View this email in your browser

CISO Series Podcast

We’d Secure Our Data If We Knew Where It Was

Given the ease of sharing data, our sensitive information is going more places than we want it. We have means to secure data, but you really can't do that if you don't know where your data actually is. 

This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, operating partner, YL Ventures. Our sponsored guest is Brian Vecci, field CTO, Varonis. We did a data-centric show this episode. Here’s what we discussed.

Are we creating more problems for ourselves by holding onto dark data? Dark data is information generated and stored by the business, but not really used for anything else, according to Gartner. I had never heard of the term “dark data” until reading this article by Apurva Venkat on CSO Online. More data floating around, even if it’s unused, just introduces more risk. Ideal goal would be to discover, classify, and if the data is truly “dark” we’d want to delete it. Sounds like a great idea, but most don’t do it because it’s so darn difficult.

How can we get more departments on the same page when it comes to data? Different departments have different objectives with data. Marketing wants as much data as it can get on customers, often raising privacy concerns. And they don’t want that data to stop flowing or be deleted. Security and privacy are concerned with PII being captured and how long it’s being retained. How can the business satisfy the needs of these departments and others when their interests are so divergent?

Automation isn’t about headcount reduction it’s about empowering your people to do the impossible. When security automation was originally sold to us it was this magic elixir that would result in headcount reduction. That’s something that might please a CFO, not a CISO, noted Andy Ellis who really wants headcount amplification. “If I'm going to automate something, what's critical isn't the headcount that I'm going to reduce, it's the outcome that we are going to achieve and the measurement of that outcome,” said Brian Vecci. “Automation needs to be built on outcomes, it needs to be built on measurement, and security automation is really about doing it intelligently.” 

Threat hunting is always ongoing. The moment you’re static, you’re dead. “If your team isn't learning new things, if you're not filtering noise, if you're not doing regular alert reviews, if you're not adapting, then somebody else is adapting more quickly than you are,” said Brian. When you boil it down, said Andy, “Threat hunting is really about learning all of the ways in which you're currently blind and shining lights… Threat hunting is successful when dwell time comes down, not because your threat hunters are finding problems but because they've found a problem and you automated detection.” 

Special note: Andy Ellis' book "1% Leadership" releases TODAY! Order it now!

Listen to the full episode over on our blog where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to our podcast sponsor, Varonis

What I love about cybersecurity...

"It's always changing. Every day, every week, every month, every year is different. My year this year in my role is almost completely different than it was even six months ago, and what I like in life is getting to learn and do new things. I can't imagine something to work in that changes as fast and requires as much learning as cybersecurity. That's what I love about it." -  Brian Vecci, field CTO, Varonis

Listen to full episode of

"We’d Secure Our Data If We Knew Where It Was"

Do Breaches Happen Because the Tool Fails, or the Tool Was Poorly Configured?

"If you’re listening to this podcast and you’re thinking about building a product or you’re thinking about the products you sell, or you’re an investor, I want you to hear this loud and clear – it is okay to build a point solution. It is okay to build a product that might only be a billion dollar company. It is okay for you not to build a product that does everything under the sun. Those are great solutions. You can focus on how well they work. They can completely solve one thing and one thing only, and I will still absolutely buy that product all day every day. I will not be sad that it doesn’t do 12 other things. There is plenty of room for that." - Geoff Belknap, CISO, LinkedIn

Listen to full episode of

"Do Breaches Happen Because the Tool Fails, or the Tool Was Poorly Configured?"

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Shawn Bowen, CISO, World Fuel Services.

Thanks to our Cyber Security Headlines sponsor, Pentera

 CISO Series Podcast LIVE! See CISO Series Podcast in New Orleans (5-3-23)

Our first trip to New Orleans, and we're excited to participate in this year's BSidesNOLA 2023 event with the closing keynote. We'll be doing a live audience recording of CISO Series Podcast with my former co-host, Allan Alford, host of The Cyber Ranch Podcast and Mike Woods, corporate CISO, GE.WHEN: May 3, 2023 (BSidesNOLA 2023 is a full day event. We'll be closing out the fun at 3:20 PM ET.)WHERE: Hyatt Centric French Quarter New Orleans (800 Iberville Street, New Orleans, Louisiana, 70112)COST: Until April 15, tickets for full time students are $10 and everyone else is $20. After April 15, student tickets become $20 and everyone else is $30. On-site registration is $30 cash at the door. More information about BSidesNOLA 2023 here.>> REGISTER HERE <<

HUGE thanks to our sponsors Conveyor, Nightfall, and Rapid7

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.