The Cloud Security Today podcast features expert commentary and personal stories on the “how” side of cybersecurity. This is not a news program but rather a pod...
Send us a textIn this conversation, Lance Spitzner shares his unique journey from a military tank officer to a pioneer in cybersecurity, detailing the evolution of his career and the inception of the Honeynet Project. He emphasizes the importance of understanding the human element in security, advocating for a shift from mere security awareness to fostering a robust security culture within organizations. Spitzner discusses practical steps for security teams to enhance their approach, including leveraging AI to improve communication and engagement. He concludes by reflecting on the impact of his work and the growing recognition of the human side of cybersecurity.TakeawaysThe Honeynet Project was born from a need for cyber threat intelligence.Security culture is broader than security awareness; it encompasses attitudes and beliefs.Changing the environment is key to changing organizational culture.AI can be leveraged to enhance communication and simplify security policies.Positive interactions with security teams build a stronger security culture.Chapters00:00 From Military to Cybersecurity Pioneer03:04 The Birth of the Honeynet Project05:59 Understanding the Human Element in Security09:13 Security Culture vs. Security Awareness11:51 Changing Organizational Culture for Security14:46 Practical Steps for Security Teams17:55 Leveraging AI in Security Culture21:11 Measuring Success in Cybersecurity Training
--------
45:45
Dr. Zero Trust on zero trust
Send us a textIn this conversation, Dr. Chase Cunningham, aka Dr. Zero Trust, shares his unique journey into the cybersecurity field, emphasizing the importance of purpose and self-care in a high-stress industry. He discusses the challenges of implementing zero trust strategies in organizations, the significance of understanding offensive tactics to enhance defensive measures, and the need for systemic change in national cybersecurity. Dr. Zero Trust also provides valuable advice for aspiring cybersecurity professionals, highlighting the supportive community and the importance of continuous learning.TakeawaysZero Trust is a strategy, not a product.Self-care is critical in high-stress environments.Understanding offensive tactics is essential for defense.Start small when implementing Zero Trust.
--------
36:10
Cybersecurity compensation 2025
Send us a textIn this conversation, Steve Martano discusses his journey from writing about baseball analytics to becoming a key player in cybersecurity executive search and strategy. He emphasizes the evolving role of CISOs, the importance of aligning with business objectives, and the need for strong leadership skills. The discussion also covers trends in CISO compensation, the mental health challenges faced by security leaders, and the significance of organizational culture in driving satisfaction and effectiveness in cybersecurity roles.The Latest CISO Compensation Trends & Benchmarks.TakeawaysUnderstanding economics can enhance a CISO's effectiveness.Compensation data must be contextualized for accurate benchmarking.Low attrition doesn't always indicate job satisfaction.CISOs face increasing pressures and scope creep in their roles.The job market is expected to become more active in 2025.Chapters00:00 The Journey from Baseball to Cybersecurity05:53 The Intersection of Leadership and Cybersecurity12:00 Mental Health and Satisfaction Among CISOs17:49 Preparing for Future Attrition in Cybersecurity Roles26:29 Engagement and Satisfaction Beyond Compensation32:13 The Evolving Role of Cybersecurity Leadership38:15 Mentorship and Professional GrowthThe future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
--------
45:36
LLMs: risks, rewards, and realities
Send us a textNate Lee discusses his transition from a CISO role to fractional CISO work, emphasizing the importance of variety and exposure in his career. He delves into the rise of AI, particularly large language models (LLMs), and the associated security concerns, including prompt injection risks. Nate highlights the critical role of orchestrators in managing AI interactions and the need for security practitioners to adapt to the evolving landscape. He shares insights from his 20 years in cybersecurity and offers recommendations for practitioners to engage with AI responsibly and effectively.TakeawaysNate transitioned to fractional CISO work for variety and exposure.Prompt injection is a major vulnerability in LLM systems.Orchestrators are essential for managing AI interactions securely.Security practitioners must understand how LLMs work to mitigate risks.Nate emphasizes the importance of human oversight in AI systems.Link to Nate's research with the Cloud Security Alliance.The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
--------
47:26
Tackling cyber & AI in the boardroom
Send us a textSummaryIn this conversation, Chris Hetner discusses the evolving role of boards of directors in cybersecurity, emphasizing the need for improved communication and understanding of cyber risks. He highlights the challenges boards face in adapting to new SEC rules and the importance of leveraging AI responsibly. Hetner also shares insights on tools for quantifying cyber risk and prioritizing investments while advocating for continuous learning and proactive engagement with board members.TakeawaysBoards are becoming more aware of cybersecurity risks.Cybersecurity discussions often receive limited airtime in board meetings.The SEC's new disclosure rules can drive more frequent discussions on cyber risk.AI governance is crucial as AI technologies become more prevalent.Collaboration with general counsel and risk officers is essential.Chapters00:00 Introduction and Background on Cybersecurity and Boards03:05 Current Challenges Facing Boards in Cybersecurity06:11 Understanding Cyber Risk and Communication with Boards08:58 Improving Board Engagement with Cybersecurity11:56 Leveraging SEC Guidelines for Cyber Risk Discussions15:02 The Role of AI in Cybersecurity Governance18:05 Tools for Quantifying Cyber Risk21:12 Prioritizing Cybersecurity Investments24:02 The Importance of AI Governance26:57 Staying Informed in Cybersecurity30:13 Final Thoughts and Continuous LearningThe future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
The Cloud Security Today podcast features expert commentary and personal stories on the “how” side of cybersecurity. This is not a news program but rather a podcast that focuses on the practical side of launching a cloud security program, implementing DevSecOps, cyber leadership, and understanding the threats most impacting organizations today.