View this email in your browser

CISO Series Podcast

Let’s Pretend We’re Getting Hacked. Who Wants to Panic First?

This week’s episode of CISO Series Podcast was recorded in front of a live audience in Clearwater, Florida for the Convene conference held by the National Cybersecurity Alliance. Joining me, David Spark, producer, CISO Series on stage was my guest co-host, Hadas Cassorla, CISO, M1 and Kathleen Mullin, CISO, Cancer Treatment Centers of America. Please give us your thoughts on the following topics we discussed.What else do you need for tabletop exercise to succeed? Joshua Magady of 1898 & Co provided a solid list of elements needed for a successful tabletop exercise: realism, participation, time constraints, communication, and debriefing. Good advice that doesn’t always go to plan. That’s why Hadas suggested including randomness and lots of engagement, Kathleen doubled down on the participation, especially from the higher ups. They will often make excuses not to participate, asking for one of their appointees to do the work for them. But that is a failure of communications that will magnify when there is an actual incident.Should we call our industry cybersecurity, information security, or who cares? I didn’t realize there was so much passion about the distinction between “cybersecurity” and “information security,” but as evidenced by the 100+ comments to a post on the topic by John C. Underwood of Big 5 Sporting Goods, it does matter. Hadas felt it was a distinction without a difference and as Larry Rosen of Presidio pointed out, most people use the terms interchangeably. Would any type of rebranding of the cyber or InfoSec industry improve engagement to those outside of “cyber?”Are people saving us from technology’s failures or is technology saving us from people’s failures? The answer depends on who you ask. The former is what the security awareness industry says, and the latter is what CISOs say. Who’s right? And does your security program change with the two viewpoints? If we can put controls in that don’t get in people’s way, so they can do their job, then everyone wins, said Hadas.How do you spot a fraudulent site? Not every product is available on Amazon. On some rare occasions we need to venture away from the safety of our well-known ecommerce sites and travel to a site we do not know. Sites that are sketchy can look very professional. But certain behaviors send up red flags. Gabriel Friedlander of Wizer suggested copying some of the copy on the About Us page on the site and see if it appears anywhere else. Search the site’s name with the words “scam” or “fraud” on sites like Quora and reddit to see if there are any legitimate stories. Another option is to rely on your friend network to see if anyone else has used this site that’s unknown to you.Listen to the full episode over on our blog where you can also read the full transcript. If you haven’t already subscribed to the CISO Series Podcast via your favorite podcast app, go ahead and do that now.

Thanks to our podcast sponsors, Cofense, KnowBe4 & Terranova Security

Biggest mistake I ever made in security...

"I was Tampa Airport’s first CISO, and I introduced vulnerability management scanning. And thought I knew my environment, and instead there’s a thing called a bird deterrent system. You can’t fly if it’s not operational because it makes birds fly away from planes instead of into them. I took it down. And because even though I’d gone through change management, I was unaware of who managed that system. It wasn’t IT. Nobody could figure out why it went down. Bad day." --Kathleen Mullin, CISO, Cancer Treatment Centers of America

Listen to full episode of

"Let’s Pretend We’re Getting Hacked. Who Wants to Panic First?"

What Can the Cyber Haves Do for the Cyber Have Nots?

"I'll say I think there's being an advocate but there's also you need customers to demand a higher security product, and this is a very important difference. You don't need customers that say, "I will pay money for security." You need customers that say, "I will not pay for your product period unless it has high-end enterprise security." And until that happens, it really won't change." - Jason Kikta, CISO, Automox

Listen to full episode of

"What Can the Cyber Haves Do for the Cyber Have Nots?"

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

 Cyber Security Headlines - Week in Review  

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be David Nolan, vp enterprise risk & CISO, The Aaron's Company.

Thanks to our Cyber Security Headlines sponsor, Hunters AI

Super Cyber Fridays!

People Aren’t the Weakest Link. They’re the Number One Attack Vector.

For years we’ve heard the line “people are the weakest link” over and over again. It’s starting to give us a complex that “we the people” are the reason for data failures. The reality is people, unlike computers, don’t always act rationally. Attackers know this, and they use that to manipulate human behavior. In this video, Patrick Harr, CEO, SlashNext and I talk about this reality and that we need both process and technology to support the effort by people in their day-to-day communications.The conversation is all a tease for our longer conversation that will be happening this Friday during our Super Cyber Friday event. Our topic of discussion will be “Hacking People and Process: An hour of critical thinking about how to prevent hackers taking advantage of how we work.”Please join us on Friday, February 3rd, 2023 for Super Cyber Friday. REGISTER HERE

Thanks to our Super Cyber Friday sponsor, SlashNext

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.