All links and images for this episode can be found on CISO Series. Troy Hunt's new site, "Dumb Password Rules," demonstrates yet another slice of security theater. Rules designed to make the creator believe they're making the business more secure, but appear to do nothing more than create unnecessary roadblocks and confusion. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Our guest is Dave Hannigan (@davidhannigan), CISO, Nubank. Thanks to our podcast sponsor, Reqfast  Stop treating your various intelligence and security functions as if they are separate, unrelated activities and, instead, bring them together with Reqfast. Identify what’s needed, identify areas for improvement, and make data-driven decisions with confidence. In this episode:  Are dumb password rules the result of security theater or limitations of old technology? What really causes lack of sleep and burnout among IT and Security leaders? Why are we still struggling with cybersecurity hiring? 

Password Rules Make Us Feel More Secure

Formerly named CISO/Security Vendor Relationship Podcast. Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.

Technology

Tech News

Podcasting

Gadgets

Software How-To

News

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our guest, TC Niedzialkowski, CISO, Nextdoor. In this episode:   Has the line between work and personal devices blurred?   Why are we seeing signs that that line no longer exists for employees?   What is the path of cybersecurity to keep company data secured when its continually commingling with personal devices?   Thanks to our podcast sponsors, Eclypsium and Normalyze  Eclypsium is helping enterprises and government agencies mitigate risks to their infrastructure from complex technology supply chains. Our cloud-based and on-premises platform provides digital supply chain security for software, firmware and hardware in enterprise infrastructure. Get started today at eclypsium.com/spark  Where is my data? Is it sensitive? Who has access to the data? What are the risks? What is the cost of exposure? Am I compliant now? Enter  Normalyze.  Normalyze’s agentless, machine-learning scanning platform continuously discovers sensitive data, resources, and access paths in all cloud environments.  Learn more.

Can’t Talk, I’m Onboarding My Kids To Their First Soccer Practice (Live in Mountain View, CA)

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining me is our sponsored guest, Aaron Shaha, CISO, CyberMaxx. In this episode:   Is technical debt an inevitability in any organization?   How do you go about "paying it down?"   How do you decide when you need a systematic refresh and when can you kick the can down the road a little longer?   Thanks to our podcast sponsor, CyberMaxx  CyberMaxx offers MaxxMDR, our next-generation managed detection and response (MDR) solution that helps customers assess, monitor, and manage their cyber risks. MaxxMDR fuels defensive capabilities with insights from offensive security, DFIR, and threat hunting, on top of a technology-agnostic deployment model. We think like an adversary but defend like a guardian.

I Really Shouldn’t Have Agreed to Variable Rate Technical Debt

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is my guest, Thom Langford, CISO, Velonetic. In this episode:   Why do lots of businesses pledge to never pay ransomware demands?   And why do their priorities quickly change when they need to get the business back to normal after an attack occurs?   What good is a pledge like that without the infrastructure and organizational commitment to make it possible?   Thanks to our podcast sponsor, CyberMaxx  CyberMaxx offers MaxxMDR, our next-generation managed detection and response (MDR) solution that helps customers assess, monitor, and manage their cyber risks. MaxxMDR fuels defensive capabilities with insights from offensive security, DFIR, and threat hunting, on top of a technology-agnostic deployment model. We think like an adversary but defend like a guardian.

We’ll Invest in Resilience as Soon as the Ransom Payment Clears

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining me is our sponsored guest, Matt Radolec, vp, incident response and cloud operations, Varonis. In this episode:   Why is retaining cyber talent so hard?   How can organizations keep an employee from going elsewhere?   Why do organizations often not prioritize the factors to keep key employees?   Thanks to our podcast sponsor, Varonis  Ready to reduce your risk without taking any? Try Varonis’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today.

We Could Lower Risk If We Shrunk Our Business

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our guest, Joshua Brown, vp and global CISO, H&R; Block. In this episode:   Why is retaining cyber talent so hard?   How can organizations keep an employee from going elsewhere?   Why do organizations often not prioritize the factors to keep key employees?   Thanks to our podcast sponsor, CyberMaxx  CyberMaxx offers MaxxMDR, our next-generation managed detection and response (MDR) solution that helps customers assess, monitor, and manage their cyber risks. MaxxMDR fuels defensive capabilities with insights from offensive security, DFIR, and threat hunting, on top of a technology-agnostic deployment model. We think like an adversary but defend like a guardian.

Password Rules Make Us Feel More Secure

Download our free app to listen on your phone