Business of Security Podcast Series-logo

Business of Security Podcast Series

Podcasts >

More Information


United States






#17 - George Finney, CSO, Southern Methodist University - 9 Habits To Be Cyber Secure

Information security poverty line - Ron and George discuss the segment of teams who can succeed and those are are handicapped. Diving deeper George uncovers his current project for a book he is writing titled "9 Habits to Be Cyber Secure". Ron inquires with George about cultivating good habits for a community of professionals. As an industry we tend to focus on the technology and typically pay less attention to people and process. Looking at different aspects of improving cyber security...


#16 - Allan Alford - CISO, Mitel Networks Corp - GDPR for Leaders

Are you ready? This is an action packed, information filled episode with Allan Alford the CISO for Mitel. Allan covers 4 key points to achieve GDPR "alignment" and takes us through the journey of accomplishing these four key phases as a CISO. Towards the latter half of the episode we dive into evolution of relationship between privacy and security while looking into the future role of the CISO. Don't miss this one! Allan is on LinkedIn: Twitter:...


#15 - Chris Hadnagy, CEO, Social-Engineer, LLC - Hacking the Human!

Chris Hadnagy joins Ron Woerner on this season 2 episode 6 titled Hacking the Human. A master of social engineering, Chris starts the episode with real-world scenarios that interesting and entertaining based on real-life social engineering exercises he has conducted. Further in the episode Chris shares valuable insight into understanding people and the value of becoming an active listener - specifically as a leader. Ron dives into the inevitable of being phished with Chris providing...


#14 - Ben Rothke, Senior Security Consultant, Nettitude - Securing Small-Medium Business

Ben Rothke joins Ron Woerner on this episode to discuss Ben's experience that lead to his book titled Computer Security: 20 Things Every Employee Should Know (McGraw-Hill). Ben addresses the question "what has changed in 20 years" and also reviews some best practices that are very relevant today. Focusing security on the data is where the conversation should start and build out cybersecurity capabilities from there. As cybersecurity is no longer an option, it is a cost of doing business,...


#13 - Adam Shostack, President, Shostack & Associates - Real Business Value with Threat Modeling

Adam Shostack is the author of the book titled Threat Modeling: Designing for Security (Wiley, 2014). He also is a co-author of The New School of Information Security (Addison-Wesley, 2008). Adam is a veteran in the cyber security industry having spent over eight years with Microsoft where he focused on threat model tools and techniques. In this episode Ron and Adam discuss the ROI of threat modeling as well as address the fear security practitioners sometimes have with the agile...


#12 - Tanya Janca, Senior Cloud Advocate of Application Security at Microsoft - Defining DevSlop

What is DevSlop you ask? Tanya Janca take us through the landscape of DevSecOps (application security in a DevOps environment) and compares this to more traditional approaches to security and application development lifecycles. Tanya addresses the requirements for a success lifecycle process no matter the model and takes us through how to be successful with application security design principals. Tanya and Ron discuss training resources as well. Follow Tanya on Twitter at:...


#11 - Robert Baldi, Director of Cyber Security Audit, Equifax - Audit as a Security Partner and Line of Defense

Robert Baldi joins Ron Woerner on the Business of Security Podcast Series for a discussion about Cyber Security Audit and using the audit capability as a way to leverage change and enhance overall security performance. Robert discusses using a mathematical formula for risk and translating this back into the investments for a Board discussion. Collaboration between security, audit and risk teams is key to success of all three parties.


#10 - Introduction to Season 02 - Ron Woerner and Chad Boeckmann

Chad Boeckmann and Ron Woerner discuss the theme of Season 2 podcast, upcoming guests and also share some of their own experiences over many years in the cyber security industry. Topics include the important skills the industry still needs and where the emphasis should be for upcoming professionals. We also discuss the definition of "Security Ground-Hog Day. Tune in!


BONUS: Cyber Security in Healthcare and Spring NH-ISAC Recap

Aaron Pritz of Aaron Pritz & Associates ( sits down and talks with us about cyber security in healthcare and common threads from the May 2018 Spring Summit of NH-ISAC. This conversation evolves into data breach management, incident response readiness. This discussion goes into managing risk as an ongoing activity to maintain appropriate balance with business and technology.


#09 - Barry Caplin, Leadership Partner, Gartner - Learning the Business of Business

Barry sits down with us and discusses his long tenure in the industry as a CISO for government entity to a CISO for a healthcare entity. The conversation transforms into how similar security challenges are across all industries. For CISO's to be effective it is important to learn the business of business. We dive into the variables of presenting to different board audiences and opportunities to tune the message. This is a value packed session you won't want to miss!


#08 - Robert Wood, CSO - Becoming an Empathetic CISO

Robert Wood, CSO at SourceClear (acquired recently by CA Veracode), speaks about becoming an empathetic security leader for the business. Exploring context for different perspectives across the business given a variety of responsibilities and stakeholders across an enterprise landscape.


#07 - Jason Meszaros, Security Manager, MN Twins Baseball - Operating (and Securing) a Major League Ball Club

Sitting down at Target Field in Minneapolis patiently waiting for the season to kick in full speed we caught up with Jason Meszaros of the Minnesota Twins Baseball Club. There is a lot of content packed into this episode including IoT, Big Data, Security Intelligence and enhancing business value through innovation. The examples set by Jason in this episode can be applied to many different businesses where we cover how security and technology innovation drives customer engagement and...


#06 - Sharon Smith, Strategic Security Advisor - Defining Success as a Security Leader

Sharon Smith from C-Suite Results speaks about her experience providing security leadership to companies and lessons learned through these interactions. The discussion evolves from presenting meaningful information for business leaders to negotiating a CISO's reporting structure prior to accepting the job offer. You won't want to miss this engaging episode! Learn more about C-Suite Results (


#05 - Chris Veltsos (Dr.Infosec) - Grooming Future CISO's and Healthy Skepticism

We connect with Christophe Veltsos, Cyber Risk Strategist for Prudent Security on the current curriculum of cyber security in colleges and universities. How to groom up and coming CISO's and what a successful CISO in the future looks like. Together we delve into healthy skepticism for Boards and the C-Suite and why this is healthy level of skepticism is increasingly important with today's cyber risk landscape. Reach out to Chris Veltsos on Twitter @DrInfoSec.


#04 - Loren Dealy Mahler, President - Crisis Communications in Cyber Security

We continue our dialogue around cyber security response and dive deep into crisis communications when dealing with a negative cyber event. Loren Dealy Mahler speaks with us about her experience managing multiple audiences with her work on Capitol Hill and how this translates into the private sector. We dig into the importance of planning and also tackle the crisis exercise and the intended benefits from them. You can reach Loren through her website (


#03 - Charlie Langdon, CEO - A Public Company CEO Perspective on Cyber Risk

In EP#3 we speak with Charlie Langdon, CEO of Vault Data a cognitive software company. Charlie has tenure from companies such as GE, NEC, Active Voice and is an author and advisor. In this episode we hear a CEO's perspective on managing cyber risk and relate this to how Equifax executives could have handled the breach. We also explore how security leaders can interact and inform the CEO regularly of current security performance as well as developing a swat team to manage and respond to...


#02 - Wayne Sadin CTO - Board Perspective and Qualified Technology Expert

We begin the conversation with Wayne Sadin (who is an NACD Board Governance Fellow) about his role at Affinitas Life. Wayne offers both a technology leadership perspective as well as a Board of Director perspective on cyber risk and cybersecurity. Wayne introduced us to the concept of a QTE (Qualified Technology Expert). Wayne brings to us a much needed view point on board perceptions and understanding of the cyber risk landscape and offers up suggestions to enhance the experience for both...


#00 - Business Of Security - Introduction To Podcast

This is a short introduction describing the business of security podcast series with Chad Boeckmann and Ed Snodgrass. If you are wondering what this podcast is about listen to this!


#01 - Alex Wood CISO - Practical Security

In this inaugural episode of Business of Security, we caught up with Alex Wood at the Minneapolis SecureWorld Conference. Alex is the Chief Information Security Officer of Pulte Financial and co-founder of podcast Colorado=Security. Alex shares with us how he got into the industry, his thought process and approach to managing security within an organization along with how the industry could improve.