CISO's perspective from the frontlines

TagCybersecurity

Security Vendors, What Problem are you solving?

S

You would think this is a reasonable question to ask security vendors that are pitching you their product. I would also think the vendor will be able to answer it quite easily. Think again! Every vendor can tell you what they do 100%! Some times they can even tell you how they do it. But what I found was that they almost never can tell you what problem they are solving. My LinkedIn post Several...

Vulnerability Management: More Than Just discovering your Flaws

V

In this episode of Defense in Depth, I joined David Spark and Mike Johnson – CISO at Rivian to discuss the topic of vulnerability management. We make the argument that simply finding vulnerabilities is not enough, and true vulnerability management requires prioritizing, tracking, fixing, and assessing risks. What we need is a comprehensive approach that includes IT hygiene, asset...

We Want a Solution to Remediate, Not Just Detect Problems

W

Discovery of security issues is important, but ultimately we need to remediate them. So why do so many solutions seem to stop short?

In this episode of Defense in Depth, I joined as a guest co-host to David Spark (@dspark), the producer of CISO Series, and our guest, Neil Watkins, SVP technology and cybersecurity services, i3 Verticals.

CYBER SECURITY HEADLINES WEEK IN REVIEW: March 25-29, 2024

C

In this episode of CISO Series, Cyber Security Headlines, I am reviewing this week’s cyber security headlines and stories with Richard Stroffolino. We talked about: Vulnerability in Apple’s Silicon M-series chips can’t be patched APT31 uses family members to surveil targets MFA bombing attacks target Apple users Think tank calls for US military cyber service Google recommends scam sites Spyware...

Visibility without action is just noise

V

CISOs are bombarded with pitches from security product vendors, that all sound the same “We give the CISO visibility“. They tout their dashboards, each claiming to offer the most comprehensive, in-depth view of the security landscape, send alerts to the SIEM or give you various reports. But here’s the truth: visibility without actionability is just noise. The problem with...

Cyber Security Hierarchy of Needs

C

“What does a Cyber Security Practice Model should look like?”, I’ve been asked that question many times over the years, and with the lack of standard in this field, I had and also heard different answers. Ultimately, I was looking for a simple model where the building blocks of a security practice can be understood even by those who are not experts in the filed. The model I came...

Which security game are you playing?

W

A few years ago I watched Simon Sinek excellent talk “Most Leaders Don’t Even know the game they are in” and it changed completely how I am thinking about practicing cybersecurity. In his talk, Sinek presented the concept of finite vs. infinite games, and how this concept applies to leadership. Finite game vs. infinite game A finite game as a game with known players, fixed...

Risk never sleeps podcast: Securing the Digital Future with Adaptability and Communication

R

In an ever-evolving digital landscape, cybersecurity has become more critical than ever. In this episode of Risk Never Sleeps, I visited with Ed Gaudet CEO at Censinet and shared insights earned from my career journey, highlighting adaptability and essential skills as key elements of his success across diverse industries. We talked about emotional intelligence in cybersecurity communication, AI...

Cyber Security Headlines Week in Review: July 10-14, 2023

C

In this episode of CISO Series, Cyber Security Headlines, I am reviewing this week’s cyber security headlines and stories with Sean Kelly We talked about: Threat actors gaining access to US government email USB drive malware attacks Cloud environment breaches US and EU agree on new data transfer agreement JumpCloud resets customer API keys California resident charged with cyberattack on...

Defense in depth podcast: Third Party Risk vs. Third Party Trust

D

This time I am sitting in as a guest co-host in this episode of Defense in Depth podcast. David Sparks, Dan Walsh and I talked about how businesses grow based on trust, but they have to operate in a world of risk. Even cybersecurity operates this way, but when it comes to third party analysis, what if we leaned on trust more than trying to calculate risk?

CISO's perspective from the frontlines

Topics

Follow me

Get in touch

Do you want to get in touch? have a question? want me to speak at your event? need advice? please use the form below. No sales messages please!
Please enable JavaScript in your browser to complete this form.