View this email in your browser

CISO Series Podcast

I Wouldn’t Trust Everything You Read… On My Resume

This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is David Nolan, vp, enterprise risk & CISO, Aaron's.How revolutionary (or not) is the White House’s National Cybersecurity Strategy? Mike Johnson said that publishing this document which sets out clear plans and goals is a big step forward. “It’s a strategy, not a step-by-step guide,” said Mike. John Overbaugh, CISO, ASG read it as a wish list of good security practices, but nothing definitive. Most notable was the government’s call to “shift the burden” of cybersecurity to organizations best able to handle it. Isn’t that true of everything? But at the same time hasn’t the cybersecurity industry been trying to impress upon others that cybersecurity is everyone’s issue?NEWSFLASH! Cybersecurity professionals lie on their resumes. They add degrees and certifications they don't have. They omit degrees for fear of looking overqualified. And sometimes, they flat out invent jobs. But given the responses as to why people do it, it's because they're trying to get by the unnecessary barriers of cybersecurity hiring. Does that make the lying justified?Should cybersecurity take risks in order to get a big “cyber payout?” The “payout” for cyber is innovation which could be a huge leap forward in your security program. But you often have to take risks to get there. David Nolan is very bullish on this concept. “If you approach innovation right you can try new things in small batch sizes, fail quickly, and modify or improve your approach from what you learn.  A great example of the fail quickly method is in chaos engineering having a resilient approach that encourages trying new things. Even ‘breaking things’ can lead to big innovative gains,” said Nolan.Do we really want an “AI engine” or do we want a “truth engine?” David Yaffe of Estuary said of ChatGPT, "Entire classes of problems can’t be solved by AI for years, until an architectural change is realized. We’ll be living in a world with tons of content, all with varying ‘resolution’ and ‘accuracy’ until then." I argue that improving that resolution requires trusting vetted sources. But that’s not necessarily going to get us to the truth, it’ll just get us closer and reduce falsehoods.Listen to the full episode over on our blog where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to our podcast sponsor, Varonis

What I love about cyber security...

"I love the diverse and creative people it attracts to our industry. I’m always excited to meet these new people to our industry and learn the cool things they’re working on and how they’re creatively solving these solutions. I truly believe this is one of the fastest industries that moves, and it’s due to this type of people that we’re able to really keep pace." - David Nolan, vp, enterprise risk & CISO, Aaron's

Listen to full episode of

"I Wouldn’t Trust Everything You Read… On My Resume"

Gartner Created Product Categories...

"I think one of the other things is the tension between being a niche player and being a platform player. It’s a rarity to see a new platform player come into the cybersecurity market, but all of the new entries seem to be niche players. And that makes it very difficult, as you were mentioning, Steve, for a CISO to lend enough attention there. And a CISO has much more to deal with on a daily basis than just keeping up with the various products in the markets and how they match to their threats." - Corey Elinburg, CISO, CommonSpirit Health

Listen to full episode of

"Gartner Created Product Categories"

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Allison Miller, former CISO and VP of trust, Reddit.

Thanks to our Cyber Security Headlines sponsor, Trend Micro

CISO Series Podcast LIVE!

TOMORROW [5-3-23] BSidesNOLA 2023 and CISO Series Podcast – It’s Happening!

Here’s a little preview video of what’s going to happen at BSidesNOLA 2023. This is going to be a star studden cyber nerd event with Winn Schwartau and BSides co-founder Jack Daniel. We’ll be doing a live audience recording of CISO Series Podcast with my former co-host, Allan Alford, CISO Precedent and host of The Cyber Ranch Podcast and Mike Woods, corporate CISO, GE.Here’s everything you need to know.WHEN: May 3, 2023 (BSidesNOLA 2023 is a full day event. We’ll be closing out the fun at 3:20 PM ET.)WHERE: Hyatt Centric French Quarter New Orleans (800 Iberville Street, New Orleans, Louisiana, 70112)>> REGISTER HERE <<Huge thanks to our sponsors: Conveyor, Nightfall AI, and Rapid7

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.