Rank #1: SC 120: DocuSign CISO Discusses the Human Element of Incident Response
The volume of threats and attacks most security teams face daily can leave them overworked and fatigued, operating in what DocuSign CISO Vanessa Pegueros has identified as level one trauma – a sort of cyber PTSD that can put organizations at risk. In this podcast, Pegueros talks with David Cass, IBM Cloud & SaaS Global CISO, about her four-part series in Security Current that explores the human element of incident response and how CISOs can identify and resolve trauma in the organization. They also discuss the Board’s role in incident response and why being quick to fire after a breach may not always be the most effective approach. Read the series: Read Part OneRead Part TwoRead Part ThreeRead Part Four
Feb 28 2017
Rank #2: SC 107: John Masserini, CSO MIAX Options, Speaks with Barmak Meftah, President and CEO AlienVault, About Threat Detection and Response
In this conversation, MIAX Options CSO John Masserini discusses the threat detection and response space with AlienVault President and CEO Barmak Meftah.
An early adopter of threat intelligence, Masserini notes its challenges and asks Meftah what AlienVault is seeing in the market and how threat intelligence is being integrated into companies’ security organizations.
Meftah talks about the need to efficiently aggregate information while noting that it is more important to synthesize the information to ensure it is easily consumable and actionable.
He describes AlienVault’s crowdsourcing approach and how it is helping SMBs centralize and simplify their threat detection and response. They were speaking in this sponsored podcast at the Black Hat Conference in Las Vegas earlier this month.
Aug 23 2016
Rank #3: SC 109: IBM Global CISO Cloud & SaaS and ADP Vice President & Global Security Architect Discuss the Business and Technology Benefits of User Behavior Analytics (UBA) Tools
The use of user behavior analytics (UBA) is at the forefront of technologies that CISOs are seeking for their security toolkits to help them identify that needle-in-a-haystack.
In this podcast sponsored by Exabeam, IBM’s David Cass talks with ADP’s V.Jay LaRosa about how UBA provides always on threat hunting to detect and thwart cyber attacks. LaRosa discusses ADP’s selection and implementation of the UBA solution and how his team uses it to quickly and effectively identify potential anomalous behavior. He also talks ROI, staffing and why he wishes he had started sooner.
Sep 26 2016
Rank #4: SC 99: CISO David Cass Speaks to Spirent Communications on IoT, Ranswomware and More
CISOs can never reduce risk to zero. As technology development increases at a lightning speed with the Internet of Things (IoT) bringing more Internet-enabled devices daily and the cloud becoming more pervasive, what can and should be done?
CISO David Cass, IBM Cloud and SaaS, speaks with John Weinschenk, , general manager enterprise and network application security of Spirent Communications, about some of the biggest threats facing enterprises as a result of these trends.
Listen to this sponsored podcast as David and John, discuss ransomware, including hacker help desks, and the Internet of Things, including the potential for your refrigerator to attack you. They talk about some of the top things enterprises need to do from patching systems to testing to awareness to bolster their defenses.
Jun 21 2016
Rank #5: SC 106: David Cass, Global CISO IBM Cloud & SaaS, and David Rooker, CISO Actian Corp, Discuss Today's Greatest Security Threats
In the series brought to you by Security Current and Intersections IT Security ONE2ONE Summit and you will hear CISOs discuss today’s most critical issues in IT Security.
This episode features David Cass, IBM Cloud & SaaS Global CISO, and David Rooker, Actian Corporation CISO, who discuss the most prevalent attack vectors today, from email to ransomware with the Internet of Things (IoT) increasingly becoming a high security issue.
In this podcast you’ll hear about how the IoT brings great benefits while exponentially expanding the opportunity landscape for bad actors. You’ll also hear what Rooker is doing to enable business processes while bolstering security. They also touch on the need for qualified security personnel and how to find the right candidates.
Aug 18 2016
Rank #6: SC 104: David Cass, CISO IBM Cloud & SaaS, and David Mahon, CSO CenturyLink, Discuss the Most Common Threats Hitting Businesses Today
In this conversation with Security Current podcast host David Cass, Global CISO IBM Cloud & SaaS, David Mahon, CenturyLink Chief Security Officer, discusses what he sees as two of today’s critical security issues and how to tackle them.
Mahon points to phishing and ransomware as the most prevalent types of attacks he is seeing in the industry. The two executives talk about the importance of security awareness training and Mahon provides tactical approaches to reduce the likelihood of a successful breach. They also discuss metrics, ROI and best practices for reporting to the board.
Aug 10 2016
Rank #7: SC 115: Gartner Research VP Anton Chuvakin Speaks with Global CISO David Cass on Security Monitoring, SIEM and UBA
What specific things should companies look at when it comes to security monitoring in 2017? As you’ll hear in this podcast, a lot of the security problems facing organizations from the late 1990s and early 2000s have yet to be solved. David Cass, Global CISO IBM Cloud and SaaS, and Dr. Anton Chuvakin, research VP at Gartner’s Technical Professionals (GTP) Security and Risk Management Strategies team, discuss how security executives are still operationally challenged.
Chuvakin discusses how the technology landscape is changing but a lot of the challenges with the people themselves actually haven’t changed and the “old problems” haven’t been solved. In this podcast, he talks to Cass about the essential things organizations should be looking at, including newer technology like User Behavior Analytics (UBA) as well as Data Loss Prevention (DLP) solutions.
Jan 17 2017
Rank #8: SC 74: Management Hierarchy and CISO Reporting Roles – Part 2 with CISO Brian Lozada
What is the optimal structure within an enterprise in terms of CISO reporting? Should a CISO report to the CIO? Or possibly to the CFO? In some cases, as you'll hear in part two of Vic Wheatman's interview with CISO Brian Lozada, CISO can stand for Chief Information Scapegoat Officer. Avoiding blame for security incidents requires relationships to ensure that both business and technical concerns are properly addressed.
Sep 16 2015
Rank #9: SC 73: Information Security in Hedge and Private Equity Funds - Part 1
Information security in hedge funds is new and many hedge funds don't know what cybersecurity is or what is at risk. And there are unique security issues specifically related to hedge funds.
With a high risk/reward mentality, and with high-worth individuals involved, regardless of the technologies implemented, the potential security problems may best addressed presently through ongoing security awareness and education, according to an expert in the space.
Brian Lozada, Director and CISO of Abacus Group, LLC, a solutions provider servicing the segment, speaks with Security Vic Wheatman about the state of hedge funds and how they are a 'rich' target for cyber attackers.
Sep 08 2015
Rank #10: SC 119: Marci McCarthy, President & CEO of T.E.N. and Founder of the ISE® Awards Provides Insights into the Evolution of the CISO Role
The CISO increasingly has a seat in the boardroom, as the role is becoming more of the rule than the exception in enterprises.
During RSA Conference 2017, Marci McCarthy, President & CEO of T.E.N., sat down with David Cass, Global CISO IBM Cloud & SaaS, to discuss the continuing evolution of the information security industry and specifically the role of the executive.
McCarthy founded the prestigious ISE® Awards Program, which has helped elevate the role of security executives, who are recognized by their peers for their contributions and specific security projects. In this podcast, McCarthy provides insights into the profession and talks about the shortage of security personnel, the startup ecosystem and where the industry is headed.
Feb 23 2017
Rank #11: SC 105: Part 3- CISO of IBM Cloud & SaaS Speaks with Spirent on Medical Device and Autonomous Car Hacking
In part three of the conversation David Cass, IBM cloud & SaaS global CISO and John Weinschenk, Spirent Communications general manager enterprise and network application discuss the potential hacking of medical devices and automated cars.
In this Spirent-sponsored podcast, Weinschenk explains how they worked with a surgeon to hack a medical device. He also talks about a second hack they conducted on an autonomous car that allowed them to take control of the systems and vehicle itself.
They discuss what needs to be done to secure these Internet of Things (IoT) devices and how manufacturers need to start thinking about how these systems can be exploited.
Aug 11 2016
Rank #12: SC 118: Global CISO David Cass Discusses the Proliferating Attack Surface Being Created by Internet of Things Devices with ForeScout’s Commercial CTO and VP Len Rosenberg
There has been an exponential adoption of Internet of Things (IoT) with experts predicting billions of IoT devices coming into use. And with the strategy more often than not being go to market and secure it later, enterprises are increasingly exposed to a variety of attacks.
As you’ll hear in this podcast with David Cass, Global CISO IBM Cloud and SaaS, and Len Rosenberg, ForeScout’s Commercial CTO and VP of Systems Engineering, the IoT is here to stay and security needs to be by design and not an afterthought. They also discuss what CISOs can do today to mitigate their exposure and what they should demand from IoT manufacturers.
Feb 10 2017
Rank #13: Creating and Managing a Security Aware Culture
In both the public and private sectors employees are by and large the weakest links when it comes to information security breaches.
Training needs to be more than simply a checkbox on a compliance list. Optimal approaches combine training and technology to ensure employees are security aware.
As you'll hear from Gartner Research Director Perry Carpenter in this conversation with Security Current's Vic Wheatman, training is not a one-time endeavor but needs to be multifaceted and continuous.
Oct 20 2015
Rank #14: SC 116: Jason Witty, US Bancorp EVP and CISO, Discusses The Benefits of Tokenization with David Cass, Global CISO IBM Cloud & SaaS
Tokenization is helping render data theft obsolete. Jason Witty, US Bancorp EVP and CISO, is in the midst of completing a multi-year tokenization integration project, for which his team won the recent ISE North America Project of the Year Award in the Financial Services category.
He discussed the many benefits of tokenization with David Cass, Global CISO IBM Cloud & SaaS, including fraud prevention and the reduction of risk and the attack surface. They discuss how it is a complex process, which is “simple” to implement but difficult to adopt. Witty also touches on the many unintended business benefits.
Jan 31 2017
Rank #15: SC 119: San Diego CISO Gary Hayslip Talks Strategies for Building Executive Buy-in, Security Tech and Leveraging the Cloud
The city of San Diego is a $4 billion business and it doesn’t shut down. As you’ll hear in this discussion between Gary Hayslip, the city’s CISO, and David Cass, Global CISO IBM Cloud and SaaS, San Diego is a smart city which is continuously rolling out new technologies to facilitate 'the business' while bolstering its security.
In this podcast, recorded during the RSA Conference, Hayslip talks about joining the city as its first CISO some three years ago and how he established a five-year-plan which leveraged established frameworks like the National Institute of Standards and Technology (NIST) to increase the security of the city and its 24 networks and 40 departments. The two also discuss ‘cloud first’ initiatives, resilient networks and the role of the CISO, which Hayslip provides practical guidance on with his book “A CISO Desk Reference Guide: A Practical Guide for CISOs.”
Feb 22 2017
Rank #16: SC 79: Software Defined Perimeters
In a world of three letter acronyms comes yet another -- a new specification from the Cloud Security Alliance. SDP or Software Defined Perimeter.
SDP approaches are meant to create a secure micro segment between the user and a host. But how are SDPs different from other perimeter security approaches based on firewall appliances or virtual firewalls?
Can SDPs eliminate the need for firewalls? Can they save money? Who provides the technology and what are the advantages? Security Current's Vic Wheatman speaks with Gartner Research Director Lawrence Pingree about this emerging technology.
Nov 05 2015
Rank #17: 117 SC: Gartner Research VP Anton Chuvakin Talks New CISOs at RSA, New Technologies and Box Fatigue with Global CISO David Cass
With RSA around the corner and more security vendors than you can count, if you are a new CISO at the conference what should your game plan be? As you’ll hear in this podcast, the sheer number of interesting technologies at RSA can potentially overwhelm new CISOs.
David Cass, Global CISO IBM Cloud and SaaS, and Dr. Anton Chuvakin, research VP at Gartner’s Technical Professionals (GTP) Security and Risk Management Strategies team and a speaker at the RSA conference leading sessions on threat intelligence, discuss how RSA is a great place to talk to the vendors and their top product executives and see solutions up close. They also stress that people and process gaps and not a “particular box” are what needs to be addressed first.
Chuvakin first addresses today’s malware, box fatigue, and critical challenges and ways to think about threat vectors in 2017.
Feb 09 2017
Rank #18: SC 110: David Mahon, CSO of CenturyLink, and David Cass, Global CISO IBM Cloud & SaaS, Discuss the Evolution of the CISO and Provide Tips to Current and Aspiring CISOs
In this conversation with Security Current podcast host David Cass, Global CISO IBM Cloud & SaaS, David Mahon, CenturyLink CSO, talks about the evolution of the CISO role.
A seasoned security executive, with experience reporting to boards-of-directors, Mahon also provides guidance on how to present to a board. He also gives recommendations to current and aspiring CISOs on how to advance their careers.
Oct 26 2016
Rank #19: SC 111: Matt Hollcraft, Maxim Integrated CISO, Speaks with Dan Schiappa, SVP & GM, Sophos Enduser Security Group on Ransomware, IoT and Hacking as a Business
In this interview Matt Hollcraft, Maxim Integrated CISO, discusses common threat vectors – what is old and what is new – with Dan Schiappa, SVP & GM, Sophos Enduser Security Group. They talk about ransomware, the mobile workforce, Internet of things and hacking as a business. In this sponsored podcast, you’ll also hear about approaches that enterprises can take to reduce threats, which are increasingly sophisticated and continuous.
Nov 04 2016
Rank #20: SC 80: Hurdling Obstacles to Security Training and Awareness Success
Things happen. Staffers click links they shouldn't. Interlopers enter the workplace, gain access to a vacant desk, log in and steal corporate secrets.
Technology helps, but end user security awareness training puts people on the front line of defense. Employees need to recognize that the threats are real. Executives need to see that there is a real return on security training investment, partly due to preventing lost productivity, and that business risks can be significantly reduced.
In this sponsored podcast, Security Current's Vic Wheatman speaks with Amy Baker, Vice President of Marketing of Wombat Security Technologies, a premier provider of security awareness training.
Nov 30 2015