Super Cyber Fridays!
Join us TOMORROW, Friday [11-14-25], for "Hacking Cybersecurity Marketing"

Join us Friday, November 14, 2025, for “Hacking Cybersecurity Marketing: An hour of critical thinking about how to better speak to the community.”

It all begins at 1 PM ET/10 AM PT TOMORROW, with guests Gianna Whitver, co-founder and CEO, Cybersecurity Marketing Society, and Steve Zalewski, co-host, Defense in Depth. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register now

Defense in Depth
How to Manage Configuration Drift

Initially, no one intentionally misconfigures a tool. But over time, environments and tools change, resulting in configuration drift, which opens you up to security issues. How are we managing our tools, and when do we know they're no longer set the way we want them to be?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker.

Listen to the full episode here.

When configuration drift becomes operational reality

Configuration drift isn't a theoretical problem, it's a daily operational challenge that demands systematic approaches. "When it comes to security controls, they always have to be onboarded in some sort of consistent programmatic effort that verifies them, confirms them, or audits them regularly," said Luis Valenzuela of InComm Payments. This is part of his team's weekly random control testing that catches both intentional changes and undocumented false positives. Louis Zhichao Zhang of AIA Australia reinforced this, saying, "Configuration drift is inevitable. Change is the norm. The key is to operationalize how you manage it."

The garden that never stops growing

The challenge with configuration drift is that it accumulates silently until it becomes a crisis. "We like to say that config drift is like weeds in a garden, you only notice when it's already out of control," said Joan Weiner Levin. "Just like you schedule time to weed the garden, you need to stay on top of drift and schedule time to fix it." Fernando Montenegro of the Futurum Group offered another metaphor with more of a technological bent, saying, "I think of this as analogous to driving—until we get to actual self-driving cars, human driving requires continuous monitoring of speed, distance... This means that monitoring for drift should be a regular exercise so that things are caught early on."

From detection to cultural shift

True maturity means accounting for configuration drift on a cultural level. "It is one of the most underestimated risks because it doesn't announce itself, it creeps in quietly and only shows up as an outage or a breach," said Gaurav Trivedi of Microsoft. Properly frame drift as the security challenge it is. Too often, we frame it as an operational issue. "Configuration drift isn't just a nuisance—it's a threat vector... In environments that never stop changing, the goal isn't to freeze configs, it's to make every change observable, controlled, and reversible," said Roshni Chattopadhyay of Microsoft.

The maturity gap

Theory and practice seldom meet when it comes to managing configuration drift. "Configuration drift comes down to change management: effectively controlling, monitoring, and managing changes as they enter the system," said Jared Mendenhall, CISO at Armature Systems. We know we should have all changes documented, tested, and tracked across all systems. But as Jared pointed out, "This assumes a certain level of process maturity and control, and that the velocity of required changes doesn't exceed your ability to manage them."

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our podcast sponsor, ThreatLocker

Subscribe
Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

LIVE!
Cyber Security Headlines - Department of Know

Our LIVE stream of The Department of Know happens every Monday at 4 PM ET / 1 PM PT with CISO Series producer Richard Stroffolino, and a panel of security pros. Each week, we bring you the cybersecurity stories that actually matter, and the conversations you’ll be having at work all week long.

Monday’s episode featured Jacob Combs, CISO, Tandem Diabetes Care, and Ross Young, co-host, CISO Tradecraft. Missed it? Watch the replay on YouTube and catch up on what’s shaping the week in security.

Join us again next week, and every Monday.

Thanks to our Cyber Security Headlines sponsor, Vanta

What CISOs Want You To Know During M&A

This month’s AMA on r/cybersecurity brought together five security leaders, who shared what really happens when you inherit another company’s culture, tech stack, risk profile, and debt. From due diligence gaps to post-acquisition identity confusion, the conversation made one thing clear: you can’t secure what you don’t understand, and you rarely understand it until the deal is already done.

Thanks to our participants!

• Geoff Belknap, (u/GeoffBelknap), co-host, Defense in Depth

• Ty Sbano, (u/security-Ty) CISO, Vercel

• Jason Loomis, (u/SchrodingersFirewall), CISO, Freshworks

• Don Paquin, (u/ok-macaron-335) director, cyber mergers, acquisitions, & divestitures, RTX

• Leslie Nielsen, (u/cyberguy1729) CISO, Mimecast

Read highlights from the AMA here.

Next up: “I'm a CISO who has experience dealing with an "insider threat." Ask Me Anything.” Starting Sunday, November 16 on r/cybersecurity.

Cyber chatter from around the web...
Jump in on these conversations

“If the Louvre's WiFi password being 'Louvre' shocks you...” (More here)

“Pentagon releases ‘revised’ plan to boost cyber talent, ‘domain mastery’” (More here)

“Most companies don't want security; they just want to look secure.” (More here)

Coming Up On Super Cyber Friday...
In the weeks ahead on Super Cyber Friday we have:

• [11-14-2025] "Hacking Cybersecurity Marketing"

• [11-21-2025] "Hacking the Budget Battle"

 Save your spot and register for them all now!

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.