Defense in Depth cover art

All Episodes

Defense in Depth — 364 episodes

#
Title
1

Is the "Attackers Only Need to Be Right Once" a Misnomer?

2

What It Takes To Be Successful in Cyber Media

3

CISOs Buy For Selfish and Politically Risk-Averse Reasons (Not Because Your Product is the Best)

4

Has Cybersecurity Become a Cult?

5

What Does the Next Generation of Cloud Security Look Like?

6

The Dangers of Picking the Wrong Vendor

7

Why Cyber Startups Need CISO Advisors

8

Breaking the Reactive Cycle of Cybersecurity

9

How Do You Know If Your Backups Will Survive a Ransomware Attack?

10

What Makes a Successful Security Vendor Demo?

11

Should You Use Native or 3rd Party Cloud Management Tools?

12

How Should We Measure the Performance of a CISO?

13

How to Be Less Busy and More Effective in Cyber

14

How to Engage With a CISO When They Express Interest

15

Who is Responsible for the Conflict Between Security and Developers?

16

Are Your Security Tools Creating More Work for Your Team?

17

Why Overpromising is a Dangerous Sales Tactic

18

Should You Phish Your Employees or Not?

19

How Much Autonomy Should You Give AI Agents in Your SOC?

20

Cybersecurity's Broken Hiring Process

21

Simple Security Solutions That Deliver a Big Impact

22

When Cybersecurity Marketing Fails to Reach the Buyer

23

How Best to Prepare Your Data for Your Tools

24

Don't Try to Win with Technical Expertise. Win by Partnering.

25

What Makes a Successful CISO?

26

How Should CISOs Talk to the Business

27

How Much Cyber Risk Should a CISO Own?

28

How To Tell When a Vendor is Selling AI Snake Oil

29

In the Age of Identity, is Network Security Dead?

30

How to Manage Configuration Drift

31

Is Least Privilege Dead?

32

How Do We Measure Our Defenses Against Social Engineering Attacks?

33

Sales Follow Up Sequences: What Works Best in Cyber?

34

What Soft Skills Do You Need in Cyber?

35

What is the Visibility That Security Teams Need?

36

Data Governance in the Age of AI

37

How Can Security Vendors Better Stand Out?

38

What New Risks Does AI Introduce?

39

The Pattern of Early Adoption of Security Tools

40

How Are You Managing the Flow of AI Data

41

How to Deal with Last Minute Compliance Requirements

42

Do You Have a Functional Policy or Did You Just Write One?

43

Where are We Struggling with Zero Trust

44

Cybersecurity Has a Prioritization Problem

45

How Can AI Provide Useful Guidance from Fragmented Security Data?

46

Why Salespeople's Knowledge of Cybersecurity Is Critical for the Ecosystem

47

What Are the Cybersecurity Trends We Need To Follow?

48

Is It Even Possible to Fast-Track Your Way Into Cybersecurity?

49

What's the Most Efficient Way to Rate Third Party Vendors?

50

Don't Ask "Can" We Secure It, But "How" Can We Secure It

51

Has the Shared Security Model for SaaS Shifted?

52

Improving the Efficiency of Your Threat Intelligence

53

Why Cybersecurity Professionals Lie on Their Resumes

54

What Should Be in a CISO Job Description?

55

The CISO's Job Is Impossible

56

Can You Have a Secure Software Environment Without Traditional Vulnerability Management?

57

How Much Should Salespeople Know About Their Product?

58

Why Are We Still Struggling to Fix Application Security?

59

What Can Someone with No Experience Do in Cybersecurity?

60

Are New Gartner-Created Categories/Acronyms Helping or Hurting the Cybersecurity Industry?

61

Can AI improve Third-Party Risk Management (TPRM)

62

Cybersecurity Is NOT an Entry-Level Position

63

Hey Vendors, What Problem Is Your Product Solving?

64

We've Been Fooled. There Is No Talent Shortage.

65

Is There an Increasing Consolidation of Vendors in the SOC?

66

Are CISOs Struggling to Get Respect?

67

Is Platformization Vs Best-of-Breed a False Dichotomy?

68

Protecting Your Backups from Ransomware

69

Can a Security Program Ever Reach Maintenance Mode?

70

The Hardest Problems in Security Aren't "Security Problems"

71

If and When Should a CISO Have a Long Term Security Plan?

72

Do We Want CISOs Dictating How Salespeople Should Engage?

73

Is AI Benefiting Attackers or Defenders?

74

CISOs DO Own the Risk

75

How Can We Fix Alert Fatigue?

76

Vulnerability Management ≠ Vulnerability Discovery

77

Are Security Awareness Training Platforms Effective?

78

The Argument For More Cybersecurity Startups

79

How Are New SEC Rules Impacting CISOs?

80

Managing the Risk of GenAI Tools

81

Defending Against What Criminals Know About You

82

Will We Ever Go Back From Work From Home?

83

The Lurking Dangers of Neglected Security Tools

84

When You Just Can't Take It Anymore in Cyber

85

Is It Possible to Inject Integrity Into AI?

86

Are Phishing Tests Helping or Hurting Our Security Program?

87

​​Who Is Responsible for Securing SaaS Tools?

88

Hiring Cyber Teenagers with Criminal Records

89

What's Working With Third-Party Risk Management?

90

What Triggers a CISO?

91

Information Security vs. Cybersecurity

92

Should Deny By Default Be the Cornerstone of Zero Trust?

93

What Is a Field CISO?

94

Cybersecurity Is a Communications Problem

95

Do Companies Undergoing a Merger or Acquisition Get Targeted for Attacks?

96

Telling Stories with Security Metrics

97

Securing Identities in the Cloud

98

How AI Is Making Data Security Possible

99

What Makes a Successful CISO?

100

We Want a Solution to Remediate, Not Just Detect Problems

101

Recruiting from the Help Desk

102

How Do We Build a Security Program to Thwart Deepfakes?

103

Where Are Secure Web Gateways Falling Short?

104

Understanding the Zero-Trust Landscape

105

Scaling Least Privilege for the Cloud

106

Should CISOs Be More Empathetic Towards Salespeople?

107

Managing Data Leaks Outside Your Perimeter

108

What Are the Risks of Being a CISO?

109

Onboarding Security Professionals

110

How to Improve Your Relationship With Your Boss

111

Improving the Responsiveness of Your SOC

112

The Demand for Affordable Blue Team Training

113

Why are CISOs Excluded from Executive Leadership?

114

What Is Your SOC's Single Search of Truth?

115

When Is Data an Asset and When Is It a Liability?

116

Tracking Anomalous Behaviors of Legitimate Identities

117

Why Do Cybersecurity Startups Fail?

118

Is "Compliance Doesn't Equal Security" a Pointless Argument?

119

CISOs Responsibilities Before and After an M&A

120

Use Red Teaming To Build, Not Validate, Your Security Program

121

The Do's and Don'ts of Approaching CISOs

122

Doing Third Party Risk Management Right

123

Warning Signs You're About To Be Attacked

124

Do We Have to Fix ALL the Critical Vulnerabilities?

125

Mitigating Generative AI Risks

126

Building a Cyber Strategy for Unknown Unknowns

127

Responsibly Embracing Generative AI

128

People Are the Top Attack Vector (Not the Weakest Link)

129

What's Entry Level in Cybersecurity?

130

New SEC Rules for Cyber Security

131

The Value of RSA, Black Hat, and Mega Cyber Tradeshows

132

Is Remote Work Helping or Hurting Cybersecurity?

133

How to Manage Users' Desires for New Technology

134

Cybersecurity Questions Heard Around the Kitchen Table

135

How to Prime Your Data Lake

136

Getting Ahead Of Your Threat Intelligence Program

137

How Security Leaders Deal with Intense Stress

138

How Do We Influence Secure Behavior?

139

Security Concerns with ChatGPT

140

Create A Pipeline of Cyber Talent

141

Improving Adoption of Least Privileged Access

142

Securing SaaS Applications

143

How Do We Get Better Control of Cloud Data?

144

Finding Your Security Community

145

Let's Write Better Cybersecurity Job Descriptions

146

How Should Security Better Engage with Application Owners?

147

How To Get More People Into Cybersecurity

148

How to Create a Positive Security Culture

149

How Should We Trust Entry Level Employees?

150

How Must Processes Change to Reduce Risk?

151

Reputational Damage from Breaches

152

Do RFPs Work?

153

Successful Cloud Security

154

How Should Security Vendors Engage With CISOs?

155

Gartner Created Product Categories

156

How to Always Make a Business Case for Security

157

Do Breaches Happen Because the Tool Fails, or the Tool Was Poorly Configured?

158

What We Love About Working in Cybersecurity

159

Security That Accounts for Human Fallibility

160

Why You Should Be Your Company's Next CISO

161

How to Become a CISO

162

Can You Build a Security Program on Open Source?

163

Third Party Risk vs. Third Party Trust

164

How Can We Improve the Cyber Sales Cycle?

165

What Leads a Security Program: Risk or Maturity?

166

Limitations of Security Frameworks

167

Why Is There a Cybersecurity Skills Gap?

168

What Can the Cyber Haves Do for the Cyber Have Nots?

169

Securing Unmanaged Assets

170

Ambulance Chasing Security Vendors

171

Do CISOs Have More Stress than Other C-Suite Jobs

172

How Should We Discuss Cyber With the C-Suite?

173

Can You Be a vCISO If You've Never Been a CISO?

174

How Should We Gauge a Company's Cyber Health?

175

Reducing the Attack Surface

176

Do We Need a Marketing Manager for the Security Team?

177

Cybersecurity Budgets

178

How Can We Make Sense of Cybersecurity Titles?

179

Walk a Mile in a Security Recruiter's Shoes

180

Moving Security from a Prevention to a Resilience Strategy

181

How to Engage with Non-Technical Business Leaders

182

Cybersecurity Burnout

183

How to Build a Greenfield Security Program

184

Managing the Onslaught of Files

185

Can You Have Culture Fit and Diversity, or Are They Mutually Exclusive?

186

How to Follow Up With a CISO

187

Roles to Prepare You to Be a CISO

188

Minimizing Damage from a Breach

189

We're All Still Learning Cyber

190

Practical Cybersecurity for IT Professionals

191

Data Protection for Whatever Comes Next

192

What Is Attack Surface Profiling?

193

How Can You Tell If Your Security Program Is Improving?

194

How Can We Improve Recruiting of CISOs and Security Leaders?

195

How Is Our Data Being Weaponized Against Us?

196

Can Security Be a Profit Center?

197

Getting Ahead of the Ongoing Malware Fight

198

Building a Security Awareness Training Program

199

Onboarding Cyber Professionals with No Experience

200

Where's the Trust in Zero Trust?

201

Who Investigates Cyber Solutions?

202

Does the Cybersecurity Industry Suck?

203

Are We Taking Zero Trust Too Far?

204

Is Shift Left Working?

205

Technical vs. Compliance Professionals

206

Why Do So Many Cybersecurity Products Suck?

207

Training for a Cyber Disaster

208

Virtual Patching

209

Start a Cybersecurity Department from Scratch

210

How to Think Like a Cybercrook

211

Building a Data-First Security Program

212

Offensive Security

213

When Vendors Pounce on New CISOs

214

Building a Cybersecurity Culture

215

How to Pitch to a Security Analyst

216

Is Your Data Safer in the Cloud?

217

What Should We Stop Doing in Cybersecurity?

218

DDoS Solutions

219

Making Cybersecurity Faster and More Responsive

220

Promises of Automation

221

When Social Engineering Bypasses Our Cyber Tools

222

How Can We Simplify Security?

223

Convergence of Physical and Digital Security

224

How Do You Measure Cybersecurity Success?

225

How Do We Turn Tables Against Adversaries?

226

Ageism in Cybersecurity

227

Proactive Vulnerability Management

228

Why Is Security Recruiting So Broken?

229

How to Be a Vendor that CISOs Love

230

The "Are We Secure?" Question

231

Ransomware Kill Chain

232

Can Technology Solve Phishing?

233

Convergence of SIEM and SOAR

234

Cybersecurity Is Not Easy to Get Into

235

Preventing Ransomware

236

Managing Lateral Movement

237

First Steps as a CISO

238

How Does Ransomware Enter the Network?

239

What's the Value of Certifications?

240

Measuring the Success of Cloud Security

241

How do I get my first cybersecurity job?

242

Educating the Board About Cybersecurity

243

CISO Recruiting Is Broken

244

Retaining Cyber Talent

245

Salesforce Security

246

Cloud Configuration Fails

247

Starting Pay for Cyber Staff

248

Fear of Automation

249

Hiring Talent with No Security Experience

250

Security Hygiene for Software Development

251

How Much Do You Know About Your Data?

252

Do Startups Need a CISO?

253

Insider Risk

254

What's the Obsession with Zero Trust?

255

Mentoring

256

Securing the Super Bowl and Other Huge Events

257

Cybersecurity Isn't That Difficult

258

Cloud Security Myths

259

What Is Security's Mission?

260

Vendor CISOs

261

How Much Log Data Is Enough?

262

Should Finance or Legal Mentor Cyber?

263

Data Destruction

264

How to Make Cybersecurity More Efficient

265

Does a CISO Need Tech Skills?

266

How Do You Know if You're Good at Security?

267

Building a Security Team

268

Are our Data Protection Strategies Evolving?

269

Should CISOs Be Licensed Professionals?

270

Inherently Vulnerable By Design

271

Imposter Syndrome

272

Why Don't More Companies Take Cybersecurity Seriously?

273

Data Protection and Visibility

274

What's an Entry Level Cybersecurity Job?

275

Securing Digital Transformations

276

Leaked Secrets in Code Repositories

277

Measuring the Success of Your Security Program

278

Privacy Is An Uphill Battle

279

Legal Protection for CISOs

280

XDR: Extended Detection and Response

281

Calling Users Stupid

282

Is College Necessary for a Job in Cybersecurity?

283

When Red Teams Break Down

284

What Cyber Pro Are You Trying to Hire?

285

Junior Cyber People

286

Trusting Security Vendor Claims

287

How Vendors Should Approach CISOs

288

Secure Access

289

InfoSec Fatigue

290

Securing a Cloud Migration

291

API Security

292

Shared Threat Intelligence

293

Drudgery of Cybercrime

294

Security Budgets

295

Role of the BISO

296

Shared Accounts

297

Bug Bounties

298

Data Classification

299

Prevention vs. Detection and Containment

300

Asset Valuation

301

DevSecOps

302

Fix Security Problems with What You've Got

303

Should Risk Lead GRC?

304

Responsible Disclosure

305

Internet of Things

306

Is Governance the Most Important Part of GRC?

307

Who Should the CISO Report To?

308

Hybrid Cloud

309

CISO Tenure

310

Toxic Security Teams

311

Personality Tests in the Workplace

312

Lack of Diversity in Cybersecurity

313

When Are CISOs Responsible for Breaches?

314

Post Breach Desperation and Salary Negotiations

315

Presenting to the Board

316

The Iran Cybersecurity Threat

317

Building a Fully Remote Security Team

318

Account Takeover

319

UX in Cybersecurity

320

InfoSec Trends for 2020

321

Cybersecurity Readiness as Hiring Criteria

322

Cybersecurity and the Media

323

The Cloud and Shared Security

324

Is Product Security Improving?

325

Best Starting Security Framework

326

Cyber Defense Matrix

327

User-Centric Security

328

Securing the New Internet

329

Resiliency

330

Ransomware

331

Top CISO Communication Issues

332

Cybersecurity Excuses

333

Employee Hacking

334

100% Security

335

Proactive Security

336

ATT&CK Matrix

337

Hacker Culture

338

Bad Best Practices

339

Cyber Harassment

340

CISO Series One Year Review

341

Economics of Data

342

Tool Consolidation

343

Camry Security

344

Amplifying Your Security Posture

345

ERP Security

346

Managing Obsolete (Yet Business Critical) Systems

347

Cybersecurity Hiring

348

How CISOs Discover New Solutions

349

Is the Cybersecurity Industry Solving Our Problems?

350

Vulnerability Management

351

Privileged Access Management

352

Machine Learning Failures

353

Software Fixing Hardware Problems

354

Tools for Managing 3rd Party Risk

355

CISO Burnout

356

RSA 2019: Success or Failure?

357

Security IS the Business

358

Threat Intelligence

359

Secure Controls Framework

360

Insider Threats

361

Building an Information Security Council

362

Privacy

363

Security Metrics

364

Welcome to Defense in Depth