View this email in your browser

CISO Series Podcast

We’re Not Home. Please Leave Your Company’s Data After the Beep.

Why are so many companies unprepared for phone-based social engineering? As an industry, we're very familiar with the attack surface presented by email. But the recent MGM Resorts breach showed that phone-based defenses are sorely lacking. Why do many organizations not give this attack surface the attention it deserves?

This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, operating partner, YL Ventures. Joining us is our guest, Arvin Bansal, former CISO for Nissan Americas. 

Social engineering phones home

The recent MGM Grand hotel breach shined a spotlight on the rise in successful phone-based social engineering attacks. Why are these successful? In a LinkedIn post, SocialProof Security CEO Rachel Tobac laid the blame at a lack of verification protocols. But Arvin Bansal found an overall lack of ownership and management of legacy phone systems is just as much a factor. 

Supporting whistleblowers in cybersecurity

Organizations all say they want their employees to do the right thing, but not nearly as many offer support to whistleblowers, particularly in cybersecurity. Whether it’s internally or to a regulatory body, whistleblowing can carry a lot of career risk, noted Andrada Fiscutean at CSOonline. Supporting whistleblowers must start with leadership. Start small, if you need to, with bug bounties. Reward those who help improve the organizations. Then, let this extend into continued employee conversations about questionable behavior, and have a legal team ready to offer support to employees if needed. 

Making sense of CVE numbers

The Common Vulnerability Scoring System or CVSS is unquestionably useful, but far from perfect. Frequently, critically scored vulnerabilities lack context to show how much risk they actually carry to an organization. When these critical vulnerabilities have compliance or contractual implications, projects and organizations often don’t have a choice but to devote resources to prioritize them, found Jake Edge in a recent piece for LWN.net. Ultimately, organizations need to create a documented framework to understand simply how to process the inevitable flood of these vulnerabilities.

The unfilled security jobs Catch-22

If you were to believe analyst reports, the number of unfilled cybersecurity jobs is becoming so acute that organizations would be throwing themselves at anyone remotely qualified. But ask anyone looking to get into the field and that couldn’t be further from the truth. According to Ben Rothke there are jobs out there, but in specialized fields. Rather than being open to newcomers, these positions generally are better suited for hiring from existing IT staff in adjacent fields. If there are open positions, we need to build a better pipeline into these specialized positions, rather than holding out hope that a certification or a bootcamp will open doors for new hires. 

Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to our podcast sponsor, Palo Alto Networks

Best advice for a CISO...

"Focus on organization culture. Does it align with your personal values? Does it align with your strength and opportunities? And will it help you grow?" - Arvin Bansal, former CISO, Nissan Americas

Listen to full episode of

"We’re Not Home. Please Leave Your Company’s Data After the Beep."

Responsibly Embracing Generative AI

"I always transplant in my head ban it with drive it underground because that’s the reality in most of these organizations. People are reaching for these technologies because they’re increasing productivity. They’re enabling some new business process or workflow that wasn’t available before. And the idea that it’s just not going to be available is sort of like putting the cookie jar on the top shelf. The kids just want it more when it’s out of reach." - Russell Spitler, CEO and co-founder, Nudge Security

Listen to full episode of

"Responsibly Embracing Generative AI."

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Cyber Security Headlines - Week in Review

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Jay Wilson, CISO, Insurity.

Thanks to our Cyber Security Headlines sponsor, Sysdig

Super Cyber Fridays!

What's Forcing Privacy to the Forefront of American Business?

Regulations, community pressure, business differentiators, and artificial intelligence have all in the past few years brought the issue of privacy into the realm of cybersecurity. It's now become a critical part of doing business in America. In this video, Matt Cooper, senior manager, privacy risk and compliance, Vanta and I talked about privacy issues in America as a preview for our upcoming Super Cyber Friday event "Hacking U.S. Data Privacy: An hour of critical thinking on dealing with ever changing patchwork of regulations" happening on November 17th, 2023.

REGISTER for 11-17-23 Super Cyber Friday event 

Joining me and Matt for this discussion will be Greg McCord, CISO, Lightcast.

It all starts at 1 PM Eastern/10 AM Pacific. At the end of the hour [2 PM Eastern/11 AM Pacific] we'll switch gears to our meetup where everyone will get a chance to chat face to face.

Thanks to our Super Cyber Friday sponsor, Vanta

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.