CISO Dojo Podcast

With tensions building in the Ukraine, it's a good time to take a step back and look at what actions a CISO should be considering if this is an area of concern. In this episode Joe Sullivan and Stacy Dunn cover the following topics:

In this episode we recap some of the bad things that happened in 2021 and theorize what could be in store during 2022.

Harshil Parikh, CEO of Tromzo, discusses application and how to eliminate developer/security friction by using context to sort through the noise and empower developers to fix what matters. Find Harshil online at: https://www.linkedin.com/in/harshil/https://www.tromzo.com/

Tanner James started his career in IT after graduating with an MIS degree from OU in 2016. Since then, Tanner has worked for a telecommunications consulting firm and is currently employed as the IT manager for LuGreg Trucking. At this point in his career, he is wanting to develop his security skillset to take on a role in information security. When he isn’t working with technology, he enjoys lots of time outdoors with his family. You can find Tanner James online...

Russell Eubanks started shares his story about transitioning from factory work, breaking into information security, becoming a CISO, and starting his own consulting practice. Russell shares some good advice, guidance, and tips for others looking to further their career, lead teams, and personal development in your information security career. You can find Russell Eubanks online at: https://securityeverafter.com/ SANS: https://www.sans.org/profiles/russell-eubanks/ LinkedIn:...

Steve Ginty Director of Threat Intelligence at RiskIQ joins us on this episode to discuss detecting risks your organization might not be aware of. Steve also talks about how RiskIQ contributes to the detection of Cobalt Strike, ransomware actor activity, supply chain attacks, and how RiskIQ can help with vendor management. Website: https://www.riskiq.com/ LinkedIn: https://www.linkedin.com/in/sginty/

Jerich Beason is a cyber security hobbyist turned professional who holds Bachelors and Masters degrees in Cyber Security. He has served in progressive roles at some of the most respected companies within the cyber security industry including Lockheed Martin, RSA and Deloitte where he was a trusted advisor to executives within the federal government and fortune 500 organizations. Jerich advised these companies on cyber security strategy, architecture and program development. In his most role...

AJ Yawn joins us for this episode of the CISO Dojo Podcast. AJ Yawn is a seasoned cloud security professional that possesses over a decade of senior information security experience with extensive experience managing a wide range of cybersecurity compliance assessments (SOC 2, ISO 27001, HIPAA, etc.) for a variety of SaaS, IaaS, and PaaS providers. AJ advises startups on cloud security and serves on the Board of Directors of the ISC2 Miami chapter as the Education Chair, he is also a...

What's the strangest thing you've encountered with a new hire? In this episode we talk about the time an evil twin with no experience managed to get an IT position and how scammers with no experience are landing multiple work from home tech jobs just to collect a paycheck until they get terminated. The rabbit hole goes even deeper with fake sites being set up as past employers and answering services attempting to make them look legitimate. We also talk about how to combat these attempts...

In this episode Joe Sullivan and Stacy Dunn talk about who should be held responsible for breaches and what needs to be done to reduce consecutive breaches in an organization.

There's a been a lot of discussion around Apple scanning for CSAM images. Joe Sullivan and Stacy Dunn talk about the pros and cons of this and how it affects privacy of iPhone users.

In this episode I talk about an approach to deal with burn out on your team. This is based on a study located here. I also look at the GPEN versus the OSCP certification in this episode.

Paul Tucker CISO of Bank of Oklahoma joins us for this episode of the CISO Dojo Podcast. Paul Tucker is Senior Vice President and Chief Information Security and Privacy Officer at BOK Financial. In this role Tucker leads the cybersecurity team responsible for the banks efforts to protect information important to the banks operation, while ensuring the overall cyber resiliency and privacy of the bank.

Joe Sullivan and Stacy Dunn wrap up the the third part of their cloud security series. The episode extends into current events with casino ransomware attacks, supply chain attacks, and why casinos should not be getting breached. We also talk about Social Media happenings like INFOSEC Bikini, the negative element on Twitter, and haters of pants.

Alex Tarter joins us on the podcast to discuss attack surface management and threat intelligence. Alex is one of the founding members of TurgenSec which has recently had an interesting string of responsible disclosures related to: Check out Alex at: www.turgensec.comsecurity@turgensec.com

Part 3: Action items and actionable information; Give insights into how to support marginalized people and adopt better hiring practices. Sources: https://www.thisishowyoucan.com/post/__wheel_of_power_and_privilege https://www.forumone.com/ideas/why-and-how-to-prioritize-dei-at-your-organization/ http://greenlining.org/wp-content/uploads/2018/03/DEI-Framework.pdf ...

Chad Kliewer, CISO of Pioneer Telephone shares his journey in information security where he overcame nearly insurmountable challenges. Chad has faced broad use of credential sharing, placing the mouse on the monitor, because this is how it's supposed to work right? Chad has survived Sox audits and even the SolarWinds attack. There's so much to learn from this episode from a CISO and information security perspective! Connect with Chad on Twitter @ChadKliewer

The White House just release a special document to the private sector about responsibility and steps to prevent ransomware. Quoting directly from the document: Companies that view ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more effectively. The document goes on to talk about best practices such as: These are all basic activities organization need to start implementing now. The ransomware threat is escalating,...

Part of being an effective security leader is understanding and including people from all types of backgrounds. Usually, it’s talk tech, security, and strategy, but for these episodes, it’s time to discuss the 8th layer and how acceptance is not just 1’s and 0’s. In this short solo three-parter, Stacy will take you through the who, what, when, and why of Diversity, Equity, and Inclusivity. (DEI) Sources for Part 2: https://www.hrc.org/resources/hate-crimes-timeline ...

In this episode Stacy Dunn talks about Diversity, Equity, and Inclusivity and how we can get better at improving the culture of the information security workplaces and community. Part of being an effective security leader is understanding and including people from all types of backgrounds. Usually, it’s talk tech, security, and strategy, but for these episodes, it’s time to discuss the 8th layer and how acceptance is not just 1’s and 0’s. In this short solo three-parter, Stacy will take you...