CISOs have a stressful job, due to the many threats, unknowns and high expectations. How does this impact mental health? Is this different from other leadership roles? Should you discuss with your company? Join Shamla who has held several Fortune 100 CISO roles, as she discusses several approaches to this real issue. Naidoo, S. 2022. The Looming CISO Mental Health Crisis – and What to Do About it – Part 1. Dark Reading (Jan 28).

https://www.darkreading.com/edge-articles/the-looming-ciso-mental-health-crisis-and-what-to-do-about-it-part-1 Naidoo, S. 2022. The Looming CISO Mental Health Crisis – and What to Do About it – Part 2. Dark Reading (Jan 31). https://www.darkreading.com/edge-articles/the-looming-ciso-mental-health-crisis-and-what-to-do-about-it-part-2

This segment is sponsored by Wiz.

Visit https://securityweekly.com/wiz to learn more about them!

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Show Notes: https://securityweekly.com/csp89

 

The NIST Cybersecurity Framework simplifies the language of Cybersecurity across the organization. Learn from the person who led the contracting team for the development of the NIST Cybersecurity Framework what the framework is all about and how it can reduce risk to the organization.

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/08/CISOSTORIES_MatthewSmith_Article.pdf Smith, M. 2019. Using the Nist Cybersecurity Framework in an International Setting In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 239-240. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.

This segment is sponsored by Wiz.

Visit https://securityweekly.com/wiz to learn more about them!

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Show Notes: https://securityweekly.com/csp88

There has been much discussion lately about Quantum Computing and the future threats to encryption and authentication it could cause. Should CISOs be worried? Are there steps that should be taken now? Join us as we discuss Quantum computing and the implications for the CISO – today. This segment is sponsored by Wiz.

Visit https://securityweekly.com/wiz to learn more about them!

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Show Notes: https://securityweekly.com/csp87

Fortunes have been gained and lost through Bitcoin and other cryptocurrency purchases. Ransomware paid in cryptocurrency is rarely recovered. Should the CISOs get involved in promoting regulation of the cryptocurrency? Would this reduce the number and amounts paid in ransomware attacks? Join the author of “The COiNMEN”, who has extensively researched cryptocurrencies and promoted policy changes as he shares his views.

Segment Resources: Letter in Support of Responsible Fintech Policy, www.concerned.tech

“The Coinmen” is on Amazon at https://www.amazon.com/dp/B09SL16P5Y .

This segment is sponsored by Wiz.

Visit https://securityweekly.com/wiz to learn more about them!

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Show Notes: https://securityweekly.com/csp86

As ransomware wreaks havoc on our systems and information, more companies are transferring some of the risk through Cyber Insurance. What technologies are cyber insurance companies looking to have in place? How are insurance companies setting the premiums? Join Bryan as he shares his extensive cyber counterintelligence and forensic experience in supporting CISOs to navigate cyberinsurance carriers.

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Show Notes: https://securityweekly.com/csp85

Ron has seen the CISO role emerge over as a senior executive at ISACA. Join us as Ron shares the necessity of the CISO getting out of the office and the types of forums that are most beneficial to the CISO, based upon his decades experience in enhancing the CISO profession.

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/08/CISOSTORIES_RonHale_ArticleV2.pdf Hale, R. 2019.

The Positive Power of Community Engagement. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 270-1. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Show Notes: https://securityweekly.com/csp84

What do you do if the most senior person in your organization, the CEO, refuses to wear security badges- an essential control for identifying associates and restricting physical entry? Listen as John uses creativity to win the heart and mind of the CEO and embrace and become a strong advocate of the security awareness program!

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/08/CISOSTORIES_JohnCeraolo_ArticleV2.pdf Ceraolo, J. 2019. Listening and Using Creativity in You Security Program In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 371-2. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.

This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them!

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Visit https://securityweekly.com/csp for all the latest episodes!

 Show Notes: https://securityweekly.com/csp83

Go to any security conference today and there is a plethora of new products to prevent, detect and respond to the current threat environment. But are we missing something? Is there a less expensive and more tactical way to approach security? Join Benjamin as we review what some are the key basics are that should be in place before investing in higher-end technology.

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

 Show Notes: https://securityweekly.com/csp82

CISOs, security leaders and their teams must consume a large amount of information from many sources to remain effective. How does the CISO organize unstructured information? How does the CISO brainstorm? How does the CISO collaborate? Mind Mapping is a very effective tool to generate ideas quickly and was also used to create the CISO COMPASS book! Learn from a CISO who uses Mind Maps™ for just about everything!

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/07/CISOSTORIES_MichaelWilcox_Article.pdf  Wilcox, M. 2019. Mind Maps™ Effective Method for Organizing Cybersecurity Information In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 80-81. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Show Notes: https://securityweekly.com/csp81

A Lawyer can be the CISOs best friend and advocate for cybersecurity investments. Are you frustrated with a lawyers answer of, “it depends?” Lawyers have a different thought process than many CISOs when apply the law. Join this session from a notable cybersecurity lawyer as to the differences in language and how to best take advantage of the legal expertise available to support the mission.

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/07/CISOSTORIES_MarkDRasch_Article.pdf Rasch, M. 2019. How to Talk to Your Lawyer In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 317-318. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Visit https://securityweekly.com/csp for all the latest episodes!

 Show Notes: https://securityweekly.com/csp80

Companies clearly want to hire the best candidate for the CISO Role. Where best to learn, but from someone who has been successfully recruiting Security Leaders for over 35 years? Learn from the guidance Joyce provides to her clients when hiring for the CISO role. Joyce also discusses salaries, reporting relationships, and skills necessary today.

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/07/CISOSTORIES_Joyce_Brocaglia_Article.pdf Brocaglia. 2019.

An Insider’s View of the CISO Search In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 33-35. Fitzgerald, T. CRC Press, Boca Raton, Fl.

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Companies clearly want to hire the best candidate for the CISO Role. Where best to learn, but from someone who has been successfully recruiting Security Leaders for over 35 years? Learn from the guidance Joyce provides to her clients when hiring for the CISO role. Joyce also discusses salaries, reporting relationships, and skills necessary today.

Show Notes: https://securityweekly.com/csp79

The Solarwinds breach raised the visibility of Software supply chain risks, as many organizations employ third party software with potential access to sensitive information. Join the CISO of Solarwinds as he discusses what happened during the attack, the lessons learned, the mitigations employed after the attack, and excellent, transparent actions for organizations to manage software development and distribution processes.

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Show Notes: https://securityweekly.com/csp78

As CISOs embark on implementing an Intellectual Property protection effort, they are often met with resistance, being challenged as to the necessity of the effort. Join Michael as he shares his experience in winning the support for his efforts to properly classify and secure the information and systems.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/07/CISOSTORIES_MichaelBoucher_Article.pdf

 

Boucher, M. 2019. Data Protection: Security Intellectual Property In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 371-2. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Show Notes: https://securityweekly.com/csp77

Join the former Privacy Commissioner of Ontario, Canada and creator of PrivacyByDesign (PbD), translated into 40 languages and incorporated into General Data Protection Regulation (GDPR) and used by many organizations to proactively “bake-in” privacy into our systems. Every CISO needs to pay attention to and support the various country privacy laws. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/05/CISOSTORIES_AnnCavoukian_Article.pdf Cavoukian, A. 2019. Lead with Privacy by Design for Competitive Advantage. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 270-1. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Show Notes: https://securityweekly.com/csp76

As your organization increases the cybersecurity talent to protect and defend the information assets, how do you know what skills are needed? What tasks are to be performed and what knowledge is necessary to perform these functions? The NIST NICE Framework helps define the job and assist the CISO in hiring as well as measuring the capability along the career path.

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/05/CISOSTORIES_GregWitte_Article.pdf Witte, G. 2019. Using NICE Framework to Attract Talent In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg. 422. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Visit https://securityweekly.com/csp for all the latest episodes!

Show Notes: https://securityweekly.com/csp75

Where the CISO should report has been debated for many years, with the predominant view being “anywhere but the CIO”, while even in 2022, most CISOs are reporting to the CIO! Which reporting structure viewpoint is right? This podcast will examine the pros and cons of reporting to the CIO and other departments. Join Stephen as he shares his experience as a Former CISO for several large financial institutions, along with his current views.

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/05/CISOSTORIES_StephenFried_Article.pdf Fried, S. 2019.

The Best Reporting Relationship for a CISO May Not Be What You Think!

In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 174-5. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Visit https://securityweekly.com/csp for all the latest episodes!

 Show Notes: https://securityweekly.com/csp74

Managing cybersecurity defense inside an organization is an enormously complex endeavor, considering the interconnections, vendor relationships, cloud, and mobile proliferation of the data. While many of these computing technologies have a clear purpose and usefulness, many times organizations minimize the complexity when presenting to the Board. Should we? Join us as we discuss a different approach to better communications.

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/05/CISOSTORIES_EdwardAmoroso_Article.pdf Amoroso, E. 2019. Educating Senior Management in Cybersecurity. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 150-1. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Visit https://securityweekly.com/csp for all the latest episodes!

Show Notes: https://securityweekly.com/csp73

Careers can just happen, or they can be planned. Join us as we discuss making the decision to become a CISO and then taking the steps necessary to develop the skills to attain the job and thrive in the role.

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_ShaunCavanaugh_Article.pdf Cavanaugh, S. 2019. From Techie to CISO – Identify Where you Want to Be and How to Get There. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 480-481. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Visit https://securityweekly.com/csp for all the latest episodes!

Show Notes: https://securityweekly.com/csp72

The cybersecurity field has traditionally been male dominated and there is clearly a desire to attract more women into the field. Join us as we discuss practical tips for women advancement to leadership positions, how to stand apart when climbing the leadership ladder, and advice for leading effective teams.

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_StayMill_Article.pdf Mill, S. 2019. Women In Leadership – Practical Advice.

In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg. 425 Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

 Show Notes: https://securityweekly.com/csp71

Security metrics are often a struggle to establish by security departments. These metrics may be taking too narrow of a view, whereby metrics visible and embraced by other areas can improve the security program success. Join us as we discuss these metrics. Additionally, Caroline is graciously offering her Linkedin metrics course focused on establishing objectives and measuring progress towards the objectives, to CISO STORIES listeners at no cost at https://www.linkedin.com/learning/learning-security-metrics/why-are-security-metrics-important?autoplay=true To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_CarolineWong_Article.pdf Wong, C. 2019. Sharing the Metrics Goal Between Departments. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 158-9. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Show Notes: https://securityweekly.com/csp68

The security spend is increasing year over year as hackers become more sophisticated, organized, and opportunistic. Join us as we discuss ways to determine and evaluate the cost of cybersecurity to ensure the organization is spending the appropriate amount to reduce the risk to an acceptable level.

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_DevonBryan_Article.pdf Bryan, D. 2019. The Cost of Cybersecurity.

In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 501-2. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Visit https://securityweekly.com/csp for all the latest episodes!

Show Notes: https://securityweekly.com/csp70

A key function of the CISO is to provide an accurate organizational picture of the risk the organization is currently accepting and communicate the strategy for enhancing the security maturity in support of the business goals. The way you prepare and communicate is just as important as the message. Join us as we discuss how to improve the delivery of the message.

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_JasonWitty_Article.pdf Witty, J. 2019. Projecting Confidence when Presenting to the Board of Directors.

In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 493-4. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Visit https://securityweekly.com/csp for all the latest episodes! 

Show Notes: https://securityweekly.com/csp69

Security metrics are often a struggle to establish by security departments. These metrics may be taking too narrow of a view, whereby metrics visible and embraced by other areas can improve the security program success. Join us as we discuss these metrics.

Additionally, Caroline is graciously offering her Linkedin metrics course focused on establishing objectives and measuring progress towards the objectives, to CISO STORIES listeners at no cost at https://www.linkedin.com/learning/learning-security-metrics/why-are-security-metrics-important?autoplay=true

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_CarolineWong_Article.pdf Wong, C. 2019. Sharing the Metrics Goal Between Departments.

In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 158-9. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Visit https://securityweekly.com/csp for all the latest episodes!

Show Notes: https://securityweekly.com/csp68

Organizations want to know, how are we doing with respect to security? Companies can accept risks they are aware of, and don’t want to outspend the competitors with the industry vertical. They also need a way to understand and benchmark the effectiveness of the security program. Join us as we discuss how to ensure the threats are being evaluated.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_JasonTaule_Article.pdf

 

Taule, J. 2019. Keeping Up with The Jones (When Your Neighbors Are Bad Actors). In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 156-7. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp67

Visit https://securityweekly.com/csp for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

We have four generations predominantly in the workforce today, boomers, generation X, Millennials, and Generation Z. Each generation was influenced by different world events, shaping values towards work, family, and technology. The past few years have brought a changing view towards work, with remote and hybrid working. Join us as we discuss these challenges.

 

McGaw, C. 2019. Optimizing Four Generations in The Workforce. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 443-4. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp66

Visit https://securityweekly.com/csp for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

In addition to serving as a CISO for several large companies, Phil was instrumental in co-founding the Cloud Security Alliance (CSA) and creating the Cloud Controls Matrix (CCM) to identify what standards from the many frameworks such as NIST, ISO27000, COBIT, HIPAA, PCIDSS, etc. would be applicable to the cloud environment. Join Phil as he discusses his view of these frameworks and his approach to security today.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Phil_Agcaoili_Article.pdf

 

Agcaoili, P. 2019. Leveraging Control Frameworks. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 223-227. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp65

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Organizations are developing technology at a rapid pace today to maintain business relevance and adapt to changing conditions. Rebecca talks about the importance of ensuring change control is implemented and the real impacts if not implemented correctly.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Rebecca_Herold_Article.pdf

 

Herold, R. 2019 Change Controls Are More Necessary Than Ever. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 119-120. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp64

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

One of the most important and impactful tasks of the CISO is presenting to the Board of Directors and Senior Management. The Board needs to have the confidence the CISO is able to determine risk and provide recommendations of cost-effective business-oriented solutions. Listen to Adel as he shares his experience in working with many organizations to reduce risk.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Adel_Melek_Article.pdf

 

Melek, A. 2019. Determining Risk Appetite with the Board. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 505. Fitzgerald, T. CRC Press, Boca Raton, Fl www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp63

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

For security leaders, it can be hard to catch a break when faced with the increasingly challenging task of defending their organizations from evolving threats while simultaneously fighting the battle of the budget in an effort to do more with less. What issues should CISOs be prioritizing, and how can they get the most bang for their buck with regard to minimizing potential risks and maximizing potential outcomes? CISO Stories Podcast hosts Sam Curry, CSO at Cybereason, and Todd Fitzgerald, VP of Strategy at the Cybersecurity Collaborative, are joined by an esteemed panel of accomplished security leaders to discuss these challenges and more. Join our panel of seasoned CISOs from multiple industries as they share their valuable perspectives on: - Ransomware and the impact on global stability - Supply chain attacks and trusted infection vectors - Detection and response across the network and in the Cloud - Incident Response readiness - Attracting and retaining the right talent

 

Show Notes: https://securityweekly.com/csp62

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Why are we failing at security, and will we ever graduate from Cyber-Kindergarten? The industry has arguably made a lot of progress over the last three decades, yet the attackers still enjoy a distinct advantage. Wayman Cummings, VP of Security Operations at Unisys, joins the podcast to discuss how industry stagnation impacts the security for our critical infrastructure when that rises to the level of national security, what value true public-private partnerships can bring, and more…

 

Show Notes: https://securityweekly.com/csp61

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Sharing sensitive information on a website is likely to solicit a ‘No Way” response from the CISO. Renee was faced with these decisions early in her career and needed a way to determine and communicate the right pragmatic and ethical decision. She developed the ‘Six-Month Rule”, which has evolved into the “Six-Minute Rule” to guide these decisions. Just us as Renee articulates how to help appropriate stakeholders make informed risk/reward decisions.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Renee_Guttmann-Stark_Article.pdf

 

Guttmann-Stark, R. 2019 Six-Minute Rule. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 194-195. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp60

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Information Sharing and Analysis Centers (ISACs) were formed to promote the centralized sharing of threat intelligence within a particular sector. These have grown since the first ISAC in the late 1990’s and now represent over 20 industry sectors. Grant shares his experience in working with an ISAC and how this benefited his organization and the broader CISO community.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Grant_Sewell_Article.pdf

 

Sewell, G. 2019. Experience with an Information Sharing and Analysis Center. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 116. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp59

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Richard spent several decades serving Presidents of both parties and understands what is necessary to implement effective security programs. Join us as he provides pragmatic tips for working with the Board of Directors to effectively communicate the investment need and articulate the benefits in terms the Board can support.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Richard_A_Clarke_Article.pdf

 

Clarke, R. A. 2019 Getting the Board on Board. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 499. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp58

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

The issues created by the recently disclosed Log4j vulnerability are bigger than you might expect and will have long-lasting implications. So, what was the Log4j vulnerability really, what can be done to reduce the risk it poses to organizations, and how can we better prepare for the next Log4j-level event? Benny Lakunishok, co-founder and CEO of Zero Networks, takes us deeper…

 

Show Notes: https://securityweekly.com/csp57

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Risk management is arguably one of the most important functions of the CISO. How does the CISO establish the value proposition for an investment? Using a well-tested risk framework, Jack discusses how to evaluate and compare the current state of loss exposure and the expected reduction from applying a set of alternative controls.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Jack_Jones_Article.pdf

 

Jones, J. 2019. Meeting The Cost-Effective Imperative. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 286-7. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp56

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Kevin walks through a very creative method of getting the budget necessary. Over the years, security departments acquire tool after tool, sometimes integrated, and many times under-utilized. Kevin describes how to leverage the current environment to “find” new sources of budget to fund the right cybersecurity investments.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_KevinRichards_Article.pdf

 

Richards, K. 2019. Creating Budget Where There Is No Budget. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 482. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp55

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

With the talent shortage expected to last many years into the future, when a new cybersecurity skill is needed that is available within the current team, what do you do? Should you hire someone externally, or bring in a consultant? What are the pitfalls of each approach? Join John as he discusses his experience in making these tough decisions.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_John_Iatonna_Article.pdf

 

Iatonna, J. 2019. Develop from Within or Hire a Consultant. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 423-4. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp54

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

The locus of control has been slipping away from IT teams (and by default Security teams), and this "challenge" to IT governance has accelerated post-covid with a more distributed workforce. The fact that IT governance is eroding as easily and quickly should tell IT and infosec teams that they need to ditch their legacy models of service delivery and adopt an approach that addresses the current business needs and digital transformations many companies are undertaking. The security implications of this are significant in that security programs are not typically sized nor funded to deal with one technology approach yet alone two. Scott King, CISO at Encore Capital Group joins the podcast to discuss strategies to remain agile in the face of rapid change.

 

Show Notes: https://securityweekly.com/csp53

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

While the cloud computing infrastructure is designed to be very agile and flexible, transparency to where the information is being processed is very important due to global privacy and security concerns. Steve discusses approaches to remaining compliant with the various laws (i.e., restricting where the data may reside) when moving to the cloud.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Steve_Orrin_Article.pdf

 

Orrin, S. 2019. Why Hardware Matters in Moving Securely to The Cloud. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 122. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp52

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Information is meant to be shared with others- others that is with a need to know. CISOs may find that their organization is sharing with other entities without proper procedures in place. What if there are 90 of these organizations? Join this podcast to learn from a healthcare CISO who tackled this dilemma and subsequently changed a government law!

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Samantha_Thomas_Article.pdf

 

Thomas, S. 2019. Privacy Hunger Games: Change the Rules. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 344. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp51

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

In many organizations, the CISO will be looked at as the leading expert in incident response, but often has little involvement in the selection, planning, and training for the Enterprise Incident Management Program. Listen to Dawn-Marie, who has navigated organizations as a CISO during crisis and consultant to “play like you practice.”

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Dawn-Marie_Hutchinson_Article.pdf

 

Hutchinson, D. 2019. Server Room to War Room…Enterprise Incident Response. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 214-5. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp50

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

As if CISOs don’t have enough to focus on, here’s a few more items that should be top of mind – KAR Global CISO, Leon Ravenna, dives into Cyber Insurance and why D&O requirements may be on the horizon, regulatory burdens and what to expect out of the US Government, how the intersection of Security and Privacy is impacting CISOs, and a little security buzzword bingo and how to deal with the latest “fads” like CASB, ZTNA, SASE and more…

 

Show Notes: https://securityweekly.com/csp49

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Cybersecurity talent shortages are well documented and asking experience cybersecurity professionals to spend countless hours on routine tasks does not promote retention. The adversaries are leveraging data science to attack our enterprises and consumers, and we need to find a better way. This session explores the experience of creating over 300 models using data science, machine learning, and automated incident response to increase the security posture for a major organization.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Jim_Routh_Article.pdf

 

Routh, J. 2019. Model-Driven Security is Making Fundamental Changes to Security Posture. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs 163-5. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp48

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

The CISO has trained the workforce and completed the security awareness month annual training. Well, done! Is training done for the year? No. But what about the CISO? How does the CISO ensure that the proper skills are maintained for the CISO to be able to continue to lead the security organization? Join this podcast to learn from the multiple term-elected ISSA International President.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Candy_Alexander_Article.pdf

 

Alexander, C. 2019. CISO approach to Training. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 478. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Visit https://securityweekly.com/csp for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Are you reporting the same risks each year to management? This may be indicative of a lack of incentive or buy-in from senior management to fund the investments. Join this podcast to learn how to show senior management that funding these initiatives is more than risk avoidance and a cost to the bottom line.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Chris_Apgar_Article.pdf

 

Apgar, C. 2019. Security and Senior Management – Buy-In Is Critical to Success. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 139. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.

 

Show Notes: https://securityweekly.com/csp46

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Infosec skills don't necessarily transfer to CISO skills, but CISO skills are 100% transferable to whatever your infosec career looks like. Growth begins outside of your comfort zones, so some of the CISO skills you can work on now include executive storytelling, internal coalition building, and how to be comfortable being uncomfortable…

 

Show Notes: https://securityweekly.com/csp45

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Cybersecurity programs have evolved from the early days of compliance with regulations. Regulations are important and provide the necessary motivation for many organizations to implement security controls that may not otherwise be present, but is this enough? Is it really security? Join this podcast as the differences between compliance and true security are discussed.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/11/CISOSTORIES_Mark_Burnette_ArticleV1.pdf

 

Burnette, M. 2019. The Benefits of Focusing on Risk vs Compliance. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 18. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp44

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Managing the volume of security events and continuous threat intelligence can be daunting for the largest of organizations. How do you increase the effectiveness of a Security Operations Center (SOC) and share this information across the organization for greater efficiency and adoption?

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Ricardo_LaFosse_Article.pdf

 

Lafosse, R. 2019. Success Implementing A Shared Security Center. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 159. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp43

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Data is everywhere today as users are working remotely, storing information in the cloud, downloading to USB drives and so on. Join this podcast to learn from a Healthcare CISO and some of the typical common events which take place to expose sensitive information.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_William_Miaoulis_Article.pdf

 

Miaoulis, W. 2019. Do You Know Where Your Data Is? In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 368. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp42

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Allison Miller, CISO at Reddit, discusses the challenges across stakeholders from end-users to service providers in addressing the nexus of Security, Privacy and Trust? Should they be equally weighted? In what circumstances does the need for one outweigh the need for the others? What does the future hold for our efforts to find the right balance between them?

 

Show Notes: https://securityweekly.com/csp41

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

The interviewee created the landmark ‘gold standard’ policy guidance in the book Information Security Policies Made Easy, now in its 13th version, and has extensively researched and helped organizations develop relevant policies. This podcast discusses the 5 key mistakes individuals make in creating and delivering policies to the organization.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Charles_Cresson_Wood_Article.pdf

 

Wood, C. 2019. Five Pitfalls to Avoid When Issuing Information Security and Privacy Policies In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 413. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Learn how to prepare and reduce the risk of the next ransomware event. The guest walks through the lessons learned after managing out of a NotPetya ransomware attack. Will you be ready? Don’t miss this podcast for valuable insights from a real-life scenario.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Todd_Inskeep_Article.pdf

 

Inskeep, T. 2019. Dealing with Notpetya. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 204. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp39

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

October is Security Awareness Month! Security Awareness programs must grab the employee’s attention if they are to succeed. Join the interviewee as he explains how he successfully engaged the workforce through creative and visible security awareness methods!

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Steven_Lentz_Article.pdf

 

Lentz, S. 2019. Security Awareness That Works. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 151. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp38

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

https://www.securityweek.com/nist-publishes-cybersecurity-workforce-framework

https://www.securityweek.com/professionalizing-cybersecurity-practitioners-0

https://www.securityweek.com/cylance-launches-next-gen-endpoint-security-consumers

https://www.securityweek.com/cisos-and-quest-cybersecurity-metrics-fit-business

https://www.securityweek.com/whats-real-value-cost-breach-studies

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Kathy Wang, CISO at Very Good Security, discusses challenges in extending detection and response capabilities to cloud deployments while also ensuring correlations across traditional networks, endpoints, mobile, and user identities. She explains how managing multi-cloud deployments impact this approach, and how organizations can ensure they have the visibility required to detect and remediate earlier.

 

Show Notes: https://securityweekly.com/csp37

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Every organization must be able to respond to an attack quickly. Join this podcast to learn key steps to implement in an incident response plan without breaking the bank. Sam approaches this issue by simplifying incident response into the 3 ‘P’s.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Sam_Monasteri_Article.pdf

Monasteri, S. 2019. Security from Scratch: Incident Response on a Shoestring Budget. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 161. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp36

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

All organizations must have security awareness training programs to teach basics to end users. Similarly, the technical teams need to be exposed to flexible training that is interesting to them. Join this podcast to learn how to bring company groups together and form your own DEFCON-type event in-house or in partnership with other organizations.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Kevin_Novak_Article.pdf

 

Novak, K. 2019. Fiscally Responsible Ways to Train/Build Community. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 153. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp35

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Figuring out what to do after a breach is the wrong time to start the planning process. Communications strategies must be in place well beforehand and there are many benefits to the cybersecurity program for implementing these strategies in advance. Join this podcast to understand how teams benefit from relationships with communication and public relation specialists on their teams.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Melanie_Ensign_Article.pdf

 

Ensign, M. 2019. Importance of Communications before, during, and after the Breach. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 191. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp34

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Rachel, CEO of SocialProof Security, delves into the inner-workings of social engineering exploits where she leverages her background in neuroscience and behavioral psychology to exploit the unpatchable vulnerability that is human nature.

 

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

It seems CISOs are typically lamenting that the security budgets are insufficient. While this can represent a significant problem in achieving information security goals, what happens when you get the funding you asked for and asked to spend it in less time than expected? Join this session for an investment lesson learned you won’t want to miss!

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_James_Christiansen_Article.pdf

Christiansen, J. 2019. Too Much Security Money? In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 502. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp32

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

For many organizations, large and small, it would be impractical to “skill up” to manage all aspects of cybersecurity. Managed Security Service Providers provide many different services. Join this podcast to learn how to work with the MSSP to ensure that the organization is obtaining the most value.

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Jonathan_Nguyen-Duy_Article.pdf

Nguyen-Duy, J. 2019. Managing the MSSP. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 135. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Show Notes: https://securityweekly.com/csp31

We need the organization to support the cybersecurity initiatives and thus we try to influence the organization to support these goals for the protection of the organizational assets. If we are failing, is it that the organization did not ‘get it’ or was it our approach? Join this podcast to learn how to achieve that buy-in.

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_David_Nolan_Article.pdf

Nolan, D. 2019. Achieving Security Buy-In: Change the Approach, Not the Culture. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 470. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

Show Notes: https://securityweekly.com/csp30

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Kerissa Varma, Group Chief Information Security Officer of Old Mutual Limited, one of the largest financial services organizations on the African continent, discusses the cybersecurity skills shortage and her initiative to recruit brilliant minds from across an array of fields who have skill sets applicable to cybersecurity, but they might not even know it…

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

A recent global research report conducted by Cybereason, titled "Ransomware: The True Cost to Business", revealed that the vast majority of organizations that have suffered a ransomware attack have experienced significant impact to the business, including loss of revenue, damage to the organization’s brand, unplanned workforce reductions, and little in the way of relief from cyber insurance policies.

An esteemed panel of subject matter experts will examine the research findings and discuss how organizations can better prepare to defend against and respond to a ransomware attack.

The event was produced as a live webinar version of the CISO Stories Podcast, a weekly podcast that takes a deep dive on security leadership issues and is produced by Cybereason and the CyberRisk Alliance’s Cybersecurity Collaborative, a prominent CISO networking group.

 

Show Notes: https://securityweekly.com/csp28

View the Cybereason Ransomware Report here: https://www.cybereason.com/ebook-ransomware-the-true-cost-to-business

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

CISOs are approached frequently by salespersons to buy products to reduce risk. How do you manage these relationships? Join this podcast to learn how to respond to the salesperson, reduce time, and select the best products with reduced wasted interaction.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Kevin_Morrison_Article.pdf

 

Morrison, K. 2019. Managing the Security Product Salesperson. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 69. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp27

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Speed to market is the mantra of software development today. This does not mean that a process is not followed, it means that an iterative approach to software development produces code changes and usable code much faster. Join this podcast to learn how security can be imbedded into agile software development to produced fast and secure code.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Glenn_Kapetansky_Article.pdf

Kapetansky, G. 2019. Integrating Security with SDLC/Agile Development In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 27. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

The crown jewels are those assets representing the highest value to the organization and deserve the greatest investment to protect. Join this podcast to learn the importance of protecting these crown jewels throughout the information life cycle.

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Steve_Durbin_Article.pdf

Durbin,S. 2019. Protecting the “Crown Jewels”. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 77. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!
Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleadersFollow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Phil Attfield, CEO and founder at Sequitur Labs, discusses his engineering roots and curius nature that led him to developing software tools and in-house products for modeling, synthesis and verification of telecom and network equipment hardware at Nortel. Phil the challenges involved in development of large-scale security policy and management frameworks and the key security elements of the IoT device lifecycle from design, to build, to sustaining securely.

 

Show Notes: https://securityweekly.com/csp24

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

The CISO is often in a position where vulnerabilities are known and implementing a product may result in an insecure product. Should the CISO say ‘no we can’t do that’, or ‘figure out how to make it happen?’ Join this podcast to learn how a CISO was faced with this dilemma where he was asked by the business to implement a technology, where he had stacks of whitepapers indicating the technology was insecure.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Dan_Lohrmann_Article.pdf

Lohrmann, D. 2019. CISOs Need to be Enablers of Business Innovation-Here Is How. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 106. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp23

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Communication in any organization can be a challenge, especially when working with different levels of government and the various funding mechanisms. Join this podcast to lean how one State CISO navigated the rough waters by focusing on relationships and increased security spending and knowledge of security activities across government levels.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Mark_Weatherford_Article.pdf

Weatherford, M. 2019. Relationships Matter. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 473. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp22

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

As threats to the nation’s security grow, there remains a substantial and increasing shortage of skilled cybersecurity professionals. The federal government and private sector can work together to fill their open positions and attract the next generation of motivated mission-driven cybersecurity leaders. This podcast discusses the Cybersecurity Talent Initiative, a federal/private partnership which provides up to $75,000 in student loan assistance for individuals hired by the private sector companies after developing skills through a two-year program in the federal government.

 

Show Notes: https://securityweekly.com/csp21

https://securityweekly.com/wp-content/uploads/2021/06/CTI_Spring-2021-Onepager_corporate.pdf

https://securityweekly.com/wp-content/uploads/2021/06/nice_framework062017.pdf

 

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Ira Winkler, CISO at Skyline Technology Solutions, recounts his amazing journey from wannabe astronaught to NSA intelligence analyst, social engineer, systems hacker and author and some of the crazy things that happened along the way. Ira is considered one of the world’s most influential security professionals and has been named a “Modern Day James Bond” - a title he earned by performing espionage simulations, where he physically and technically “broke into” some of the largest companies in the World, investigated cybercrimes against them, and then telling them how to cost effectively protect their information and computer infrastructure. He continues to perform these espionage simulations, as well as assisting organizations in developing cost-effective security programs and increase security awareness.

 

Show Notes: https://securityweekly.com/csp20

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

We want to trust our employees and contractors working within our organizations. For the most part, people are doing their jobs with integrity every day. What happens when an employee decides to leave the organization and start their own business – with our Intellectual property or customer lists? Or when an employee downloads material to work at home? Join this podcast to learn how to build an insider risk program to mitigate these threats.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Dawn_Cappelli_Article.pdf

 

Cappelli, D. 2019. Mitigate the Risk of Insiders Stealing Company Confidential Information. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 187. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Today most organizations have some of the processing in the cloud. As data moves farther away from the physical control of the organization, this movement provides opportunities of scale, flexibility, and speed. Join this podcast to learn how to use appropriate controls to manage this cloud environment.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Jim_Reavis_Article.pdf

 

Reavis, J. 2019. Building a Bridge to the Future with Cloud Controls Matrix. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 243. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

https://cloudsecurityalliance.org/

https://cloudsecurityalliance.org/education/ccak/

https://cloudsecurityalliance.org/research/cloud-controls-matrix/

 

Show Notes: https://securityweekly.com/csp18

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

We have limited investment dollars and therefore must ensure we are protecting the right assets. The practical side of determining “what” needs to be protected and “how” is a convoluted maze of academics, taxonomies, frameworks, and inconsistent approaches. Here we discuss 5 critical elements to make a difference by developing and effective Critical Asset Protection Program (CAPP).

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_RolandCloutier_Article.pdf

 

Cloutier, R. 2019. Critical Cyber Asset Protection Planning—Learning Concepts and Operational Imperatives for Protecting What Needs to be Protected. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs 148-150. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp17

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Will Lin, founding team member at ForgePoint Capital and co-creator of the CISO community Security Tinkerers, discusses his passion for technology and how it led him to a career helping security companies launch, as well as his work supporting CISOs through collaboration and knowledge sharing.

 

Show Notes: https://securityweekly.com/csp16

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Healthcare security today is much more complex with integrated clinical systems and connected community networks. No longer are the medical records stored with a single provider. Join this podcast to learn how one Healthcare CISO is forging relationships and having the appropriate risk-based discussions at the right levels to address the challenge. 

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Erik_Decker_Article.pdf

 

Decker, E. 2019. Healthcare Cybersecurity. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 106. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp15

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

All disciplines need to be able to demonstrate added value and track the ability to improve upon the current practices. The board, technical management, auditors, and engineers may each need a different view of the security initiatives performed. Join this podcast to how different metrics can be applied to different groups so each can improve their performance over time.

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Edward_Marchewka_Article.pdf

Marchewka, E. 2019. Security Metrics to Measure Program Effectiveness. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 167. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp14

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Tatu Ylönen, SSH founder and inventor of Secure Shell, discusses the genesis for the protocol and his keen interest in the application of technological solutions to fundamental cybersecurity challenges...

 

Show Notes: https://securityweekly.com/csp13

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Hopefully you won’t have to hire a lawyer to defend yourself against a government regulator. What happens when the Federal Trade Commission or other powerful body accuses your company of wrongdoing which you do not feel you were responsible for? Join this podcast and hear how the owner of a small company decided to take on the FTC and how he went about choosing a lawyer. The answers will surprise you and provide some useful tips for choosing a lawyer.

 

Show Notes: https://securityweekly.com/csp12

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOSTORIES_MichaelJDaugherty_CCExtract.pdf

Daugherty, M. 2019. Finding the Right Lawyer to Defend Your Company. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 337. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

 

Never in history has the cyber defender had access to so many technologies and tools to defend our companies. This has created the “Fog of More”, making the choices difficult to manage. Join the former 35-year NSA software vulnerability analyst and executive manager, and innovator of community-based controls sharing, as he discusses how the CIS controls can be used effectively to manage our environments.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOSTORIES_TonySager_CCExtract.pdf

 

Sager, T.. 2019. Jumpstarting Controls Prioritization Within a Control Framework. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 246. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp11

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Petri Kuivala, CISO at NXP Semiconductors, recounts his journey from municipal police officer to cybercrimes unit investigator to Chief Information Security Officer during the early days when security was largely an afterthought.

 

Show Notes: https://securityweekly.com/csp10

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

The information and cybersecurity industry have no shortage of regulations and many organizations run down the listing of requirements, load them into an excel spreadsheet to demonstrate compliance. Is compliance the same as security? Join this podcast for an analogy of why compliance is not security and how we can change our organization’s orientation to increasing security.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOSTORIES_LeeParrish_CCExtract.pdf

 

Parrish, L. 2019. The Colonoscopy of Cybersecurity. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 15. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

Show Notes: https://securityweekly.com/csp9

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Mauro Israel, CISO at ORPEA Group, discusses his colorful background and how he - like so many others in the security field - came to discover his true calling late in life but was able to apply his wide range of knowledge and experience to the role of CISO in the healthcare field.

 

Show Notes: https://securityweekly.com/csp8

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Information security departments are often challenged to come up with “ROI” or Return on Investment for the information security initiatives. Why should the information security department be any different? Join this podcast and learn why calculating an ROI may not be necessary and how reducing risk has different considerations.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOCOMPASS_PaulHypki.pdf

 

Hypki, P. 2019. Where’s the ROI? In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 83. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

The CISO role in some organizations is relatively new. The CISO role has actually evolved over the past 25 years since Citibank named the first CISO. Join this podcast to learn how Steve navigated the early days of security and the changes in the role today.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOSTORIES_SteveKatz_CCExtract.pdf

 

Katz, S. 2019. Interview with the First CISO. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 8. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald

 

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Bob Bigman, former CISO for the CIA, simplifies the conversation by slaughtering some of the industry's most sacred cows like risk tolerance as a key driver for security programs...

 

Show Notes: https://securityweekly.com/csp5

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

 

The CISO must interact with many different groups within the company. These groups differ in the amount of business acumen and technical depth necessary. The CISO must have self-awareness of how to approach each of these different types of stakeholders, as well as ensuring appropriate self-care is taken to limit burnout, stress and anxiety. Join this podcast to learn how to maintain appropriate self-awareness, exercise empathy and emotional intelligence to gain trust of others, and exercise appropriate self-care.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOCOMPASS_MarciMcCarthy_CCArticle.pdf

McCarthy, M. 2019. Emotional Intelligence. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 466. Fitzgerald, T. CRC Press, Boca Raton, Fl.

 

To purchase the book: www.amazon.com/author/toddfitzgerald

 

This segment is sponsored by Cybereason.

Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/csp for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

 

Eric Schmidt (CEO Google 2001-2007) famously noted that his company’s policy was to get ‘right up to the creepy line and not cross it.’ The closer an organization can get to this imaginary line, the greater the profit maximization. When does this become an invasion of privacy? Organizations need to be conscious of where they are in reference to the ‘creepy line.’ Join this podcast to learn how to determine the data collection and processing appropriate for your organization.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOSTORIES_ValerieLyons_CCExtract.pdf

 

Lyons, V. 2019. Doing Privacy Right Vs. Doing Privacy Rights. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 389. Fitzgerald, T. CRC Press, Boca Raton, Fl.

 

To purchase the book: www.amazon.com/author/toddfitzgerald

 

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/category-shows/the-ciso-stories-podcast for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

The Cybersecurity Coalition's Ari Schwartz brings us up to date on some of the organization's initiatives and then dives into some of the challenges SLED defenders are facing in trying to do more with less...

 

Show Notes: https://securityweekly.com/csp2

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/category-shows/the-ciso-stories-podcast for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

CISOs today have varied tenures at organizations depending upon their ability to master learning the business of the organization. Join this podcast to learn how to translate information security technical issues into a business-focused language and determine the right amount of technical language to share with executives.

 

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOSTORIES_MischelKwon_CCExtract.pdf

 

Kwon, M. 2019. Communicating Security Progress and Needs with Business-focused Leadership. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 30. Fitzgerald, T. CRC Press, Boca Raton, Fl.

 

To purchase the book: www.amazon.com/author/toddfitzgerald

 

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

 

Visit https://securityweekly.com/category-shows/the-ciso-stories-podcast for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/