View this email in your browser

CISO Series Podcast

Our Security Tool Can Do Everything But Mitigate Risk

No department is immune to budget cuts. When the budget cuts come in, where can security look first to save money? 

This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our sponsored guest is Almog Apirion, CEO and cofounder, Cyolo. Here’s what we discussed on the show.

Where has change management become easier, and where has it become more difficult? “If you want to do a big transition, you need to take organizations and customers from their existing state to the wanted state. You need to hold their hands, and you need to show them value throughout the way,” said Almog Apirion. That is not easy. But some departments embrace that change. For example, with DevOps, constant change is the state of normal. It’s ingrained in the definition. 

Cyber attacks only need to slow things down to cause chaos. Roya Gordon of Nozomi Networks notes in an article on Dark Reading by Elizabeth Montalbano that the 2021 Colonial Pipeline attack marked a significant shift in the impact of cyberattacks. No longer was it necessary to steal the data, but all that needed to be done was slow down the access to data. Colonial Pipeline’s system desperately relied on real time data and because of that, they responded to a time sensitive ransomware attack.

Does our system architecture create a zero trust environment? We give a lot of access to our vendors, but do we have the checks and balances to prevent them from getting at and exfiltrating sensitive data? And it’s not the issue of trusting the individuals, but rather is our system set up to handle the sensitive nature of how vendors access data? “Security practitioners get used to analyzing risks by magnitude and probability. If a vendor is holding the door to all of his customers, he's just transforming himself to a very appealing target for attackers,” said Almog. That’s why we need those checks, for elements we cannot control.

Where can cybersecurity look to save money? “An expensive tool that doesn't mitigate risk should be at the top of the chopping block,” said Mike Johnson of where to cut costs first. Look for redundancies, suggested Adam Glick, now CISO at SimpliSafe. Years ago, Glick created a simple spreadsheet of all his tools and their capabilities and quickly saw tons of tools that were offering the same services. Over time, he was able to whittle down the number of his tools and reduce the sizes of his contracts. 

Listen to the full episode over on our blog where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to our podcast sponsor, Cyolo

CISO Series Podcast LIVE!

Join us this Thursday (4-13-23) in NYC

Don't forget we're coming to NYC and we want you to join us.Joining me on stage will be guests Aaron Zollman, CISO & vp, platform engineering, Cedar and Colin Ahern, Chief Cyber Officer for the State of New York.Event is happening on Thursday, April 13th, 2023.

• 5:30pm - Doors open

• 6:30pm - Recording begins

• 7:15pm - Recording ends and drinks and food served until 8:30pm.

>> REGISTER HERE on Eventbrite <<

Thanks to our sponsors OpenVPN, SlashNext, and Votiro

Best advice for a CISO...

"The company is in a race car. I think that goal number one is to provide very good brakes for this car to win the race, so we have a lot of best practices. I think that we need to look at what the business needs in order to drive fast and win the race." - Almog Apirion, CEO and cofounder, Cyolo

Listen to full episode of

"Our Security Tool Can Do Everything But Mitigate Risk"

What We Love About Working in Cybersecurity

"But certainly it’s important to call out that security and subsequently cyber security, it’s a fundamental of life society. We must have security. It’s always been here. It’s always going to be here. But the thing that’s exciting, I think, is that it’s never the same. It’s always dynamic. It’s never boring. It’s always changing. You always need to learn." - David Cross, CISO, Oracle SaaS Cloud

Listen to full episode of

"What We Love About Working in Cybersecurity"

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Dmitriy Sokolovskiy, CISO, Avid.

Thanks to our Cyber Security Headlines sponsor, AppOmni

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.