Community Member Contributor: Billy Spears, Chief Information Security Officer at Teradata [@Teradata]On LinkedIn | https://www.linkedin.com/in/billyjspears/HostsSean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli______________________Episode DescriptionBy establishing trust, organizations can develop more efficient security programs and improve risk management outcomes. In this post, Billy Spears, CISO for Teradata, presents critical elements for building trust, such as adopting a results-oriented approach, clarifying intent, and actively listening to others. The crucial role of trust in the cybersecurity industry is also explored as Billy emphasizes its significance in cultivating effective communication, collaboration, and innovation within teams and organizations. Billy stresses the importance of balancing trust in human relationships with the implementation of zero-trust security solutions, paving the way for a more collaborative and productive environment in the cybersecurity landscape.______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Community Member Contributor: Matthew Rosenquist, CISO at Eclipz.ioOn LinkedIn | https://www.linkedin.com/in/matthewrosenquist/On Twitter | https://twitter.com/Matt_RosenquistOn Medium | https://matthew-rosenquist.medium.com/HostsSean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli______________________Episode DescriptionOrganizations are asking a lot of their CISOs—from protecting internal digital assets to verifying the security postures of customers and partners, managing cyber insurance and compliance requirements, and acting fast anytime a security issue arises (real or otherwise). Taking on this challenge is made more difficult by the five areas in which CISOs tend to struggle—leadership, strategic thinking, optimizing for threats, promoting teamwork, and maximizing value. In this post from the Blue Lava Community, Matthew Rosenquist, the CISO at Eclipz.io, examines these five areas and presents strategies CISOs can apply to overcome the common mistakes made to instead provide cybersecurity value that can be measured in business terms at the C-suite table.LinkedIn Post: Five Biggest Mistakes of Cybersecurity Programs______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Community Member Contributor: Dutch Schwartz, Principal Security Specialist, Amazon Web Services (AWS) [@AWSSecurityInfo]On LinkedIn | https://www.linkedin.com/in/dutchschwartzOn Twitter | https://twitter.com/dutch_26HostsSean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli______________________Episode DescriptionIn this episode, Dutch Schwartz—a Principal Security Specialist with Amazon Web Services—discusses how CISOs and other cybersecurity leaders need to expand upon their technical skills and include leadership competencies. Doing so allows cybersecurity leaders to connect with other leaders in the organization and their cybersecurity teams. This, in turn, makes it possible for cybersecurity activities to enable the business to knowingly take the risks it wants to take and then manage and mitigate those risks when they become problematic.______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Community Member Contributor: William PughSecurity Consultant at AWS [@awscloud]On LinkedIn | https://www.linkedin.com/in/billy-pugh/HostsSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco CiappelliCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli______________________Episode DescriptionCompanies looking to strengthen their cybersecurity programs would do well to look toward military veterans who are transitioning to the corporate sector. Veterans come equipped with the necessary experience and a cybersecurity paradigm that sets them up for success in helping protect vital digital assets.A vital part of that paradigm is the ambiguity of cybersecurity. New technologies keep emerging that need protection by applying security controls. At the same time, cybercriminals constantly change their tactics, exploiting known weaknesses and bypassing common controls.Both the military and the corporate world also face a dearth of security talent and often have to throw professionals with little experience at the cybersecurity ambiguity challenges. Private companies and public organizations thus need professionals who are accustomed to working under the pressure of ambiguous scenarios with limited resources to support them.______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Community Member Contributor: Frank KimCISO-in-Residence at YL Ventures [@ylventures] and Fellow and Curriculum Director at the SANS Institute [@SANSInstitute]On Twitter | https://twitter.com/fykimOn LinkedIn | https://www.linkedin.com/in/frank-kim/Host: Sean MartinOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin______________________Episode DescriptionAs businesses migrate more and more applications to the cloud and continue relying on SaaS applications, CISOs are under pressure to ensure every IT environment is secure. This requires a new paradigm in formulating cloud security strategies because the technologies differ from on-premises technologies, and the security aspects vary from one cloud provider to another.In this episode, Frank Kim—a Fellow and a Curriculum Director at the SANS Institute—examines the approach CISOs must take to secure multiple cloud and SaaS environments. Kim also discusses the importance of understanding the differences between on-premises security and the cloud and why the speed of the cloud requires a new security paradigm. Kim then presents why CISOs need to give business units and software developers security options (rather than locking them into one tool) while balancing a combination of governance and technical expertise.Understanding the criticality of protecting access credentials and the needs of all stakeholders is also key to a CISO's success in safeguarding multiple cloud environments.______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

The large ratio gap in the availability of IT security professionals to open positions existed long before COVID-19. And that gap has grown even bigger thanks to the great resignation that has continued to take place in the IT industry since the pandemic. This has created a huge challenge for CISOs and other security leaders in their efforts to recruit and retain skilled security teams.In this episode, Megan McCann—CEO & Founder of the IT recruitment firm McCann Partners—presents creative approaches CISOs and hiring managers can apply to go beyond scanning resumes to finding prospects who can offer true value. McCann also discusses what CISOs can do to nurture their own careers._______________________Community Member Contributor: Megan McCannCEO & Founder at McCann Partners [@McCannPartners]On Twitter | https://twitter.com/meganpmccannOn LinkedIn | https://www.linkedin.com/in/meganpmccann/Hosts: Sean Martin and Marco CiappelliOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Global supply chains have grown much more complex than simply figuring out how to get products and services from Point A to Point B. Companies also depend on second-tier, third-tier, and even nth-tier vendors they don’t know and have no relationship with for the services and components they require to operate.Cyberattacks on software across these complex supply chain ecosystems have resulted in disruptions, defects, and diversions that are difficult to identify and resolve—one weak link in the chain can bring the entire ecosystem to a halt.In this episode, Mark Weatherford—CSO at AlertEnterprise and Chief Strategy Officer at the National Cybersecurity Center—examines the importance of understanding vendor cybersecurity postures, not only primary suppliers but also their suppliers as well. Weatherford also discusses how enterprise software components can come from vendors all over the world and how global events can impact supply chains. Weatherford then presents why the jobs of CISOs are so difficult in defending supply chains, along with a few tips for organizations to protect their operations._______________________Community Member Contributor: Mark WeatherfordCSO at AlertEnterprise [@AlertEnterprise] and Chief Strategy Officer at the National Cybersecurity Center [@NATLCyberCenter]On Twitter | https://twitter.com/marktwOn LinkedIn | https://www.linkedin.com/in/maweatherford/Host: Sean MartinOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

CISOs and InfoSec teams in charge of product security realize how the drive for innovation can speed up their organization's product release philosophy. Software development teams want applications to continuously expand functionality to solve more customer pain points and go to market before the competition.But it’s just as vital for CISOs and InfoSec teams to be product security advocates for customers—to ensure their accounts and sensitive data are safe from bad actors.In this episode, Alex Kreilein, a Senior Technical Program Manager for Microsoft, discusses what it takes for CISOs and InfoSec teams to become security advocates for customers by ensuring the safety of software products. Kreilein also examines the importance for CISOs and InfoSec teams to understand the objectives of the software development team and to interject product security early into the software development lifecycle. Kreilein then presents why accuracy in security testing is more important than finding vulnerabilities and how it’s critical to establish one team across security and developer teams—by making success metrics transparent and allowing team members to hold each other accountable._______________________Community Member Contributor: Alex KreileinSenior Technical Program Manager, Microsoft [@Microsoft / @msftsecurity]On Twitter | https://twitter.com/AK3R303On LinkedIn | https://www.linkedin.com/in/alexkreilein/Host: Sean MartinOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Large enterprises and government agencies deploy thousands of Internet of Things (IoT), Operational Technology (OT), and other network-connected devices. But many severely underestimate the count, and many more do not manage these devices to ensure the latest security measure are in place.This includes up-to-date firmware and strong passwords. Knowing this, the cybercriminal community focuses on these devices and environments. They are more vulnerable than primary IT infrastructures and offer an easy way to breach digital assets and move laterally without discovery across an organization’s broader infrastructure.In this episode, Brian Contos, Chief Security Officer for Phosphorous Cybersecurity, presents insights and examines the risks to IoT, OT, and network devices and the issues they can cause to an organization's overall IT infrastructure. The article also demonstrates how devices are attacked and presents ways to overcome the risks to ensure digital assets remain safe._______________________Community Member Contributor: Brian ContosChief Security Officer for Phosphorous Cybersecurity [@phosphorusinc]On Twitter | https://twitter.com/BrianContosOn LinkedIn | https://www.linkedin.com/in/briancontos/______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

As world events have demonstrated these past couple of years, crisis management is a requisite for doing business in today’s world. CISOs have choices to make in the face of the next crisis that’s sure to come…either plan ahead or react.Those who do plan, practice, and engage the full support of the enterprise often reduce the impact of a crisis in terms of business disruptions, cost to recover, and lost revenue.In this episode, Jasper Ossentjuk, SVP and CFO for Nielsen IQ, discusses what every CISO needs to know about crisis management planning and how it differs from business continuity and disaster recovery planning. Ossentjuk also examines how to determine if an organization is crisis resilient and the critical role a CISO plays in facilitating the necessary conversations to create crisis management plans. Ossentjuk also offers tips for formulating strategies and emphasizes the need to practice the procedure so that organizations can be flexible in reacting to unexpected crises._______________________Community Member Contributor: Jasper OssentjukSVP and CFO for Nielsen IQ [@NielsenIQ]On LinkedIn | https://www.linkedin.com/in/jasperossentjukciso/______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Operational Technology (OT) and Information Technology (IT) have historically been managed by separate teams. But with cyberattacks targeting IoT devices on OT systems in recent years and opening the possibility of breaches spilling over to IT networks (and vice versa), OT and IT teams realize just how much they need each other. As a result, the cybersecurity industry is seeing a convergence between OT security and IT security.In this episode, Rock Lambros, CEO and founder of RockCyber, discusses how CISOs are taking the lead by pushing for OT and IT teams to collaborate to understand each other’s challenges and how their knowledge can help improve the security postures of each other’s networks. Lambros also examines the different perspectives of IT and OT teams and how CISOs can collaborate with OT teams to achieve organizational success—where operational and information systems benefit from a strong security posture that allows the company to function at peak efficiency._______________________Community Member Contributor: Rock LambrosCEO and founder of RockCyber [@RockCyberLLC]On Twitter | https://twitter.com/rocklambrosOn LinkedIn | https://www.linkedin.com/in/rocklambros/______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network