View this email in your browser

CISO Series Podcast

What Kind of Challenges Do You Foresee In Firing Me?

This week’s episode is hosted by me, David Spark, producer of CISO Series, and a special guest host, Aaron Zollman, CISO & vp, platform engineering, Cedar. Our guest is Colin Ahern, chief cyber officer for the State of New York. It was recorded in front of a live audience in New York City.U.S. is skeptical about what’s going on inside cloud providers. The Biden administration is looking to put pressure on cloud providers to fix the nation’s cybersecurity woes, said John Sakellariadis in Politico. The article reported, “Neither the government nor companies using cloud providers fully know what security protections cloud providers have in place." Aaron Zollman doesn’t buy that, saying, “I work with a bunch of other security engineers, and when we together ask questions of Amazon, we get much better answers because we come with details and they believe that we know what we're talking about. That used to be maybe harder to do, but I think these organizations are much more approachable.”Are U.S. government employees more apathetic about security than the private sector? According to Ivanti’s recent Government Cybersecurity Status Report, a mere 19 percent of US government employees think their actions matter to company security. The global average is 34 percent. Neither Zollman or Ahern think this is specifically unique to working in government. It’s a function of how we educate employees on security. “We say security is everyone's responsibility, but then we give them barely actionable advice and long, boring compliance training. What do you expect to happen,” asked Zollman who noted there's even research out there that shows that phishing tests are ineffective, causing people to be more likely to click on things. How are security professionals using ChatGPT to enhance their ability to do their job? "Cybersecurity experts are already using generative AI chatbots to simplify and enhance software development, reverse engineering, and malware analysis tasks,” said Ryan Naraine in SecurityWeek. Zollman is very bullish on the prospects of ChatGPT. He’s noticed that it’s good at classifying tasks, and it’s helped him find experts. He finds it’s a good place to begin understanding a topic.What are the most revealing questions interviewees should be asking during an interview? This question was asked on the cybersecurity subreddit and a few of my favorites were: If you hired me today, how would you know in three months' time that I was the right fit? What qualities seem to be missing in the other candidates you've talked to? And what kind of challenges for the department do you foresee in the future? Listen to the full episode on your favorite podcast app or over on our blog where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to our podcast sponsor, OpenVPN, SlashNext, and Votiro

Best advice I ever got in security...

"Good organizations do routine things routinely, but they keep in mind that the initial report is always wrong. If you're lucky, the initial report is only wrong because it's incomplete. But in a typical situation, the information is wrong because someone, either an adversary or someone trying to protect their own career or job, is actively lying to you." - Colin Ahern, chief cyber officer, State of New York

Listen to full episode of

"What Kind of Challenges Do You Foresee In Firing Me?"

How should security vendors engage with CISOs?

"I said instead of being a completely random target, I would set aside time in a focused way to meet with primarily early-stage startups but also just about everybody in the startup community, and we would set aside time and we'd meet. And just today before this podcast, I met with three different vendors, and we sort of did rapid-fire calls. And that's working out really well. It does take a lot of my time, but it focuses it in a way where it feels like I have more control over it. I do absolutely though commiserate with people who feel frustrated that they get over-targeted, I think is the right way to go." -  Geoff Belknap, CISO, LinkedIn

Listen to full episode of

"How Should Security Vendors Engage With CISOs?"

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Paul Connelly, former CISO, HCA Healthcare.

Thanks to our Cyber Security Headlines sponsor, Trend Micro

Super Cyber Fridays!

What's it Going to Take to Make Security Second Nature for Everyone?

Here's a short conversation I had with Austin Wolf, staff information security analyst, Code42 about improving security culture. It's all a preview of our Super Cyber Friday event happening this Friday. Our topic of discussion will be “Hacking Security Culture: An hour of critical discussion on motivating the entire organization to always be thinking conscientiously about security.”Also joining me and Austin for this discussion will be Brad Kroll, third party risk manager, Best Buy.It all starts at 1 PM Eastern/10 AM Pacific. At the end of the hour [2 PM Eastern/11 AM Pacific] we'll switch gears to our meetup where everyone will get a chance to chat face to face.REGISTER HERE to join us this Friday, May 12th, 2023 for Super Cyber Friday.

Thanks to our Super Cyber Friday sponsor, Code42

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.