All Episodes
Defense in Depth — 364 episodes
Is the "Attackers Only Need to Be Right Once" a Misnomer?
What It Takes To Be Successful in Cyber Media
CISOs Buy For Selfish and Politically Risk-Averse Reasons (Not Because Your Product is the Best)
Has Cybersecurity Become a Cult?
What Does the Next Generation of Cloud Security Look Like?
The Dangers of Picking the Wrong Vendor
Why Cyber Startups Need CISO Advisors
Breaking the Reactive Cycle of Cybersecurity
How Do You Know If Your Backups Will Survive a Ransomware Attack?
What Makes a Successful Security Vendor Demo?
Should You Use Native or 3rd Party Cloud Management Tools?
How Should We Measure the Performance of a CISO?
How to Be Less Busy and More Effective in Cyber
How to Engage With a CISO When They Express Interest
Who is Responsible for the Conflict Between Security and Developers?
Are Your Security Tools Creating More Work for Your Team?
Why Overpromising is a Dangerous Sales Tactic
Should You Phish Your Employees or Not?
How Much Autonomy Should You Give AI Agents in Your SOC?
Cybersecurity's Broken Hiring Process
Simple Security Solutions That Deliver a Big Impact
When Cybersecurity Marketing Fails to Reach the Buyer
How Best to Prepare Your Data for Your Tools
Don't Try to Win with Technical Expertise. Win by Partnering.
What Makes a Successful CISO?
How Should CISOs Talk to the Business
How Much Cyber Risk Should a CISO Own?
How To Tell When a Vendor is Selling AI Snake Oil
In the Age of Identity, is Network Security Dead?
How to Manage Configuration Drift
Is Least Privilege Dead?
How Do We Measure Our Defenses Against Social Engineering Attacks?
Sales Follow Up Sequences: What Works Best in Cyber?
What Soft Skills Do You Need in Cyber?
What is the Visibility That Security Teams Need?
Data Governance in the Age of AI
How Can Security Vendors Better Stand Out?
What New Risks Does AI Introduce?
The Pattern of Early Adoption of Security Tools
How Are You Managing the Flow of AI Data
How to Deal with Last Minute Compliance Requirements
Do You Have a Functional Policy or Did You Just Write One?
Where are We Struggling with Zero Trust
Cybersecurity Has a Prioritization Problem
How Can AI Provide Useful Guidance from Fragmented Security Data?
Why Salespeople's Knowledge of Cybersecurity Is Critical for the Ecosystem
What Are the Cybersecurity Trends We Need To Follow?
Is It Even Possible to Fast-Track Your Way Into Cybersecurity?
What's the Most Efficient Way to Rate Third Party Vendors?
Don't Ask "Can" We Secure It, But "How" Can We Secure It
Has the Shared Security Model for SaaS Shifted?
Improving the Efficiency of Your Threat Intelligence
Why Cybersecurity Professionals Lie on Their Resumes
What Should Be in a CISO Job Description?
The CISO's Job Is Impossible
Can You Have a Secure Software Environment Without Traditional Vulnerability Management?
How Much Should Salespeople Know About Their Product?
Why Are We Still Struggling to Fix Application Security?
What Can Someone with No Experience Do in Cybersecurity?
Are New Gartner-Created Categories/Acronyms Helping or Hurting the Cybersecurity Industry?
Can AI improve Third-Party Risk Management (TPRM)
Cybersecurity Is NOT an Entry-Level Position
Hey Vendors, What Problem Is Your Product Solving?
We've Been Fooled. There Is No Talent Shortage.
Is There an Increasing Consolidation of Vendors in the SOC?
Are CISOs Struggling to Get Respect?
Is Platformization Vs Best-of-Breed a False Dichotomy?
Protecting Your Backups from Ransomware
Can a Security Program Ever Reach Maintenance Mode?
The Hardest Problems in Security Aren't "Security Problems"
If and When Should a CISO Have a Long Term Security Plan?
Do We Want CISOs Dictating How Salespeople Should Engage?
Is AI Benefiting Attackers or Defenders?
CISOs DO Own the Risk
How Can We Fix Alert Fatigue?
Vulnerability Management ≠ Vulnerability Discovery
Are Security Awareness Training Platforms Effective?
The Argument For More Cybersecurity Startups
How Are New SEC Rules Impacting CISOs?
Managing the Risk of GenAI Tools
Defending Against What Criminals Know About You
Will We Ever Go Back From Work From Home?
The Lurking Dangers of Neglected Security Tools
When You Just Can't Take It Anymore in Cyber
Is It Possible to Inject Integrity Into AI?
Are Phishing Tests Helping or Hurting Our Security Program?
Who Is Responsible for Securing SaaS Tools?
Hiring Cyber Teenagers with Criminal Records
What's Working With Third-Party Risk Management?
What Triggers a CISO?
Information Security vs. Cybersecurity
Should Deny By Default Be the Cornerstone of Zero Trust?
What Is a Field CISO?
Cybersecurity Is a Communications Problem
Do Companies Undergoing a Merger or Acquisition Get Targeted for Attacks?
Telling Stories with Security Metrics
Securing Identities in the Cloud
How AI Is Making Data Security Possible
What Makes a Successful CISO?
We Want a Solution to Remediate, Not Just Detect Problems
Recruiting from the Help Desk
How Do We Build a Security Program to Thwart Deepfakes?
Where Are Secure Web Gateways Falling Short?
Understanding the Zero-Trust Landscape
Scaling Least Privilege for the Cloud
Should CISOs Be More Empathetic Towards Salespeople?
Managing Data Leaks Outside Your Perimeter
What Are the Risks of Being a CISO?
Onboarding Security Professionals
How to Improve Your Relationship With Your Boss
Improving the Responsiveness of Your SOC
The Demand for Affordable Blue Team Training
Why are CISOs Excluded from Executive Leadership?
What Is Your SOC's Single Search of Truth?
When Is Data an Asset and When Is It a Liability?
Tracking Anomalous Behaviors of Legitimate Identities
Why Do Cybersecurity Startups Fail?
Is "Compliance Doesn't Equal Security" a Pointless Argument?
CISOs Responsibilities Before and After an M&A
Use Red Teaming To Build, Not Validate, Your Security Program
The Do's and Don'ts of Approaching CISOs
Doing Third Party Risk Management Right
Warning Signs You're About To Be Attacked
Do We Have to Fix ALL the Critical Vulnerabilities?
Mitigating Generative AI Risks
Building a Cyber Strategy for Unknown Unknowns
Responsibly Embracing Generative AI
People Are the Top Attack Vector (Not the Weakest Link)
What's Entry Level in Cybersecurity?
New SEC Rules for Cyber Security
The Value of RSA, Black Hat, and Mega Cyber Tradeshows
Is Remote Work Helping or Hurting Cybersecurity?
How to Manage Users' Desires for New Technology
Cybersecurity Questions Heard Around the Kitchen Table
How to Prime Your Data Lake
Getting Ahead Of Your Threat Intelligence Program
How Security Leaders Deal with Intense Stress
How Do We Influence Secure Behavior?
Security Concerns with ChatGPT
Create A Pipeline of Cyber Talent
Improving Adoption of Least Privileged Access
Securing SaaS Applications
How Do We Get Better Control of Cloud Data?
Finding Your Security Community
Let's Write Better Cybersecurity Job Descriptions
How Should Security Better Engage with Application Owners?
How To Get More People Into Cybersecurity
How to Create a Positive Security Culture
How Should We Trust Entry Level Employees?
How Must Processes Change to Reduce Risk?
Reputational Damage from Breaches
Do RFPs Work?
Successful Cloud Security
How Should Security Vendors Engage With CISOs?
Gartner Created Product Categories
How to Always Make a Business Case for Security
Do Breaches Happen Because the Tool Fails, or the Tool Was Poorly Configured?
What We Love About Working in Cybersecurity
Security That Accounts for Human Fallibility
Why You Should Be Your Company's Next CISO
How to Become a CISO
Can You Build a Security Program on Open Source?
Third Party Risk vs. Third Party Trust
How Can We Improve the Cyber Sales Cycle?
What Leads a Security Program: Risk or Maturity?
Limitations of Security Frameworks
Why Is There a Cybersecurity Skills Gap?
What Can the Cyber Haves Do for the Cyber Have Nots?
Securing Unmanaged Assets
Ambulance Chasing Security Vendors
Do CISOs Have More Stress than Other C-Suite Jobs
How Should We Discuss Cyber With the C-Suite?
Can You Be a vCISO If You've Never Been a CISO?
How Should We Gauge a Company's Cyber Health?
Reducing the Attack Surface
Do We Need a Marketing Manager for the Security Team?
Cybersecurity Budgets
How Can We Make Sense of Cybersecurity Titles?
Walk a Mile in a Security Recruiter's Shoes
Moving Security from a Prevention to a Resilience Strategy
How to Engage with Non-Technical Business Leaders
Cybersecurity Burnout
How to Build a Greenfield Security Program
Managing the Onslaught of Files
Can You Have Culture Fit and Diversity, or Are They Mutually Exclusive?
How to Follow Up With a CISO
Roles to Prepare You to Be a CISO
Minimizing Damage from a Breach
We're All Still Learning Cyber
Practical Cybersecurity for IT Professionals
Data Protection for Whatever Comes Next
What Is Attack Surface Profiling?
How Can You Tell If Your Security Program Is Improving?
How Can We Improve Recruiting of CISOs and Security Leaders?
How Is Our Data Being Weaponized Against Us?
Can Security Be a Profit Center?
Getting Ahead of the Ongoing Malware Fight
Building a Security Awareness Training Program
Onboarding Cyber Professionals with No Experience
Where's the Trust in Zero Trust?
Who Investigates Cyber Solutions?
Does the Cybersecurity Industry Suck?
Are We Taking Zero Trust Too Far?
Is Shift Left Working?
Technical vs. Compliance Professionals
Why Do So Many Cybersecurity Products Suck?
Training for a Cyber Disaster
Virtual Patching
Start a Cybersecurity Department from Scratch
How to Think Like a Cybercrook
Building a Data-First Security Program
Offensive Security
When Vendors Pounce on New CISOs
Building a Cybersecurity Culture
How to Pitch to a Security Analyst
Is Your Data Safer in the Cloud?
What Should We Stop Doing in Cybersecurity?
DDoS Solutions
Making Cybersecurity Faster and More Responsive
Promises of Automation
When Social Engineering Bypasses Our Cyber Tools
How Can We Simplify Security?
Convergence of Physical and Digital Security
How Do You Measure Cybersecurity Success?
How Do We Turn Tables Against Adversaries?
Ageism in Cybersecurity
Proactive Vulnerability Management
Why Is Security Recruiting So Broken?
How to Be a Vendor that CISOs Love
The "Are We Secure?" Question
Ransomware Kill Chain
Can Technology Solve Phishing?
Convergence of SIEM and SOAR
Cybersecurity Is Not Easy to Get Into
Preventing Ransomware
Managing Lateral Movement
First Steps as a CISO
How Does Ransomware Enter the Network?
What's the Value of Certifications?
Measuring the Success of Cloud Security
How do I get my first cybersecurity job?
Educating the Board About Cybersecurity
CISO Recruiting Is Broken
Retaining Cyber Talent
Salesforce Security
Cloud Configuration Fails
Starting Pay for Cyber Staff
Fear of Automation
Hiring Talent with No Security Experience
Security Hygiene for Software Development
How Much Do You Know About Your Data?
Do Startups Need a CISO?
Insider Risk
What's the Obsession with Zero Trust?
Mentoring
Securing the Super Bowl and Other Huge Events
Cybersecurity Isn't That Difficult
Cloud Security Myths
What Is Security's Mission?
Vendor CISOs
How Much Log Data Is Enough?
Should Finance or Legal Mentor Cyber?
Data Destruction
How to Make Cybersecurity More Efficient
Does a CISO Need Tech Skills?
How Do You Know if You're Good at Security?
Building a Security Team
Are our Data Protection Strategies Evolving?
Should CISOs Be Licensed Professionals?
Inherently Vulnerable By Design
Imposter Syndrome
Why Don't More Companies Take Cybersecurity Seriously?
Data Protection and Visibility
What's an Entry Level Cybersecurity Job?
Securing Digital Transformations
Leaked Secrets in Code Repositories
Measuring the Success of Your Security Program
Privacy Is An Uphill Battle
Legal Protection for CISOs
XDR: Extended Detection and Response
Calling Users Stupid
Is College Necessary for a Job in Cybersecurity?
When Red Teams Break Down
What Cyber Pro Are You Trying to Hire?
Junior Cyber People
Trusting Security Vendor Claims
How Vendors Should Approach CISOs
Secure Access
InfoSec Fatigue
Securing a Cloud Migration
API Security
Shared Threat Intelligence
Drudgery of Cybercrime
Security Budgets
Role of the BISO
Shared Accounts
Bug Bounties
Data Classification
Prevention vs. Detection and Containment
Asset Valuation
DevSecOps
Fix Security Problems with What You've Got
Should Risk Lead GRC?
Responsible Disclosure
Internet of Things
Is Governance the Most Important Part of GRC?
Who Should the CISO Report To?
Hybrid Cloud
CISO Tenure
Toxic Security Teams
Personality Tests in the Workplace
Lack of Diversity in Cybersecurity
When Are CISOs Responsible for Breaches?
Post Breach Desperation and Salary Negotiations
Presenting to the Board
The Iran Cybersecurity Threat
Building a Fully Remote Security Team
Account Takeover
UX in Cybersecurity
InfoSec Trends for 2020
Cybersecurity Readiness as Hiring Criteria
Cybersecurity and the Media
The Cloud and Shared Security
Is Product Security Improving?
Best Starting Security Framework
Cyber Defense Matrix
User-Centric Security
Securing the New Internet
Resiliency
Ransomware
Top CISO Communication Issues
Cybersecurity Excuses
Employee Hacking
100% Security
Proactive Security
ATT&CK Matrix
Hacker Culture
Bad Best Practices
Cyber Harassment
CISO Series One Year Review
Economics of Data
Tool Consolidation
Camry Security
Amplifying Your Security Posture
ERP Security
Managing Obsolete (Yet Business Critical) Systems
Cybersecurity Hiring
How CISOs Discover New Solutions
Is the Cybersecurity Industry Solving Our Problems?
Vulnerability Management
Privileged Access Management
Machine Learning Failures
Software Fixing Hardware Problems
Tools for Managing 3rd Party Risk
CISO Burnout
RSA 2019: Success or Failure?
Security IS the Business
Threat Intelligence
Secure Controls Framework
Insider Threats
Building an Information Security Council
Privacy
Security Metrics
Welcome to Defense in Depth