Created with Sketch.
19 minutes | Jun 16, 2020
#134 Jason Hicks — Global CISO at Kudelski Security
The Future of Security Leadership Jason Hicks, Global CISO at Kudelski Security, joins the podcast to talk about the future of security leadership. He covers the challenges of managing a security team, communication skills for technical leaders, coping with scope creep, and the rise of the branded CISO. You can find the Kudelski report co-authored by Jason and referenced in the podcast here. Timestamps: 01:40 — It is critical to the success of a security program for the CISO to speak business. 04:14 — “You have to be one to lead one” still holds true. 06:41 — The rise of the branded CISO. 11:24 — The CISO tenure remains short and there are several reasons why. 14:29 — Coping with scope creep. 17:11 — Top three issues for CISOs right now.
21 minutes | Jun 11, 2020
#133 Scott Edwards — Senior Director, Netskope Academy
Training Cybersecurity In this podcast, Scott Edwards, Senior Director of the Netskope Academy, talks about cybersecurity training. He discusses how training has evolved and the value it brings to companies who invest in their employees. He talks about the key skills cybersecurity trainers need: an ability to understand the technology deeply and an ability to educate. Finally he muses on whether virtual training has eclipsed the need for a brick and mortar classroom setting. 04:55 — If you train your employees you will have better outcomes with the security products you buy. 06:23 — Training benefits the company and the individual. 08:19 — Trainers require two assets: deep knowledge and an ability to make that knowledge learnable. 12:14 — Training hasn’t changed much but delivery has. Technology has enabled that. 15:45 — Is the future remote or classroom-based training?
21 minutes | Jun 9, 2020
#132 Lamont Orange and George Gerchow
Cloud is a Fresh Start Lamont Orange, CISO of Netskope, returns to the podcast with friend and fellow CISO, George Gerchow of Sumo Logic. They discuss their approaches to crisis management during COVID and the message is clear: it’s people first, then business and security. They go on to talk about what diversity looks like in cybersecurity and the strength that it brings. Finally, they cover the acceleration of digital transformation that companies are facing right now. Despite the challenges, cloud is the future and this is an opportunity for a fresh start. Lamont recommends, “Don’t take what you knew up to the cloud with you as your company is going; let’s look at fresh.” 01:54 — How to manage during a crisis? Gather a wide ranging and representative group to make quick decisions and reassure staff and customers alike. 04:48 — Diversity in cybersecurity. 10:27 — In the new normal, work from home presented new challenges for the SOC. 11:34 — Ensure your BCP plan covers succession planning. Start shadowing now. 15:36 — Digital transformation has gone from a five-year plan to a three-month plan. You can find Lamont Orange’s previous podcast with us here.
18 minutes | Jun 4, 2020
#131 Mike Hamilton — Founder & CISO, CI Security
Cyber Curious Mike Hamilton, Founder and CISO of CI Security joins the podcast to talk about his career in cybersecurity. He discusses the founding and purpose of PISCES and how they offer network monitoring at no cost to the public sector. He goes on to talk about the increased cyber threats that have come with the chaos of Covid-19 and the very real risk posed by nation states. He finishes the podcast by explaining that cybersecurity remains an industry that values the curious and the intelligent. He encourages those individuals, no matter their background, to explore a cyber career. He explains, “I am more concerned with your curiosity than your degrees.” 04:27 — The story of PISCES: linking public sector network monitoring with the education system to provide analyst students with live fire training. 07:55 — Among the chaos of Covid-19, nation state cyber attacks are even more of a concern. 09:37 — Elections are run by counties and local government is known to have poor security. 11:39 — Biggest election issue is manipulation and misinformation. 14:20 — Most hired roles in cybersecurity right now? Auditors and analysts. For more on cyber hiring, listen to our recent podcast with Mike Manrod.
18 minutes | Jun 2, 2020
#130 Thomas Stachura — CEO, Paranoid, Inc.
Radical Transparency Uncomfortable with the privacy implications while watching his children interact with a smart speaker, Thomas Stachura decided to find some middle ground. He invented a solution and his company Paranoid Inc. is bringing it to consumers. In this episode he talks about people’s polarized attitudes towards privacy and the way COVID has amplified the divide. He is honest about the commercialization of his products — after all, the purpose of a business is to make money — and says the only way to build consumer trust is through radical transparency. Worryingly, Thomas sees the power of decision making around privacy in the hands of big tech and not the government, with corporations setting tougher rules for government than they ask of themselves. For Thomas, the solution is simple, the power “needs to go with the individual, and the way to do that is to give the right tools to empower them.” 05:19 — COVID is polarizing attitudes to privacy. 09:07 — How do you build customer trust? Radical transparency. 12:27 — A passionate inventor and a reluctant CEO. 15:36 — Corporations, not government, are setting the privacy rules. For more on privacy, listen to our recent podcast with Jodi Daniels, Data Privacy Advisor at Red Clover Advisors.
19 minutes | May 28, 2020
#129 Merritt Baer — Principal Security Architect, Amazon Web Services
Cloud: Adopt and Adapt In this episode, Merritt Baer, Principal Security Architect at Amazon Web Services, talks about all things cloud. She discusses her own path to security and the steps she is taking to encourage new voices and faces into the industry. She explains, “The idea that security can be part of this emergence and this innovative side of technology, I believe that strongly.” She describes cloud as an experiment that has worked. It offers a new approach to security and with its ability to adapt and survive upheaval is well suited to the challenges posed by the current pandemic. As for the future, Merritt sees cloud as a maturing of the industry and is definitely here to stay. 01:30 — Journey to cybersecurity 05:38 — Cloud is a game changer; it allows you to think differently about security. 08:52 — Mindshift is required. 10:48 — Unfortunately, security exemplifies the negative aspects of the tech world. 15:38 — Cloud is an experiment that has worked. If you are curious about a career in cybersecurity, Merritt would be happy to have a short conversation with you. You can reach her via email at email@example.com or on Twitter @MerrittBaer.
20 minutes | May 26, 2020
#128 Jodi Daniels — Practical Data Privacy Advisor
16 minutes | May 21, 2020
#127 Olivia Rose — How to Get Your Start in Cyber
“It is all about who you know in security, and it’s a very small industry … It’s really important to have a very good reputation and reach out and connect to people because that’s where the jobs are.“ Olivia Rose, CISO at Large, rejoins the podcast for a conversation about how to get your cyber start. She discusses her recent article on LinkedIn giving the pointers she wished she had known when she’d known when she’d started. She explains that your career is a long game, making connections now and showing your passion for the industry will help people remember you when the next job opens up. 01:14 — Qualification and experience requirements for cyber entry-level jobs are unreasonable. 03:10 — It’s all about your connections. 05:34 — Show your drive and passion in conversation with security leaders; that’s what will make you stand out when the next job comes up. 08:02 — In cybersecurity, experience wins over education every time. 11:16 — Volunteer locally. 14:10 — The pandemic, cloud and remote working means the boundaries have exploded. If you’d like to hear more about cybersecurity hiring, listen to our recent podcast with Mike Manrod, CISO of Grand Canyon Education.
15 minutes | May 19, 2020
#126 Cat Coode — Digital Dangers at Home
“In the effort to connect, we are also exposing ourselves to risk” Cat Coode, Data Privacy Expert at Binary Tattoo joins the podcast for a second time. She talks about the digital dangers we face at home as we work remotely and try to stay connected to each other. She cautions that we should be wary of the information we share. The tools we use for telemedicine consultations may be HIPPA compliant, but what about our home routers? Cat points out that there are no regulations that cover working from home. Companies need to step up and ensure that the policies they apply in the workplace also apply to employees at home. And those conference call screenshots we’re sharing on social media? Stop now. They expose to every participant to evils like phishing emails and social engineering. She would like to see us all learn how to use our digital tools correctly. She explains, “All tools are like knives; they’re inherently dangerous, unless you use them safely.” 00:50 — The telemedicine tools you are using may be HIPPA compliant, but what about your home environment? 04:31 — There are no regulations to cover privacy and working from home. Companies need strong policies. 06:35 — Sharing conferencing images on social media exposes those involved to risk. 08:27 — People’s main privacy questions right now center on contact tracing. 13:31 — Digital tools are like knives – if you don’t use them safely they are dangerous. You can listen to Cat’s first podcast with us here.
19 minutes | May 14, 2020
#125 Lamont Orange — CISO, Netskope
Wide Angle Perspective In this episode, Lamont Orange, CISO of Netskope, joins the podcast to talk about the evolution of the CISO role and skill set now that security has become a business issue. He explains, “It requires cross-functional execution and audit to ensure that your organization is protected. So those soft skills are more important now than they’ve ever been.” He discusses managing security for the company while remote working and describes feeling pretty good about what Netskope has created and achieved as he uses their products. He goes on to talk about the other challenges posed by COVID-19 to businesses and recommends that leaders should adapt without losing sight of the fundamentals. He says, “Don’t be afraid to throw out the old models. We need to work on models that allow us to innovate our profession and also allow us to innovate at the speed of the business.” 03:31 — Security is a business function now. 08:29 — What does it feel like to be customer zero of your organization? 11:10 — A warp speed jump to the cloud with remote working 12:45 — Pre-COVID, during COVID, post-COVID – we’re always managing risk. 14:38 — Some companies may switch to remote working permanently. 16:41 — Don’t be afraid to throw out the old models. If you enjoyed this podcast and would like to hear from Netskope, you can find our podcast with CEO Sanjay Beri here.
14 minutes | May 12, 2020
#124 Michael Manrod — CISO, Grand Canyon Education
Give People with Potential a Shot “As leaders we need to ask ourselves, can we take a chance on somebody with potential and invest the effort and time to train them and help them get their start?” In this episode, Mike Manrod, CISO of Grand Canyon Education, Inc., joins the podcast to discuss how the world is adapting to a mobile workforce and the state of the cybersecurity job market. He explains that while the job market is currently contracting, cybersecurity remains a needed, growing and in-demand field. Mike goes on to talk about the closed mindset many leaders have when it comes to hiring. Constantly chasing a small pool of candidates with great experience and multiple skill sets has done nothing to close the skills gap.It has just led to inflated salaries. He believes managers should consider giving candidates with potential a chance. It is time to be flexible with the workforce. 02:05 — The job market is shrinking but cybersecurity as career field will not be going away. 07:15 — We need to give people a shot and a start. Not every cyber job requires decades of experience. 10:04 — The adversaries are still out there. We need to automate, strategize and be able to do more with less. 12:39 — Cold calling isn’t the best approach now. Vendors need to find introductions through trusted pipelines.
37 minutes | May 7, 2020
#123 Johnny Ryan — Chief Policy and Industry Relations Officer, Brave Software
Ad Tech Remorse In this episode, Johnny Ryan, Chief Policy & Industry Relations Officer at Brave Software, joins the podcast to talk data privacy. He speaks about Brave’s mission and explains its micropayment and cryptocurrency model. He discusses his experiences of working on both sides of the data privacy divide and the ad tech remorse that he and many of his colleagues feel. In describing the ad tech model, Johnny highlights just how much personal data is collected and why protections like GDPR should be strongly enforced. He explains, “You should protect yourself because, unfortunately, the referee has yet to walk on to the pitch.” Even amidst current fears that the world will have to sacrifice privacy to combat COVID-19, Johnny disagrees. For him, the answer lies in building privacy into design.0 02:35 — Ad tech remorse. 05:25 — Real-time bidding and how it works. 11:23 — GDPR needs to be enforced. 16:45 — We do not need to sacrifice data privacy in the fight against COVID-19. 22:57 — What are micropayments? 30:27 — Governments should not be using conventional web browsers. To hear more about data privacy listen to our recent podcasts with Kavya Pearlman and Laura Noren.
16 minutes | May 6, 2020
#122 Helen Patton — An Agile Business Continuity Plan
“I hope what will change after this is that we won’t try and preplan the disaster. What we will do is we will set the stage so that we can respond quickly and adaptively when something happens.” Ohio State University’s CISO, Helen Patton, returns to the podcast. Having started her career in business continuity and risk assessment, navigating a crisis is nothing new. Helen talks about how the traditional business continuity plan is no longer relevant and calls for a more agile approach. She shares her thoughts on the current relaxation of data privacy regulations and suggests a rethink on regulation. Helen also discusses how her team are coping with remote working and wonders how the pandemic will change the future of work. 03:18 — Traditional business continuity planning is no longer relevant. 06:00 — Regulations around data privacy have been relaxed. Should we consider rolling them back? 09:18 — What lessons will we learn from this about how we work? 12:51 — This hasn’t changed our direction, just accelerated our move towards cloud, mobile, remote. You can listen to Helen’s previous podcast, “Adjusting to a New Normal” here.
18 minutes | May 3, 2020
#121 Ty Sbano — Chief Security and Trust Officer, Sisense
Have a Resilient Plan “I think it’s really critical to have the fortitude and the resiliency to make it through these things. It’s not that you pray you won’t have incidents, because you will, it’s that you plan for it.” Ty Sbano, Chief Security & Trust Officer at Sisense, joins the podcast to talk about how having a resilient plan can remove emotion and make crises less scary. He discusses Sisense’s cloud-first approach, explaining how and where they see the future of work. And like many security practitioners we speak to here, Ty underscores the role of the CISO as a business enabler and encourages every company to make security part of company culture. 02:06 — Getting ahead of the curve. Planning for the pandemic early. 06:28 — Having frameworks in place allows you to not have an emotional response. 08:22 — Remote working has leveled the playing field. 12:15 — Cloud first, remote working means connectivity will be crucial. 15:59 — Advice: CISOs – have a resilient plan. Vendors – tread with care. To hear more about managing during a pandemic, listen to our podcast with Vince Crisler, CEO of Dark Cubed.
16 minutes | Apr 28, 2020
#120 Vince Crisler — Founder and CEO, Dark Cubed
Focus on Your People When our host, Ashwin Krishnan, came across a LinkedIn post supporting Zoom amidst their recent troubles, he immediately contacted the author Vince Crisler, Founder and CEO of Dark Cubed. Vince joins the podcast here to talk about why he felt compelled to support Zoom during their darkest hour and what he learnt about their corporate culture from the response to his article. Vince also talks about how he is leading Dark Cubed through these strange and unprecedented times. He describes a people-first culture, reaching out to those who need help most, and the aims of D3 for Good. 04:41 — Zoom made mistakes, but they provide a valuable lifeline during a time of social distancing. 07:30 — Dark Cubed are determined to do good. D3 for good aim to give away 2,020 free licenses to non-profits in 2020. 10:06 — The future has arrived early. This pandemic has thrust us three to five years into the future. 12:42 — It’s all about the people. Right now, leaders must put their people first. 13:33 — This is an unprecedented time. We must take care of those around us. 15:19 — It’s time to be creative. Innovate your business plan and your product offerings. You can find Vince’s article about Zoom on Medium and the related post on LinkedIn.
16 minutes | Apr 23, 2020
#119 Deidre Diamond — Founder and CEO of CyberSN
Deidre Diamond is the founder and CEO of CyberSN, a cybersecurity recruitment specialist. In this edition of our podcast, Deidre talks about the current state of the cybersecurity job market. She shares her view that the initial hiring freeze has passed as companies and professionals realize that life has to move forward. And she discusses the unusual challenges brought by interviewing, hiring and onboarding remotely. Championing diversity in cybersecurity is a passion of Deidre’s. Five years ago, she founded Secure Diversity to help promote the interests of women and underrepresented minorities in cybersecurity. She enthusiastically describes the progress that has been made and describes the sisterhood it has created as “truly special.” 02:43 — Hiring on hold, but less so in cybersecurity. 06:42 — Remote interviewing, hiring and onboarding. 08:20 — Engineers remain in demand and privacy roles are increasing. 12:07 — #MeToo gave women the confidence to progress and move forward. To hear more from brilliant women in cybersecurity, listen to our 2020 International Womens’ Day podcast.
13 minutes | Apr 21, 2020
#118 Kristina Podnar — Marketing with Empathy
In this FastCast episode, Digital Policy Expert Kristina Podnar talks about marketing during our new normal. She believes the smartest marketers have assessed and adjusted their messaging. Brands don’t need to be silent right now, but they do need to be empathetic and focus on the good they can do. Kristina believes that as traditional marketing such as conferences and events are canceled, we will see an increased shift towards virtual and digital platforms. The brands that are able to embrace this softer, empathetic marketing approach will be the ones who come out the other side. 02:04 — First things first: adjust your messaging 03:46 — Focus on what good you can do during this time. Have empathy. 04:15 — The “How We Feel” app from Pinterest is helping track the spread of coronavirus. 06:59 — Canceling traditional marketing, like events, doesn’t mean canceling all marketing. 10:28 — Simple thank-you messages can keep your brand front and center.
18 minutes | Apr 9, 2020
#117 Janice Le — Silicon Valley CMO / Startup Advisor
Reaching a Distracted Audience Janice Le, Silicon Valley CMO and Startup Advisor, joins the podcast to talk about how brands can reach a distracted market. She sees two approaches to marketing right now, one that highlights how your company can help, and one that ensures your brand is remembered positively once the world is out the other side of the pandemic. Janice emphasizes the importance of cyberhygiene in our world of ever increasing digital connection. She explains end-users cannot rely on vendors to do everything it takes to protect them in cyberspace and would like to see vendors remind their customers of that through education. 02:27 — Drawing upon her experience as immigrant from a third-world country to help others through the pandemic. 05:53 — Marketing should be working cross-functionally with communications, engineering, security, and customer support to discuss how remote working could be exploited and get ready with a response. 09:42 — Cyberhygiene is more important than ever. We, the end-users, need to own responsibility for that and not rely on the vendors. 12:40 — There are two approaches to sensitive messaging right now. First, if you address privacy and data, that should be at the forefront. Second, make sure your brand is positively remembered once this is over. 15:32 — Walk your kids through cyberhygiene and teach them about the threats. You can hear more about marketing cybersecurity in our podcasts with FireEye’s Vasu Jakkal and Aruba’s Larry Lunetta.
11 minutes | Apr 7, 2020
#116 Gary Hayslip — CISO, Softbank
Virtual Security Gary Hayslip, CISO at Softbank Investment Advisors, joins the podcast to discuss how he and his team are navigating the challenges posed by a dispersed workforce from cloud adoption to virtual communication tools. As a CISO experienced with the cloud environment, he cautions his peers that 100% cloud does not equal 0% effort; the security program still needs to be managed and the cyber hygiene basics still have to be done. 01:30 — Communication requires greater effort in the remote working setting. 04:12 — Tracking productivity metrics to help enable executive business decisions in the future. 05:43 — 100% cloud does not mean 100% less effort. You still have to manage your security program. 08:00 — A dispersed workforce utilizing virtual tools does pose the possibility of impact to the business. 08:41 — Burnout is a real concern right now. 10:15 — Vendors need to understand that CISOs are just treading water right now. You can find our previous podcast with Gary here.
19 minutes | Apr 1, 2020
#115 Kavya Pearlman — Founder & CEO, XR Safety Initiative
Have our Privacy Gains Gone? Kayva Pearlman, XR Safety Initiative’s Founder and CEO, joins our host, Ashwin Krishnan, on this podcast to share her concern that we may be losing our hard-won data privacy protection. We are currently seeing privacy regulations relaxed. While we mustn’t let data privacy impede the fight against COVID-19, we must be cognizant of the ramifications. Kavya explains, “after this passes, the data destruction clause has to be there.” For small to medium businesses or small teams working in response to COVID-19 who lack privacy protection resources, XRSI are offering free privacy reviews. Reach out to them via their website. 03:20 — This crisis has shown us two types of leadership. Those leading with FUD and those leading with compassion. 08:09 — Right now we are seeing a relaxation of privacy regulations. 09:47 — This is not just about data privacy protection, so much more is at stake. 10:46 — Some of the largest companies are partnering with WHO hoping software can solve the COVID-19 problem. 12:53 — Cybersecurity is more important than ever. The recent layoffs are due to budget not lack of need. 16:16 — If you are working in response to COVID-19, please pay attention to privacy. The website reporting hiring freezes mentioned by Kavya in the podcast can be found at https://candor.co/hiring-freezes. The CyberSN blog by Deidre Diamond can be found at www.cybersn.com/blog/.
Terms of Service
Do Not Sell My Personal Information
© Stitcher 2021