The Cyber Ranch Podcast
Ride the cyber trails with one CISO (Allan Alford) and a diverse group of friends and experts who bring a human perspective to cybersecurity.
Episodes
Wednesday Sep 13, 2023
Cybersecurity Awareness Month CALL TO ACTION - The Podcast Trifecta!
Wednesday Sep 13, 2023
Wednesday Sep 13, 2023
Warning: Some naughty language in this show, but well placed naughty language!
Challenge issued!!!! Allan has teamed up with TWO other podcasts to take on the insufferable marketing that floods the cybersecurity industry in the month of October! Who among you will win???
Win?
That's right! Allan, along with George K and George A from Bare Knuckles & Brass Tacks joins forces with Aaron Pritz and Cody Rivers of Simply Solving Cyber!Together, this trifecta weighs in on the October bonanza that is Cybersecurity Awareness Month. While the month started to raise awareness for the general public, it’s now become an excuse for vendors to inundate infosec professionals' inboxes with inane messaging.Introducing: The Cyber Community Month challenge!Vendors: we’re challenging you to come up with campaigns that give back to the customer community rather than sending awareness spam.Client-side practitioners: Show us how you engage local communities, volunteer at schools, help nonprofits, etc. to spread cyber knowledge!We’re awarding prizes in November. Share your efforts on social media with the hashtag #CyberCommunityChallenge
Sponsored by our good friends at Entitle.
Entitle is how cloud-forward companies provide employees with granular and just-in-time access within their cloud infrastructure and SaaS applications. Whether it's providing access to production for on-cal engineers or granting access to customer data when a support ticket is opened, Entitle easily integrates with your stack, offering self-serve access requests, instant visibility into your cloud entitlements and making user access reviews a breeze. Learn more at entitle.io
Thursday Sep 07, 2023
Protecting Small Organizations w/ Georges Merchak
Thursday Sep 07, 2023
Thursday Sep 07, 2023
Nearly 43% of cyber-attacks are on small businesses.
82% of ransomware attacks were targeted at companies with less than 1000 employees.
61% of SMBs were the target of a Cyberattack in 2021.
37% of companies hit by ransomware had fewer than 100 employees.
And yet...
36% of small businesses have no concern whatsoever about cyberattacks. Another 59% of small business owners who have no cybersecurity believe that their company is too minuscule to be targeted.
47% of businesses that have less than 50 employees don’t allocate any funds towards cybersecurity. While 51% of small businesses don’t utilize any IT security measures.
The threat is real, but preparedness is not. Join Allan and Georges Merchak as they tackle the nuances of protecting small organizations. Georges is an industry veteran who has held many full-time practitioner roles, but also consulting roles. Georges has served small business.
Together they address:
Vs. bigger businesses, what are the challenges and benefits for the small guys? Are there any benefits?
Is there value for a CISO to consult with these guys?
What is different about their attack surface?
So security is their least concern, and yet it sure seems like it should be a big concern. How do we educate them?
What’s the maturity rollout? There is no way you can tackle a small business’ entire cyber problem in one go…
What are the low-hanging fruit? Some very practical steps?
Y'all enjoy!
Sponsored by our good friends at Seraphic Security.
Seraphic helps you defend your digital workplace with security and DLP for every browser and essential desktop apps like Microsoft Teams, Slack, Asana, and Notion. Protect against compromise and prevent data loss via the web with Seraphic.
Wednesday Aug 30, 2023
Nowhere to Hide w/ Chris Roberts
Wednesday Aug 30, 2023
Wednesday Aug 30, 2023
You know you're being watched, right?
Imagine for some reason you needed to bury a treasure where nobody would ever find it. In today's society, how could you even do that? How can you get from Point A to Point B without being observed or tracked in some way?
Did you know that you can be listened to through smart lightbulbs?
This episode features the infamous and always gracious Chris Roberts, back again on the 'Ranch during this LIVE! recording from the HIP Global 2023 conference in NYC.
Chris and Allan talk about these subjects and more in an eye-opening show about just how much folks can see you and hear you.
Join in and become just a little more paranoid...
Sponsored by our good friends at Seraphic Security.
Seraphic helps you defend your digital workplace with security and DLP for every browser and essential desktop apps like Microsoft Teams, Slack, Asana, and Notion. Protect against compromise and prevent data loss via the web with Seraphic.
Wednesday Aug 23, 2023
Cybersecurity in Popular Culture w/ George Finney LIVE!
Wednesday Aug 23, 2023
Wednesday Aug 23, 2023
In this LIVE! show at Black Hat, Allan and his friend George Finney (recurring guest, CISO @ SMU, multi-times author and CEO of Well Aware Security) discuss cybersecurity in popular culture. They talk about the impact on real-world cybersecurity practices of such non-fiction gems as Clifford Stoll's book The Cuckoo's Egg and such cheesy fictional accounts as the movie Swordfish.
It might have made you grown, but it might have inspired you and others.
It might have represented what we do well enough that you can refer people to it who ask after our craft. Or maybe the portrayal was so bad it was laughable.
Join Allan and George LIVE! at Black Hat as they pick apart their favorites and take suggestions from the audience as well... Hack the Planet!
Sponsored by our good friends at Seraphic Security.
Seraphic helps you defend your digital workplace with security and DLP for every browser and essential desktop apps like Microsoft Teams, Slack, Asana, and Notion. Protect against compromise and prevent data loss via the web with Seraphic.
Wednesday Aug 16, 2023
Allan Interviews EVERYONE at Black Hat
Wednesday Aug 16, 2023
Wednesday Aug 16, 2023
Did you miss Black Hat this year? Well you won't miss the great conversations that were had, as Allan captured so many good ones for this special Black Hat retrospective episode.
Did you get to attend Black Hat this year? See if your experience was as amazing as Allan's! This show is LIVE and untarnished. It's the real Black Hat experience!
In this episode, Allan talks to (in alphabetical order, with timestamps):
1:02 - Dani Woolf, Founder & CEO at Audience 1st
3:06 - Daniel Blackford, Manager of Threat Research @ Proofpoint
6:48 - Dean Sysman, CEO @ Axonius
8:19 - Deepen Desai, Global CISO & Head of Security Research @ ZScaler
15:39 - G. Mark Hardy, host of the CISO Tradecraft Podcast
18:42 - Glen Pendley, CTO @ Tenable
23:54 - Kayne McGladrey, Field CISO @ Hyperproof
24:52 - Leigh Honeywell, CEO @ Tall Poppy
25:52 - Masha Sedova, CEO @ Elevate Security
28:47 - Nate Warfield, Director of Research @ Eclypsium
31:43 - Rich Berthao, Cybersecurity Leader, Planner, and Innovator
32:41 - Rob Labbé, CEO and CISO in Residence for the Mining and Metals ISAC
This show captures an amazing week!
Sponsored by our good friends at Seraphic Security.
Seraphic helps you defend your digital workplace with security and DLP for every browser and essential desktop apps like Microsoft Teams, Slack, Asana, and Notion. Protect against compromise and prevent data loss via the web with Seraphic.
Wednesday Aug 09, 2023
Allan is at Black Hat
Wednesday Aug 09, 2023
Wednesday Aug 09, 2023
A brief thank you to our listeners and a request for feedback on the show.
We'll catch y'all next week!
Wednesday Aug 02, 2023
The Open Source Security Foundation with Omkhar Arasaratnam
Wednesday Aug 02, 2023
Wednesday Aug 02, 2023
The OpenSSF is doing invaulable work for the cybersecurity community. And their new managing director happens to be Omkhar Arasaratnam, whose appearance on the show a while back created one of our most popular episodes ever! Omkhar is back to talk about the OpenSSF:
What is the OpenSSF and how does it relate to the Linux Foundation?
What is the organization's mission?
What is the organization's vision?
What exciting projects are taking place (and a sneak peek about some upcoming announcements at Black Hat!)
What mark do you want to leave on the OpenSSF as Managing Director?
Omkhar is an expert in DevOps and CI/CD. He is an expert in security. His passion is supply chain security. You can see where all of this can come together in his new role and make amazing things happen for your industry. Y'all enjoy, and y'all be good now!
Wednesday Jul 26, 2023
Cloud Security Remediation w/ Tunde Oni-Daniel
Wednesday Jul 26, 2023
Wednesday Jul 26, 2023
Cloud security remediation can be a daunting task that impacts Dev, Sec and Ops teams all. And it can be a huge, manual, pain in the... You get the idea. But there are techniques to navigate it and to overcome many of the common traps and hurdles.
Tunde Oni-Daniel is a grizzled veteran in our industry who has managed to maintain his enthusiasm, passion and energy for the job. Tunde is an expert on cloud remediation and together he and Allan discuss:
Cloud lifecycle
Challenges when findings happen
Drift management
Bugs vs vulnerabilities
Sec/Dev/Ops relationships with regards to remediation
What works, what's fast?
The next 3-5 years of cloud remediation
This one is a phenomenal show packed full of practical tips and high energy.
Sponsored by our good friends at Dazz:
Dazz takes the pain out of the cloud remediation process using automation and intelligence to discover, reduce, and fix security issues—lightning fast. Visit Dazz.io/demo and see for yourself.
Wednesday Jul 19, 2023
Things We Believe But Cannot Prove w/ Drew Simonis
Wednesday Jul 19, 2023
Wednesday Jul 19, 2023
In this episode, Allan and Drew tackle and interesting subject that was suggested by Drew and that Allan posted for the LinkedIn community to gather around: things we believe in cybersecurity that we cannot prove.
The LinkedIn conversation was phenomenal, and Drew and Allan do a great job of summarizing it and calling out the underpinnings behind much of what we believe in this industry.
Questions Allan asks Drew:
What inspired this topic?
What were some of your favorites from the LinkedIn thread?
What are the underlying themes here?
Is BYOD security really a thing?
Are third-party risk assessments useful?
Special thanks to LinkedIn posters:
Peter Schawacker
John Prokap
Duane Gran
Brian Campbell
Matthew Dimmick
Graham Lewendon
Marcus W.
Dmitriy Sokolovskiy
And everyone who participated in a very lively thread...
Sponsored by our good friends at Dazz:
Dazz takes the pain out of the cloud remediation process using automation and intelligence to discover, reduce, and fix security issues—lightning fast. Visit Dazz.io/demo and see for yourself.
Wednesday Jul 12, 2023
Board Reporting with Kate Kuehn
Wednesday Jul 12, 2023
Wednesday Jul 12, 2023
Kate is a legend in our industry, is a multiple times board member herself as well as having reported to boards in a wide variety of roles. She is currently Chief Trust Officer at Aon. Allan and Kate have intended to get her down to The Cyber Ranch for some time, but the stars finally aligned in this fantastic episode jam-packed with great advice.
Do please forgive the sound quality on this one. It was recorded on the road, and the conversation was too amazing to re-record despite the quality issues.
Kate and Allan cover:
Best human approaches in board communicating – everything but the presentation itself
How to get to know your board both individually and collectively
What to present
What not to present
Best tips and tricks overall
Sponsored by our good friends at Dazz:
Dazz takes the pain out of the cloud remediation process using automation and intelligence to discover, reduce, and fix security issues—lightning fast. Visit Dazz.io/demo and see for yourself.
Thursday Jul 06, 2023
Allan Answers LinkedIn Questions
Thursday Jul 06, 2023
Thursday Jul 06, 2023
This week Allan flies solo and tackles a variety of questions that came in from LinkedIn - including his origin story.
Allan tackles the following questions:
How does a CISO protect themselves from prosecution?
How does one get value from a cybersecurity assessment?
How should one pick a cybersecurity solution or company?
How do you "disconnect" from cybersecurity?
How to start and sustain a cybersecurity podcast - why and why not?
Allan's orgin story
Allan argues with himself over two issues
NOTE: Allan states: "I have no idea why anyone would want to hear my origin story, but here it is. You can skip it if you like. It runs from roughly 19 minutes to 24 minutes."
Sponsored by our good friends at Dazz:
Dazz takes the pain out of the cloud remediation process using automation and intelligence to discover, reduce, and fix security issues—lightning fast. Visit Dazz.io/demo and see for yourself.
Wednesday Jun 28, 2023
The Real Implications of Contemporary Exploits with Anne Marie Zettlemoyer
Wednesday Jun 28, 2023
Wednesday Jun 28, 2023
The MOVEit breach has been top of mind, especially with Solar Winds and Colonial Pipeline and log4j and all the others having been so recent. It is easy to blame the victims. It is easy to make excuses that nobody can defend against a Zero Day. There are a lot of easy responses to these kinds of affairs.
But what Allan and Anne Marie Zettlemoyer get into in this episode is a variety of questions around the assumptions:
Start with a quick summary of the MOVEit exploit and Clop.
How does this attack compare to SolarWinds?
What can we do to prepare for zero-day exploits?
Is society (and the business world) getting jaded to ransomware attacks and breaches? Is this affecting their investments in cyber?
Is a post-breach CISO really rolling in the assets and resources the way so many assume?
What are the long-term implications for a business, its stock prices, and its CISO investment?
This is another episode that strives to get deeper than the surface. We hope you learn something from it, and we hope you enjoy it as well. Y'all be good now!
Sponsored by our good friends at Dazz:
Dazz takes the pain out of the cloud remediation process using automation and intelligence to discover, reduce, and fix security issues—lightning fast. Visit Dazz.io/demo and see for yourself.
Thursday Jun 22, 2023
Zero Trust & DSPM with Claude Mandy - SPECIAL LIVE EDITION
Thursday Jun 22, 2023
Thursday Jun 22, 2023
This episode was recorded LIVE at the 2023 Symmetry Systems Unconference on Zero Trust, adjunct to RSAC 2023.
Allan is joined by his friend Claude Mandy, former CISO, former analyst, and now Chief Evangelist at Symmetry Systems. Like Allan, Claude is a Zero Trust enthusiast. The podcast was the capstone to a long day of Zero Trust presentations, panels, book reviews and other great topics and conversations.
Join Allan and Claude at this live recording that covers:
- How does DSPM fit into Zero Trust?
- Allan's victory at a recent Digital Fight Club event where he championed Zero Trust
- Overcoming Zero Trust marketing hype
- Is Zero Trust a framework, an architecture, or something else? Hint: Claude says it's something else.
- What are the biggest challenges in implementing Zero Trust?
- What are the benefits to the business of Zero Trust?
- Security is about the intersection of Data & Entities - not about Assets
- What are the most exciting aspects of RSAC 2023 for Claude and Allan?
Wednesday Jun 21, 2023
Money with Nick Vigier
Wednesday Jun 21, 2023
Wednesday Jun 21, 2023
Money is the hardest thing for a CISO to acquire. As with last week's show on Time, Money has to be spent wisely as well. Perhaps the tricks to spend it wisely directly relate to how we can acquire more the next cycle to achieve the mission we know we need to achieve. In this episode we cover:
- What are the best methods for securing a budget?
- How do you structure your budget to align with business costs (COGS, R&D, CAC...)?
- What are some good ways to save money as a CISO?
- How do you best lower vendor costs for the long term?
- How can a CISO help make money for the business?
Sponsored by our good friends at Dazz:
Dazz takes the pain out of the cloud remediation process using automation and intelligence to discover, reduce, and fix security issues—lightning fast. Visit Dazz.io/demo and see for yourself.
Wednesday Jun 14, 2023
Time w/ Paul Robinson
Wednesday Jun 14, 2023
Wednesday Jun 14, 2023
Time is one of our most precious commodities as security practitioners. And yet we have traditional time sinkholes where we waste time, lose time, and spend time. Join Allan and Paul Robinson, Founder and Managing Director at Tempus Network, as they explore several of these areas and give concrete tips on how to save time as security practitioners:
- Keeping up with industry trends
- Managing cyber incidents
- Third-party questionnaires (both directions!)
- Vendor onboarding
- Work from home vs. going into the office
Sponsored by our good friends at Dazz:
Dazz takes the pain out of the cloud remediation process using automation and intelligence to discover, reduce, and fix security issues—lightning fast. Visit Dazz.io/demo and see for yourself.
Wednesday Jun 07, 2023
FedRAMP, StateRAMP, TX-RAMP with Jay Adams
Wednesday Jun 07, 2023
Wednesday Jun 07, 2023
Join Allan and his guest Jay Adams, CISO @ Enchoice and former security architect for several large private and public sector efforts - from M&A activities to massive public portals.
Jay is going through TX-RAMP right now, and both he and Allan have done research on FedRAMP and StateRAMP as well.
What are the differences? Why might you choose one over the other? What are the gotchas?
This is a great show and you'll get to learn a bit about Allan's brief foray into state government as well...
Sponsored by our good friends at Dazz:
Dazz takes the pain out of the cloud remediation process using automation and intelligence to discover, reduce, and fix security issues—lightning fast. Visit Dazz.io/demo and see for yourself.
Monday Jun 05, 2023
RSAC 2023 Special Edition Campfire Chats - Part 2
Monday Jun 05, 2023
Monday Jun 05, 2023
This is Part 1 of an incredible series of interviews Allan conducted live at RSA 2023. Guests include:
Gary Hayslip, CISO @ Softbank Investment Advisers
Michael Calderin, CISO @ YAGEO Group
David Cross, CISO @ Oracle SaaS Cloud
Audra Streetman, Security Strategist @ Splunk
Adrian Peters, CISO @ Vista Equity Partners
Robin Sundaram, CISO @ RELX
Merritt Baer, Office of the CISO @ AWS
Rob Wood, CISO @ Centers for Medicare & Medicaid Services
Bryan Green, CISO Americas @ ZScaler
Stephanie Derdouri, Sr. Manager, Information Security and Technology Risk Management @ Capital Group
Andres Andreu, CISO @ 2U
Paul Love, CISO & Chief Privacy Officer @ Co-op Solutions
Royce Markose, former CISO
Bob Schuetter, CISO @ Ashland
Susan Thomas, CEO @ 10Fold
Brian Markham, CISO @ EAB
Ken Foster, VP of IT GRC @ FLEETCOR
Elizabeth Martinez, Account Exec @ ThreatLocker
Josiah Dykstra, Senior Fellow, Office of Innovation @ The NSA
Kevin Brown, CEO @ Innit
Brent Deterding, CISO @ Afni
Audra Streetman, Security Strategist @ Splunk
Wendy Whitmore, SVP, Unit 42 @ Palo Alto Networks
I ask my guests several questions including:
How do you impact the top and bottom line?
What topics are you tired of in cybersecurity?
There are also some special interviews at the end - discussions about the RSA conference itself, tech stack sprawl, and personal branding and marketing for CISOs. Oh - and a question about how vendors and CISOs can work better together AND a conversation about how government and industry can work together in cybersecurity.
Give this one a listen! It's jam-packed with great insights!
Sponsored by AttackIQ & Semperis.
AttackIQ offers a new fully managed breach and attack simulation service. They are the premier provider of MITRE ATT&CK-based security control validation. https://attackiq.com
Semperis provides the industry's most comprehensive Active Directory and Azure AD cyber resilience platform, supported by specialized AD incident response expertise. https://semperis.com
Wednesday May 31, 2023
1% Leadership with Andy Ellis
Wednesday May 31, 2023
Wednesday May 31, 2023
This week's show is exciting because Allan has been waiting for Andy's book on leadership to come out for quite some time. The book is called “1% Leadership – Master The Small, Daily Improvements That Set Great Leaders Apart”, and it consists of 54 chapters - each of which presents a specific facet of good leadership in a nearly "buffet style" manner. You can pick and choose topics that resonate with you and dive right in.
Allan picked 6 chapters that resonated with him in particular and got Andy to elaborate:
Chapter 1 - “Personal improvement is a prerequisite to leading professionally”
Chapter 6 - “Gift kindness where it isn’t expected”
Chapter 8 – “An uncompelled apology unburdens everyone”
Chapter 13 - "Your wellness is one of the greatest assets you control" (Listen as Andy hits Allan straight in the feels on this topic)
Chapter 24 – "People need to see versions of themselves to feel welcome"
Chapter 35 - "In general, be vague"
The book is amazing, these particular chapters are amazing, and Andy's expounding upon them is amazing as well!
Y'all be good now!
Wednesday May 24, 2023
Will LLM AI Close The Bad Guys’ Skills Gap? with Adrian Sanabria
Wednesday May 24, 2023
Wednesday May 24, 2023
This episode is a bit scary. Adrian Sanabria, who on an earlier show busted many cybersecurity myths, is back again, this time analyzing the impact of Large Language Model Artificial Intelligence on a hypothesized skills gap on the bad guy side.
Premise One: Given how many organizations that are vulnerable and that have NOT been breached, the bad guys are suffering the same skills gap we are.
Premise Two: Exploit attacks (think of exploits as ransomware, data hostage situations, threats to publish breached data, etc.) can benefit from LLM AI.
It's really that simple a connecting of the dots. Adrian and Allan deconstruct the steps of an exploit attack, analyze the capabilities of LLM AI and cross-reference the two.
If they are right, then we have a burden of leveraging and learning LLM AI ourselves, as quickly as possible...
Sponsored by our good friends at Dazz:
Dazz takes the pain out of the cloud remediation process using automation and intelligence to discover, reduce, and fix security issues—lightning fast. Visit Dazz.io/demo and see for yourself.
Monday May 22, 2023
RSAC 2023 SPECIAL EDITION Campfire Chats - Part 1
Monday May 22, 2023
Monday May 22, 2023
This is Part 1 of an incredible series of interviews Allan conducted live at RSA 2023. Guests include:
Chris Kennedy, CISO @ Citadel
Gary Hayslip, CISO @ Softbank Investment Advisers
Michael Calderin, CISO @ YAGEO Group
Reet Kaur, CISO @ Portland Community College
Rob LaMagna-Reiter, CISO @ Hudl
Matthew Lang, vCISO
David Cross, CISO @ Oracle SaaS Cloud
Audra Streetman, Security Strategist @ Splunk
Vishal Amin, General Manager of Security Solutions (Federal) @ Microsoft
Adrian Peters, CISO @ Vista Equity Partners
Kelly Shortridge, Author of “Security Chaos Engineering: Sustaining Resilience in Software and Systems”
Robin Sundaram, CISO @ RELX
Merritt Baer, Office of the CISO @ AWS
Tim Rohrbaugh, former CISO & Industry Leader
Rob Wood, CISO @ Centers for Medicare & Medicaid Services
Bryan Green, CISO Americas @ ZScaler
Stephanie Derdouri, Sr. Manager, Information Security and Technology Risk Management @ Capital Group
Andres Andreu, CISO @ 2U
Paul Love, CISO & Chief Privacy Officer @ Co-op Solutions
Royce Markose, former CISO
Bob Schuetter, CISO @ Ashland
I ask my guests several questions:
What is the best part of RSAC 2023 for you?
What is the single most critical skill a security leader needs?
What's missing in cybersecurity?
What is your take on Purple Teaming and MITRE ATT&CK?
How do you co-lead the organization?
There is also a VERY special interview with James Stanley, Chief of Product Development at CISA at the end. Don't miss it!
Sponsored by Semperis & AttackIQ.
Semperis provides the industry's most comprehensive Active Directory and Azure AD cyber resilience platform, supported by specialized AD incident response expertise. https://semperis.com
AttackIQ offers a new fully managed breach and attack simulation service. They are the premier provider of MITRE ATT&CK-based security control validation. https://attackiq.com
Wednesday May 17, 2023
Two Founder CEOs with Merav Bahat and Mickey Bresman
Wednesday May 17, 2023
Wednesday May 17, 2023
Leadership skills, technical skills, cybersecurity skills, pluck, drive and determination are all on display as Allan interviews Merav Bahat, CEO @ Dazz and Mickey Bresman, CEO @ Semperis.
Dazz has completed a Series A investment round. Semperis a Series C. It turns out that the skills each CEO needs are still remarkably the same.
Saddle up for another episode, where Allan asks his guests:
What’s the coolest thing that has happened for you or to you as a startup CEO?
What has been the biggest single challenge?
What are your top 3 tenets of leadership?
What is the purpose of vision and how clear must it be?
What is the purpose of mission and how clear must it be?
What is your advice to those who would want to become a startup CEO?
Sponsored by our good friends at Dazz:
Dazz takes the pain out of the cloud remediation process using automation and intelligence to discover, reduce, and fix security issues—lightning fast. Visit Dazz.io/demo and see for yourself.
Wednesday May 10, 2023
Security Chaos Engineering with Kelly Shortridge
Wednesday May 10, 2023
Wednesday May 10, 2023
What is security chaos engineering? You may remember Kelly Shortridge, our very first guest, who came on the show to talk about behavioral economics and cybersecurity. Well Kelly is back to talk about her new book, "Security Chaos Engineering: Sustaining Resilience in Software and Systems".
Security chaos engineering is derived from chaos engineering, a relatively new discipline in software development that seeks to test distributed computing systems to ensure that they withstand unexpected disruptions. It's all about resilience, in other words. Security chaos engineering seeks to do the same for the security of such software systems.
Kelly breaks down her book during a lively conversation featuring an opinion or two her cat, Link (yes, a Zelda reference!):
Who should read this book?
Resilience in software and systems
Systems-oriented security
Architecting and designing
Building and delivering
Operating and observing (Allan's favorite chapter as it intersects with one of his Zero Trust tenets)
Responding and recovering
Platform resilience engineering
Security chaos experiments (a very fun chapter!)
Case studies
Note that the book is peppered with references and quotes from other disciplines. We would expect no less from Kelly.
Sponsored by our good friends at Dazz:
Dazz takes the pain out of the cloud remediation process using automation and intelligence to discover, reduce, and fix security issues—lightning fast. Visit Dazz.io/demo and see for yourself.
Wednesday May 03, 2023
The 9-Layer Cybersecurity Program Cake with Bryan Liebert
Wednesday May 03, 2023
Wednesday May 03, 2023
Bryan Liebert is one smart cookie. Who bakes cybersecurity cakes. But seriously, Bryan has been a CISO, consultant, architect, and has served many other roles in cybersecurity. His specialty is creating simple to digest (we could not help it, sorry!) models for managing and reporting on cybersecurity programs and practices.
Join Bryan and Allan as they serve up (we're still doing it!) a lively and informative episode!
Sponsored by our good friends at Dazz:
Dazz takes the pain out of the cloud remediation process using automation and intelligence to discover, reduce, and fix security issues—lightning fast. Visit Dazz.io/demo and see for yourself.
Wednesday Apr 26, 2023
Four Problems with Cybersecurity with Adrian Wright
Wednesday Apr 26, 2023
Wednesday Apr 26, 2023
Adrian Wright, "The Cynical CISO" of LinkedIn fame, joins Allan to discuss four areas where cybersecurity is perhaps getting it wrong:
Cybersecurity viewed as a necessary evil, related to The Twilight Zone
Ownership, Authority, Accountability: Inventory and Means of Control
Are WE the baddies?
(Largely) Forgotten Security Principles
Allan and Adrian dissect cybersecurity practice in this great episode!
Sponsored by our good friends at Dazz:
Dazz takes the pain out of the cloud remediation process using automation and intelligence to discover, reduce, and fix security issues—lightning fast. Visit Dazz.io/demo and see for yourself.
Monday Apr 24, 2023
The Cloud and the Big Bang of Data with Cecil Pineda and Gene Moore
Monday Apr 24, 2023
Monday Apr 24, 2023
Join us for a SPECIAL EDITON! episode of The Cyber Ranch Podcast LIVE! from CISO XC in Dallas-Fort Worth, Texas!
The topic is data security: its challenges and how to overcome them.
Joining Allan are Cecil Pineda of R1 ("Cecil the CISO") and Gene Moore of Securiti.
The conversation is live and lively, recorded as-is and delivered to you.
Enjoy!
Sponsored by Securiti - https://securiti.ai/