CISO Talk

Third-party software and services, including SaaS applications, are integral to our everyday operations. But this widespread dependency on third parties also introduces risk and vulnerabilities, and cyberattacks and breaches continue to surge -- the MOVEit breach being a relatively recent vulnerable service of note.In this episode of CISO Talk, host Mitch Ashley and JJ Minella are joined by Eve Maler (ForgeRock) and Steve Benton (Anomali) We'll delve into the root causes behind this surge of vulnerabilities and discuss the potential security lapses that allow cybercriminals an edge. Beyond understanding these vulnerabilities, our conversation will explore actionable steps organizations can take to manage and mitigate these security risks, ensuring a robust defense mechanism against unforeseen cyberthreats.And, of course, with artificial intelligence's rapid evolution and adoption, its role in the future of cyberattacks cannot be underestimated. We'll also discuss how AI is weaponized and used in cyberattacks, the implications and the preemptive measures we can adopt in the face of AI-enhanced cybersecurity threats.

There's a lot going on in the cybersecurity industry today -- new SEC incident and security program reporting requirements, the discovery of pervasive Chinese malware in critical infrastructure systems and the wild west of generative AI adoption. In this episode of CISO Talk, Jennifer Minella and Mitch Ashley discuss security topics that are top-of-mind for security leaders.

Ever wondered what it's like to lead product security at a massive, global, name brand enterprise technology company? Now's your chance! Lisa Bradley, senior director, product & application security at Dell Technologies, brings you into her world as a product security leader. Bradley explores her experiences as a security leader across technology products and software initiatives and discusses leading vulnerability and incident management, security champion initiatives, bug bounty programs and SBOM initiatives at Dell.

Today's highly distributed workforce is introducing new challenges for CISOs who must carefully navigate the journey from traditional perimeter-based network security to, well, the exact opposite. Securing remote work and managing BYOD on top of the usual challenges of protecting the software development life cycle (SDLC) means CISOs need to strike a balance between strong security policies and developers' preferences, work location(s) and work style(s). It's enough to make anyone crazy! Gal Shpantzer, IANS faculty member, CISO advisor and security consultant joins CISO Talk hosts Jennifer (JJ) Minella and Mitch Ashley to discuss these issues and more, as well as how to avoid the "C-S-No" approach, overcome resistance to necessary security and how to implement alternative strategies.

Every CISO knows it’s not a matter of 'if' a cybersecurity incident will occur, but 'when.' Fortunately, there's one name at the top of every CISO's incident response list: Stephen Reynolds, partner in Baker McKenzie’s Intellectual Property & Technology Practice. Reynolds built a well-deserved reputation as a bulwark between organizations and the cybercriminals who attack them, and he is rightly seen as the man who can make the difference between an organization living on to fight another day and total devastation. In this episode of CISO Talk, Stephen shares his experience responding to cybersecurity threats with hosts Mitch Ashley and JJ and talks about how decisions made early on can have a significant impact later in a security incident, when to call your cyberinsurance provider, when to involve law enforcement, what to communicate and what to keep to yourself and how to successfully negotiate with cybercriminals in ransomware situations.

Whether on-premises, cloud-based or cloud-native, the basics of securing digital systems are similar. In this episode of CISO Talk, Chuck Kesler, CISO at Pendo.io, shares his journey from a sysadmin, IT leader and CISO at Duke University Health System and his CISO role today with Pendo.io. Chuck works with software leaders and developers to secure software pipelines, remote development, infrastructure-as-software, adopt new development technologies and practices and more. Chuck discusses what he’s learned from bringing traditional security skills such as identity, device security and zero-trust (just to name a few) into a business which natively began in the cloud and never had a private data center.

RSA Conference 2023 is fast approaching, and the conference organizers are hard at work putting together an amazing lineup of keynotes, speakers, sessions and events. If you just can't wait to find out what's in store, join CISO Talk hosts Mitch Ashley and JJ Minella along with Britta Glade, VP, Content & Curation at RSA Conference and Kacy Zurkus (Senior Content Manager, RSA Conference, for a sneak preview of RSA Conference 2023. They will announce some exciting keynote speakers and give you an inside look at some great content that's coming for this year's event.

Dan Glass, vice president and CISO with NTT DATA (previously CISO at American Airlines), joins CISO talk co-hosts Jennifer (JJ) Minella and Mitch Ashley to talk about what really grinds his gears lately. Glass discusses the latest LastPass breach disclosure, what security vendors need to do to keep pace with IT, pursuing zero-trust in small-to-medium-sized businesses and hiring strategies for entry-level security talent.

They might be leaders in the cybersecurity industry and top of the ladder within their organization, but CISOs still need advice! And when they do, they often turn to trusted advisors to help them with strategy, product, network and vulnerability decisions. So, who are these CISO advisors? How did they achieve their 'CISO whisperer' status, and what role do they play? New co-host, cybersecurity expert, speaker and CISO advisor Jennifer “JJ” Minella joins Mitch Ashley on CISO Talk. JJ and Mitch explore the role advisors play in helping guide cybersecurity leaders and their organizations across diverse subjects, including network technologies, governance and compliance, AppSec and securing cloud-native infrastructure and applications. Mitch and JJ also discuss plans for future episodes including discussions with security practitioners about the cybersecurity challenges organizations face and best practices for addressing those challenges.

Host Mitch Ashley is joined by Jennifer Leggio (Netography) and Mike Rothman (Techstrong Research) to discuss the best ways CISOs can keep key stakeholders properly informed about threats, risk and security programs and why proactive communication is an essential part of high-performing teams and the foundation of a solid security strategy.