CISO Series Podcast
The Security Incident Has Been Upgraded From “Ouch” to “Boiiiing” (LIVE in Orlanda, FL)

We often fall back on severity when evaluating cybersecurity incidents. Severity has its place in analyzing an incident after the fact, but does it help the situation when dealing with one?

This week’s episode is hosted by me, David Spark, producer of CISO Series and Trina Ford, CISO, iHeartMedia. Joining us is our sponsored guest Rob Allen, chief product officer, ThreatLocker.

This episode was recorded in front of a live audience at Zero Trust World in Orlando, Florida.

Severity versus impact

Traditional severity scales fall short in incident response because initial evidence is usually ambiguous and lacks full context. An alternative approach suggests classifying incidents by complexity instead, which naturally leads teams toward a response plan rather than just an assessment, argued Dan Slimmon of Clerk.com. While this idea makes sense in theory, many security teams already follow a version of it instinctively—prioritizing containment over severity analysis in the heat of an incident. Businesses are more interested in impact than severity, and security teams need to communicate in those terms to maintain credibility and avoid unnecessary panic.

Breaking the anti-pattern

Contradictions in technology and policy are a constant source of security issues. This happens all the time on the UX side, where we create forms that demand a certain input but don’t put limits on the fields to make incorrect input impossible, as outlined by Noah Iliinsky of SnapLogic. Security is no different. Organizations tell employees not to save passwords in browsers but fail to provide password managers. They prohibit unauthorized file sharing but don’t offer enterprise alternatives. One of the worst offenders is developer access—companies insist on restricting access to production environments but don’t actually enforce those restrictions. A notable example is Microsoft's decision to allow Office applications to interact with PowerShell, which is frequently exploited in ransomware attacks. These security anti-patterns persist because convenience often takes priority over proactive risk reduction. 

Take the first step to zero trust

It’s not just private industry that struggles with zero trust adoption. The U.S. Air Force’s Zero Trust Strategy acknowledges major roadblocks in its zero trust deployment, including institutional resistance, lack of automation tools, gaps in IoT security, and aging infrastructure that won’t be upgraded until 2028. Rather than being overwhelmed by the complexity, organizations must focus on visibility as the first step—understanding their environment before trying to secure it. Any zero trust rollout must also account for business culture; without buy-in from leadership, security measures will be ignored or actively resisted. 

What are your demands?

Cybersecurity workers of the world, unite! The cybersecurity subreddit tried to drum up some solidarity, asking what demands the industry would make if it went on strike. Common frustrations include long hours, unrealistic expectations, and constant firefighting. Suggested demands included mandatory spa days, three-day weekends twice a month, and a corporate ban on impulsive security tool purchases based on LinkedIn hype. More serious takeaways included the need for stress relief, better work-life balance, and the acknowledgment that security professionals are always on-call, especially during high-risk periods like holiday weekends. While all in good fun, a lot of the post can be read as trying to cure the classic symptoms of burnout.

Listen to the full episode on our blog or your favorite podcast app, where you can read the entire transcript. If you haven’t subscribed to the CISO Series Podcast via your favorite podcast app, please do so now.

Listen to the podcast

Thanks to  Steve Wingate of CyberGuard Advisors for contributing this week’s “What’s Worse?!” scenario.

Huge thanks to our sponsor, ThreatLocker

Subscribe
Subscribe to CISO Series Podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "CISO Series Podcast" into your favorite podcast app.

SECURITY YOU SHOULD KNOW
Address Data Loss from Insider Threats with DTEX Systems

Understanding and mitigating insider risk has taken a front seat in organizational security strategies. What once was a niche concern, we’re seeing significant escalation in insider threats, particularly from nation-state actors, with insiders becoming victims of coercion or identity theft.

In this episode, Mohan Koo, president & co-founder, DTEX Systems, explains why understanding human behavior, continuous data tracking, and proactive collaborations are key components in staying ahead of evolving risks. Joining Mohan in this discussion are Janet Heins, CISO, ChenMed, and Bethany De Lude, CISO emeritus.

Listen to the full episode.

Huge thanks to our sponsor, DTEX Systems

Biggest mistake I ever made in security.

"This is my fourth Zero Trust World. At one point, at one stage, in the first one, I managed to get involved in trying to help someone set up and make a pineapple, a Wi-Fi pineapple, work. After that, I somehow managed to be promoted to the position of Chief Pineapple Officer. So, I’ve basically spent about half of all the Zero Trust Worlds locked in a room getting kicked in the nuts by a pineapple repeatedly. And can I just say the best thing about this Zero Trust World has been that I managed to offload that pineapple task to somebody else? John, I’m sorry. So, all I can say is I’m so thankful that it was somebody else this year who was getting kicked in the nuts by a pineapple and not me. " - Rob Allen, chief product officer, ThreatLocker

Listen to the full episode of "The Security Incident Has Been Upgraded From “Ouch” to “Boiiiing” (LIVE in Orlanda, FL)" 

Hey Vendors, What Problem Is Your Product Solving?

"‘Tell me what problem you’re solving.’ And in response, I received hundreds of sales pitches and none of them articulated the problems." - Yaron Levi, CISO, Dolby

Listen to the full episode of "Hey Vendors, What Problem Is Your Product Solving?" 

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Jonathan Waldrop, CISO, The Weather Company.

Thanks to our Cyber Security Headlines sponsor, ThreatLocker

Super Cyber Fridays!
Navigating the Fragmented World of Identity Management

There is no dearth of cybersecurity vendors in the identity space. So why does it feel that instead of helping, we've ended up with a fragmented landscape?

Despite many positive developments, the identity space lacks a single source of truth. I'm joined by Ivan Dwyer, senior product marketing strategist at Axonius, to discuss how the industry can work towards unified identity solutions that address authentication and authorization issues and how proactive identity hygiene can reduce attack surfaces. Fragmented tool kits force you to divide your attention instead of allowing you to meaningfully reduce your attack surface to proactively improve your resilience.

REGISTER for 3-28-25 Super Cyber Friday

Join us on March 28, 2025, for "Hacking Fragmented IAM" at 1pm ET/10am PT on Super Cyber Friday. Joining David and Ivan is TC Niedzialkowski, former CISO at NextDoor.

Thanks to our Super Cyber Friday sponsor, Axonius

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.