CISO Dojo-logo


News & Politics Podcasts

Home of the CISO Dojo Podcast

Home of the CISO Dojo Podcast


United States


Home of the CISO Dojo Podcast








From Reverse Engineering Malware to CISO

Lenny is the CISO at Axonius, which is a cybersecurity tech company. Lenny has also helped build anti-malware software at an innovative startup and oversaw security services at a Fortune 500 technology company. He has also lead the consulting practice at a leading cloud services provider. Lenny is also a Fellow Instructor at SANS and is the primary author of FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques. Lennny maintains a popular malware analysis tool kit...


Cloud Security Part 2

In this episode we discuss concerns with security in the cloud that organizations need to be aware of. Moving to the cloud doesn't automatically mean it's more secure. We'll take a look at the CIS Controls and how you can implement them in a cloud environment to better secure your networks and data. The topics discussed in this episode are:


Cloud Security

In this episode we discuss concerns with security in the cloud that organizations need to be aware of. Moving to the cloud doesn't automatically mean it's more secure. We'll take a look at the CIS Controls and how you can implement them in a cloud environment to better secure your networks and data.



Stalking- What is it, exactly? And, more importantly, what do you do if it happens to you? What are the steps you can take and how can you understand ways to better protect yourself? What are the avenues for reporting stalking? How has technology impacted stalking and what can we do, as a society, to keep these behaviors from perpetuating? National...


Data Governance

Data governance is a huge undertaking when you don't build it in at the start. In this episode Stacy and Joe discuss data governance programs, the NIST Privacy Framework, and how to build a successful data governance program.


The Birth Of a CISO

This week's episode acts as a follow up to provide answers to your burning questions following the interview of our special guest, Gordon Rudd of Stone Creek Coaching, who trains and coaches aspiring and current CISO's. But, how do you know if you want to be a CISO. Heck- What is a CISO? It's in the name, right? How do we know exactly what a Chief Information Security Officer is? Does the definition change between organizations? Are the expectations the same? Listen as Joe and Stacy...


From Fortran to CISO to Executive Coaching

Gordon Rudd joins us for this week's episode of the podcast. Gordon Rudd is a former CISO, executive coach, author, keynote speaker, and teacher with Stone Creek Coaching. Gordon founded the CISO Mentoring Project in 2012 and is an engaged mentor to many aspiring and active CISOs around the world. He founded Stone Creek Coaching in 2019 to help create world-class, cybersecurity leaders. Gordon is a regular instructor with (ISC)2 an international, nonprofit association for information...


My Path in Information Security: Stacy Dunn

In this episode of CISO Dojo, Stacy outlines how she broke through into the field of Information Technology, and, subsequently, Cyber Security. How does one connect the dots from being a Retail Store Manager with an Associate's in Fine Arts to becoming an aspiring Security Engineer with one of the world's largest security companies? Stained shirts and socks with sandals, that's how! What...? Wait just a minute...? Yeah, that's right! But, what does that have to do with...


My Path in Information Security

This episode starts a new series about non traditional paths to information security. This series will post every Monday when we don't have a guest on the show. In this series we will look at ways to get into information security and how to progress in your career. This pilot starts out with my own path in information security from auto technician, to CISO, to consultant.


Risk Assessments, Frameworks, and Approaches

Risk Assessments, Frameworks, and Approaches Risk Assessments are the topic for this episode of the CISO Dojo Podcast. What is a risk assessment: The identification, evaluation, and estimation of the levels of risks involved in a situation, with comparisons against benchmarks or standards, and determination of an acceptable level of risk. There are two types of risk assessments we discuss in this episode: Quantitative Risk Assessment:Qualitative Risk Assessment: Risk Assessment...


Employee Retention Strategies for CISOs

Employee Retention Strategies for CISOs Employee retention of top talent should be on the mind of every CISO today. Recruiters are focused on coaxing the best employees away from organizations due to the perceived skills shortage in the information security industry. When an employee approaches you about an offer from another company, how should you handle that situation as a CISO? One approach is to analyze the company and the offer with the employee. This helps sort out the pros and...


Resume Reviews, Interviewing, and we have a co-host!

Resume Reviews, Interviewing, and we have a co-host! Meet Stacy Dunn in this episode of the CISO Dojo podcast. Stacy has been working in INFOSEC for the past 4 years in various roles and was a guest on the show previously. In this episode Stacy and I discuss a lot of different topics that include: As we recorded this episode I was thinking about the idea of offering resume reviews, mock interviews, and interview preparation. Is this something you think would be beneficial to the...


Managing Teams Remotely

Managing Teams Remotely Managing teams remotely is a real challenge in this environment. As leaders and managers we need to make sure we are taking the right approach to managing our teams when they are remote. We’ve lost a lot of the daily context of what our team members are facing, how to motivate them, and the convenience of in person communication. In this episode I discuss concepts of leadership, dealing with people, and how to get people to change without causing resentment. These...


Working Remotely During a Pandemic

Working Remotely During a Pandemic One of the challenges many organizations are facing right now is: how do we secure a remote workforce? In this episode I discuss some of the tough questions organizations face and how they are approaching them. A lot of vendors are stepping up offer free products such as Google, Cisco, and Zoom. We also need to address how to secure newly acquired cloud services, I discuss a few options to help secure and monitor cloud services. There’s also a good...


Pandemic Policies

Pandemic Policies With the Corona Virus spreading, now is a good time to check your Pandemic Policy. Pandemic Policies help you plan for a large part of your workforce being unable to work due to illness. In this episode I’ll cover some key points from a Pandemic Policy Template available from SANS. If you are considered critical infrastructure by the Federal Government, you might start here: Things you should be thinking about are IT infrastructure needs such as: Ideally, you...


Strategy Versus Culture

Strategy Versus Culture It’s been said that culture eats strategy for breakfast, but what does that mean? If your policies, procedures, and strategic plan do not align with the culture, your risk offending the organization and will fail to execute your strategic plan. The post Strategy Versus Culture appeared first on CISO Dojo.


Iran Cyber Threat CISO Action Items

Iran Cyber Threat CISO Action Items Iran Cyber Threat President Trump ordered an airstrike that killed the Iranian General Soleimani in Baghdad. Soleimani was suspected of “plotting attacks” against Americans in the region. The Department of Homeland Security issued a bulletin stating that Iranian leadership and several affiliated violent extremist organizations publicly stated they intend to retaliate against the United States. This is a concern because Iran maintains a robust cyber...