In this episode of Cyber Range Podcast, I joined Allan Alford plays Devil’s advocate – challenging the practitioner community to refute the idea that we should quit trying to make the organization care about cybersecurity and simply make suggestions and accept the organization’s level of risk tolerance, so we got together to discuss if this is really our job. Listen to hear a...
Xcitium CISO Blend Webinar: Is the Industry Failing At Incident Response?
How effective has Incident Response been over the last 20+ years? Tim Bandos, EVP, SOC Services at Xcitium, and I did a deep into the current methods of practicing incident response (IR) and explore why current strategies continue to fail. We also detailed how to evolve the organization’s IR plans to meet today’s threats, and how to train your team to best respond to the current...
Jay walkin: Conferring on Conferences
Join Joel Fulton, CEO of Lucidum, and Yaron Levi, CISO of Dolby, for the first episode of JaY Walkin. Where Joel and Yaron walk in front of the traffic of security to discuss security, leadership, and everything in between while avoiding being hit by the threat bus. In this episode of JaY Walkin, Joel and Yaron chat about the recent and notable security conferences, including RSA, Black Hat...
Understanding SEC’s Proposal for Cyber Risk Management
I went down to the Ranch to talk with Allan Alford about the March 2022 proposal from Securities and Exchange Commission (SEC). Titled the Cyber Risk Management Strategy: Governance and Incident Disclosure, this report has huge implications for cybersecurity in any publicly-traded company. We walked through this report and explained what this means in the future for real-world cyber practitioners.
Where’s the Trust in Zero Trust?
In this episode of Defense in Depth podcast, David Sparks, Geoff Belknap and I talked about why Zero trust is a hollow buzzword. In any form of security, there exist critical points where we have to trust. What we need is a move away from implicit trust to explicit trust, or identity that can be verified.
Down the security rabbit hole: How to Win Friends and Influence CISOs
Have you noticed that the relationship between buyer and seller, or more precisely, between CISO and seller is… eh … tenuous lately? OK, maybe it’s a lot worse than that in some cases. Why is that? How did we get here? And how do we fix a relationship that is quite clearly necessary, but just so broken? Rafal and I went down the security rabbit hole to discuss the challenges and...
Defense in Depth podcast: When Vendors Pounce on New CISOs
In this episode of Defense In Depth podcast, David Spark, Allan Alford and I discussed: A security professional announces a new position as CISO. As a vendor you see this as good timing to try a cold outreach to sell your product. Why do so many vendors think this is a good tactic, when in reality it’s exactly what you should not do? and It all started because of this post I shared on LinkedIn
The Cyber ranch podcast: What We’re Doing Wrong in the SOC
Allan Alford and I met on the at the Cyber Security Ranch podcast to talk about the SOC and why we are going about it all wrong. We identify and examine the three main areas of concern: the data, the analyst, the analysis – and how to improve upon them. I shared some thoughts with Allan on what steps and approaches need to be taken in order to successfully accomplish the SOC’s goal.
WSJ Pro cybersecurity: scoring board
Successful chief information security officers are effective at getting their message across to the board. In this session I joined Rob Sloan , WSJ Research Director, and Tim Rohrbaugh, CISO at JetBlue, where we presented to a board member and have Dr. Anastassia Lauterbach critique our efforts. It was a fun conversation.
CISO series podcast: Click This Link to Fail a Phishing Test
Our phishing tests are designed to make you feel bad about yourself for clicking a link. We’re starting to realize these tests are revealing how insensitive we are towards our employees, and the resentment and shame a phishing test can create.
I had the honor to be a guest on this episode hosted by David Spark (@dspark), producer of the CISO Series Podcast and Mike Johnson.