View this email in your browser

CISO Series Podcast

Who’s in Charge of Stopping Stupid Ideas? (LIVE in Tel Aviv)

This week’s episode is hosted by me, David Spark, producer of CISO Series and guest co-host Jesse Whaley, CISO, Amtrak. Our guest was Paul Branley, CISO, TSB Bank.

We recorded this episode in front of a live audience in Tel Aviv as part of Team8’s CISO Summit 2023. CISO Series is honored to have been invited to record our show at the event.

Um… Maybe You Shouldn’t Have Done That. Sometimes, someone high up comes up with such a bad idea that we need someone to be the official voice of reason and stand up and announce very loudly, “Maybe we should not do that.” This was the security community’s response to Forbes and SecurityScorecard’s list of the top 200 most secure companies. Adrian Sanabria of Valence Security summed up everyone’s collective frustration when he said, "You don't have to be around in this industry as long as I have to know you NEVER boast about how good your security is."

What will YOUR response be to the Verizon DBIR? The Verizon Data Breach Investigations Report (DBIR) is probably the most anticipated yearly research. CISOs often use it to amend their security program. And security vendors use it to validate their security tool.

Should you upskill your staff or find new people who have the skills you need? In response to the difficulty of hiring cybersecurity talent, Rob Lemos of Dark Reading wrote about the trend of cyberleaders upskiling their staff. But upskilling requires building an entire training program. How do you identify the knowledge that must be learned? Who will learn it? Who will provide it? All this education pulls your security staff away from the job of providing security for your business. How do you balance it all?

There are so many great ways to trigger a CISO. One popular one is asking a CISO, “Can I have 15 minutes of your time,” noted Misha Sobolev of Aphinia in a post on LinkedIn that begged the community to offer some more ways to irritate a CISO. Douglas Brush of Accel Consulting suggested, “Hey, I know you’re busy, so I reached out to your CIO.” Laura Whitt-Winyard of Hummingbird threw out the inappropriate recruiter request, "Are you interested in this security analyst position?" And Don Bolan, CISO for Hound Labs, offered the “we do it all” vendor claim, "If you use our tool you won't need any other security tools."

Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to our podcast sponsor, Team8

Best advice I ever got in security...

"The best advice I ever got in security was when someone said, "Paul, no matter how busy you are internally, and you will be very busy, find time to collaborate outside because you'll get more back than you put in. That has been so true for so many times throughout the past few years whether it's been operational when we've been under attacks like DDOS attacks from the Mirai Botnet or working with other banks in Asia, US, UK on SWIFT payments attacks or whether it's on an innovation where we've been working with other banks to share information but without sharing sensitive customer data using homomorphic encryption. So, the best advice — find time to collaborate outside, you'll get a lot more back than you put in." - Paul Branley, CISO, TSB Bank

Listen to full episode of

"Who’s in Charge of Stopping Stupid Ideas? (LIVE in Tel Aviv)"

Let’s Write Better Cybersecurity Job Descriptions...

"Paring it down is the beginning, right? First get rid of the requirement for a degree. I’m sorry. We don’t require them for any of our jobs....Some of our best members of our department today are working on their college degrees now after 20+ years of being at the company. We missed out on our geniuses when we filtered out for college degrees. Look. I think another part of this is speak to what you’re actually going to do." - Rob Duhart, deputy CISO, Walmart

Listen to full episode of

"Let’s Write Better Cybersecurity Job Descriptions."

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Yaron Levi, CISO, Dolby.

Thanks to our Cyber Security Headlines sponsor, Opal

Remove the malware, but keep the file

We've had malware detection tools for years but malware is still getting through. Why is this still happening?

Well, attackers are testing their own malware with these signature-based programs as well and they're designing their malware to evade these programs. In addition, our communications and file sharing is happening across a multitude of platforms. All need to be protected.

At a live recording of CISO Series Podcast, I got a chance to talk with Votiro CEO, Ravi Srinivasan, about their solution and how they're evolving the platform beyond detection and disarming of unknown bits within files.

One aspect is helping organizations integrate what they do into their security operations centers.

To get a free trial of votiro, head to votiro.com/product.

Votiro is also the winner of our first season of Capture the CISO. Check them out in their first episode and also in the finals as well.Watch the videoHUGE thanks to our sponsor, Votiro

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.