The Cyber Ranch Podcast
Ride the cyber trails with two CISOs (Allan Alford and Drew Simonis) and a diverse group of friends and experts who bring a human perspective to cybersecurity.
Episodes
17 hours ago
17 hours ago
This week Allan attended the HIP Global conference in New Orleans, which happens to be Allan's favorite city in America.
The conference was outstanding - no sales pitches, no nonsense, just many experts speaking on the topic of securing identity. Entra ID, Okta, AD folks all were present, and it was amazing.
Allan got to interview some AMAZING guests from all walks of identity life, including one gentleman whose pedigree includes a rather critical national role right out the White House...
Listen in as Allan asks the following questions (one of which Drew answers too!)
Why does identity matter?
How do we protect the intersection of identity and data?
How do you protect uptime (availability) of identity?
What should be the single source of truth in identity?
Who should own identity? CISO? CIO? CTO?
What is the role of cybersecurity in identity?
What is the best directory services of all time?
How do you manage identity sprawl?
Y'all be good now!
Thursday Nov 07, 2024
Practical GenAI and LLM with Tim Rohrbaugh
Thursday Nov 07, 2024
Thursday Nov 07, 2024
In this episode Allan and Drew consult Tim Rohrbaugh, who has done quite a lot of research and work on the practical applications, deployment, use cases and limits of GenAI and LLM.
Flavors and incarnations of AI - GenAI, Expert Systems, ML...
Biomimicry and Allan's weird sea cucumber references
Practical LLM deployment - Tim's maxims
Offline or online? Open or proprietary models?
Precision, accuracy, asking the right questions in the first place
Your smartest employee as your limiting factor
Probabilistic vs. deterministic outcomes
Hallucinations - not necessarily a negative term
How long before we get the person out of the loop?
The actual skills required to be a "GenAI engineer"
Getting started at home - hardware and models
Fabric AI and patterns
It's a great show and you will most definitely learn a lot! Thank you Tim, thank you, listeners! Y'all be good now!
Wednesday Oct 30, 2024
Cyber Civics and Voting with Kirsten Davies - SPECIAL EDITION!
Wednesday Oct 30, 2024
Wednesday Oct 30, 2024
Howdy, y'all! With American presidential elections already under way, Allan and Drew decided that scrambling to get Kirsten Davies on the show for this week's show (the last one before formal Election Day) was paramount. Kirsten has been on our potential guest list for years now, as she is a multiple-times Fortune 500 CISO.
But now Kirsten is CEO and Founder of The Institute for Cyber Civics, a non-partisan non-profit aimed at empowering poll workers and poll volunteers to recognize and deal with cyber attacks on the voting process.
Hear about Kirsten's charter, mission, vision, goals and capabilities in this SPECIAL EDITION! episode!
Y'all be good now!
Wednesday Oct 23, 2024
Social Media & Community Engagement with Technically__Rose
Wednesday Oct 23, 2024
Wednesday Oct 23, 2024
Our guest today is Babbette Jackson, aka Technically__Rose of YouTube and Instagram fame!
Babbette is in DLP and Insider threat analysis. She has worked in places as far flung as Edward Jones, Juniper Networks, and Bank of America. More importantly, Babbette is quite involved in the intersection of social media and community engagement.
How do we use social media to engage others across generations and to and encourage community participation?
Allan, Drew and Babbette discuss:
We’ve been talking to others about how they arrived in and either struggled or flourished in Cyber. What is your story?
What inspired you to embrace social media as you have? What kind of results are you seeing from this engagement?
We’ve seen your content on LinkedIn and on Instagram, it’s very creative but also very relatable. How do you decide what topics to cover, how to frame them for the right audience, come up with the structure of your messages, etc.? How many times do you re-do them?
You’ve mentioned social capital. Tell us about that concept, how you build it, how and when you use it, etc.
What is something established leadership in the field should understand about dealing cross generationally that we often get wrong?
It is a wonderful show, and Babbette is a wonderful guest who is willing to share the insights behind her success. Y'all be good now!
Wednesday Oct 16, 2024
You Don't Own "You", and "You" Are Being Altered with Sam Rad
Wednesday Oct 16, 2024
Wednesday Oct 16, 2024
Who and what you are, your personality, your style, your thoughts... That’s all about to change. For one thing you are already a product on “free to use” social media. You don’t really own things you think you own (We're looking at you, Steam!) Even your intellectual property is up for grabs now in ways you can’t see coming. Hollywood actors are selling the rights to their digital likenesses, and meanwhile, others are stealing such rights via technological loopholes. All media exists, according to Drew, to draw you towards the advertisements… And your deepfake could be used to do just that to others. Some of these fakes are good enough to fool yourself even.
Join Allan and Drew as they interview Sam Rad, a premier futurist and humanist, who freely admits that there is now an inherent tension between those two philosophies.
The conversations about the governance, ethics, and security of all this new media and technology are woefully behind the curve.
Many members of the TikTok generation has a 4-second attention span and require multiple simultaneous input streams at any given time to feel satisfied. Is this a deliberate attack on the Western human nervous system? Cyberattacks are certainly killing people already, why not go straight for their brains?
Are the peasants coming with pitchforks and torches to destroy Frankenstein’s newest monster? How about the striking dockworkers? The terrorists destroying 5G towers? Do peasants with pitchforks ever win? Ned (mistakenly called “Jason” by Allan) Ludd and the Luddites failed in a big way to stop technology from replacing their jobs in the late 1700s (mistakenly referred to as the having happened in the Victorian era by Allan)
This show is peppered with others such historical and cultural references such as the cultures and economies in Second Life, Picasso’s mass production of his own paintings, Rousseau’s evolving concepts of property, Mary Shelly and her Frankenstein’s monster, Hegel’s model of “thesis, antithesis, synthesis”, the Butlerian Jihad from the “Dune” series, and William Gibson’s maxim that, “The street finds its uses for things”.
We’re not even coping with all of this, and now we have the AI conversation thrust upon us as well… Your content is training data, and can be mimicked with uncanny accuracy as well.
Check out Sam’s book, “Radical Next” and her docuseries “Illicit Economies of the Shadowverse” to learn more about the positives and negatives of all of these trends in humanity.
Good luck out there. Stay safe. Who you are and what you own is irretrievably altered at this point. Cybersecurity is really just “security” now. But hopefully all this mess will create the next cultural and creative Renaissance.
Y'all be safe now...
Wednesday Oct 09, 2024
A Cybersecurity Program to Emulate? A Powerful Formula with Jason Shockey
Wednesday Oct 09, 2024
Wednesday Oct 09, 2024
Jason Shockey, CISO of Cenlar FSB, and 25 year veteran of cybersecurity, has a formula for running an excellent cybersecurity program.
He studied a great deal in his various cybersecurity roles before leaping into a CISO role, and the studying paid off!
Jason and Allan and Drew discuss the following:
Identifying Common Pitfalls
Promoting Team Well-Being and Efficiency
Engaging and Education the Board
Strategies for Effective Program Design
ALL in the span of one rapid-fire show! Do give it a listen, as you will learn about many valuable approaches and resources to help your program succeed.
Y'all be good now!
Wednesday Oct 02, 2024
Cyber and Social Media as Warfare with Dave Schroeder
Wednesday Oct 02, 2024
Wednesday Oct 02, 2024
Cyber as precursor to kinetic warfare? What about cyber AS warfare? And social media infiltration and propaganda? Join Allan and Drew as they invite Dave Schroeder, a renowned expert in this field, to discuss the active use of cybersecurity and social media as warfare between the Western World and China, Iraq, Russia and North Korea. They cover:
Insertion of fake IT employees into key companies
Political influence operations (divide and conquer)
Precursors to kinetic war being the smallest tip of the iceberg
Philosophical differences between nations and governments serving themselves
Cultures of trust in the West, and how those are not so self-serving
This one is very sobering and perhaps the most important show of the year...
Y'all be good now!
Wednesday Sep 25, 2024
The Case for Regulation with Tim Brown
Wednesday Sep 25, 2024
Wednesday Sep 25, 2024
Howdy, y’all, and welcome to The Cyber Ranch Podcast! Our guest today is Tim Brown. If you don’t’ know who Tim Brown is, he is the CISO at SolarWinds, and as such, is one of us.
Or maybe in a way, he is all of us, really. Tim advises and has held various other roles in the past, including product roles, which our listeners know are well-respected skills down at the 'Ranch.
The topic today is cyber regulation. It can range from self-regulation to associations, principles, practices, lobbying – all the way up to full government regulation. What works? What’s required?
Topics covered:
What is the case for regulation?
What are the basics rules to provide us coverage and clarity?
Not knowing the rules makes people nervous and afraid...
Document your own processes, procedures, JDs, what you do, what you don't do. Make it clear!
Rigorous banking industry regulations exist already. How onerous are they? How badly would they fit the rest of us?
Perhaps a GAAP (generally accepted accounting principles) equivalent is desired?
Process/procedure vs. 'Thou shalt never have a vulnerability!'
Heavy-handed governmental oversight - defining standard of care and turning that into something people can stand behind?
Remember that Sarbanes and Oxley were people. Real people.
Is regulation required to create a more positive environment in the way SOX does?
What does the public-private partnership need so that the rules created are good and realistic and improve cybersecurity for the world?
REGULATION IS COMING! THE CISO COMMUNITY MUST BE A PART OF THAT REGULATION!
Have we had a cyber Enron, and do we need one? That was the real catastrophe that launched SOX...
Regarding GAAP, accounting is deterministic vs. dynamic - Can a cyber GAPP ever exist given how dynamic we are?
The compliance world: principles based vs. rules based regulation - a more practical model. It may not move the bar enough, but it's a good starting point.
Should a whole field of security auditors existing like accounting auditors do?
We are youngsters in this craft still...
Is the accounting world really the best metaphor? Auditors, forensic accountants, etc.?
Another model is the medical world - malpractice, specific rules and regulations on specific surgical practices?
What about a national CISO board or association like the NACD or the American Psychological Association?
What about boards like medical review boards that approve specialties?
Lobbying
How to fund this?
Who should be doing the doing? Inclusivity vs. sound gatekeeping.
A barber has to be licensed to cut hair - should we get licensed?
This conversation was around with software engineers long before it was with cyber folks. We learned that self-policing did not really work...
The challenge is one of not shackling the business, or at least not appearing to, and the subsequent pushback.
The call to action is ultimately this: If you don't have a seat at the table, folks will do things to you rather than with you. So get involved!
Y'all be good now!
Wednesday Sep 18, 2024
You're Hiring Wrong! with 3 Guests New to the Industry
Wednesday Sep 18, 2024
Wednesday Sep 18, 2024
What can we established cybersecurity practitioners ACTUALLY do to help those new in the field besides blathering back and forth about the problem in the echo chamber that is LinkedIn?
Drew got the clever idea of inviting three folks who are brand new to the field or barely started on their cyber journey, and, get this: ASKING them what they're experiencing and what they need! Clever, huh? It's an eye-opening show for a CISO.
We are join on this week's episode by Amé Venter, May Ferreira, and Bryce Hill, who share their perspectives from their early stages in this field. It's a sobering perspective.
To a certain extent, they've all been lied to and led on, and that's all of our faults.
Key takeaways:
Prodsec/Appsec might get you out of being a cost center in cybersecurity, but no intro programs seem to show folks how to get there.
Certs aren't enough. Education is not enough. It is HARD to get started.
Internships sound great, but even after you have secured one or two of them, entry-level positions remain elusive. Especially "entry-level" positions that require experience.
Innovative programs like the one Bobby Ford is doing over at Hewlett Packard Enterprise are a huge leg up, but such programs are few and far between.
There are a lot of folks standing outside the doors to our industry who were told this was the promised land. But there they are, still standing and peering in, waiting for an invitiation.
CISOs, please listen to this show. Please re-think your hiring strategies!
Y'all be good now!
Wednesday Sep 11, 2024
Data-Driven Cybersecurity with Wade Baker
Wednesday Sep 11, 2024
Wednesday Sep 11, 2024
Howdy, y’all! Our guest today is Wade Baker, cybersecurity researcher, entrepreneur, professor… Wade is a Board of Directors member of the FAIR Institute, was an Advisory Board Member at the RSA Conference, was VP of Strategy & Risk Analytics at ThreatConnect, and is now Co-Founder of Cyentia Institute, which aims to advance cybersecurity knowledge and practice through data-driven research. Wade joins Drew and Allan to talk about (go figure!) data-driven cybersecurity. The three smash through a lot of assumptions and get to the heart of what is really going on in cybersecurity.
Questions covered:
What is the Information Risk Insights Study (IRIS)? (cyentia.com/iris/)
What is a good summary of the IRIS Ransomware report?
How organizations out there can be more data-driven?
Analyst whitepapers vs. real data research – what are the differences?
Who else can mine data like this?
What truths do people resist or what do they fail to embrace?
What are the sacred cows and the “inflatable cows”?
Is the cyber job shortage a real, data-backed problem?
The desire for “flat math” vs. curves (the 5x5 grid) …
Measuring the problem side vs the solution side…
Actual best practices vs. common practices…
Insurance industry data and why they don’t share it…
Much of what we do does not affect the realities of our cyber risk.
Stepping back from all of this, what is the value in data-driven industry analysis of this sort?
How does one sponsor IRIS publications?
Y’all be good now!
Wednesday Sep 04, 2024
Successful Clarity & Successful Communication with Michael Santarcangelo
Wednesday Sep 04, 2024
Wednesday Sep 04, 2024
Howdy, y’all, and welcome to The Cyber Ranch Podcast! Our guest is Michael Santarcangelo, Founder and President at Security Catalyst. He’s a former podcaster – co-creator of Business Security Weekly, he even did a stint on Down the Security Rabbit Hole with Raf and James. True fact, hearing Santa (as his friends call him) and Paul Asadoorian on Business Security Weekly is what inspired Allan to become a podcaster in the first place! But "Santa" (as his friends call him) has done the practitioner and the leader things as well, and got his start way back on the Global Security Team at Andersen Consulting… Santa joins Drew and Allan to discuss effective communication…
The communication problem we’re trying to solve is not the one we think it is!
“Communicating the value of cybersecurity” - What doe that mean really?
Clarity vs. Communication, Message received and understood... It’s clarity of thinking, action, and outcomes that create the ability to communicate effectively.
If that is the case, then what matters is how do OTHERS measure our success and how is that aligned or not with our own perceptions?
How do we measure success in communication? Is is how they measure it?
What is the goal of communication? (And why do we say that instead of ‘the goal of good communication’?
How do we get perspectives? (We ask).
Y'all be good now!
Wednesday Aug 28, 2024
What Is In Your Commercial Software? with Sasa Zdjelar
Wednesday Aug 28, 2024
Wednesday Aug 28, 2024
Your organization runs on commercial software far more than it does open source. But all you are delivered is binaries. What is your technical control to ensure that you are safe from this software?
Such software is composed of:
Open source libraries
Proprietary code
3rd-party proprietary libraries
You need to be able to see it, understand it, probe it for malware, backdoors, corruption, CVEs, KEVs, etc. Well now you can. SBOMs are just the beginning...
Allan and Drew are joined by Sasa Zdjelar, Chief Trust Officer at ReversingLabs, who have spent 15 years solving this highly specific and highly challenging problem in cybersecurity.
The show is not sponsored by ReversingLabs. Allan and Drew wanted the world to know that they exist, and that this capability is now in-hand...
Y'all be good now!
Wednesday Aug 21, 2024
People, Process & Technology: Technology with Ross Young
Wednesday Aug 21, 2024
Wednesday Aug 21, 2024
This is our third and final episode of this miniseries. In this episode we are joined by Ross Young, a well-established member of the cybersecurity community with a storied background and penchant for giving back via various means. Ross joins Allan and Drew in exploring the role of technology in the People, Process and Technology triad.
Questions covered:
The traditional triad of people, process, technology has been with us since 1964, from an era when digital systems were in their infancy and computing as we know it today was science fiction. Is PPT still the right way to look at business problems?
Has technology taken its place as "first amongst equals", or are we still right to say "cyber isn't a technology problem"?
Given the evolution of technology and even more so with what is on the horizon with AI and other autonomous systems, are we moving past "technology enables humans" to "technology replaces humans" for some parts of the cyber challenge?
How do you see the technology portfolio developing over the next 5 years?
What is the future of data science?
Thanks as always for listening. Y'all be good now!
Wednesday Aug 14, 2024
People, Process & Technology: Process with Malcolm Harkins
Wednesday Aug 14, 2024
Wednesday Aug 14, 2024
Howdy, y'all! In part two of our three-part miniseries, we tackle Process with Malcolm Harkins. Malcolm is former CISO at Intel, a good friend of Allan's, former Cylance Chief Trust and Security Officer, member of the board of director over at TrustMAPP (where Allan used to be COO), and is now at Hidden Layer, working to secure AI. Hidden Layer did not sponsor this show.
Allan, Drew and Malcolm discuss the following:
People, process technology – what is the role of process in that triad?
How do we craft good process? What part of process definition is capturing the as-is state vs. being aspirational?
How do we ensure good process is followed?
When should technology drive process vs process drive technology? Where does process traditionally fall short?
What would you improve about process in general?
Tell us a bit about Hidden Layer, as this is some very new technology...
Thank you for listening! Y'all be good now!
Wednesday Aug 07, 2024
No Show This Week - Black Hat 2024 Is Afoot!
Wednesday Aug 07, 2024
Wednesday Aug 07, 2024
Thanks for listening, y'all! Our next show is all about Process (we already did a show on People) and after that comes Technology.
Y'all be good now!
Wednesday Jul 31, 2024
People, Process & Technology: People with Jeremiah Roe
Wednesday Jul 31, 2024
Wednesday Jul 31, 2024
Jeremiah Roe has held many roles in cybersecurity: Field CISO, Red Teamer, Advisor, Consultant, Etc. He currently advises for OffSec, who provide quality cybersecurity training. Drew Simonis and Allan Alford determined that Jeremiah would be a great guest for launching a 3-part mini series - each of the three shows exploring People, Process and Technology respectively.
The three cover the following topics in a lively conversation that journeys into several aspects of People as they relate to cybersecurity:
People, Process, and Technology - Which is most important?
If they knew what we knew about cybersecurity, would they behave differently?
How to leverage training budges for a win-win-win.
People gonna peop, businesses gonna biz.
Incentivization, Positive Reinforcement and Deputization
Enabling camaraderie - not just good culture
Groupthink and Tribalism
Join the three as they ride the cyber trails of "People" in the PPT triad!
Y'all be good now!
Wednesday Jul 24, 2024
Practical Security Architecture with SABSA with Andrew Townley
Wednesday Jul 24, 2024
Wednesday Jul 24, 2024
Drew and Allan were skeptical about SABSA, as it is a model one CISO friend described as being "only good for a graduate student writing a paper!" Another CISO pointed out that SABSA was designed long before modern engineering practices.
Andrew Townley, a long-term SABSA consultant, on the other hand, gets straight to the practicality of it. There is indeed an academic and theoretical foundation behind SABSA, but it is most definitely leveraged for one purpose - to achieve desirable business outcomes.
Drew and Allan ask:
What is SABSA's purpose?
Is Andrew's specific practically applied methodology a deviation from the official SABSA cannon?
How can prove its effectiveness? What are the practical business outcomes?
Both Allan and Drew walk away with enough curiosity to dig into SABSA more.
Note that Andrew several times also cites the work of Russell Ackoff, another academician who enjoyed a rather brilliant career as a business consultant - grounding his systems theory into meaningful business practicality.
More on Russell Ackoff here:
https://en.wikipedia.org/wiki/Russell_L._Ackoff
Wednesday Jul 17, 2024
Corporate Social Responsibility - The New Model for Cyber? w/ Drew Simonis
Wednesday Jul 17, 2024
Wednesday Jul 17, 2024
Hang on to your saddle for this one! Drew Simonis joins Allan as his new co-host in a show where the two of them explore alternative models for selling and funding the cyber mission!
You probably know about corporate social responsibility initiatives.
Did you know that it's not a a new idea in the history of capitalism, but rather a throwback?
Before shareholder capitalism, there was stakeholder capitalism:
Stakeholder capitalism proposes that corporations should serve the interests of all their stakeholders, and not just shareholders. Stakeholders can include investors, owners, employees, vendors, customers, and the general public at large. The focus is on long-term value creation, not merely enhancing shareholder value.
Drew walks Allan through some very compelling arguments in favor of this model, and Drew and Allan together tie it to how CISOs can implement and fund cybersecurity...
Random highlights:
1. The short-sightedness of quarter-over-quarter thinking
2. Comparison to the Chinese Communist Party, who gets a big thumbs down from both Drew and Allan, but who do get credit for being able to enact truly long-term plans.
3. Jack Welch and other prominent CEOs advocating for aspects of stakeholder capitalism
4. Random tie-ins to cybersecurity all throughout.
Allan is stoked to have Drew join him as co-host, and this show is most definitely one of the more philosophical episodes, while still grounding itself in the practicalities of running cybersecurity programs.
Y'all be good now!
Wednesday Jul 10, 2024
Managing Threats Throughout the SDLC with Tomer Schwartz
Wednesday Jul 10, 2024
Wednesday Jul 10, 2024
Howdy, y’all, and welcome to The Cyber Ranch Podcast! Our guest toda is Tomer Schwartz, co-founder and CTO over at Dazz Yup! He’s a vendor! And OMG he’s a sponsoring vendor too! Whatever will we do? But wait, y’all know Allan's rule: Vendors are allowed on the show if and when they can add more value on a given subject vs. any practitioners in The Cyber Ranch network. Tomer fits that bill perfectly! Tomer has worked in the Microsoft Security Response Center, he’s the former Armis co-founder & CTO, current co-founder & CTO at Dazz, who is a leader in the Application Security Posture Management space. Tomer is also a coffee aficionado. Now what does Dazz do and why did we ask Tomer to be on the show? Dazz is in the Application Security Posture Management space, which is relatively new around here, but they also collate and track threat exposure realtime, and also secure the SDLC in a DevOps’y way...
Questions
The elephant in the room is Gartner’s newest category in this space. Some say ASPM fits into: CTEM, which is Continuous Threat Exposure Management for those behind on eating their alphabet soup. Tomer, what’s your perspective on that?
Let’s talk about the problem in the ASPM/CTEM space: noise / too much data, no context, limited visibility from code to cloud and everything in between. For real, most solutions suck, as their single pane of glass is a very, very dirty pane of glass, and no amount of Windex is going to help. And our listeners know we believe in 3-4 “single” panes anyway. Is there such a thing as a single pane of glass in the ASPM space? Do we want a single pane? How does it play nicely with my “single” panes from other spaces?
Here comes the can of worms: Can AI help with this?
Gartner says by 2026 40% of enterprises will have an ASPM solution - do you agree?
And then there’s good ol’ UVM - Unified Vulnerability Management. Feels like a past promise that didn’t deliver. And it hasn’t addressed DevOps or even Dev very well at all IMHO. What’s your take?
How should CISOs be thinking about all of these technologies and practices? It can get very complicated very fast and if it’s not done right the devs will run screaming.
Where is this all headed? What’s the ideal future state in this space?
Here’s your chance to tell thousands of CISOs and other high-level practitioners what you want them to know. What do you want them to know?
Check out Dazz at https://dazz.io
Wednesday Jul 03, 2024
Measuring Leadership (And Followership!)
Wednesday Jul 03, 2024
Wednesday Jul 03, 2024
If leadership exists in good and bad forms, so must followership.
Leadership can exist both by designation, and dynamically, as manifested by folks who may not have an official leader title.
And yet we don't measure followership, and our measurements of leadership leave something to be desired...
Join Allan Alford as he flies solo this week exploring these topics and suggesting a better way forward.
Y'all be good now!
Thursday Jun 27, 2024
There Is No Such Thing As Security with Nathan Case
Thursday Jun 27, 2024
Thursday Jun 27, 2024
Howdy, y’all, and welcome to The Cyber Ranch Podcast! Our guest is Nathan Case, who is a previous guest from a multi-guest show. Nate has been a CISO, CTO, Strategist, consultant, CEO, and all kinds of other things. His career is as colorful and varied as Allan's – maybe even more so. Nat's chosen topic is “There is no such thing as security!” So without further ado, let’s dive in!
What do you mean when you say “There is no such thing as security!”?
Nate outlines declares it as way to judge risk
If security is a way to judge risk, then what about the judging? There are metrics there, and some kind of end state, yes?
So you’re saying our feelings about managing the unmanageable is really where the sense of security comes from? That ‘security’ = ‘feelings about risk management results’?
How do I know what I don’t know? How does that relate to this definition of security?
Let’s get concrete – What changes are needed for tools and tech to get past this false sense of security?
If security is a description of a thing, or a specific action, where does this leave us?
Wednesday Jun 19, 2024
21 Questions LIVE! at RSAC 2024 - 3 of 3
Wednesday Jun 19, 2024
Wednesday Jun 19, 2024
In this show, Allan interviews seven guests and asks them questions from a list of 21:
Omkhar Arasaratnam“How do we leverage LLMs for our own use in cybersecurity?”"How do you challenge your own precepts and assumptions to stay current in your role?"
Ofer Klein“How do you describe what you do in cybersecurity to someone at a cocktail party who knows nothing about cyber?""How do you explain to the business the value you bring and the risks you solve?"
Rick Doten"What message do you have for your fellow CISOs?""In this cybersecurity community there is hostility between vendors and practitioners. What is your best moment with a vendor?"
Sahil Agarwal“How do you measure and articulate the risk that AI represents to the business?""Governance, Risk Management and Compliance - Where should the priority be?"
Roger Brotz"What would you like your fellows CISOs to know?""What are we still getting wrong in cybersecurity?"
Tyson Martin"How do we take on more accountability as business leaders?""How do we overcome our defaults, precepts and assumptions? How do you get past your own biases and blind spots?"
Sponsored by our good friends at Semperis.
It's a great series of a guests, and a great series of answers. Y'all be good now!
Wednesday Jun 12, 2024
21 Questions LIVE! at RSAC 2024 - 2 of 3
Wednesday Jun 12, 2024
Wednesday Jun 12, 2024
In this show, Allan interviews seven guests and asks them questions from a list of 21:
Chris "Cpat" Patteson
“Why do so many CISOs think cybersecurity insurance is snake oil?”
Johann Balaguer
“People, process, technology - Which is the most important and why?”
"What do you want your fellow community of CISOs to know?"
Lee Krause
“What are we still doing wrong in cybersecurity?"
Ken Foster
“What are we still doing wrong in cybersecurity?"
"How do we articulate risk to the business?"
Marty Momdjian
"Walk me through how to solvie the nightmare of repeat incidents?"
Michael Calderin
“IA&M: Who should own it, and why? CIO? CISO?”
"What is the definition of progress in cybersecurity? Is there an end state?"
Mike Britton
"People, Process, Technology: Which is the most important?"
"I&AM: Who should own it? CISO or CIO?"
"What's your favorite part of the RSA conference?"
Sponsored by our good friends at Semperis.
It's a great series of a guests, and a great series of answers. Y'all be good now!
Wednesday Jun 05, 2024
21 Questions LIVE! at RSAC 2024 - 1 of 3
Wednesday Jun 05, 2024
Wednesday Jun 05, 2024
In this show, Allan interviews nine guests and asks them questions from a list of 21:
Dr. Deanna Caputo
“How do you measure and articulate risk to the business?”
“People, process or technology?”
Carlos Guerrero
“How do we foster community in cybersecurity?”
Elliott Franklin
“Governance, Risk Management, and Compliance – Which of the three is most important?”
“What does progress look like in cybersecurity?”
Corey Bodzin
“With regards to AI & LLM, what is the impact to infrastructure?”
Evgeniy Kharam
“How integral is Identity & Access Management to the cybersecurity mission?”
“How well is traditional DLP technology meeting its mission and what else can we do?”
Gary Hayslip
“What does RSA mean to you?”
Kelly Shortridge
“What does progress mean to you in cybersecurity?”
“What is the end goal of cybersecurity?”
George Kamide & George Al-Koura
“What are you getting out of RSA?”
Kevin Jackson
“What are we doing wrong in cybersecurity?”
Sponsored by our good friends at Semperis.
It's a great series of a guests, and a great series of answers. Y'all be good now!
Wednesday May 29, 2024
The Positives of Cybersecurity LIVE! at CISO XC with Dani Woolf and Guests
Wednesday May 29, 2024
Wednesday May 29, 2024
Howdy, y’all, and welcome to The Cyber Ranch Podcast… AND The Audience 1st Podcast! What you are about to hear was recorded LIVE! at the CISO XC conference in Dallas-Fort Worth, Texas (my very favorite conference!) I am your host, Allan Alford, CEO of Alford & Adams Consulting. I have co-host on this episode, Dani Woolf, of the Audience 1st podcast! On her show, Dani interviews security buyers so vendors can more efficiently market and sell to them without ruffling their feathers (or piss them off). What we’re doing on this joint endeavor is interviewing various CISOs and other folks about their roles in cyber. This week’s show focuses on the pros of cybersecurity – we covered the negatives last week, and this week we cover the positives. My listeners should know by now that I like to end on a positive note…
WARNING: Some naughty language