Stitcher for Podcasts

Get the App Open App
Bummer! You're not a
Stitcher Premium subscriber yet.
Learn More
Start Free Trial
$4.99/Month after free trial

Episode Info

Episode Info: Find all images and links for this episode on CISO Series ( We're trying to clean up vendor pitches of unnecessary and outrageous claims so they can sail through to a CISO's inbox. It's our service to cybersecurity community on this week's episode of CISO/Security Vendor Relationship Podcast. This show was recorded live in front of an audience of CISOs and security vendors at the San Francisco CISO Executive Summit, hosted by Evanta. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Aaron Peck, CISO, Shutterfly. Thanks to our podcast sponsors ExtraHop and Tenable Unlike security solutions that focus on signature- and rule-based detection, ExtraHop Reveal(x) helps you rise above the noise of alerts with complete east-west visibility and machine learning for real-time detection of known and unknown threats, plus guided investigations for rapid response. Find and address real threats faster with ExtraHop. Effective vulnerability prioritization helps you answer three questions: Where should we prioritize based on risk? Which vulnerabilities are likeliest to be exploited? What should we fix first? Tenable gives you the accurate and actionable data you need to answer these questions and better secure your business. Learn more: On this week's episode Why is everybody talking about this now? Last week I was about to install a popular and approved app in the Google Play store that asked if the app could read, copy, download, and DELETE my contacts. Also last week during Google I/O, Sundar Pichai, Google’s chief executive touted their focus on privacy. This is not the first time we've heard this from Google or Facebook who is going to be facing the largest privacy violation in FTC history. Getting access to our behaviors is how Facebook and Google make their money. What would we like to see, not hear, from either Google or Facebook that convinces us that yes, they are doing something significant and proactive about privacy. Maybe they've already done it. Why is this a bad pitch? A Twitter thread asked, "What do vendors say that immediately undermines their credibility?" There were a lot listed, but the ones I saw repeated multiple times were military grade, next-gen, bank-level encryption, full visibility, 100% effective, and single pane of glass. We have brought up many of these on our show. And while we understand companies are trying to find a short pithy way to describe their technology, using terms like these can turn a great pitch into an effort to dig out of a hole. What's Worse?! We squeeze in two rounds of this game and our guest tries to dodge the question, but I don't let him. You're a CISO, what's your take on this? Brian Fricke, CISO at BBVA Compass is eager to hear how to successfully reconcile ...
Read more »

Discover more stories like this.

Like Stitcher On Facebook


Episode Options

Listen Whenever

Similar Episodes

Related Episodes