View this email in your browser

CISO Series Podcast

Part man. Part machine. All CISO. (LIVE in DC)

We’ve heard a lot of talk about the security risks with emerging AI technologies. A lot of these center around employees using large language models. But what about the potential benefits of this technology for cybersecurity? Could we eventually see a de facto AI CISO on the job? 

This week’s episode is hosted by me, David Spark, producer of CISO Series and Rob Duhart, deputy CISO, Walmart. Joining us is our guest, Aaron Hughes, CISO, Albertsons.

This episode was recorded in front of a live audience at the Watergate Hotel in Washington, DC. We were the opening entertainment for the Convene conference hosted by the National Cybersecurity Alliance.

Harnessing neurodiversity in cybersecurity 

We hear all the time that there is an acute talent shortage in cybersecurity. So why aren’t we making positions more accommodating to a neurodiverse community? “We cannot continue to lament the woes of the talent shortage in our industry while being unwilling to look at underrepresented demographics," said Shaun Marion, former McDonald's CISO in a recent LinkedIn post about the need to hire neurodiversity. CISOs need to rethink hiring and work conditions to attract this talent pool.

Language matters in cybersecurity

In cybersecurity, we understand the importance of language when communicating with peers. It’s important to efficiently share technical information on threats and risks to keep organizations secure. But communication on security issues matters to everyone in the business. Rob Snyder of Microsoft Datacenters argues that using weighted words, like “suspicious” and “report,” when talking about insider threats can make staff less likely to speak up. 

We’re starting to see AI partnerships in cybersecurity 

For all the hype with AI, the reality is it's been around for decades. The difference is now the value of these models has increased as the skills needed to get that value have plummeted. Christopher Whyte on CSOonline looked at how these systems are being used to create de facto partnerships in cybersecurity. Over time this could result in faster decision making in a crisis and more objective risk-based value judgements. 

Cybercrime doesn’t just result in financial fallout 

Increasingly we’re understanding the mental health aspects these incidents can cause. In a piece on Dark Reading, Stephen Cobb argued this amounts to a public health crisis. Cyber scams can cause the same distress and violate trust as your home getting robbed. With increasingly common data breaches exposing personally identifiable information in an organization, we’re seeing impacts on employee behavior. Organizations need to address these effects head on. 

Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to our podcast sponsor, KnowBe4

Best advice I ever got in security...

"Hire people smarter than you. This goes for security, banking, retail, doesn't matter. Hire people smarter than you. A CISO needs to be great at context switching, doesn't necessarily need to be a domain expert in every discipline, so always have smarter people around you." - Aaron Hughes, CISO, Albertsons Companies

Listen to full episode of

"Part man. Part machine. All CISO."

How to Prime Your Data Lake...

"I think the reality is the best thing about a data lake, especially for security, is it’s a relatively low cost place that you can put all this data that you don’t know quite what you want to do with it, but you know it’s valuable, in one place and make it valuable. But the worst thing about it is you’ve got all your data in this one place, and you’re not quite sure what to do about it. So, going from there and really deriving that value means you either have to have a schema, or you have to have an idea in mind of what kind of detection you want to run, what kind of audits you want to run, what kind of questions do you want to ask this mysterious oracle that has all knowledge." - Geoff Belknap, CISO, LinkedIn

Listen to full episode of

"How to Prime Your Data Lake."

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Cyber Security Headlines - Week in Review

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Shawn Bowen, CISO, World Kinect Corporation.

Thanks to our Cyber Security Headlines sponsor, Hyperproof

Live!

CISO Series Podcast LIVE in Santa Monica 10-5-23

Here's a preview video of the live audience recording of the CISO Series Podcast at the ISSA-LA Information Security Summit in Santa Monica, California. Joining me on stage will be John C. Underwood, VP, information security, Big 5 Sporting Goods and Joshua Scott, head of security and IT, Postman.

WHEN: The ISSA-LA Information Security Summit runs from October 4th through October 5th, 2023. We'll be the closing entertainment on October 5th, recording the podcast at 5pm PDT. Right after our recording will be the keynote for the summit from Ira Winkler, Field CISO for CYE Security.

WHERE: Annenberg Beach House, 415 Pacific Coast Hwy Santa Monica, CA 90402

REGISTER for the event here

Huge thanks to our sponsor, Veza

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.