Filtrar por gênero

CISOWise

CISOWise

CISOWise

We are asking CISOs and other cyber security leaders a simple question: What works and what doesn’t? A podcast of pragmatic advice from experienced CISOs and expert cybersecurity professionals of what works... and what doesn't. The cybersecurity field is old enough now that we have some experienced hands - especially those that have done the same thing more than once, at different companies. Now we are looking to share their insights and hard-fought lessons leading the cyber defense program to which they are entrusted. This is a podcast by CISOs for CISOs and aspiring CISOs.

11 - The Stoic CISO with Nick Shevelyov, former Chief Security Officer of Silicon Valley Bank
0:00 / 0:00
1x
  • 11 - The Stoic CISO with Nick Shevelyov, former Chief Security Officer of Silicon Valley Bank

    In this week's episode Dr. Crane speaks with Nick Shevelyov, former chief security officer of Silicon Valley Bank and author of Cyber War and Peace, about staying true to your values and applying the principles of Stoicism, wisdom, justice, courage and moderation, in the context of information security leadership.


    Nick is wrapping up over a 14-year rise at Silicon Valley Bank. As the security leader, banking the world's most innovative companies, SVB provides diverse financial services, global network and world-class service with over $150 billion in total assets, and more than 3,500 employees.


    Nick also recently released a new book that artfully combines the philosophy of stoicism and information security in Cyber War... and Peace. Today, I'm talking with Nick about how he meets the challenges of the demanding customer base and how he uses the concepts of stoicism to help him serve and protect his customers.


    In this episode:

    00:00 — Welcome

    02:24 — Introductions

    02:28 — Cyber War And Peace

    03:34 — How To Apply The Values Of Stoicism To Cybersecurity

    06:42 — How To Apply Courage While In The Role Of CISO

    08:53 — Applying Wisdom In Cybersecurity

    10:51 — Applying Justice In Cybersecurity

    12:00 — Knowing Yourself And Asset Inventory

    15:40 — What Values Are Important For A New CISO

    17:36 — Sign Off


    Nick Shevelyov:

    Website — https://www.nickshevelyov.com/

    Cyber War... And Peace — https://www.nickshevelyov.com/the-book


    Links in this episode:

    The Happiness Advantage — https://www.shawnachor.com/books/happiness-advantage/


    Thanks To Our Sponsors:

    Heinz College CISO Certificate — https://www.heinz.cmu.edu/programs/executive-education/chief-information-security-officer-certificate

    CISOWise vCISO — https://www.cisowise.com/


    Heinz College:

    https://www.facebook.com/heinzcollege

    https://www.linkedin.com/school/carnegie-mellon-university---h.-john-heinz-iii-college/


    Carnegie Mellon:

    https://www.linkedin.com/school/carnegie-mellon-university

    https://www.facebook.com/carnegiemellonu


    Follow CISOWise on all podcast apps.

    Website — https://www.cisowise.com/podcast

    Show Notes & Transcript — https://www.cisowise.com/podcast/010-the-stoic-ciso-with-nick-shevelyov

    Tue, 17 Jan 2023 - 18min
  • 10 - Keeping Iron Man Safe with Mike Wilkes, former CISO of Marvel and ASCAP

    In this week's episode Dr. Crane talks to Mike Wilkes, formerly the CISO at Marvel Comics, about keeping Iron Man safe and digital media security.

    Mike is the chief information security officer at Security Scorecard, the global leader in cybersecurity ratings, and the only service with over a million companies continuously rated. Previously he was the CISO at the American society of composers authors and publishers or ASCAP and Marvel entertainment. 

    He has built transformed and protected companies such as AQR capital, CME Group, Sony, Macy's as well as other European banks and airlines, a graduate of Stanford University and author of a book for Cisco Press in 2002. He's a featured speaker at technology conferences and is a professor at NYU teaching cybersecurity courses. He's also on the board of trustees for the national jazz museum in Harlem.

    This episode was recorded when Mike was the CISO at Security Scorecard, he has since moved on from  this position.


    In this episode:

    00:00 — Welcome

    02:00 — Introductions

    02:21 — Data Classification

    03:50 — Document Management

    05:21 — Marvel Security

    06:38 — What Does Marvel Excel At In Information Security

    07:55 — Tribal Knowledge For A New CISO

    09:29 — Heraclitus

    10:23 — Hackers

    11:18 — Hacking Story

    13:17 — Lessons For CISOs On Hacking And Experimenting

    14:40 — Advice For New CISOs Starting a Team

    18:52 — Tips For Companies Looking To Improve Security

    22:24 — Sign Off


    Mike Wilkes:

    LinkedIn — https://www.linkedin.com/in/eclectiqus


    Links in this episode:

    The Security Chaos Engineering Book — https://www.kellyshortridge.com/book.html


    Thanks To Our Sponsors:

    Heinz College CISO Certificate — https://www.heinz.cmu.edu/programs/executive-education/chief-information-security-officer-certificate

    CISOWise vCISO — https://www.cisowise.com/


    Heinz College:

    https://www.facebook.com/heinzcollege

    https://www.linkedin.com/school/carnegie-mellon-university---h.-john-heinz-iii-college/


    Carnegie Mellon:

    https://www.linkedin.com/school/carnegie-mellon-university

    https://www.facebook.com/carnegiemellonu


    Follow CISOWise on all podcast apps.

    Website — https://www.cisowise.com/podcast

    Show Notes & Transcript — https://www.cisowise.com/podcast/009-keeping-iron-man-safe-with-mike-wilkes

    Tue, 10 Jan 2023 - 23min
  • 9 - Resilient Systems with Yiannis Pavlosoglou, former UK CISO of UBS

    In this week's episode Dr. Crane talks to Yiannis Pavlosoglou about Resilient Systems.

    From supply chain shortages to natural disruptions from changing weather patterns, it seems everything today needs to operate while under some type of duress or attack. But what do CISOs need to know to create resilient systems? And what can we learn from other CISOs who've already gone down this path? 

    NIST defines cyber resiliency as the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources. That's a mouthful, but what does it actually mean to have to build a resilient cyber program to drive the change management necessary to build that type of program, to put in place the governance processes and procedures necessary.

    To discuss this and more, who better to talk with cyber resiliency and governance than Yiannis Pavlosoglou. Currently, the Founder and CEO at Kiberna, and most recently, the CISO for UBS in the UK. 


    In this episode:

    00:00 — Welcome

    02:42 — Introductions

    03:35 — What Is Resilience?

    04:08 — What Works?

    05:37 — CISO as a Change Agent for Resiliency

    07:07 — Challenges Driving A Resilient Organization Forward

    08:47 — Where To Look To Build Resiliency

    11:01 — Challenges To Building Resiliency

    12:20 — The Role Of The CISO In Leading Cyber Resiliency

    16:11 — Tools For Building Resiliency

    18:29 — What To Do Once You Have A Set Of Risks To Tackle

    19:45 — References

    21:14 — Sign Off


    Yiannis Pavlosoglou:

    LinkedIn — https://uk.linkedin.com/in/yiannisp

    Kiberna — https://www.kiberna.com


    Links in this episode:

    Operation Resilience for UK Financial Bodies — https://www.bankofengland.co.uk/prudential-regulation/publication/2018/building-the-uk-financial-sectors-operational-resilience-discussion-paper

    FCA on Building Operation Resilience — https://www.fca.org.uk/publications/policy-statements/ps21-3-building-operational-resilience

    CERT Resilience Management Model — https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=30375


    Thanks To Our Sponsors:

    Heinz College CISO Certificate — https://www.heinz.cmu.edu/programs/executive-education/chief-information-security-officer-certificate

    CISOWise vCISO — https://www.cisowise.com/


    Heinz College:

    https://www.facebook.com/heinzcollege

    https://www.linkedin.com/school/carnegie-mellon-university---h.-john-heinz-iii-college/


    Carnegie Mellon:

    https://www.linkedin.com/school/carnegie-mellon-university

    https://www.facebook.com/carnegiemellonu


    Follow CISOWise on all podcast apps.

    Website — https://www.cisowise.com/podcast

    Show Notes & Transcript — https://www.cisowise.com/podcast/008-resilient-systems-with-yiannis-pavlosoglou

    Tue, 03 Jan 2023 - 22min
  • 8 - Failure, Culture and Keeping Your Sanity in Cybersecurity

    In this week's episode, CISOWise guests such as Mike Wilkes, former CISO for Marvel, Nick Shevelyov, former Chief Security Officer for Silicon Valley Bank, and Tim Brown, CISO of SolarWinds, talk about failure, culture and keeping your sanity in cybersecurity.


    In this episode

    00:00 — Welcome

    02:35 — Alan Levine On His Single Biggest Technology Failure

    05:41 — Tim Brown On Advice For CISOs Potentially Facing A Large Incident

    07:17 — Yiannis Pavlosoglou On Shortcomings Of No Resilience

    09:55 — Mike Wilkes On Having A Social Contract With Your Team

    11:12 — Brandon Hines On Example Of A New CISO Misaligned With The Organization

    13:52 — Mike Wilkes On How Has Marvel Maintained Security Standards For So Long?

    15:30 — Nick Shevelyov On Advice To A New CISO Dealing With Greater Responsibilities

    17:26 — Brent Maher On What Works In Engaging Business Units With Strategy

    19:13 — Joe Robinson On Not Taking Business Decisions Personally

    20:11 — Outro


    Alan Levine:

    LinkedIn — https://www.linkedin.com/in/alan-levine-43a226a

    CISO Street — https://www.cisostreet.com/alan-levine/


    Tim Brown:

    Orange Matter — https://orangematter.solarwinds.com/author/tim-brown/

    LinkedIn — https://www.linkedin.com/in/tim-brown-93639a1/


    Yiannis Pavlosoglou:

    LinkedIn — https://uk.linkedin.com/in/yiannisp

    Kiberna — https://www.kiberna.com


    Mike Wilkes:

    LinkedIn — https://www.linkedin.com/in/eclectiqus


    Brandon Hines:

    LinkedIn — https://www.linkedin.com/in/brandonjhines


    Nick Shevelyov:

    Website — https://www.nickshevelyov.com/

    Cyber War... And Peace — https://www.nickshevelyov.com/the-book


    Brent Maher:

    LinkedIn — https://www.linkedin.com/in/ciso-brentmaher


    Joe Robinson:

    High Peaks Solutions — https://highpeakssolutions.com/


    Thanks To Our Sponsors:

    Heinz College CISO Certificate — https://www.heinz.cmu.edu/programs/executive-education/chief-information-security-officer-certificate

    CISOWise vCISO — https://www.cisowise.com/


    Heinz College:

    https://www.facebook.com/heinzcollege

    https://www.linkedin.com/school/carnegie-mellon-university---h.-john-heinz-iii-college/


    Carnegie Mellon:

    https://www.linkedin.com/school/carnegie-mellon-university

    https://www.facebook.com/carnegiemellonu


    Follow CISOWise on all podcast apps.

    Website — https://www.cisowise.com/podcast

    Show Notes & Transcript — https://www.cisowise.com/podcast/007-failure-culture-and-keeping-your-sanity-in-cybersecurity

    Tue, 27 Dec 2022 - 20min
  • 7 - Your First 100 Hires with Brandon Hines, VP of Security of Dimensional Fund Advisors

    In this week's episode Dr. Crane talks to Brandon Hines about building your cybersecurity team and culture, from your first to your hundredth hire.

    Brandon Hines, the vice president of security at Dimensional Fund Advisors, has spent over 14 years establishing and growing a cybersecurity program and continues as a senior leader. Brandon has deep experience in hiring and then managing an effective cybersecurity team.


    In this episode:

    00:00 — Welcome

    01:33 — Your First Hire

    02:53 — Brandon's Method for Hiring

    04:27 — Mistakes And Red Flags In Hiring

    05:28 — The Importance Of Training

    08:25 — Gaining Insights From Business Units

    10:38 — Assessments

    11:58 — Weighing Consistency In Assessments With Diversity Of Assessments

    12:52 — The Value Of A Security Framework In Maintaining Consistent Assessments

    14:08 — What To Look For When Hiring A Third Party For Assessments

    16:24 — Dangers Of A “Brittle” Third Party Assessment

    19:03 — Sign Off


    Brandon Hines:

    LinkedIn — https://www.linkedin.com/in/brandonjhines


    Thanks To Our Sponsors:

    Heinz College CISO Certificate — https://www.heinz.cmu.edu/programs/executive-education/chief-information-security-officer-certificate

    CISOWise vCISO — https://www.cisowise.com/


    Heinz College:

    https://www.facebook.com/heinzcollege

    https://www.linkedin.com/school/carnegie-mellon-university---h.-john-heinz-iii-college/


    Carnegie Mellon:

    https://www.linkedin.com/school/carnegie-mellon-university

    https://www.facebook.com/carnegiemellonu


    Follow CISOWise on all podcast apps.

    Website — https://www.cisowise.com/podcast

    Show Notes & Transcript — https://www.cisowise.com/podcast/006-your-first-100-hires-with-brandon-hines

    Tue, 20 Dec 2022 - 20min
Mostrar mais episódios