How CISOs Stay Current When They’re Ignoring Vendor Pitches – CISO/Security Vendor Relationship Podcast

We promise to keep your identity private while we discuss the troubles of two-factor authentication.

On this episode of the CISO/Security Vendor Relationship Podcast we discuss:

  • Why don’t more people use two-factor authentication? Does the UX still suck? Why can’t we agree on a common model for how to authenticate? Will U2F be the saving grace for 2FA? Story on the debate.
  • What are the signs your employees are going rogue? We debate the need to monitor employees this way. Are internal intrusions the same as external? Is monitoring the monitoring devices enough? What are the signs? Discussion on LinkedIn and a recommended book: “Nothing to Hide: The False Tradeoff between Privacy and Security.”
  • We play a round of “What’s Worse?!” It’s the game where we determine which is the worst of two really bad practices. In this case, the CISOs have to choose between two unpleasant marketing practices.
  • How do CISOs balance compliance and security: The two aren’t equal, but compliance is a means to prove that you’re doing security right. Our guest hits it out of the park with a very clear explanation and also how to use compliance to better market your company.
  • How do CISOs discover new solutions: This might as well be the title of this podcast, but we delve into some unique angles that CISOs are taking as they’re avoiding traditional pitches from security vendors. Discussion on LinkedIn.
  • Ten-second security tip touting the value of passphrases: See this cartoon for more.

As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Allan Alford (@AllanAlfordinTX), CISO, Mitel.

Special thanks to our sponsor, SentinelOne, for supporting this episode and the podcast. Learn more about their autonomous endpoint protection.

Contributions. Contributions. Contributions.

I am cranking out a ton more content for not just the podcast, but also the entire series so I am very open and receptive to story ideas, suggestions for segments of the podcast, or anything else. Just connect with me on LinkedIn.

Listen and Subscribe to the CISO/Security Vendor Relationship Podcast

So many ways to connect and listen to the podcast.

Featured eBook
451 Research: Securing Open Source

451 Research: Securing Open Source

In this report, we look at how the boom in OSS adoption has also led to an increase in awareness of open source risks, from licensing issues to security – and the measures required to protect organizations against those risks. We examine two incidents in particular – the Heartbleed vulnerability and the 2017 Equifax data ... Read More
WhiteSource

David Spark

David Spark is a veteran tech journalist with nine years experience covering cybersecurity. He has partnered with Security Boulevard to continue his popular CISO/Security Vendor Relationship Series. Spark is also the founder of the Spark Media Solutions, a B2B content marketing agency for the tech industry. He's a former standup comic, comedy writer for The Second City in Chicago, and San Francisco tour guide.

david-spark has 28 posts and counting.See all posts by david-spark