• Home
  • Authors
  • CISO Stories Podcast

About CISO Stories Podcast

CISO Stories Podcast

The Cybersecurity Collaborative, in conjunction with Cybereason, is proud to present the CISO Stories Podcast. Each week CISO Stories takes a deep dive on security leadership with top security professionals from across the public and private sectors who share their insights and expertise with the community. The Cybersecurity Collaborative is a unique membership community enabling cybersecurity leaders to work together in a trusted environment. To learn more, visit: https://www.securityweekly.com/csc.

All posts by CISO Stories Podcast

CISO Stories Podcast: CISO Priorities for 2022

What issues should CISOs be prioritizing, and how can they get the most bang for their buck? An esteemed panel of accomplished security leaders discuss the challenges for 2022 and more - check it out...

March 31, 2022 /

CISO Stories Podcast: Why Are We Still Failing at Security?

Wayman Cummings, VP of Security Operations at Unisys, examines how industry stagnation impacts the security for our critical infrastructure, the value true public-private partnerships can bring and more - check it out...

March 24, 2022 /

CISO Stories Podcast: The CISO Six Minute Rule

Renee Guttmann needed a way to determine and communicate the right decisions to the organization, so she developed the “Six-Minute Rule” as a guide - Renee explains how to help stakeholders make informed risk/reward decisions - check it out...

March 17, 2022 /

CISO Stories Podcast: Lessons Learned from Building an ISAC

ISACs were formed to promote the centralized sharing of threat intel within a particular sector. Grant Sewell, Director of Security at AHEAD, shares his experience in working with an ISAC and how this benefited his organization - check it out...

March 10, 2022 /

CISO Stories Podcast: Richard Clarke - Getting the Board on Board with Security

Richard Clarke, who spent several decades serving Presidents of both parties, provides some pragmatic tips for effectively communicating the need to invest in security in terms the Board of Directors can support - check it out...

March 3, 2022 /

CISO Stories Podcast: Understanding and Preparing for the Next Log4j

What was the Log4j vulnerability really, what can be done to reduce the risk it poses to organizations, and how can we better prepare for the next Log4j-level event? Benny Lakunishok, CEO of Zero Networks, takes us deeper - check it out...

February 24, 2022 /

Watch Now: Top CISO Priorities for 2022

What issues should CISOs be prioritizing, and how can they get the most bang for their buck while minimizing risk and maximizing outcomes? Join our panel of esteemed CISOs from multiple industries as they share their perspectives...

February 18, 2022 / 1 minute read

CISO Stories Podcast: A Cost-Effective Approach to Security Risk Management

How does the CISO establish the value proposition for an investment? Jack Jones, Chief Risk Scientist at RiskLens, discusses using a well-tested risk framework to evaluate current state of loss exposure - check it out...

February 17, 2022 /

CISO Stories Podcast: Creating Security Budget Where There is No Budget

Security departments need to acquire tool after tool over - Kevin Richards walks through a very creative method for getting the budget you need and explains how to leverage the current environment to “find” new sources of funding...

February 10, 2022 /

CISO Stories Podcast: Do It Internally or Hire a Consultant?

When a particular skill is needed that is not available, what do you do? Should you hire someone externally or bring in a consultant? CISO John Iatonna discusses his experience in making these tough decisions - check it out...

February 3, 2022 /

CISO Stories Podcast: Designing a Shared Vision with IT and the Business

The locus of control has been slipping away from IT teams - and by default Security teams. Scott King, CISO at Encore Capital Group joins the podcast to discuss strategies to remain agile in the face of rapid change - check it out...

January 27, 2022 /

CISO Stories Podcast: Moving to the Cloud? Don’t Forget Hardware Security

Steve Orrin, Federal CTO at Intel, joins the podcast to discuss approaches to remaining compliant with the various laws when moving to the cloud - check it out...

January 20, 2022 /

CISO Stories Podcast: Privacy Hunger Games - Change the Rules

Organization's may be leaking information without proper procedures in place - CCO/CPO Samantha Thomas explains how she changed this and the law in the process - check it out...

January 13, 2022 /

CISO Stories Podcast: Server Room to War Room - Enterprise Incident Response

Dawn-Marie Hutchinson, CISO at BAT, has navigated organizations during crises with a “play like you practice” Incident Response approach - check it out...

January 6, 2022 /

CISO Stories Podcast: Key Issues to Cover for Today's CISOs

CISO Leon Ravenna dives into cyber insurance and why D&O requirements may be on the horizon, regulatory burdens and what to expect out of the US Government, how the intersection of Security and Privacy is impacting CISOs...

December 29, 2021 /

CISO Stories Podcast: Model-Driven Security Leveraging Data Science

Jim Routh joins the podcast to discuss his experience around creating over 300 models using data science, machine learning and automated incident response to bolster the security posture for a large commercial organization - check it out...

December 22, 2021 /

CISO Stories Podcast: CISOs Need Training Too

How does the CISO ensure that the proper skills are maintained to continue to lead the security organization? ISSA President Candy Alexander joins the podcast to discuss how CISOs can stay on top of their game - check it out...

December 16, 2021 /

CISO Stories Podcast: No Senior Management Buy-In - No Success

Are you reporting the same risks each year? This may be due to lack buy-in from senior management - Chris Apgar joins the podcast to discuss how to show that funding security initiatives is more than just risk avoidance - check it out...

December 9, 2021 /

CISO Stories Podcast: Skills I Needed to be a First-Time CISO

Infosec skills don’t necessarily transfer to CISO skills, but CISO skills are 100% transferable to your infosec career - Richard Kaufmann VP/CISO at Amedisys discusses how growth begins outside of your comfort zone...

December 2, 2021 /

CISO Stories Podcast: Which Approach Wins - Compliance or Risk?

Regulations provide the necessary motivation for many organizations to implement security controls that may not otherwise be present, but is this enough? Is it really security?

November 24, 2021 /

CISO Stories Podcast: Who is Your SOC Really For?

How do you increase the effectiveness of a Security Operations Center (SOC) and share this information across the organization for greater efficiency and adoption? Ricardo Lafosse, CISO at Kraft Heinz, explains - check it out...

November 18, 2021 /

CISO Stories Podcast: Do You Know Where Your Data Is?

William Miaoulis. CISO at Auburn University, joins the podcast to discuss some of the typical situations that lead to the exposure of sensitive information and how to prevent them - check it out...

November 11, 2021 /

CISO Stories Podcast: The Nexus of Security, Privacy and Trust

Allison Miller, CISO at Reddit, discusses the nexus of Security, Privacy and Trust - should they be equally weighted? In what circumstances does the need for one outweigh the need for the others? Check it out...

November 4, 2021 /

CISO Stories Podcast: Five Mistakes Impacting Security and Privacy Policy Creation

Charles Cresson Wood joins the podcast to discuss the five key mistakes teams make in creating and delivering impactful policies for any organization - check it out...

October 28, 2021 /

CISO Stories Podcast: NotPetya - 45 Minutes and 10,000 Servers Encrypted

Todd Inskeep walks us through the lessons learned after managing a NotPetya ransomware attack. Don’t miss this podcast for valuable insights from a real-life scenario - check it out...

October 21, 2021 /

CISO Stories Podcast: Security Awareness that Actually Works

Steven Lentz joins the podcast to explain how he successfully engaged the workforce through creative and visible security awareness methods - check it out...

October 14, 2021 /

CISO Stories Podcast: Extending Detection and Response to the Cloud

CISO Kathy Wang discusses challenges in extending detection and response capabilities to cloud deployments while ensuring threats are correlated across endpoints, mobile, application suites and user identities - check it out...

October 7, 2021 /

CISO Stories Podcast: Security from Scratch - Incident Response on a Budget

Every organization must be able to respond to an attack quickly - Sam Monasteri joins the podcast to discuss key steps to implement in an incident response plan without breaking the bank...

September 30, 2021 /

CISO Stories Podcast: Fiscally Responsible Ways to Train and Build Community

CISO Kevin Novak explains how to bring business units together to form your own DEFCON-type event in-house or in partnership with other organizations - check it out...

September 23, 2021 /

CISO Stories Podcast: Communications Before, During and After a Breach

Melanie Ensign joins the podcast to explain how security teams benefit from relationships with the communications and public relations specialists before, during and after a breach event - check it out...

September 16, 2021 /

CISO Stories Podcast: The Unpatchable Vulnerability that is Human Nature

Rachel Tobac delves into social engineering where she leverages her background in neuroscience and behavioral psychology to exploit the unpatchable vulnerability that is human nature - check it out...

September 9, 2021 /

CISO Stories Podcast: Did You Ask For (and Get) Too Much Security Budget?

What happens when you get the funding you asked for? CSO James Christiansen joins the podcast to discuss security budgeting lessons learned you won’t want to miss - check it out...

September 2, 2021 /

CISO Stories Podcast: Practical Considerations for Managing Your MSSP

Jonathan Nguyen-Duy, VP Field CISO Team, joins this podcast to discuss strategies for working with MSSPs to ensure that your organization is obtaining the most value - check it out...

August 26, 2021 /

CISO Stories Podcast: Achieving Security Buy-In - Change Approach Not Culture

David Nolan, Vice President of Information Security at Aaron’s, joins the podcast to discuss how to achieve consensus on security in the organizations - check it out...

August 19, 2021 /

CISO Stories Podcast: Hacking Your Way Into Cybersecurity

Kerissa Varma discusses the security skills shortage and her initiative to recruit people from fields who have skill sets applicable to security, but they might not even know it - check it out...

August 11, 2021 /

CISO Stories Podcast: Managing the Security Product Salesperson

Kevin Morrison, CISO at Alaska Air Group, joins the podcast to discuss strategies for dealing with salespeople and selecting the best products for the organization - check it out...

August 5, 2021 /

CISO Stories Podcast: Ransomware Attacks and the True Cost to Business

An esteemed panel of subject matter experts examine recent research findings on ransomware attacks and the impact to businesses, and discuss how to prepare to defend against them - check it out...

July 30, 2021 /

CISO Stories Podcast: Developing Secure Agile Code Quickly is Very Achievable

Special guest Glenn Kapetansky, CSO Tat Trexin Consulting, discusses how security can be embedded into agile software development to produce fast and secure code - check it out...

July 28, 2021 /

CISO Stories Podcast: Protecting the Crown Jewels

Join this podcast with special guest Steve Durbin, Chief Executive at ISF, to learn the importance of protecting critical assets throughout the information life cycle - check it out...

July 22, 2021 /

CISO Stories Podcast: Always be a Student - Always be Learning

Phil Attfield, CEO and founder at Sequitur Labs, discusses the challenges involved in the development of security policies and management frameworks at scale to support the IoT device lifecycle - check it out...

July 15, 2021 /

CISO Stories Podcast: CISO Business Enablement - Getting to Yes

CSO Dan Lohrmann discusses how he faced a dilemma where he was asked to implement a technology despite the fact that the technology was insecure - check it out...

July 8, 2021 /

CISO Stories Podcast: Why Relationships Matter if You Want to Elevate Security

CISO Mark Weatherford navigates the rough waters by focusing on relationships and his knowledge of security activities across government - check it out...

July 1, 2021 /

CISO Stories Podcast: Fixing the Talent Shortage - Cybersecurity Talent Initiative

Special guest Alexander Niejelow, SVP for Cybersecurity at Mastercard discusses the Cybersecurity Talent Initiative, a public/private partnership which provides student loan assistance...

June 23, 2021 /

CISO Stories Podcast: So You Want to be a Cyber Spy?

Ira Winkler recounts his amazing journey from wannabe astronaut to NSA intelligence analyst, social engineer, systems hacker and author...

June 17, 2021 /

CISO Stories Podcast: No Insider Cybersecurity Risk? Guess Again!

Special guest Dawn Cappelli, VP Global Security and CISO at Rockwell Automation, discusses strategies to build a better insider risk program to mitigate these threats - check it out...

June 9, 2021 /

CISO Stories Podcast: CISOs Cross the Bridge to the Cloud

Join special guest Jim Reavis, CEO at the Cloud Security Alliance, to learn how to use appropriate controls to manage cloud environments securely...

June 3, 2021 /

CISO Stories Podcast: Five Critical Elements for Protecting the Right Assets

Roland Cloutier, Global CSO at TikTok, discusses five critical elements for developing an effective Critical Asset Protection Program (CAPP) - check it out...

May 25, 2021 /

CISO Stories Podcast: Passion for Solving Problems is Key to Security

Will Lin, co-creator of the CISO community Security Tinkerers, discusses his passion for technology and how it led him to a career helping security companies launch and supporting CISOs through collaboration...

May 18, 2021 /

CISO Stories Podcast: Effective Health Care Security is More Than HIPAA

Hear how one healthcare CISO is having risk-based discussions at the right levels to address the security challenge...

May 13, 2021 /

CISO Stories Podcast: Stop Reporting Useless Security Metrics!

Edward Marchewka, founder at Chicago Metrics, explains the strategy behind different measures and how they can be applied to improve performance...

May 6, 2021 /

CISO Stories Podcast: Necessity is the Mother of Security

Tatu Ylönen, SSH founder and inventor of Secure Shell, discusses the protocol and the application of technological solutions to security challenges...

April 29, 2021 /

CISO Stories Podcast: He Fought the FTC Over a Breach and Won

Hear how Mike Daugherty, CEO of LabMD, took on the FTC and mounted a multi-year defense to combat the outrageous allegations leveled by the regulatory agency...

April 21, 2021 /

CISO Stories Podcast: Is There a Magic Security Control List?

Tony Sager, a 35-year NSA software vulnerability analyst and executive, discusses how the CIS Controls can be used effectively to manage your environment...

April 15, 2021 /

CISO Stories Podcast: Doing Security Before Security Was a Career Path

Special guest Petri Kuivala, CISO at NXP Semiconductors, recounts his journey from municipal police officer to cybercrimes unit investigator to Chief Information Security Officer during the early days when security was largely an afterthought...

April 8, 2021 /

CISO Stories Podcast: The Colonoscopy of CyberSecurity

The information & cybersecurity industry has no shortage of regulations, many organizations simply rundown the list of requirements, load them into a spreadsheet and check the boxes to show they are compliant. But is being compliant the same as being secure? Tune in to this CISO podcast episode with guest Lee Parrish

April 1, 2021 /

CISO Stories Podcast: Going All-In on a Career in Security

Mauro Israel, CISO at BIOOOS, discusses his colorful background and how he – like many in the security field – discovered his true calling late in life and was able to apply his wide range of knowledge & experience to the role of CISO in the healthcare field. Check out the new episode of the CISO stories podcast

March 26, 2021 /

CISO Stories Podcast: Is Cybersecurity ROI Necessary?

Business units are challenged to demonstrate ROI on their spending, why should information security departments be any different? Tune in to the latest podcast episode to learn why calculating ROI for security may not be necessary and how reducing risk involves different considerations

March 17, 2021 /

CISO Stories Podcast: Your Job is to Make Cybersecurity Simple

The CISO position in some organizations is relatively new, but the role has actually been evolving over the past 25 years - ever since Citibank named the first CISO, Steve Katz, in 1995. Join this podcast to learn how Steve navigated the early days of security and the changes he sees in the role today...

March 10, 2021 /

CISO Stories Podcast: …and Other Useless Security Constructs

"Bob Bigman, former CISO for the CIA, simplifies the conversation by slaughtering some of the industry’s most sacred cows like risk tolerance as a key driver for security programs..."

March 4, 2021 /

CISO Stories Podcast: Without Building a CISO EQ, You May Be On Your Own

Join us as we welcome special guest Marci McCarthy, CEO and President at T.E.N. Inc., to learn how CISOs can better maintain self-awareness, exercise empathy and emotional intelligence to gain trust of others, and exercise appropriate self-care.

March 3, 2021 /

CISO Stories Podcast: Doing Privacy Right vs. Doing Privacy Rights

Organizations need to be conscious of where they are in reference to the ‘creepy line.’ Join this podcast with special guest Valerie Lyons to learn how to determine the data collection and processing appropriate for your organization...

February 25, 2021 /

CISO Stories Podcast: SLED Security - Pandemics, Policies, and Penny-Pinching

The Cybersecurity Coalition’s Ari Schwartz brings us up to date on some of the organization’s initiatives and then dives into some of the challenges SLED defenders are facing in trying to do more with less…

February 17, 2021 /

CISO Stories Podcast: Telling Scary Stories to the Board? Stop. Here’s Why…

Enjoy this podcast with special guest Mischel Kwon to learn how to translate information security technical issues into a business-focused language and determine the right amount of technical language to share with executives…

February 12, 2021 /