CISO Dojo Podcast
39 episodes - English - Latest episode: over 2 years ago -The CISO Dojo podcast looks at various security leader topics and guests discuss their paths in information security that lead them to where they are at today.
Homepage Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
CISO Actions - Russia/Ukraine Activity
February 24, 2022 02:59 - 37 minutes - 33.9 MBWith tensions building in the Ukraine, it's a good time to take a step back and look at what actions a CISO should be considering if this is an area of concern. In this episode Joe Sullivan and Stacy Dunn cover the following topics: News Resources: SANS ISC and Webinars Business Analysis: PEST Analysis Team Analysis: SWOT Analysis Technical Controls: Firewalls, Geolocation Blocking, and MFA Administrative Controls: Travel/Evacuation, Asset Disposal, and Crown Jewels Executiv...
Cyber Issues Recapped from 2021 and Looking Ahead to 2022
January 30, 2022 19:54 - 41 minutes - 38.4 MBIn this episode we recap some of the bad things that happened in 2021 and theorize what could be in store during 2022.
Harshil Parikh of Tromzo Discusses Application Security
November 22, 2021 06:00 - 41 minutes - 37.9 MBHarshil Parikh, CEO of Tromzo, discusses application and how to eliminate developer/security friction by using context to sort through the noise and empower developers to fix what matters. Find Harshil online at: https://www.linkedin.com/in/harshil/ https://www.tromzo.com/
Being a One Person Football Team and Breaking into Security
November 12, 2021 02:14 - 38 minutes - 35.3 MBTanner James started his career in IT after graduating with an MIS degree from OU in 2016. Since then, Tanner has worked for a telecommunications consulting firm and is currently employed as the IT manager for LuGreg Trucking. At this point in his career, he is wanting to develop his security skillset to take on a role in information security. When he isn’t working with technology, he enjoys lots of time outdoors with his family. You can find Tanner James online at: https://www.li...
From Factory Work to CISO
November 01, 2021 05:00 - 44 minutes - 40.4 MBRussell Eubanks started shares his story about transitioning from factory work, breaking into information security, becoming a CISO, and starting his own consulting practice. Russell shares some good advice, guidance, and tips for others looking to further their career, lead teams, and personal development in your information security career. You can find Russell Eubanks online at: https://securityeverafter.com/ SANS: https://www.sans.org/profiles/russell-eubanks/ LinkedIn: https:/...
Cobalt Strike, Ransomware, Supply Chain Attacks, and RiskIQ
October 04, 2021 17:32 - 36 minutes - 33.5 MBSteve Ginty Director of Threat Intelligence at RiskIQ joins us on this episode to discuss detecting risks your organization might not be aware of. Steve also talks about how RiskIQ contributes to the detection of Cobalt Strike, ransomware actor activity, supply chain attacks, and how RiskIQ can help with vendor management. Website: https://www.riskiq.com/ LinkedIn: https://www.linkedin.com/in/sginty/
Meet Jerich Beason Chief Information SVP and Security Officer for Epiq
September 20, 2021 05:00 - 38 minutes - 35.4 MBJerich Beason is a cyber security hobbyist turned professional who holds Bachelors and Masters degrees in Cyber Security. He has served in progressive roles at some of the most respected companies within the cyber security industry including Lockheed Martin, RSA and Deloitte where he was a trusted advisor to executives within the federal government and fortune 500 organizations. Jerich advised these companies on cyber security strategy, architecture and program development. In his most rol...
Meet AJ Yawn CEO and Co Founder of Bytechek
September 13, 2021 05:00 - 50 minutes - 46.6 MBAJ Yawn joins us for this episode of the CISO Dojo Podcast. AJ Yawn is a seasoned cloud security professional that possesses over a decade of senior information security experience with extensive experience managing a wide range of cybersecurity compliance assessments (SOC 2, ISO 27001, HIPAA, etc.) for a variety of SaaS, IaaS, and PaaS providers. AJ advises startups on cloud security and serves on the Board of Directors of the ISC2 Miami chapter as the Education Chair, he is also a Foun...
Risk Appetite Statements
September 10, 2021 13:12 - 25 minutes - 23.7 MBIn this episode Joe Sullivan and Stacy Dunn discuss approaches for developing a risk appetite statement and how to implement security based on the stated risk appetite.
Fraudulent Job Applicants
September 01, 2021 01:31 - 31 minutes - 58 MBWhat's the strangest thing you've encountered with a new hire? In this episode we talk about the time an evil twin with no experience managed to get an IT position and how scammers with no experience are landing multiple work from home tech jobs just to collect a paycheck until they get terminated. The rabbit hole goes even deeper with fake sites being set up as past employers and answering services attempting to make them look legitimate. We also talk about how to combat these attempt...
Who's Responsible for Breaches Anyways?
August 18, 2021 13:18 - 35 minutes - 32.9 MBIn this episode Joe Sullivan and Stacy Dunn talk about who should be held responsible for breaches and what needs to be done to reduce consecutive breaches in an organization.
Can I look at your iPhone Pictures?
August 11, 2021 12:04 - 41 minutes - 37.7 MBThere's a been a lot of discussion around Apple scanning for CSAM images. Joe Sullivan and Stacy Dunn talk about the pros and cons of this and how it affects privacy of iPhone users.
Dealing with Burn Out and GPEN Versus OSCP
July 25, 2021 22:49 - 9 minutes - 9.03 MBIn this episode I talk about an approach to deal with burn out on your team. This is based on a study located here. I also look at the GPEN versus the OSCP certification in this episode.
Meet Paul Tucker CISO of Bank of Oklahoma
July 12, 2021 05:00 - 43 minutes - 39.6 MBPaul Tucker CISO of Bank of Oklahoma joins us for this episode of the CISO Dojo Podcast. Paul Tucker is Senior Vice President and Chief Information Security and Privacy Officer at BOK Financial. In this role Tucker leads the cybersecurity team responsible for the banks efforts to protect information important to the banks operation, while ensuring the overall cyber resiliency and privacy of the bank.
Cloud Security, Casinos, Supply Chain Attacks, INFOSEC Bikini, and Haters of Pants
July 08, 2021 03:40 - 43 minutes - 39.8 MBJoe Sullivan and Stacy Dunn wrap up the the third part of their cloud security series. The episode extends into current events with casino ransomware attacks, supply chain attacks, and why casinos should not be getting breached. We also talk about Social Media happenings like INFOSEC Bikini, the negative element on Twitter, and haters of pants.
Attack Surface Management & Threat Intelligence with Alex Tarter
June 28, 2021 05:00 - 59 minutes - 54.8 MBAlex Tarter joins us on the podcast to discuss attack surface management and threat intelligence. Alex is one of the founding members of TurgenSec which has recently had an interesting string of responsible disclosures related to: Virgin Media The Gates Foundation Charity 190+ Law Firms The Philippines Government Check out Alex at: www.turgensec.com [email protected]
Stacy Dunn on Diversity, Equity, and Inclusivity | Part 3
June 14, 2021 05:00 - 17 minutes - 15.9 MBPart 3: Action items and actionable information; Give insights into how to support marginalized people and adopt better hiring practices. Sources: https://www.thisishowyoucan.com/post/__wheel_of_power_and_privilege https://www.forumone.com/ideas/why-and-how-to-prioritize-dei-at-your-organization/ http://greenlining.org/wp-content/uploads/2018/03/DEI-Framework.pdf https://globewomen.org/globaldiversity/wp-content/uploads/2020/03/Korn-Ferry-Diversity-and-Inclusion-Maturity-Mod...
Meet CISO Chad Kliewer
June 07, 2021 05:00 - 1 hour - 57.9 MBChad Kliewer, CISO of Pioneer Telephone shares his journey in information security where he overcame nearly insurmountable challenges. Chad has faced broad use of credential sharing, placing the mouse on the monitor, because this is how it's supposed to work right? Chad has survived Sox audits and even the SolarWinds attack. There's so much to learn from this episode from a CISO and information security perspective! Connect with Chad on Twitter @ChadKliewer
CISO Dojo Ransomware Special Edition
June 05, 2021 03:35 - 15 minutes - 14.5 MBThe White House just release a special document to the private sector about responsibility and steps to prevent ransomware. Quoting directly from the document: Companies that view ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more effectively. The document goes on to talk about best practices such as: Utilizing Multifactor Authentication Endpoint Detection and Response Threat Hunting Utilizing Threat Intel...
Stacy Dunn on Diversity, Equity, and Inclusivity | Part 2
May 31, 2021 05:00 - 20 minutes - 19.1 MBPart of being an effective security leader is understanding and including people from all types of backgrounds. Usually, it’s talk tech, security, and strategy, but for these episodes, it’s time to discuss the 8th layer and how acceptance is not just 1’s and 0’s. In this short solo three-parter, Stacy will take you through the who, what, when, and why of Diversity, Equity, and Inclusivity. (DEI) Sources for Part 2: https://www.hrc.org/resources/hate-crimes-timeline https://www.aaaed.o...
Stacy Dunn on Diversity, Equity, and Inclusivity | Part 1
May 24, 2021 05:00 - 22 minutes - 20.8 MBIn this episode Stacy Dunn talks about Diversity, Equity, and Inclusivity and how we can get better at improving the culture of the information security workplaces and community. Part of being an effective security leader is understanding and including people from all types of backgrounds. Usually, it’s talk tech, security, and strategy, but for these episodes, it’s time to discuss the 8th layer and how acceptance is not just 1’s and 0’s. In this short solo three-parter, Stacy will take yo...
Hiring Pen Testers, Hacking Holidays, and Hand Grenades
May 17, 2021 05:00 - 36 minutes - 33.5 MBChris Elgee is a senior security analyst and Core NetWars Tournament design lead for Counter Hack, and commander of the Army National Guard's 126th Cyber Protection Battalion. At Counter Hack, Chris is responsible for the design and implementation of NetWars challenges and has created some of the player-favorite challenges throughout NetWars and the Holiday Hack Challenge. Chris also teaches SEC560 for the SANS Institute. Read more about Chris Elgee at: https://www.sans.org/profiles/c...
From Reverse Engineering Malware to CISO
May 10, 2021 05:00 - 50 minutes - 69.5 MBLenny is the CISO at Axonius, which is a cybersecurity tech company. Lenny has also helped build anti-malware software at an innovative startup and oversaw security services at a Fortune 500 technology company. He has also lead the consulting practice at a leading cloud services provider. Lenny is also a Fellow Instructor at SANS and is the primary author of FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques. Lennny maintains a popular malware analysis tool k...
Cloud Security Part 2
May 04, 2021 01:02 - 37 minutes - 51 MBIn this episode we discuss concerns with security in the cloud that organizations need to be aware of. Moving to the cloud doesn't automatically mean it's more secure. We'll take a look at the CIS Controls and how you can implement them in a cloud environment to better secure your networks and data. The topics discussed in this episode are: Malware Defenses in the Cloud Limiting Network Protocol Ports and Services Cloud Security Data Recovery Capabilities Cloud Security Configurat...
Cloud Security
April 27, 2021 20:17 - 33 minutes - 45.5 MBIn this episode we discuss concerns with security in the cloud that organizations need to be aware of. Moving to the cloud doesn't automatically mean it's more secure. We'll take a look at the CIS Controls and how you can implement them in a cloud environment to better secure your networks and data.
Cyberstalking
April 21, 2021 01:51 - 40 minutes - 54.9 MBStalking- What is it, exactly? And, more importantly, what do you do if it happens to you? What are the steps you can take and how can you understand ways to better protect yourself? What are the avenues for reporting stalking? How has technology impacted stalking and what can we do, as a society, to keep these behaviors from perpetuating? National Resources: https://www.thehotline.org/ (1-800-799-SAFE) https://victimsofcrime.org/ https://www.stalkingawareness.org/ https://www.y...
Data Governance
April 13, 2021 01:18 - 35 minutes - 49 MBData governance is a huge undertaking when you don't build it in at the start. In this episode Stacy and Joe discuss data governance programs, the NIST Privacy Framework, and how to build a successful data governance program.
The Birth Of a CISO
April 05, 2021 21:58 - 22 minutes - 30.6 MBThis week's episode acts as a follow up to provide answers to your burning questions following the interview of our special guest, Gordon Rudd of Stone Creek Coaching, who trains and coaches aspiring and current CISO's. But, how do you know if you want to be a CISO. Heck- What is a CISO? It's in the name, right? How do we know exactly what a Chief Information Security Officer is? Does the definition change between organizations? Are the expectations the same? Listen as J...
From Fortran to CISO to Executive Coaching
March 29, 2021 05:00 - 1 hour - 95.2 MBGordon Rudd joins us for this week's episode of the podcast. Gordon Rudd is a former CISO, executive coach, author, keynote speaker, and teacher with Stone Creek Coaching. Gordon founded the CISO Mentoring Project in 2012 and is an engaged mentor to many aspiring and active CISOs around the world. He founded Stone Creek Coaching in 2019 to help create world-class, cybersecurity leaders. Gordon is a regular instructor with (ISC)2 an international, nonprofit association for information secur...
My Path in Information Security: Stacy Dunn
March 22, 2021 05:00 - 23 minutes - 32.7 MBIn this episode of CISO Dojo, Stacy outlines how she broke through into the field of Information Technology, and, subsequently, Cyber Security. How does one connect the dots from being a Retail Store Manager with an Associate's in Fine Arts to becoming an aspiring Security Engineer with one of the world's largest security companies? Stained shirts and socks with sandals, that's how! What...? Wait just a minute...? Yeah, that's right! But, what does that have to do with IT!? ...
My Path in Information Security
March 15, 2021 05:00 - 12 minutes - 17.4 MBThis episode starts a new series about non traditional paths to information security. This series will post every Monday when we don't have a guest on the show. In this series we will look at ways to get into information security and how to progress in your career. This pilot starts out with my own path in information security from auto technician, to CISO, to consultant.
Risk Assessments, Frameworks, and Approaches
March 08, 2021 12:56 - 1 hour - 148 MBRisk Assessments, Frameworks, and Approaches Risk Assessments are the topic for this episode of the CISO Dojo Podcast. What is a risk assessment: The identification, evaluation, and estimation of the levels of risks involved in a situation, with comparisons against benchmarks or standards, and determination of an acceptable level of risk. There are two types of risk assessments we discuss in this episode: Quantitative Risk Assessment: This one uses actual data and amounts during the ...
Employee Retention Strategies for CISOs
February 13, 2021 03:06 - 43 minutes - 80.5 MBEmployee Retention Strategies for CISOs Employee retention of top talent should be on the mind of every CISO today. Recruiters are focused on coaxing the best employees away from organizations due to the perceived skills shortage in the information security industry. When an employee approaches you about an offer from another company, how should you handle that situation as a CISO? One approach is to analyze the company and the offer with the employee. This helps sort out the pros an...
Resume Reviews, Interviewing, and we have a co-host!
August 23, 2020 21:30 - 36 minutes - 49.4 MBResume Reviews, Interviewing, and we have a co-host! Meet Stacy Dunn in this episode of the CISO Dojo podcast. Stacy has been working in INFOSEC for the past 4 years in various roles and was a guest on the show previously. In this episode Stacy and I discuss a lot of different topics that include: Culture Diversity Women in Tech Interviewing Resume prep Fitness As we recorded this episode I was thinking about the idea of offering resume reviews, mock interviews, and interview...
Managing Teams Remotely
April 03, 2020 02:24 - 13 minutes - 25 MBManaging Teams Remotely Managing teams remotely is a real challenge in this environment. As leaders and managers we need to make sure we are taking the right approach to managing our teams when they are remote. We’ve lost a lot of the daily context of what our team members are facing, how to motivate them, and the convenience of in person communication. In this episode I discuss concepts of leadership, dealing with people, and how to get people to change without causing resentment. These...
Working Remotely During a Pandemic
March 15, 2020 03:29 - 6 minutes - 12.4 MBWorking Remotely During a Pandemic One of the challenges many organizations are facing right now is: how do we secure a remote workforce? In this episode I discuss some of the tough questions organizations face and how they are approaching them. A lot of vendors are stepping up offer free products such as Google, Cisco, and Zoom. We also need to address how to secure newly acquired cloud services, I discuss a few options to help secure and monitor cloud services. There’s also a good ar...
Pandemic Policies
March 01, 2020 13:48 - 5 minutes - 10.4 MBPandemic Policies With the Corona Virus spreading, now is a good time to check your Pandemic Policy. Pandemic Policies help you plan for a large part of your workforce being unable to work due to illness. In this episode I’ll cover some key points from a Pandemic Policy Template available from SANS. If you are considered critical infrastructure by the Federal Government, you might start here: dhs.gov. Things you should be thinking about are IT infrastructure needs such as: Bandwidth...
Strategy Versus Culture
February 25, 2020 02:50 - 5 minutes - 6.98 MBStrategy Versus Culture It’s been said that culture eats strategy for breakfast, but what does that mean? If your policies, procedures, and strategic plan do not align with the culture, your risk offending the organization and will fail to execute your strategic plan. The post Strategy Versus Culture appeared first on CISO Dojo.
Iran Cyber Threat CISO Action Items
January 07, 2020 17:14 - 7 minutes - 13.8 MBIran Cyber Threat CISO Action Items Iran Cyber Threat President Trump ordered an airstrike that killed the Iranian General Soleimani in Baghdad. Soleimani was suspected of “plotting attacks” against Americans in the region. The Department of Homeland Security issued a bulletin stating that Iranian leadership and several affiliated violent extremist organizations publicly stated they intend to retaliate against the United States. This is a concern because Iran maintains a robust cyber p...