CISO Talk

In episode two of a two-part series, CISO Talk hosts Mitch Ashley and Jennifer "JJ" Minella, continue their conversation with Andy Ellis, former CISO at Akamai and current operating partner at Weill Ventures. They delve into topics like building security teams, adapting to change and the impact of AI on the security landscape. Andy emphasizes the need for organizations to understand the value they aim to produce and to align their security efforts with that objective. He discusses how AI, particularly large language models (LLMs), can change the dynamics of software development and security, ultimately advocating for a shift toward safety engineering to minimize attack surfaces and improve defenses. Andy also shares insights from his book and offers guidance on how to navigate the evolving cybersecurity landscape.For more information and to follow Andy Ellis's insights, you can visit his LinkedIn or Twitter profiles (@CSOAndy) and subscribe to his newsletter at https://duhaone.substack.com/ . Andy's book "1% Leadership: Master the Small, Daily Improvements that Set Great Leaders Apart" can be found at various book retailers, and he also has an audiobook version, narrated by himself, which offers an enriching experience for the readers.

In episode one of a two-part series, CISO Talk hosts Mitch and Jennifer "JJ" Minella introduce Andy Ellis, a renowned figure in the security industry with a long tenure at Akamai and currently an operating partner at Weil Ventures. Andy shares insights into the role of a CISO, particularly focusing on whether they belong in the boardroom and the challenges associated with their role(s). They discuss the SEC's new four-day breach disclosure requirement and delve into the intricacies and nuances of materiality in cybersecurity. They emphasize the importance of building relationships and effective communication to ensure that security concerns are adequately addressed at the executive level. The conversation also touches on liability and insurance considerations for CISOs, highlighting the need for personal insurance coverage due to potential gaps in company-provided policies.For more information and to follow Andy Ellis' insights, you can visit his LinkedIn or Twitter profiles (@CSOAndy) and subscribe to his newsletter at https://duhaone.substack.com/ . Andy's book "1% Leadership: Master the Small, Daily Improvements that Set Great Leaders Apart" can be found at various book retailers, and he also has an audiobook version, narrated by himself, which offers an enriching experience for the readers.

Third-party software and services, including SaaS applications, are integral to our everyday operations. But this widespread dependency on third parties also introduces risk and vulnerabilities, and cyberattacks and breaches continue to surge -- the MOVEit breach being a relatively recent vulnerable service of note.In this episode of CISO Talk, host Mitch Ashley and JJ Minella are joined by Eve Maler (ForgeRock) and Steve Benton (Anomali) We'll delve into the root causes behind this surge of vulnerabilities and discuss the potential security lapses that allow cybercriminals an edge. Beyond understanding these vulnerabilities, our conversation will explore actionable steps organizations can take to manage and mitigate these security risks, ensuring a robust defense mechanism against unforeseen cyberthreats.And, of course, with artificial intelligence's rapid evolution and adoption, its role in the future of cyberattacks cannot be underestimated. We'll also discuss how AI is weaponized and used in cyberattacks, the implications and the preemptive measures we can adopt in the face of AI-enhanced cybersecurity threats.

There's a lot going on in the cybersecurity industry today -- new SEC incident and security program reporting requirements, the discovery of pervasive Chinese malware in critical infrastructure systems and the wild west of generative AI adoption. In this episode of CISO Talk, Jennifer Minella and Mitch Ashley discuss security topics that are top-of-mind for security leaders.

Ever wondered what it's like to lead product security at a massive, global, name brand enterprise technology company? Now's your chance! Lisa Bradley, senior director, product & application security at Dell Technologies, brings you into her world as a product security leader. Bradley explores her experiences as a security leader across technology products and software initiatives and discusses leading vulnerability and incident management, security champion initiatives, bug bounty programs and SBOM initiatives at Dell.

Today's highly distributed workforce is introducing new challenges for CISOs who must carefully navigate the journey from traditional perimeter-based network security to, well, the exact opposite. Securing remote work and managing BYOD on top of the usual challenges of protecting the software development life cycle (SDLC) means CISOs need to strike a balance between strong security policies and developers' preferences, work location(s) and work style(s). It's enough to make anyone crazy! Gal Shpantzer, IANS faculty member, CISO advisor and security consultant joins CISO Talk hosts Jennifer (JJ) Minella and Mitch Ashley to discuss these issues and more, as well as how to avoid the "C-S-No" approach, overcome resistance to necessary security and how to implement alternative strategies.

Every CISO knows it’s not a matter of 'if' a cybersecurity incident will occur, but 'when.' Fortunately, there's one name at the top of every CISO's incident response list: Stephen Reynolds, partner in Baker McKenzie’s Intellectual Property & Technology Practice. Reynolds built a well-deserved reputation as a bulwark between organizations and the cybercriminals who attack them, and he is rightly seen as the man who can make the difference between an organization living on to fight another day and total devastation. In this episode of CISO Talk, Stephen shares his experience responding to cybersecurity threats with hosts Mitch Ashley and JJ and talks about how decisions made early on can have a significant impact later in a security incident, when to call your cyberinsurance provider, when to involve law enforcement, what to communicate and what to keep to yourself and how to successfully negotiate with cybercriminals in ransomware situations.

Whether on-premises, cloud-based or cloud-native, the basics of securing digital systems are similar. In this episode of CISO Talk, Chuck Kesler, CISO at Pendo.io, shares his journey from a sysadmin, IT leader and CISO at Duke University Health System and his CISO role today with Pendo.io. Chuck works with software leaders and developers to secure software pipelines, remote development, infrastructure-as-software, adopt new development technologies and practices and more. Chuck discusses what he’s learned from bringing traditional security skills such as identity, device security and zero-trust (just to name a few) into a business which natively began in the cloud and never had a private data center.

RSA Conference 2023 is fast approaching, and the conference organizers are hard at work putting together an amazing lineup of keynotes, speakers, sessions and events. If you just can't wait to find out what's in store, join CISO Talk hosts Mitch Ashley and JJ Minella along with Britta Glade, VP, Content & Curation at RSA Conference and Kacy Zurkus (Senior Content Manager, RSA Conference, for a sneak preview of RSA Conference 2023. They will announce some exciting keynote speakers and give you an inside look at some great content that's coming for this year's event.

Dan Glass, vice president and CISO with NTT DATA (previously CISO at American Airlines), joins CISO talk co-hosts Jennifer (JJ) Minella and Mitch Ashley to talk about what really grinds his gears lately. Glass discusses the latest LastPass breach disclosure, what security vendors need to do to keep pace with IT, pursuing zero-trust in small-to-medium-sized businesses and hiring strategies for entry-level security talent.