Defense in Depth-logo

Defense in Depth

Technology Podcasts

Defense in Depth promises clear talk on cybersecurity’s most controversial and confusing debates. Once a week we choose one controversial and popular cybersecurity debate and use the InfoSec community’s insights to lead our discussion.

Location:

United States

Description:

Defense in Depth promises clear talk on cybersecurity’s most controversial and confusing debates. Once a week we choose one controversial and popular cybersecurity debate and use the InfoSec community’s insights to lead our discussion.

Twitter:

@dspark

Language:

English


Episodes
Ask host to enable sharing for playback control

What Are the Risks of Being a CISO?

4/11/2024
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Phil Davis, attorney, healthcare cybersecurity and privacy, Hall Render. In this episode: In today's current climate, is the role of the CISO still worth it? Does the position carry a lot of potential liability? Do the upsides still outweigh the risks? Do CISOs tend to have more responsibility than authority? Thanks to our podcast sponsor, Sonrai Security A one-click solution that removes excessive permissions and unused services, quarantines unused identities, and restricts specific regions within the cloud. Later, maintain this level of security by automatically enforcing policies as new accounts, roles, permissions, and services are added to your environment. Start a free trial today! sonrai.co/ciso

Duration:00:35:46

Ask host to enable sharing for playback control

Onboarding Security Professionals

4/4/2024
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Paul Connelly, former CISO, HCA HealthcareGot feedback? In this episode: How important is onboarding new cyber talent? Does it set the tone for their tenure with your organization? What should CISOs do to make sure onboarding is effective for both sides? What are the mistakes CISOs should avoid, and what are the best ways to excel? Thanks to our podcast sponsor, OffSec OffSec helps companies like Cisco, Google, and Salesforce upskill cybersecurity talent through comprehensive training and resources. With programs ranging from red team and blue team training and more, your team will be ready to face real-world threats. Request a free trial for your team to explore OffSec’s learning library and cyber range.

Duration:00:31:18

Ask host to enable sharing for playback control

How to Improve Your Relationship With Your Boss

3/28/2024
All links and images for this episode can be found on CISO Series. Check out this post Monte Pedersen of The CDA Group for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our guest, Jerry Davis, division director for cyber defense at Truist Bank. In this episode: Why does advancing your career require more than just technical skills? Does it require you to build relationships within your organizations, particularly with your boss? How can you consciously build these relationships with an eye to leveling up your career? How do you develop soft skills? Thanks to our podcast sponsor, OffSec OffSec helps companies like Cisco, Google, and Salesforce upskill cybersecurity talent through comprehensive training and resources. With programs ranging from red team and blue team training and more, your team will be ready to face real-world threats. Request a free trial for your team to explore OffSec’s learning library and cyber range.

Duration:00:29:17

Ask host to enable sharing for playback control

Improving the Responsiveness of Your SOC

3/21/2024
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our sponsored guest, Spencer Thompson, CEO, Prelude. In this episode: Why does it take so long to integrate new tools and get them up to speed? Are we always in a state where we are always lacking readiness? What should we be measuring? Do we focus too much on singular events? Thanks to our podcast sponsor, Prelude Prelude Detect is the world's only production-scale detection and response testing platform. Automatically transform your threat intelligence into validated detections and preventions in less than five minutes. Integrate with CrowdStrike, Microsoft Defender, SentinelOne, and more to enable machine speed detection and response engineering 🏎️ Learn more at preludesecurity.com.

Duration:00:27:46

Ask host to enable sharing for playback control

The Demand for Affordable Blue Team Training

3/14/2024
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Ron Gula, president and co-founder, Gula Tech Adventures. In this episode: Why is it so darn expensive to get any training on the defender side? Why is there a mountain of free education for red teaming? Shouldn’t blue team training should be free or less expensive as well? Is this the firewall that's preventing us from having all those cyber experts we so desperately need? Thanks to our podcast sponsor, Query Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.

Duration:00:29:22

Ask host to enable sharing for playback control

Why are CISOs Excluded from Executive Leadership?

3/7/2024
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Ben Sapiro, head of global cyber security services, Manulife. In this episode: Why do we see a dearth of CISOs listed in executive leadership? Is this just a factor of company reporting structure? Or do CISOs really not have a seat at the table with the business? How do we convince the C-suite? Thanks to our podcast sponsor, Query Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.

Duration:00:33:04

Ask host to enable sharing for playback control

What Is Your SOC's Single Search of Truth?

2/29/2024
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Matt Eberhart, CEO, Query. In this episode: Isn't the whole point of a single pane of glass making sense of your data? But when these dashboards are limited to a single platform, how useful are they? Does it seem like all they've led to is more browser tabs or more monitors crowding your analysts? We know we want to take action based on our data, so how do we get there? Thanks to our podcast sponsor, Query Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.

Duration:00:30:44

Ask host to enable sharing for playback control

When Is Data an Asset and When Is It a Liability?

2/22/2024
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is my guest, Mario Trujillo, staff attorney, Electronic Frontier Foundation. In this episode: Data is the life blood of an organization but what happens when you collect too much? Do you put risk on both your organization and for any individuals that data belongs too? Is it still wise to collect as much data as possible? How can CISOs embrace data minimization that doesn't clash with the needs of the business? Thanks to our podcast sponsor, Material Security Material Security is purpose-built to stop attacks and reduce risk across Microsoft 365 and Google Workspace with unified cloud email security, data loss prevention, and posture management. Learn more at material.security.

Duration:00:34:49

Ask host to enable sharing for playback control

Tracking Anomalous Behaviors of Legitimate Identities

2/15/2024
All links and images for this episode can be found on CISO Series. The Verizon DBIR found that about half of all breaches involved legitimate credentials. It’s a huge attack surface that we’re only starting to get a handle of. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Adam Koblentz, field CTO, Reveal Security. In this episode: Where are we in terms of monitoring anomalous behavior of our users? Why are we still struggling to understand what happens after threat actors are in our networks? How are new AI-based tools helping us to scale efforts? What's working and where do we need to improve? Thanks to our podcast sponsor, Reveal Security Reveal Security ITDR detects identity threats - post authentication - in and across SaaS applications and cloud services. Powered by unsupervised machine learning, it continuously monitors and validates the behavior of trusted human users, APIs and other entities, accurately detecting anomalies that signal an in-progress identity threat. Visit reveal.security

Duration:00:34:01

Ask host to enable sharing for playback control

Why Do Cybersecurity Startups Fail?

2/8/2024
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Mike Levin, deputy CISO, 3M. In this episode: Why do security startups fail? All startups are an inherently risky proposition, but what are the specific challenges for startups in our industry? What's unique about cybersecurity startups? What's the most common reason you've seen a cyber startup not succeed? Thanks to our podcast sponsor, RevealSecurity! Reveal Security ITDR detects identity threats - post authentication - in and across SaaS applications and cloud services. Powered by unsupervised machine learning, it continuously monitors and validates the behavior of trusted human users, APIs and other entities, accurately detecting anomalies that signal an in-progress identity threat. Visit reveal.security

Duration:00:31:43

Ask host to enable sharing for playback control

Is "Compliance Doesn't Equal Security" a Pointless Argument?

2/1/2024
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Derek Fisher, Executive director of product security, JPMorgan. In this episode: A security program shouldn't stop at compliance, but that doesn't mean we should undervalue it, right? Why are we so quick to dismiss compliance as simple check boxes? Why is compliance important and why is it often getting a bad name these days? What are the elements that make a great solution? Thanks to our podcast sponsor, RevealSecurity! Reveal Security ITDR detects identity threats - post authentication - in and across SaaS applications and cloud services. Powered by unsupervised machine learning, it continuously monitors and validates the behavior of trusted human users, APIs and other entities, accurately detecting anomalies that signal an in-progress identity threat. Visit reveal.security

Duration:00:33:33

Ask host to enable sharing for playback control

CISOs Responsibilities Before and After an M&A

1/25/2024
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Alexandra Landegger, Executive Director and CISO, Collins Aerospace. In this episode: Why do mergers and acquisitions always present challenges to an organization? When it comes to cybersecurity, how involved should a CISO be before AND after an acquisition? Can cybersecurity considerations make or break a deal? What skills did you find yourself flexing with your first M&A experience? Thanks to our podcast sponsor, Aphinia! Join Aphinia, a professional tribe of superheroes fighting cybercriminals. If you are a CISO, VP or a Director of cybersecurity, get instant free access to thousands of your peers, career advice, networking opportunities, consulting gigs and more. Join the good guys’ team because the only way to succeed is together: https://aphinia.com/#signup_form

Duration:00:30:33

Ask host to enable sharing for playback control

Use Red Teaming To Build, Not Validate, Your Security Program

1/18/2024
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Richard Ford, CTO, Praetorian. In this episode: When did we all agree that red teaming was about validating security? Does it seem like increasingly red teaming is a catch all term for a whole lot of testing that isn't clearly defined? Is this making it hard to see its value? Can moving red teaming upstream be more valuable to your organization? Thanks to our podcast sponsor, Praetorian Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.

Duration:00:31:34

Ask host to enable sharing for playback control

The Do's and Don'ts of Approaching CISOs

1/11/2024
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our guest, Adam Glick, CISO, PSG. In this episode: Vendors need to reach out to CISOs, but what does a successful approach look like? Do vendors often spray and pray with outreach, rather than doing a bare minimum of research? What else can vendors do to try to create meaningful outreach to CISOs? How do you like security sales professionals to build a relationship with you? Thanks to our podcast sponsor, Praetorian Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.

Duration:00:31:36

Ask host to enable sharing for playback control

Doing Third Party Risk Management Right

1/4/2024
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Erik Decker, CISO, Intermountain Health. In this episode: Thanks to our podcast sponsor, Praetorian Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.

Duration:00:30:30

Ask host to enable sharing for playback control

Warning Signs You're About To Be Attacked

12/14/2023
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our sponsored guest, Trevor Hilligoss, senior director of security research, SpyCloud. In this episode: Thanks to our podcast sponsor, SpyCloud Get ahead of ransomware attacks by acting on a common precursor: infostealer malware. SpyCloud recaptures what’s stolen from infostealer-infected systems, and alerts your team to take action before compromised authentication data can be used by criminals to target your business. Get our latest research and check your malware exposure at spycloud.com/ciso.

Duration:00:33:07

Ask host to enable sharing for playback control

Do We Have to Fix ALL the Critical Vulnerabilities?

12/7/2023
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, David Christensen, VP, CISO, PlanSource. In this episode: Thanks to our podcast sponsor, SpyCloud Get ahead of ransomware attacks by acting on a common precursor: infostealer malware. SpyCloud recaptures what’s stolen from infostealer-infected systems, and alerts your team to take action before compromised authentication data can be used by criminals to target your business. Get our latest research and check your malware exposure at spycloud.com/ciso.

Duration:00:30:48

Ask host to enable sharing for playback control

Mitigating Generative AI Risks

11/30/2023
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our guest, Jerich Beason, CISO, WM. In this episode: Thanks to our podcast sponsor, SpyCloud Get ahead of ransomware attacks by acting on a common precursor: infostealer malware. SpyCloud recaptures what’s stolen from infostealer-infected systems, and alerts your team to take action before compromised authentication data can be used by criminals to target your business. Get our latest research and check your malware exposure at spycloud.com/ciso.

Duration:00:32:38

Ask host to enable sharing for playback control

Building a Cyber Strategy for Unknown Unknowns

11/16/2023
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our sponsored guest, Himaja Motheram, Censys. In this episode: Thanks to our podcast sponsor, Censys Censys is the leading Internet Intelligence Platform for Threat Hunting and Exposure Management. We provide the most comprehensive, accurate, and up-to-date map of the internet, which scans 45x more services than the nearest competitor across the world’s largest certificate database (>10B). Learn more at www.censys.com.

Duration:00:29:57

Ask host to enable sharing for playback control

Responsibly Embracing Generative AI

11/9/2023
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Russell Spitler, CEO and co-founder, Nudge Security. In this episode: Thanks to our podcast sponsor, Nudge Security Nudge Security provides complete visibility of every SaaS and cloud account ever created by anyone in your org, in minutes. No agents, browser plug-ins or network proxies required. With this visibility, you can discover shadow IT, manage your SaaS attack surface, secure SaaS access, and respond effectively to SaaS breaches.

Duration:00:33:23