The Virtual CISO Podcast
Technology Podcasts
The Virtual CISO Podcast is a frank discussion that provides the very best information security advice and insights for Security, IT and Business leaders. If you’re looking for the latest strategies, tips, and trends from seasoned information security practitioners, want no-B.S. answers to your biggest security questions, need a perspective on how your peers are addressing the same issues, or just simply want to stay informed and proactive, then welcome to the show. Our moderator, John Verry, chats with industry thought leaders to ensure you have what you need to be confident in your security and compliance. John will keep you informed, and perhaps even mildly entertained, through topics like ISO 27001, breach avoidance, incident response, dealing with pesky security questionnaires, data privacy, and managing vendor risk. Think of it as security… with a smile.
Location:
United States
Genres:
Technology Podcasts
Description:
The Virtual CISO Podcast is a frank discussion that provides the very best information security advice and insights for Security, IT and Business leaders. If you’re looking for the latest strategies, tips, and trends from seasoned information security practitioners, want no-B.S. answers to your biggest security questions, need a perspective on how your peers are addressing the same issues, or just simply want to stay informed and proactive, then welcome to the show. Our moderator, John Verry, chats with industry thought leaders to ensure you have what you need to be confident in your security and compliance. John will keep you informed, and perhaps even mildly entertained, through topics like ISO 27001, breach avoidance, incident response, dealing with pesky security questionnaires, data privacy, and managing vendor risk. Think of it as security… with a smile.
Language:
English
Website:
https://virtualciso.sounder.fm
Episodes
Ep 110: Understanding TISAX (Trusted Information Security Assessment Exchange)
1/31/2023
Trusted Information Security Assessment Exchange (TISAX) is a vendor due diligence standard used in the automotive industry to verify that third-party suppliers’ cybersecurity programs provide adequate protection for the information the automotive supplier shares.
In this episode, your host John Verry, CISO and Managing Partner at Pivot Point Security, sits down with Ed Chandler, Account Executive and Cybersecurity lead for TÜV SÜD America, who provides answers and explanations to what...
Duration:00:33:00
Ep 109: Understanding How Cybercriminals Operate Can Protect Your Business
1/17/2023
In today’s cyber landscape, business leaders and security professionals need every edge they can gain to better protect their organizations and plan their defense against attackers. . Why do hackers do what they do? What are they trying to steal from you? Who do they partner with to make money and avoid getting caught? In this episode, hosted by John Verry, CISO and Managing Partner at Pivot Point Security, sits down with Raveed Laeb, Vice President of Product for KELA, who provides answers...
Duration:00:45:38
Ep 108: Understanding the Legalities Around CUI
1/3/2023
Orgs in the DIB need to protect CUI in alignment with the NIST 800-171 cybersecurity standard—and soon the Cybersecurity Maturity Model Certification (CMMC) requirements—or face legal and compliance penalties as well as potential lost business. To clarify the biggest questions and reveal the most dangerous unknowns in the convoluted realm of CUI, your host John Verry, Pivot Point Security CISO and Managing Partner, sits down with Stephanie Siegmann, Partner and Chair at Hinckley Allen to...
Duration:00:51:04
Ep 107: An AWS Security Guru’s Recommendation for Securing your AWS Infrastructure
12/20/2022
Over 90% of security breaches in the public cloud stem from user error, and not the cloud service provider. Today, your host John Verry sat down with one of Amazon Web Services (AWS) own Temi Adebambo, to understand what is going wrong with public cloud security, and how you can eliminate your biggest risks. This episode features Temi Adebambo, Head of Security Solutions Architecture at Amazon Web Services (AWS), to explain exactly what’s going wrong with public cloud security, how users can...
Duration:00:47:56
Ep 106: Strategies to Manage Cybersecurity through an Economic Downturn
12/13/2022
Managing Cybersecurity through an Economic downturn is no easy task. With increasing concerns on how to stay secure and compliant in a down economy, John Verry tackles this podcast himself giving you his ten best fundamental practices. This episode features your host John Verry, CISO & Managing Partner, from Pivot Point Security, who provides answers and explanations to a variety of questions regarding how to stay compliant, secure, and budget in a down economy. Join us as we discuss: · How...
Duration:00:23:49
Ep 105: Solving the Problems of Cloud Native Apps.
11/29/2022
Building Cloud Native Applications can bring about many operational and security problems. Today, we sat down with an expert in this field to talk about building cloud native applications, and deploying applications that are secure in the cloud. This episode features Fausto Lendeborg, Co-Founder & CCO, from Secberus, who provides answers and explanations to a variety of questions regarding Building applications in the cloud, deploying applications securely in the cloud, and much more. Join...
Duration:00:34:54
Ep 104: Is Digital Business Risk Mgt. The Future of ASM
11/15/2022
Digital Business Risk Management helps companies track and disrupt the most advanced bad actors. Team Crymu specializes in Digital Business Risk Management & Attack Surface Management, giving clients insight and help relating to cyber threats. This episode features David Monnier, Chief Evangelist and Team Cymru Fellow, from Team Cymru, who provides answers and explanations to a variety of questions regarding Business Risk Management, ASM (attack surface management), and much more. Join us as...
Duration:00:46:13
Ep 103: The Complexity of Deploying a Secure Application in the Cloud
11/1/2022
Governance, Risk, and Compliance (GRC) platforms can be tricky to construct. Today, we sat down with an expert in this field to talk about building and deploying secure applications in the cloud. This episode features Jeff Schlauder, Information Security Executive, from Catalina Worldwide, who provides answers and explanations to a variety of questions regarding deploying applications securely in the cloud, using AWS (amazon web services), and much more. Join us as we discuss: · Building and...
Duration:00:50:29
Ep 102: The Intersection of Privacy and Security
10/25/2022
You cannot have privacy without security. While they once existed quite distinct from one another, they are now so delicately woven that they are nearly indistinguishable. Over time, the GDPR has cemented the relationship between physical security and information security, and now, it’s incorporating data privacy. This compliance triad has become the new normal for businesses everywhere– but what does it mean? Rosemary Martorana, Chief Privacy Officer at Corning, joined me to discuss the...
Duration:00:38:54
Ep 101: Most Asked CMMC Questions
10/14/2022
CMMC (Cybersecurity Maturity Model Certification) can raise many red flags and concerns - As CMMC rulemaking approaches in 2023, we take a break from our normal podcast and answer the most asked CMMC questions to date to help ease the unknown. This episode features George Perezdiaz, FedRisk Practice Lead, with Pivot Point Security, who provides answers and explanations to a variety of questions we have received regarding CMMC. George is extremely knowledgeable on CMMC topics while being one...
Duration:00:47:11
Ep 100: The Two Audiences For Privacy & How They Drive Data Collection
9/13/2022
This marks our 100th episode of The Virtual CISO and an insightful journey into having the opportunity to have frank discussions with thought leaders that provide the very best information security advice and insights. I am happy to have invited Dimitri Sirota, CEO & CoFounder of BigID, to walk through BigID’s approach to privacy, security, and data governance on this momentous episodic occasion. Join us as we discuss: To hear this episode, and many more like it, you can subscribe to The...
Unpacking Critical Elements of Supply Chain Risk Management
8/30/2022
Supply chain risk management can prove to be a slippery slope—why should you take pains to conduct a proper risk assessment, and how do they impact IT and business continuity? From international restrictions to balancing generic and specific risk assessments, any guidance is welcome in the world of supply chain management. I invited Willy Fabritius, Global Head of Strategy & Business Development, Information Security Assurance at SGS, onto the show to provide insights into supply chain risk...
Breaking Down the Latest in Software Security Standards & the Impact on SaaS Businesses
8/16/2022
What are the merits of the Software Assurance Maturity Model (SAMM), and how does it differ from the Application Security Verification Standard (ASVS) model? And why should you care? From design to operations, there are several crucial considerations to hold regarding business functions and use cases. I invited Taylor Smith, Application Penetration Testing Lead at Pivot Point Security, onto the show to provide insights into SAMM. Including definitions, the differences between SAMM, ASVS, and...
What You Need to Know about APIs and API Security
8/9/2022
Application development is moving from a web-centric world to an API-centric world. If you’re wondering what that looks like, what the security implications are and what an API is, you’re in the right place. There is no shortage of new application security strategies to familiarize ourselves with as cybersecurity adapts to changing times. That’s why I invited Rob Dickinson, CTO at Resurface Labs, to explain APIs, continuous API operation observability, and prevalent challenges in the API...
How to Measure the Value of Information Security
8/2/2022
Most recognize the value preservation in cybersecurity. But forward thinking professionals also see the value creation in having a secure information posture. Cybersecurity is the foundation of preserving sensitive data and providing peace of mind but does it create value for the organization and if so, how do we measure that value? Tracking the return on investment on cyber security can be challenging. Much like auto insurance, you gain the most obvious value when something goes...
Understanding NIST’s Secure Software Development Framework
7/26/2022
What exactly is a Software Development Life Cycle, and how does NIST’s Secure Software Development Framework impact that cycle and your organization? Of note, the SSDF will definitely impact you if your software is used by the US Government and will likely impact you even if it isn’t. There are a few choice practices that can help make sense of these two critical processes and provide the highest chance for success. I invited Elzar Camper, Director of Cyber Security Solutions & Practices at...
US Gov. Cybersecurity Roadmap: Where it came from and Where is it Going?
7/19/2022
Today, information is worth more than riches. The new currency is data. With this being true, the state of cybersecurity within the upper branches of the government was shockingly under-prepared. In this episode, I speak with Mark Montgomery, the former Executive Director of the Cyber Solarium Commission, about the report the commission published in March 2020 and how that document has influenced the US Government’s roadmap to improve cybersecurity, prevent cyber attacks, and protect the...
Confronting the Wild West of Database Security
7/12/2022
Don’t wait for an emergency; secure your database correctly right out of the gate. Think of everything outside of your database as the wild west. What can you do to create the most controlled environment possible for all of your most sensitive data? I invited Robert Buda, President of Buda Consulting, Inc, and an expert in database technology, onto the show to help us learn the value of database security and what you can do today to improve your security measures. Join us as we discuss: To...
Bridging the Gap Between Cybersecurity and the Business World
6/28/2022
Ron Gula, President and Co-Founder of Gula Tech Adventures, has a very specific goal: To defend the country in cyberspace by investing in companies and nonprofits that help close the gap in technology and the workforce. He also knows that in order to successfully achieve this goal, organizations must understand the basics of data protection. Today, Ron joins the show to talk about the mindset shift that can start in the information security disciplines through communication. Join us as we...
Legal and Infosec strategies to deal with exploding Cyber Liability Insurance premiums
6/21/2022
There’s no denying that cybersecurity risks in the workplace have increased exponentially in recent years. From the pandemic causing employees to work from home to Russia’s invasion of Ukraine, organizations are more vulnerable than ever. That’s why it’s crucial to understand how to best protect yourself and your business. On this episode, Eric Jesse, Partner at Lowenstein Sandler LLP, joins the show to give an attorney's perspective on the importance of cyber liability insurance. Eric talks...