How CISOs Stay Current When They’re Ignoring Vendor Pitches – CISO/Security Vendor Relationship Podcast

We promise to keep your identity private while we discuss the troubles of two-factor authentication.

On this episode of the CISO/Security Vendor Relationship Podcast we discuss:

DevOps Connect:DevSecOps @ RSAC 2022
  • Why don’t more people use two-factor authentication? Does the UX still suck? Why can’t we agree on a common model for how to authenticate? Will U2F be the saving grace for 2FA? Story on the debate.
  • What are the signs your employees are going rogue? We debate the need to monitor employees this way. Are internal intrusions the same as external? Is monitoring the monitoring devices enough? What are the signs? Discussion on LinkedIn and a recommended book: “Nothing to Hide: The False Tradeoff between Privacy and Security.”
  • We play a round of “What’s Worse?!” It’s the game where we determine which is the worst of two really bad practices. In this case, the CISOs have to choose between two unpleasant marketing practices.
  • How do CISOs balance compliance and security: The two aren’t equal, but compliance is a means to prove that you’re doing security right. Our guest hits it out of the park with a very clear explanation and also how to use compliance to better market your company.
  • How do CISOs discover new solutions: This might as well be the title of this podcast, but we delve into some unique angles that CISOs are taking as they’re avoiding traditional pitches from security vendors. Discussion on LinkedIn.
  • Ten-second security tip touting the value of passphrases: See this cartoon for more.

As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Allan Alford (@AllanAlfordinTX), CISO, Mitel.

Special thanks to our sponsor, SentinelOne, for supporting this episode and the podcast. Learn more about their autonomous endpoint protection.

Contributions. Contributions. Contributions.

I am cranking out a ton more content for not just the podcast, but also the entire series so I am very open and receptive to story ideas, suggestions for segments of the podcast, or anything else. Just connect with me on LinkedIn.

Listen and Subscribe to the CISO/Security Vendor Relationship Podcast

So many ways to connect and listen to the podcast.

David Spark

Featured eBook
Managing the AppSec Toolstack

Managing the AppSec Toolstack

The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking  more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge many organizations are facing now ... Read More
Security Boulevard

David Spark

David Spark is a veteran tech journalist with nine years experience covering cybersecurity. He has partnered with Security Boulevard to continue his popular CISO/Security Vendor Relationship Series. Spark is also the founder of the Spark Media Solutions, a B2B content marketing agency for the tech industry. He's a former standup comic, comedy writer for The Second City in Chicago, and San Francisco tour guide.

david-spark has 28 posts and counting.See all posts by david-spark

One thought on “How CISOs Stay Current When They’re Ignoring Vendor Pitches – CISO/Security Vendor Relationship Podcast

Comments are closed.