CISO Talk

Immediately following his AWS re:Inforce 2024 Keynote talk, AWS CISO Chris Betz joins Mitch Ashley on CISO Talk. Chris shares his comprehensive approach to security, including creating a culture of security, AWS chip security, secure programming languages like Rust, securing AI and the data AI uses, and more. Mitch considers Chris Betz an example of the modern-day CISO, a CISO for 2024 and beyond. https://reinforce.awsevents.com/

Recent collaborative actions by U.S. and international law enforcement against ransomware rings such as LockBit, BlackCat, and Ragnar Locker serve as a critical wake-up call for CISOs and security leaders. These operations highlight ransomware’s sophistication and pervasive nature, emphasizing the need for robust incident response measures that may involve law enforcement. In this special edition of CISO Talk, hosts Mitch Ashley and JJ Minella are joined by Caroline Wong (Cobalt) to discuss how to understand the evolving threat landscape, foster international collaboration and implement comprehensive security strategies.

CISO Talk finishes 2023 with a year-end review hosted by Mitch Ashley (Techstrong Research) and Jennifer Minella (Viszen Security), joined by Allison Miller (executive security leader) and Dan Glass (CISO, NTT DATA). Our cyber leaders reflect on the rapid rise of generative AI (and whether it lives up to its billing), the career and legal risks of CISO following the SEC's actions, security as a product feature, where we are with zero-trust and more.

Anton Chuvakin, security advisor at Office of the CISO at Google Cloud and former Gartner distinguished analyst, joins Mitch and JJ to discuss AI and its security implications, software supply chain security and moving and securing workloads in the cloud, including its similarities and differences from operating in traditional data centers.

In episode two of a two-part series, CISO Talk hosts Mitch Ashley and Jennifer "JJ" Minella, continue their conversation with Andy Ellis, former CISO at Akamai and current operating partner at Weill Ventures. They delve into topics like building security teams, adapting to change and the impact of AI on the security landscape. Andy emphasizes the need for organizations to understand the value they aim to produce and to align their security efforts with that objective. He discusses how AI, particularly large language models (LLMs), can change the dynamics of software development and security, ultimately advocating for a shift toward safety engineering to minimize attack surfaces and improve defenses. Andy also shares insights from his book and offers guidance on how to navigate the evolving cybersecurity landscape.For more information and to follow Andy Ellis's insights, you can visit his LinkedIn or Twitter profiles (@CSOAndy) and subscribe to his newsletter at https://duhaone.substack.com/ . Andy's book "1% Leadership: Master the Small, Daily Improvements that Set Great Leaders Apart" can be found at various book retailers, and he also has an audiobook version, narrated by himself, which offers an enriching experience for the readers.

In episode one of a two-part series, CISO Talk hosts Mitch and Jennifer "JJ" Minella introduce Andy Ellis, a renowned figure in the security industry with a long tenure at Akamai and currently an operating partner at Weil Ventures. Andy shares insights into the role of a CISO, particularly focusing on whether they belong in the boardroom and the challenges associated with their role(s). They discuss the SEC's new four-day breach disclosure requirement and delve into the intricacies and nuances of materiality in cybersecurity. They emphasize the importance of building relationships and effective communication to ensure that security concerns are adequately addressed at the executive level. The conversation also touches on liability and insurance considerations for CISOs, highlighting the need for personal insurance coverage due to potential gaps in company-provided policies.For more information and to follow Andy Ellis' insights, you can visit his LinkedIn or Twitter profiles (@CSOAndy) and subscribe to his newsletter at https://duhaone.substack.com/ . Andy's book "1% Leadership: Master the Small, Daily Improvements that Set Great Leaders Apart" can be found at various book retailers, and he also has an audiobook version, narrated by himself, which offers an enriching experience for the readers.

Third-party software and services, including SaaS applications, are integral to our everyday operations. But this widespread dependency on third parties also introduces risk and vulnerabilities, and cyberattacks and breaches continue to surge -- the MOVEit breach being a relatively recent vulnerable service of note.In this episode of CISO Talk, host Mitch Ashley and JJ Minella are joined by Eve Maler (ForgeRock) and Steve Benton (Anomali) We'll delve into the root causes behind this surge of vulnerabilities and discuss the potential security lapses that allow cybercriminals an edge. Beyond understanding these vulnerabilities, our conversation will explore actionable steps organizations can take to manage and mitigate these security risks, ensuring a robust defense mechanism against unforeseen cyberthreats.And, of course, with artificial intelligence's rapid evolution and adoption, its role in the future of cyberattacks cannot be underestimated. We'll also discuss how AI is weaponized and used in cyberattacks, the implications and the preemptive measures we can adopt in the face of AI-enhanced cybersecurity threats.

There's a lot going on in the cybersecurity industry today -- new SEC incident and security program reporting requirements, the discovery of pervasive Chinese malware in critical infrastructure systems and the wild west of generative AI adoption. In this episode of CISO Talk, Jennifer Minella and Mitch Ashley discuss security topics that are top-of-mind for security leaders.

Ever wondered what it's like to lead product security at a massive, global, name brand enterprise technology company? Now's your chance! Lisa Bradley, senior director, product & application security at Dell Technologies, brings you into her world as a product security leader. Bradley explores her experiences as a security leader across technology products and software initiatives and discusses leading vulnerability and incident management, security champion initiatives, bug bounty programs and SBOM initiatives at Dell.

Today's highly distributed workforce is introducing new challenges for CISOs who must carefully navigate the journey from traditional perimeter-based network security to, well, the exact opposite. Securing remote work and managing BYOD on top of the usual challenges of protecting the software development life cycle (SDLC) means CISOs need to strike a balance between strong security policies and developers' preferences, work location(s) and work style(s). It's enough to make anyone crazy! Gal Shpantzer, IANS faculty member, CISO advisor and security consultant joins CISO Talk hosts Jennifer (JJ) Minella and Mitch Ashley to discuss these issues and more, as well as how to avoid the "C-S-No" approach, overcome resistance to necessary security and how to implement alternative strategies.