Relationship podcast, You’ll discover that InfoSec truism and:

    10-second security tip (do you have these security controls in place?). The correct pronunciation of CISO (and whether anyone cares). Consumers and activists issuing lawsuits in the name of GDPR and why that’s a good thing for the future of GDPR. The increasing cost of breaches. A new method to get a security practitioner’s time (Is the idea so crazy it will work? Or do we just need more crazy ideas?). How a security vendor helped me this week.

    The written content for this podcast was first published on Security Boulevard.

  • We spend a good portion of this episode of the CISO/Security Vendor Relationship Podcast mocking unrealistic job listings that ask for too many unnecessary credentials and on top of it aren't willing to pay a fair market rate. Did companies forget that it's a buyers' market right now in security?

    On this episode of the podcast we discuss:

    The security semantics of "responsibility" vs. "accountability": Which one drives which behavior? And it is possible to try to compel one to the detriment of the other? See Chad Loder's post for more. How do you motivate employees to be concerned about security outside of hammering them with pen tests and fake phishing emails? If it hasn't happened already, those tests to see how secure your environment is may backfire. What can you do to instill secure behavior without testing employees to the point of annoyance? What do you think of this pitch? We get a split decision on a pitch of a company that's operating in a new category. Plus, advice on what never to do in a pitch. Unrealistic expectations for position descriptions: Job descriptions in the security field seem to be getting longer, with more certification requirements, and lower pay. What's going on and do companies who list these types of jobs realize they're only hurting themselves? In a buyers' market you can't just put out an unrealistic job posting to "see who will respond." It will actually damage your brand. Plus, a 10-second security tip (that's a few seconds longer): It's what you should be doing, but probably aren't doing. And a visit from the host of The Cyberwire: Dave Bittner, from The Cyberwire, joins us for a discussion about his daily security tech news show and to tell us about the launch of two more security podcasts.

    As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Dan Glass, former CISO (as of just a couple days ago) of American Airlines.

    Special thanks to SpyCloud for sponsoring this episode. Learn more about how you can protect employees and customers from account takeover with SpyCloud.

    Contributions. Contributions. Contributions.

    I am cranking out a ton more content for not just the podcast, but also the entire series so I am very open and receptive to story ideas, suggestions for segments of the podcast, or anything else. Just connect with me on LinkedIn.

    Sponsor the podcast

    If you're interested in sponsoring the podcast, contact David Spark at Spark Media Solutions.