The Cyber Ranch Podcast
Ride the cyber trails with one CISO (Allan Alford) and a diverse group of friends and experts who bring a human perspective to cybersecurity.
Episodes

Monday Apr 24, 2023
The Cloud and the Big Bang of Data with Cecil Pineda and Gene Moore
Monday Apr 24, 2023
Monday Apr 24, 2023
Join us for a SPECIAL EDITON! episode of The Cyber Ranch Podcast LIVE! from CISO XC in Dallas-Fort Worth, Texas!
The topic is data security: its challenges and how to overcome them.
Joining Allan are Cecil Pineda of R1 ("Cecil the CISO") and Gene Moore of Securiti.
The conversation is live and lively, recorded as-is and delivered to you.
Enjoy!
Sponsored by Securiti - https://securiti.ai/

Wednesday Apr 19, 2023
The Blurring of Personal & Corporate Security with Leigh Honeywell
Wednesday Apr 19, 2023
Wednesday Apr 19, 2023
We always think of cybersecurity startups as companies who contribute to the tech stack in an organizational environment - usually the enterprise. We also think of personal cybersecurity in terms of protecting Grandma or our kids from the bad guys. But these two worlds intersect far more than you would think, and the techniques for addressing these problems intersect as well.
This week Allan is joined by Leigh Honeywell, CEO at Tall Poppy, to discuss these intersections. Leigh is uniquely qualified, as her non-traditional startup addresses "personal security outside the firewall", which includes executive protection...
Sponsored by our good friends at Dazz:
Dazz takes the pain out of the cloud remediation process using automation and intelligence to discover, reduce, and fix security issues—lightning fast. Visit Dazz.io/demo and see for yourself.

Wednesday Apr 12, 2023
Design Partnerships with Emily Heath
Wednesday Apr 12, 2023
Wednesday Apr 12, 2023
Emily Heath is a well-known and well-respected figure in cybersecurity. She has been a CISO three times in a variety of industries, including software and a major airline. She has been in law enforcement, is a partner at a VC firm, and serves on boards of directors as well.
With this wealth of experience she has come to value design partnerships - working with small startups to help craft their solutions to meet hers and their needs.
But what are some of the challenges in design partnerships? Allan and Emily tackle the following questions:
What inspires one towards design partnerships?
How can a practitioner design partner help a first-time founder?
Where does the innovation come from in this model?
Does the vast amount of cyber vendors help or hinder the design partnership model?
What are the pros and cons of alternatives to design partnership?
How does a practitioner get started with design partnership?
Sponsored by our good friends at Dazz:
Dazz takes the pain out of the cloud remediation process using automation and intelligence to discover, reduce, and fix security issues—lightning fast. Visit Dazz.io/demo and see for yourself.

Wednesday Apr 05, 2023
All About Advisory Boards with Karla Reffold
Wednesday Apr 05, 2023
Wednesday Apr 05, 2023
This week Allan is joined by Karla Reffold, COO at Orpheus Cyber. Yes, that makes her a vendor, but, yes, she follow's the show's rules: She is a friend, not a sponsor; she is not all vendory; and most importantly she is a subject matter expert on this week's topic: advisory boards!
In fact, Karla has written an ebook on the subject which is available here:
https://karlareffold.co.uk/advisory-boards-guide-book
Topics covered in the show:
- The ethical entanglements of being on an advisory board
- Paid vs. unpaid advisory board roles (and cash vs. equity)
- Advisory board roles as kickbacks (yes, it happens)
- Advisors who are customers vs. advisors who are not
- Do advisory board roles help or hurt a CISO's career?
Enjoy! Y'all be good!

Wednesday Mar 29, 2023
CISO vs. Individual Contributor Perspectives w/ William Klusovsky
Wednesday Mar 29, 2023
Wednesday Mar 29, 2023
Becoming a CISO means changing a lot of perspectives. Individual contributors need to learn this, and the CISO is the best one to teach them. "They're never going to get it!" is a mantra used by both sides of that dialogue, and that is not a solution. Will and Allan discuss:
- What precepts really are "obvious"
- How does one onboard leadership and business perspectives?
- What should CISOs do to ensure their teams gain those perspectives?
- What can individual contributors do to ensure that they gain those perspectives?
- The value of self-teaching and mentorship
- Beliefs we should get rid of
It's a great conversation! Ya'll enjoy it!

Wednesday Mar 22, 2023
How to Trust Your Vendors - A Scary Case Study with Paul Moreno
Wednesday Mar 22, 2023
Wednesday Mar 22, 2023
This episode is a story about an entire vendor encounter gone horribly wrong. Allan is joined by Paul Moreno, VP of InfoSec at Catawii, formerly SVP of Cybersecurity at Adyen, investor and advisor. Paul found a cybersecurity vendor. Paul found good references. Paul got referrals from peers. Paul did a PoC. And after that, it all went downhill. Paul was kind enough to share his story as he and Allan pick apart the failings and deliberate on ways we can all avoid such encounters.
Topics covered are:
- How to spot lies
- Vetting the vendor's internal security landscape
- ISO 27001 Statement of Applicability
- Breaches and whistleblowing
- GDPR violations in charging to delete data
It is a story you will want to hear, and the analysis just might save you some pain down the road...
Sponsored by Allan Alford Consulting https://allanalford.com/about

Wednesday Mar 15, 2023
Tech Teams, GRC Teams, and the CISO with Dr. Mike Brass
Wednesday Mar 15, 2023
Wednesday Mar 15, 2023
Join Allan and Dr. Mike Brass (whose degree is in archaeology!) as they jointly explore the technical side of the house vs. the GRC side of the house, noting that GRC can be a great path to CISO.
Hear Mike's journey from IT technician to GRC to CISO.
Topics Allan and Mike cover:
The tension between tech teams and GRC teams, and how a CISO can bridge the two teams
Reasons why GRC makes such a great background for the CISO role (and how to get there)
What engineering/architecture folks should know about GRC
What GRC folks should know about the tech side of the house
What the rest of the business should know about GRC
You also get to hear Mike's journey, which has spanned small and large companies, government think tanks and more!
Sponsored by Allan Alford Consulting https://allanalford.com

Wednesday Mar 08, 2023
How Do We Embrace Imperfection with Robin Sundaram
Wednesday Mar 08, 2023
Wednesday Mar 08, 2023
We have this idea that we can be perfect. And we know that idea is unsound. So we settle for imperfection. But are we doing that purposefully? Do we have a conscious plan for embracing imperfection? How can we, as cyber professionals, embrace our imperfection meaningfully and with intent?
Join Allan and Robin Sundaram as they explore this topic, covering areas such as:
NIST CSF is all about imperfection
Embracing CMDB imperfection
Vulnerability Management and Patch Management
Product/Project Rollouts
Dev teams and the pipeline
Imperfection and GRC
It's a great conversation and you are sure to learn a thing or two!
Sponsored by Allan Alford Consulting: https://allanalford.com

Wednesday Mar 01, 2023
Technical Case vs. Business Case with Omkhar Arasaratnam
Wednesday Mar 01, 2023
Wednesday Mar 01, 2023
In this episode, Allan is joined by Omkhar Arasaratnam, a force in the industry and an expert in the intersection of software and security (you may remember Omkhar from an earlier show about supply chain security).
They challenge each other to a game, "Technical Case vs. Business Case", where they must provide both arguments for a given technology deployment. The real subtext here is that whenever these two get together, they always lean towards a technical conversation, so they are challenging themselves.
Topics Covered:
MFA
Service Accounts
Refresh Cycles
Token Expiration
Recovery Emails
Regulatory Mandates
Biometrics
SBOM
It's a lively conversation and we hope you will find value in it!
Sponsor Links:
Thank you to our sponsor TrustMAPP for bringing this episode to life! The TrustMAPP solution gets you out of spreadsheets and slide decks and into managing, measuring and reporting on your cybersecurity with an all-in-one solution that combines cybersecurity frameworks, maturity, risk and business objectives and cross-references them to remediation costs. Find out more at https://trustmapp.com

Wednesday Feb 22, 2023
The Implications of ChatGPT and AI with Shaun Marion and ChatGPT
Wednesday Feb 22, 2023
Wednesday Feb 22, 2023
Join Allan, Shaun Marion (CISO of McDonald's) and ChatGPT itself for a lively conversation about the implications of this new tool, AI in general, and nuances about ChatGPT's usage.
Even after controls were put into place to prevent ChatGPT from helping the bad guys, Allan and Shaun were able to trick it into giving up details on hacking, authoring phishing emails and more.
Shaun and Allan explore the potential for abuse and the positive promise and excitement that this new era of AI is ushering in.
What are the societal implications of ChatGPT?
What are the positive advances of AI?
Should we be cautious with what we feed ChatGPT?
Hear answers to these questions and more on this week's lively episode.
Sponsor Links:
Thank you to our sponsor TrustMAPP for bringing this episode to life! The TrustMAPP solution gets you out of spreadsheets and slide decks and into managing, measuring and reporting on your cybersecurity with an all-in-one solution that combines cybersecurity frameworks, maturity, risk and business objectives and cross-references them to remediation costs. Find out more at https://trustmapp.com

Wednesday Feb 15, 2023
Breach Communications with Heather Noggle
Wednesday Feb 15, 2023
Wednesday Feb 15, 2023
How important are communications after your company has been breached? They can make or break customer perception, and the perception of the world. Bad communications are perceived as bad intent.
Joining Allan this week is Heather Noggle, owner of Codistac - a company that specializes in cyber communications, advocacy and awareness. She studied communications in college, and takes this stuff very seriously.
The pair cover LastPasss, Okta and Reddit breaches, comparing the bad to the good.
Topics covered:
Poor editing of communications
Willful non-communication
Obfuscation
Apologies
Letting the lawyers have their say - but not the last say
The balance between speed and accuracy
It's a great conversation and a great show.
Sponsor Links:
Thank you to our sponsor TrustMAPP for bringing this episode to life! The TrustMAPP solution gets you out of spreadsheets and slide decks and into managing, measuring and reporting on your cybersecurity with an all-in-one solution that combines cybersecurity frameworks, maturity, risk and business objectives and cross-references them to remediation costs. Find out more at https://trustmapp.com

Wednesday Feb 08, 2023
BISO Bonanza with Ann Hines, James Binford and Matt Winkeler
Wednesday Feb 08, 2023
Wednesday Feb 08, 2023
Do you want to be a CISO one day? Are you a CISO today who wants to strengthen your ties into the rest of the business? The Business Information Security Officer (BISO) role is one you should explore.
The role can vary quite a bit, as you will hear on this episode with not one, not two, but three BISOs joining Allan Alford to discuss the role and its nuances: where it fits, what is required, how it is best positioned and managed.
Allan has been a BISO himself and has managed BISOs as well, so the conversation is rapid and productive.
Join Allan along with Ann Hines (BISO @ USAA), James Binford (BISO @ Humana) and Matt Winkeler (BISO @ Equifax) as the explore the BISO role.
Sponsor Links:
Thank you to our sponsor TrustMAPP for bringing this episode to life! The TrustMAPP solution gets you out of spreadsheets and slide decks and into managing, measuring and reporting on your cybersecurity with an all-in-one solution that combines cybersecurity frameworks, maturity, risk and business objectives and cross-references them to remediation costs. Find out more at https://trustmapp.com

Wednesday Feb 01, 2023
Developing and Fostering Good Leadership with Joey Rachid and Scott Moser
Wednesday Feb 01, 2023
Wednesday Feb 01, 2023
Joining Allan today are two folks who are passionate about leadership – not just practicing good leadership, but instilling good leadership in future generations. Joey Rachid is CISO in the ecommerce and financial services industry, is on advisory boards, has worked for the Big Four, and more importantly is a former US Marine (although all the Marines will tell you there is no such thing as a former Marine!)
Scott Moser is SVP and CISO at Sabre Corporation, has also been a CISO for Caesar’s (the gaming and hospitality company), and has held some very interesting military roles of his own. In a joint branches capacity, Scott has been a CIO in Alaska. For the US Air Force, Scott has been a Commander and an IT Director, all over the world. He has also worked for the Joint Staff in Washington, DC as a branch chief.
These two gentlemen speak about leadership holistically - how to exhibit excellent leadership yourself, how to train for good leaderships, and how to foster it in others.
Sponsor Links:
Thank you to our sponsor TrustMAPP for bringing this episode to life! The TrustMAPP solution gets you out of spreadsheets and slide decks and into managing, measuring and reporting on your cybersecurity with an all-in-one solution that combines cybersecurity frameworks, maturity, risk and business objectives and cross-references them to remediation costs. Find out more at https://trustmapp.com

Wednesday Jan 25, 2023
Are We Protecting People, Data, or Business? with Nipun Gupta
Wednesday Jan 25, 2023
Wednesday Jan 25, 2023
This week Allan is joined by Nipun Gupta, and industry veteran who has been a consultant, practitioner, vendor, advisor and investor.
The topic is "What are we really protecting in cyber?" and the nuances of that question are explored in depth - as well as the interrelationships.
Is "protect the business" a guardrail statement while "protect data and people" is the mission?
How do we tie protecting people to protecting the business? For the people? For the business?
How do we map data to the business mission?
How far do we go to protect data?
What about this new DevOps, application-centric world?
Enjoy this conversation! It's a lively one.

Wednesday Jan 18, 2023
Influences from Outside of Cybersecurity with Peter Schawacker
Wednesday Jan 18, 2023
Wednesday Jan 18, 2023
This week, Allan is joined by Peter Schawacker, CEO @ Nearshore Cyber, former CISO, advisor to MSPs, etc. Another one of Allan's illustrious guests with 25 years in cyber. (https://www.linkedin.com/in/schawacker/). The topic started as all that the two have learned outside of cybersecurity that has helped them in cyber. But it gets way more esoteric than that, and quickly. Detailed show notes and links are provided below because this show is all over the place!
02:11 Point MOOt, Texas: MOO-based virtual city with virtual economy, virtual stock market, various political models of governance and high preponderance of highly interactive bots used for practical and administrative purposes.http://linguafranca.mirror.theinfo.org/9405/moo.htmlhttps://archive.nytimes.com/www.nytimes.com/books/first/l/leonard-bots.html
04:49 A fast tour of the the age of the universe, Planet Earth, and humans' presence on the planet, industrial revolution and the Internet
05:45 The Annex BBS in LAhttps://annex.net/about-us/
05:28 IRChttps://en.wikipedia.org/wiki/Internet_Relay_Chat
06:12 - Arthur C. Clarke - "Any sufficiently advanced technology is indistinguishable from magic."https://lab.cccb.org/en/arthur-c-clarke-any-sufficiently-advanced-technology-is-indistinguishable-from-magic/
07:12 - Iranian refugees, educated folks who spoke 5 languages and had 4 passports
07:49 - Dungeons and Dragonshttps://dnd.wizards.com/
08:05 - Life demands more of us than just having a job
08:16 - Karl Marx, Shakespeare, Julius Caesar, Poetry
08:43 - TI-99 4A and the BASIC language on the Commodore PEThttps://en.wikipedia.org/wiki/TI-99/4Ahttps://en.wikipedia.org/wiki/BASIChttps://en.wikipedia.org/wiki/Commodore_PET
09:02 - Earthlinkhttps://www.encyclopedia.com/economics/encyclopedias-almanacs-transcripts-and-maps/earthlink-inc#:~:text=Earthlink%20Network%20was%20founded%20in,would%20be%20providing%20customer%20service.
09:24 - Tech Writing and List Making
09:41 - Running a SOC for Citi
10:20 - Jack of all trades and the value of curiosity and love, surprises and exploration
11:04 - There is no one cybersecurity - we don't even know what it is yet
11:40 - Cyber as nascent field with great opportunity to leverage other disciplines
13:02 - TOGAF and the CIO's organization and functions and the CISO reporting into the CIOhttps://en.wikipedia.org/wiki/The_Open_Group_Architecture_Framework
14:02 - Nobody knows what a CISO does
14:39 - We can't have it both ways - to have a seat at the table we must own risk and have accountability. Authority can't exist without accountability.
15:13 - Do CISOs know how to buy stuff? Lack of budgeting process.
15:45 - Eff around and find out - security incidents - order out of chaos - crisis management
16:34 - Pen testing as games (game theory):https://en.wikipedia.org/wiki/Game_theory
17:11 - The influence of playing music
18:48 - Wagner's invention of instrumentshttps://www.californiasymphony.org/2018-19-season/epic-bruckner/whats-a-wagner-tuba/
19:12 - The influence of getting sober
19:30 - Chuck Anderson - Best guitar teacher on the planet?https://truefire.com/educators/chuck-anderson/e4187
19:45 - Dissonance and consonance; inverse ratio between complexity and power
20:17 - Entrepreneurial spirit in the music business and an illegal booking company
20:48 - Everything applies everywhere; metaphor and the origins of ideas
21:21 - Marx and Engels - revolutions get stuff done
21:43 - Rothko's artwork compared to The Ramoneshttps://en.wikipedia.org/wiki/Mark_Rothko#:~:text=Mark%20Rothko%20(%2F%CB%88r%C9%92,a%20Latvian%2DAmerican%20abstract%20painter.
22:14 - The subconscious produces genius; we are all geniuses
22:51 - The mathematical concept of Aleph-0 and George Cantor as inventor of discrete mathhttps://mathworld.wolfram.com/Aleph-0.html#:~:text=is%20often%20pronounced%20%22aleph%2Dnull,spelled%20%22aleph%2Dnought.%22
23:40 - Wittgenstein's refutation of Cantor despite computing being based on discrete mathhttps://en.wikipedia.org/wiki/Ludwig_Wittgenstein
24:05 - Divine revelation or bipolar disorder?
24:33 - "The Aleph" short story by Jorge Luis Borgeshttps://web.mit.edu/allanmc/www/borgesaleph.pdf
25:13 - "Weaving the Web" by Tim Berners Lee and Borges foreshadowing hyperlinkshttps://www.amazon.com/Weaving-Web-Original-Ultimate-Destiny/dp/006251587X
25:51 - We need heroes - mentoring without heroes is not possible
27:08 - Learning from the masters in cybersecurity; maybe we will be in history books
29:42 - Gaining sobriety, learning to reach out for help - valuable in cybersecurity
31:10 - Raising children; paternalism and cyber careers
32:32 - Edward de Bono - Lateral Thinkinghttps://www.amazon.com/Lateral-Thinking-Creativity-Step/dp/0060903252
33:13 - "Flow" by Mihaly Csikszentmihalyihttps://www.amazon.com/Flow-Psychology-Experience-Perennial-Classics-ebook/dp/B000W94FE6

Wednesday Jan 11, 2023
Managing Careers with Luis Valenzuela
Wednesday Jan 11, 2023
Wednesday Jan 11, 2023
This episode is jam-packed with wisdom that is delivered at a rapid pace. Some folks will find themselves rewinding and taking notes. Luis Valenzuela, Director of Data Loss Prevention and Data Governance at InComm Payments, joins Allan Alford to talk about managing careers - how to manage your own, and, for leaders, how to help your team manage theirs. Topics include:
- Pivotal career transitions
- Is a plan _really_ required?
- Principles, foundations, and successful behaviors
- Practical steps and resources
- Is the power of envisioning enough?
- Tactical and other tips
Y'all enjoy this one, now!

Wednesday Jan 04, 2023
100th Episode Call-In Special with 21 Guests!
Wednesday Jan 04, 2023
Wednesday Jan 04, 2023
To celebrate the 100th episode, Allan decided to let the audience participate in the show. 21 people called in and answered a wide variety of questions about cybersecurity. It is a fantastic show and it is very fun to hear all the different perspectives from folks who have just about every role in cybersecurity you can imagine:
00:00:58 - Brent Deterding - What can practioners do to show more love to vendors?00:03:07 - Evgeniy Kharam - How important are soft skills in cybersecurity?00:03:54 - Evgeniy Kharam - What are we doing wrong in cybersecurity?00:05:17 - Andy Ellis - what are we doing right and what are we doing wrong?00:07:15 - Nipun Gupta - What needs to happen to get cybersecurity practitioners to trust cybersecurity vendors?00:10:29 - Brent Forest - What is the value of mentorship in cybersecurity?00:13:48 - Heather Noggle - How do you get small organizations to take cybersecurity more seriously?00:17:34 - Karla Reffold - What piece of advice would you give somone trying to get into cybersecurity?00:19:16 - Will Lin - Where do you think this whole cybersecurity thing is headed?00:22:37 - Jack Powell - What are we doing in cybersecurity that we should not be doing?00:29:17 - Dutch Schwartz - What is missing in cybersecurity?00:36:13 - Kevin Pope - What is your best piece of advice for those entering the cybersecurity field?00:42:42 - Julian Cohen - How do we prioritize our defenses?00:45:22 - Benjamin Corll - What do you love most about being in cybersecurity?00:47:05 - Special Appearance by Chis Cochran and Ron Eddings of Hacker Valley Media00:50:07 - Chris Patteson - How worried should we be about post-quantum cryptography?00:54:03 - Peter Schawacker - What are we doing right in cybersecurity?01:01:45 - Adrian Sanabria - What is it we are not doign in cybersecurity that we should be doing?01:08:38 - Chris Foulon - Where is this whole cybersecurity thing headed?01:13:52 - Claude Mandy - What are we getting wrong in cybersecurity?01:18:25 - Gary Hayslip - What is the trend towards a data-centric security model?01:26:17 - Kirsten Davies - What is going to change with threat intelligence in 2023?01:30:58 - Special Appearnce by Dr. Ursula Alford (Allan's wife)

Wednesday Dec 14, 2022
Can We Even Measure Risk? with Andy Ellis and Chris Roberts - EXPLICIT
Wednesday Dec 14, 2022
Wednesday Dec 14, 2022
This is another "'E' for explicit" show as this one is another LIVE! show from the CISO XC conference in Dallas-Fort Worth. Why the 'E'? Because halfway through Allan Alford's conversation with Andy Ellis (CISO at Orca, Operating Partner at YL Ventures, former CISO at Akamai), Chris Roberts (CISO at Boom Supersonic) joins the stage with some fine whisky and his own clever takes on measuring risk.
Join Allan, Andy, and Chris as they deconstruct risk, extolling its virtues, and hopefully change the way you think about risk altogether. Is likelihood times impact valid? Is the 5x5 grid valid? What is plausibility vs. probability? Find out on this great LIVE! episode!
Sponsor Links:
Thank you to our sponsor Axonius for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

Wednesday Dec 07, 2022
Is It Even Our Job to Make Them Care About Cybersecurity? with Yaron Levi
Wednesday Dec 07, 2022
Wednesday Dec 07, 2022
In this episode, Allan Alford plays Devil's advocate - challenging the practitioner community to refute the idea that we should quit trying to make the organization care and simply make suggestions and accept the organization's level of risk tolerance.
Allan posted this topic on LinkedIn and it created quite a buzz. The show features quotes from Simon Goldsmith, Kevin Pope, Malcolm Harkins, and others.
Listen to hear a deconstruction of this position, and hear some great arguments both for and against it. We'll give away the ending - the argument is ultimately refuted - but it is a great thought exercise and a wonderful journey getting to that conclusion. Hint: The show's ending is more apt than ever: "Ya'll be good now!"
Sponsor Links:
Thank you to our sponsor Axonius for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

Wednesday Nov 30, 2022
Building Cybersecurity Community with Scott Schindler
Wednesday Nov 30, 2022
Wednesday Nov 30, 2022
Scott Schindler, veteran CISO, vCISO, and adjunct professor joins Allan at the ranch to talk about how to build, strengthen, participate in, contribute to and benefit from a cybersecurity community. Allan chose Scott for this show because of his incredible community focus and the high level of participation and engagement he demonstrates in his own career.
How can we, as privacy and security professionals, overcome our paranoia in order to build community?
How do we, as new members of cybersecurity, break into the community?
How do I start a local community?
How do we welcome others?
What is wrong with the cybersecurity community today that we need to fix?
Sponsor Links:
Thank you to our sponsor Axonius for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

Wednesday Nov 16, 2022
Geopolitics, APTs and Cybersecurity with Dan Holden
Wednesday Nov 16, 2022
Wednesday Nov 16, 2022
Dan Holden, a 20+ year industry veteran, former vendor, and current CISO at Big Commerce joins Allan Alford at the ranch to talk about the BIG picture. Join them on this wild trail ride that goes as far back as the Monroe Doctrine of 1823, the pre-cursors to WWI, Regan-era cyber doctrine, cyber and modern warfare, lessons learned from the COVID economy (hint: GDP is now part of critical infrastructure), famous APT heists, modern global imperialism... This show ties these threads together into a forward-looking vision for cybersecurity that includes shifts in global prioritization of cybersecurity, federal regulations, and changes to the VC investment landscape. Saddle up and get ready for a wild ride!
Sponsor Links:
Thank you to our sponsor Axonius for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

Wednesday Nov 09, 2022
3 Very Practical Tips with Duane Gran
Wednesday Nov 09, 2022
Wednesday Nov 09, 2022
This week Allan Alford is joined by Duane Gran, Director of Information Security at Converge Technology Solutions to discuss three different aspects of the CISO craft -- and to offer practical, concrete guidance on how to achieve the right outcomes:
Eliminating the culture of "No!"
Managing Third-Party Risk
Building a "No Blame" Culture
The common thread behind all of these themes is relationship building and goodwill - but the details are well worth the listen!
Sponsor Links:
Thank you to our sponsor Axonius for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

Wednesday Nov 02, 2022
Should the CISO...? with Andy Bennett
Wednesday Nov 02, 2022
Wednesday Nov 02, 2022
In this week's show, Allan and his guest Andy Bennett (a very clever CISO with a heck of a pedigree) decide to tackle some thought exercises with a series of questions that all start with "Should the CISO...?"
Should the CISO be the one to decide whether to report breaches?
Should the CISO own the SOC?
Should the CISO report to the CIO?
Should the CISO have an MBA?
Should the CISO be mentoring individual contributors in their team?
Should the CISO be sharing the political realities of “upstairs”?
Should the CISO own Identity?
Enjoy this fantastic conversation that goes to a lot of surprising places!
Sponsor Links:
Thank you to our sponsor Axonius for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

Wednesday Oct 26, 2022
Tired Topics in Cybersecurity - Part Two with Michael Santarcangelo and Rich Mason
Wednesday Oct 26, 2022
Wednesday Oct 26, 2022
Once again, Allan, Rich, and Michael dissect topics in our community that are, well, tired. Topics are brought up to spur online debate, but for which a conclusion is never reached. Topics that bifurcate our community without moving our industry forward. Topics that cause us to overly rotate on the wrong areas.
In this show we address:
Defining terms: zero trust, ML, AI, hacker vs. cracker, cybersecurity vs information security
How to pronounce "CISO"
Work from home vs coming to the office
Do we deserve a seat at the table or is it earned?
Hopefully, these three are stepping beyond the tired answers to these topics and are raising the bar on how we should approach the information security profession. You be the judge...
Sponsor Links:
Thank you to our sponsor Axonius for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

Wednesday Oct 19, 2022
Tired Topics in Cybersecurity - Part One with Rich Mason and Michael Santarcangelo
Wednesday Oct 19, 2022
Wednesday Oct 19, 2022
We have all seen the conversations on LinkedIn where someone starts with a hotly debated topic, and the debate goes on and on, nothing is concluded, and then the next week, someone else posts the same topic and starts the gerbil wheel spinning again. We have seen this phenomenon with common complaints too. These are, in short, tired conversations.
Join Allan Alford, Rich Mason, and Michael Santarcangelo as they rope in some of these tired topics and propose alternative ways of looking at them.
This one runs a bit longer than usual because the conversation is that good. Also, there are a few naughty words...
In this Part One episode they offer some alternative takes on the following tired topics:
Who should the CISO report to?
Users as the weakest link
Talent Shortage
CISO Burnout
Imposter Syndrome
Awards Marketing
Bad Vendor Behavior
Sponsor Links:
Thank you to our sponsor Axonius for bringing this episode to life!The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley