CISO Stories Podcast (Audio)

The issues created by the recently disclosed Log4j vulnerability are bigger than you might expect and will have long-lasting implications. So, what was the Log4j vulnerability really, what can be don…

Risk management is arguably one of the most important functions of the CISO. How does the CISO establish the value proposition for an investment? Using a well-tested risk framework, Jack discusses ho…

Kevin walks through a very creative method of getting the budget necessary. Over the years, security departments acquire tool after tool, sometimes integrated, and many times under-utilized. Kevin de…

With the talent shortage expected to last many years into the future, when a new cybersecurity skill is needed that is available within the current team, what do you do? Should you hire someone exter…

The locus of control has been slipping away from IT teams (and by default Security teams), and this "challenge" to IT governance has accelerated post-covid with a more distributed workforce. The fact…

While the cloud computing infrastructure is designed to be very agile and flexible, transparency to where the information is being processed is very important due to global privacy and security conce…

Information is meant to be shared with others- others that is with a need to know. CISOs may find that their organization is sharing with other entities without proper procedures in place. What if th…

In many organizations, the CISO will be looked at as the leading expert in incident response, but often has little involvement in the selection, planning, and training for the Enterprise Incident Man…

As if CISOs don’t have enough to focus on, here’s a few more items that should be top of mind – KAR Global CISO, Leon Ravenna, dives into Cyber Insurance and why D&O requirements may be on the horizo…

Cybersecurity talent shortages are well documented and asking experience cybersecurity professionals to spend countless hours on routine tasks does not promote retention. The adversaries are leveragi…

The CISO has trained the workforce and completed the security awareness month annual training. Well, done! Is training done for the year? No. But what about the CISO? How does the CISO ensure that th…

Are you reporting the same risks each year to management? This may be indicative of a lack of incentive or buy-in from senior management to fund the investments. Join this podcast to learn how to sho…

Infosec skills don't necessarily transfer to CISO skills, but CISO skills are 100% transferable to whatever your infosec career looks like. Growth begins outside of your comfort zones, so some of the…

Cybersecurity programs have evolved from the early days of compliance with regulations. Regulations are important and provide the necessary motivation for many organizations to implement security con…

Managing the volume of security events and continuous threat intelligence can be daunting for the largest of organizations. How do you increase the effectiveness of a Security Operations Center (SOC)…

Data is everywhere today as users are working remotely, storing information in the cloud, downloading to USB drives and so on. Join this podcast to learn from a Healthcare CISO and some of the typica…

Allison Miller, CISO at Reddit, discusses the challenges across stakeholders from end-users to service providers in addressing the nexus of Security, Privacy and Trust? Should they be equally weighte…

The interviewee created the landmark ‘gold standard’ policy guidance in the book Information Security Policies Made Easy, now in its 13th version, and has extensively researched and helped organizati…

Learn how to prepare and reduce the risk of the next ransomware event. The guest walks through the lessons learned after managing out of a NotPetya ransomware attack. Will you be ready? Don’t miss th…

October is Security Awareness Month! Security Awareness programs must grab the employee’s attention if they are to succeed. Join the interviewee as he explains how he successfully engaged the workfor…