Business Security Weekly (Audio)
About bridging the gap between security initiatives and business objectives. Hosted by Matt Alderman, co-hosted by Jason Albuquerque, Ben Carr.
info_outline
Organizations Must Adapt To Safeguard Data In Evolving Environments - Lamont Orange - BSW #377
01/08/2025
Organizations Must Adapt To Safeguard Data In Evolving Environments - Lamont Orange - BSW #377
Data is the fastest growing enterprise attack surface, and is projected to surpass 181 Zettabytes in 2025. Couple data growth with the growing demands of Artificial Intelligence, and the attack surface expands even more. How should organizations adapt their security programs to safeguard their data? Lamont Orange, Chief Information Security Officer at Cyera, joins Business Security Weekly to help you solve your biggest data security challenges. By starting with inventory and classification, data access review can help you answer your biggest data security questions, including: what data you have, where it's stored, who, or what, can access it, and which data risks exist. In the leadership and communications segment, The Business of Cybersecurity: The CISO’s Role in Alignment and Pervasive Governance, CISO Priorities for 2025: Budget Wisely, How Do I Position Myself to Influence Senior Leadership?, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/34756475
info_outline
Say Easy, Do Hard, Minimum Viable Security - Part 2 - Jon Fredrickson - BSW Vault
12/30/2024
Say Easy, Do Hard, Minimum Viable Security - Part 2 - Jon Fredrickson - BSW Vault
Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on January 3, 2023. With the current macro economic head winds, 2023 budgets are either frozen or are flat. Where should CISOs focus these limited budgets to maximize the most out of their security program? In this segment, we invite Jon Fredrickson, Chief Risk Officer at Blue Cross Blue Shield of Rhode Island, to debate what should be in your minimum viable security program. This segment is part 2 and focuses on the minimum viable security vendors for our top 6 capabilities: Asset Management Patch Management IAM/MFA/PIM/PAM EDR/MDR/XDR Backup/Recovery Risk Management Show Notes:
/episode/index/show/sswaudio/id/34490725
info_outline
Say Easy, Do Hard, Minimum Viable Security - Part 1 - Jon Fredrickson - BSW Vault
12/23/2024
Say Easy, Do Hard, Minimum Viable Security - Part 1 - Jon Fredrickson - BSW Vault
Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on January 3, 2023. With the current macro economic head winds, 2023 budgets are either frozen or are flat. Where should CISOs focus these limited budgets to maximize the most out of their security program? In this segment, we invite Jon Fredrickson, Chief Risk Officer at Blue Cross Blue Shield of Rhode Island, to debate what should be in your minimum viable security program. This segment is part 1 of 2 parts and focuses on the minimum viable security capabilities. Show Notes:
/episode/index/show/sswaudio/id/34490655
info_outline
NAC is Back - How Network Access Control Can Protect Your Remote Devices and Data - Rob Allen - BSW #376
12/17/2024
NAC is Back - How Network Access Control Can Protect Your Remote Devices and Data - Rob Allen - BSW #376
The local network is no more. Neither is the corporate firewall. Users are not only working from the office but also remotely, meaning the network we utilize has quickly become the internet, leaving devices and data vulnerable to cyber threats. But how do we monitor this new, expanded network? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss how the dissolution of the business perimeter makes network access controls essential to protect your devices and, by extension, your data. Network Access Control helps protect business assets whether employees are in the office or remote. ThreatLocker Network Control provides a direct connection between the client and server, as opposed to a VPN that goes through a central point. This segment is sponsored by ThreatLocker. Visit to learn more about them! In the leadership and communications segment, CISOs need to consider the personal risks associated with their role, CISOs: Don’t rely solely on technical defences in 2025, The Questions Leaders Need to Be Asking Themselve, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/34488520
info_outline
Okta Secure Sign-In Trends Report Shows Companies are Getting Smarter about MFA - Chris Niggel - BSW #375
12/10/2024
Okta Secure Sign-In Trends Report Shows Companies are Getting Smarter about MFA - Chris Niggel - BSW #375
For over 15 years, Okta has led the charge in securing digital identities through more sophisticated sign-in solutions. Our latest 2024 Secure Sign-In Trends Report offers insights into the rapidly evolving world of identity security, specifically on how organizations across industries are embracing modern, phishing-resistant methods like Multi-Factor Authentication (MFA) and passwordless sign-ins. In this year's report, we explore: - The surge in MFA adoption across industries, and what it means for the future of secure authentication. - Phishing-resistant authentication methods gaining traction, signaling that the passwordless future is possible. - Why a seamless user experience and strong security are no longer in opposition. - How industries compare in their adoption of modern authentication, and who's setting the pace. Segment Resources: Secure Sign-In Trends Full Report: Todd McKinnon Blog on the Secure Sign-In Trends Report: This segment is sponsored by Okta. Visit to learn more about them! In the leadership and communications segment, How Good Leaders Become Great By Never Leading Alone, How Leaders Can Prepare Their Teams For 2025, Nervous About Public Speaking? Here’s How to Use Notes Like a Pro, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/34373575
info_outline
Security Money: Of Course Okta Should Be In The Index - BSW #374
12/03/2024
Security Money: Of Course Okta Should Be In The Index - BSW #374
This week, it's time for Security Money. Of course Okta should be in the Security Weekly 25 Index, Duh! Here are all the companies that now comprise the index: SCWX Secureworks Corp PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd. RBRK Rubrik Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies, Inc. FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc VRNT Verint Systems Inc. CYBR Cyberark Software Ltd TENB Tenable Holdings Inc OKTA Okta Inc S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems, Inc. VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc In the leadership and communications segment, Should the CISO Role Be Split?, CISO's tips for building a culture of cybersecurity, Personal Leadership and Cyber Risk — Top 3 Traits that Deliver Enterprise Level Results, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/34265880
info_outline
2nd Edition: How to Measure Anything in Cybersecurity Risk - Doug Hubbard - BSW Vault
11/25/2024
2nd Edition: How to Measure Anything in Cybersecurity Risk - Doug Hubbard - BSW Vault
Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on Jan 24, 2023. Richard Seiersen and our guest, Doug Hubbard, are finishing the second edition of How to Measure Anything in Cybersecurity Risk. Doug is here to share the success of the first edition and preview the second edition. With more insights, the second edition will share more more research data, free tools, and new concepts like FrankenSME. If you're a risk management professional or want to learn more about risk management, don't miss this interview. Show Notes:
/episode/index/show/sswaudio/id/34079936
info_outline
Similarities Between SOX And SEC's Cyber Rule - Padraic O'Reilly - BSW #373
11/19/2024
Similarities Between SOX And SEC's Cyber Rule - Padraic O'Reilly - BSW #373
The Sarbanes-Oxley (SOX) Act was a watershed moment in corporate governance, fundamentally altering how companies approached financial reporting and internal operational controls. By holding executives personally accountable for the accuracy of financial reports, SOX restored investor confidence in the wake of corporate malfeasance. The SEC's new cybersecurity rule represents a similar pursuit to restore investor confidence — this time for the digital age, centered on integrating cybersecurity into overall risk management. Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins Business Security Weekly to discuss the similarities between SOX and SEC's Cyber Rule. The SEC's cybersecurity rule introduced several vital requirements that build on the principles established by SOX, including: Companies must report material cybersecurity incidents on Form 8-K, ensuring timely and transparent disclosure to investors. Companies must provide regular updates on their cybersecurity risk management policies, the role of management in implementing these policies and the board's oversight of cybersecurity risks. The rule encourages companies to disclose the cybersecurity expertise of their board members, highlighting the importance of informed oversight in managing cyber risks. The rule requires cybersecurity disclosures to be presented in Inline Extensible Business Reporting Language, or Inline XBRL, ensuring consistency and comparability across filings. This segment is sponsored by CyberSaint . Visit to learn more about them! In the leadership and communications segment, Insurance Firm Introduces Liability Coverage for CISOs, How to Navigate a Leadership Transition, Has the Cybersecurity Workforce Peaked? and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/33995992
info_outline
How to Combat the CISO Mental Health Crisis - Ram Movva - BSW #372
11/12/2024
How to Combat the CISO Mental Health Crisis - Ram Movva - BSW #372
Stress in cybersecurity is an industrywide problem. The CISO role is one of the most stressful in any organization. And the stress levels are at an all time high, leading to a mental health crisis. How should CISOs cope with this stress and improve their mental health? Ram Movva, CEO & Founder at Securin, joins Business Security Weekly to discuss the CISO challenges leading to this increased stress and how to cope. Ram will discuss how networking, peer groups, and trusted partners can help CISOs deal with stress and improve their overall mental health. In the leadership and communications segment, Managing Cybersecurity Stress: A Deep Dive into the 93% CISO Burnout Rate, How to Win at Cyber by Influencing People, Boost Your Team’s Productivity by Hiring Force Multiplier, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/33896802
info_outline
Planning A Merger Or Acquisition? Ask These Five Cyber Questions First - Craig Davies - BSW #371
11/05/2024
Planning A Merger Or Acquisition? Ask These Five Cyber Questions First - Craig Davies - BSW #371
Merger and acquisition (M&A) activity in finally starting to pick up. Although the allure of financial gains and market expansion drives these deals, the digital age demands a rigorous assessment of cybersecurity risks accompanying such mergers. Unanticipated cyber issues, like dormant malware or inconsistent access controls, can transform an ideal transaction into a costly headache for the acquiring company post-merger. So how do you assess the potential cyber risks of the transaction? Craig Davies, Chief Information Security Officer at Gathid, joins Business Security Weekly to review the five crucial cyber questions to ask before finalizing any deal. If you're in a merger or acquisition, or plan to merge or acquire another company, don't miss this episode. In the leadership and communications segment, How to Find the Right CISO, New Security Leadership Style Needed for Stressed Workers, Combatting Human Error: How To Safeguard Your Business Against Costly Data Breaches, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/33793717
info_outline
The CISO Mindset, Top Strategies, and Mandating Office Presence Without Purpose - David Bradbury, Erin Baudo Felter - BSW #370
10/29/2024
The CISO Mindset, Top Strategies, and Mandating Office Presence Without Purpose - David Bradbury, Erin Baudo Felter - BSW #370
In the leadership and communications segment, The CISO Mindset: A Strategic Guide for Aspiring CEOs and The Board Members, The Top Strategy to Earn More Respect at Work: A Leadership Expert’s Proven Method, The Problem with Mandating Office Presence Without Purpose, and more! Identity continues to be one of the most used attack vectors by cybercriminals. From phishing to credential stuffing to password spraying – threat actors are finding new ways to infiltrate systems and cause costly problems to companies. David Bradbury, Chief Security Officer at Okta, joins Security Weekly's Mandy Logan to discuss today's threat landscape, what he’s seeing across Okta and our customers and what security leaders need to know about identity threats to stay one step ahead of threat actors today. Segment Resources: Though 75% of cybersecurity professionals say the threat landscape today is the most challenging they’ve seen in the last five years, cutbacks on the cybersecurity workforce and widening skills gaps are creating challenges for the industry. It is becoming harder to find people with the right skills to meet growing and evolving needs. Erin Baudo Felter, Vice President, Social Impact & Sustainability at Okta, joins Security Weekly's Mandy Logan to discuss the widening cybersecurity skills gap and the initiatives Okta has in place to help companies develop, recruit and retain talent within the cybersecurity workforce. Segment Resources: This segment is sponsored by Oktane, to view all of the CyberRisk TV coverage from Oktane visit . Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/33668032
info_outline
Aligning Tech Execs on Cyber Resilience - Theresa Lanowitz - BSW #369
10/22/2024
Aligning Tech Execs on Cyber Resilience - Theresa Lanowitz - BSW #369
Getting C-Suite execs aligned on cyber resilience and cybersecurity can be a challenge. LevelBlue's recent Futures™️ report sought to uncover the barriers that prevent companies from achieving cyber resilience in the enterprise today. The report not only surveyed C-Suite execs (CIOs, CTOs, and CISOs), but non-C-Suite leaders from engineering and architecture roles as well. Segment Resources: - Report Summary and Press Release Report This segment is sponsored by LevelBlue. Visit to learn more about them! In the leadership and communications section, Joe Sullivan: CEOs must be held accountable for security too, More tech chiefs have success measured by profitability, cost management, Is Your Career Heading in the Right Direction?, and more. Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/33567982
info_outline
Budget Planning Guide 2025: Security And Risk - Jeff Pollard - BSW #368
10/15/2024
Budget Planning Guide 2025: Security And Risk - Jeff Pollard - BSW #368
In today’s uncertain macroeconomic environment, security and risk leaders need practical guidance on managing existing spending and new budgetary requests. Jeff Pollard, Vice-President, Principal Analyst on the Security and Risk Team at Forrester Research, joins Business Security Weekly to review Forrester's Budget Planning Guide 2025: Security And Risk. This data-driven report provides spending benchmarks, insights, and recommendations that will keep you on budget while still mitigating the most critical risks facing your organization. Jeff will cover which areas to invest, divest, and experiment, but you'll have to listen to get the details. In the leadership and communications segment, The CEO’s Role in Setting Tone at the Top, CISOs, C-suite remain at odds over corporate cyber resilience, Warren Buffett's Secret To Success? Run It 'Like A Small Family Business,' Says One Of His CEOs, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/33467842
info_outline
Run Your Security Program Like an Election Campaign - Kush Sharma - BSW #367
10/08/2024
Run Your Security Program Like an Election Campaign - Kush Sharma - BSW #367
Does the CISO need to act like a politician? Negotiating budgets, communicating risks, and selling your strategy across the organization does sound a little like a politician. And if that's the case, are you hiring the right campaign staff? Kush Sharma, former CISO for CPR, City of Toronto, and Saputo, joins Business Security Weekly to discuss why you should run your security program like an election campaign. Kush will discuss the other positions you need to hire, not just the technical positions, to help you budget, communicate, and sell your strategy. A politician can't do it all by themself, so why should a CISO? In the leadership and communications segment, PwC Urges Boards to Give CISOs a Seat at the Table, CISO Salary Surge: Fewer Job Changes, Bigger Paychecks for Experienced Cybersecurity Leaders, Fostering a cybersecurity-first culture: Key leadership insights for building resilient businesses, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/33377282
info_outline
How to Attain Zero Trust - Rob Allen - BSW #366
10/01/2024
How to Attain Zero Trust - Rob Allen - BSW #366
The zero-trust security model has been billed as an ultra-safe defense against emerging, unrecognized and well-known threats. Unlike perimeter security, it doesn't assume people inside an organization are automatically safe. Instead, it requires every user and device -- inside and out -- to be authorized before any access is granted. Sounds enticing, but deployments require major architectural, hardware, and software changes to be successful. Rob Allen, Chief Performance Officer at ThreatLocker, joins Business Security Weekly to discuss how their Zero Trust Endpoint Protection Platform can start to help you attain Zero Trust from your endpoints by: Blocking Untrusted Software, Ringfencing™ Applications, and Dynamically Controlling Network Traffic This segment is sponsored by ThreatLocker. Visit to learn more about them! In the leadership and communications segment, Underfunding And Leadership Gaps Weaken Cybersecurity Defenses, A Self-Care Checklist for Leaders, Senate bill eyes minimum cybersecurity standards for health care industry, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/33282007
info_outline
Authentication and Authorization in the AI Era - Shiven Ramji - BSW #365
09/23/2024
Authentication and Authorization in the AI Era - Shiven Ramji - BSW #365
In the leadership and communications segment, CISA Releases Cyber Defense Alignment Plan for Federal Agencies, UnitedHealth Group CISO: We had to ‘start over’ after Change Healthcare attack, 20 Essential Strategies for Leadership Development Success, and more! AI is bringing productivity gains like we’ve never seen before -- with users, security teams and developers already reaping the benefits. However, AI is also bolstering existing threats to application security and user identity -- even enabling new, personalized attacks to emerge. Shiven Ramji, President of Customer Identity at Okta, joins Business Security Weekly to discuss how AI is changing app authentication and authorization for developers and security teams. With traditional and AI-powered applications facing more complex security challenges, companies need to explore new ways to protect their end users while also creating seamless customer experiences – and that starts with Identity. Segment Resources: This segment is sponsored by Okta. Visit to learn more about them! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/33175382
info_outline
Solving the Cybersecurity Data Problem - Padraic O'Reilly - BSW #364
09/17/2024
Solving the Cybersecurity Data Problem - Padraic O'Reilly - BSW #364
Cybersecurity is complex. We have threats, vulnerabilities, incidents, controls, risks, etc. But how do they all connect together to drive a cyber risk program? As an industry, we've struggled for 20+ years trying to boil this ocean. Maybe we've been going about it the wrong way. Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins Business Security Weekly to discuss how AI can help us solve the cybersecurity data problem. Starting with simple mappings from risks to controls, CyberSaint is flipping the cyber risk management problem on it's head. Instead of working from the bottom up, CyberSaint is tackling the problem from the top down. Padraic will discuss how CyberSaint is using AI, practical AI, to address the complexities of cybersecurity data, including: the use of Watsonx to generate their new KnightVision report how to use graphical node networks to model cybersecurity data the future of AI models to prioritize recommendations from all the data This segment is sponsored by CyberSaint . Visit to learn more about them! In the leadership and communications segment, Why Companies Should Consolidate Tech Roles in the C-Suite, End of an era: Security budget growth slows down, Global cybersecurity workforce growth flatlines, stalling at 5.5M pros, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/33091642
info_outline
Cybersecurity and the Business - Theresa Lanowitz - BSW #363
09/10/2024
Cybersecurity and the Business - Theresa Lanowitz - BSW #363
Cybersecurity resilience, different from cyber resilience, is critical as threats grow in frequency and complexity. With digital innovation driving business, cybersecurity resilience is essential for maintaining stakeholder trust and compliance. But where do you start? Theresa Lanowitz, Chief Evangelist at LevelBlue, joins Business Security Weekly to discuss how to align cybersecurity and the business, including the need to: fundamentally shift you mindset and approach to acheiving operational excellence in cybersecurity prioritize IT and building security into everything you do prioritize proactive investment over funding emergencies leverage external expertise for success This segment is sponsored by LevelBlue. Visit to learn more about them! In the leadership and communications segment, Blind Spots in the C-Suite & Boardroom, Evolving Cybersecurity: Aligning Strategy with Business Growth, How to Lead Like a Coach, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/32993832
info_outline
Leadership Lessons from the First 100 Episodes of CISO Stories - Todd Fitzgerald - BSW Vault
09/02/2024
Leadership Lessons from the First 100 Episodes of CISO Stories - Todd Fitzgerald - BSW Vault
Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This episode was initially published on November 29, 2022. Todd Fitzgerald, author of CISO Compass and host of CISO Stories, joins BSW to share his top leadership lessons from the first 100 episodes of CISO Stories. Todd interviews CISOs and gains insights into their challenges and how they are solving them. Don't miss this recap! View CISO Stories podcast episodes here: Show Notes:
/episode/index/show/sswaudio/id/32800882
info_outline
The Changing Risk Landscape: CISO Liability - Darren Shou - BSW #362
08/26/2024
The Changing Risk Landscape: CISO Liability - Darren Shou - BSW #362
How are personal liability and indemnification impacting the CISO role? Darren Shou, Chief Strategy Officer from RSA Conference, describes the current landscape of CISO liability and the challenges facing CISOs today. He discusses the implications of the SEC's recent actions, including the charges against SolarWinds' CISO, and the growing trend of personal liability for security leaders. Darren will also highlight comparisons between the roles of CISOs and CFOs, highlighting what security professionals can learn from their financial counterparts in handling risks and responsibilities. Finally, he explores how to build an effective coalition, both internally with company executives and externally with peers. In this ever changing risk landscape, it takes a village, and Darren shares his vision for how to build that village. This week we talk a lot about the CISO's relationship with the business and the challenges of being aligned and keeping up. We also talk about budget priorities, the challenge of doing security in small businesses, and the ever-present challenge of burnout. Finally, we discuss what servant leadership actually means. On this last topic, Ben makes a book recommendation, which you can find here: Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/32750562
info_outline
Why Cyber Resilience Matters - Andrew Harding, Theresa Lanowitz - BSW #361
08/19/2024
Why Cyber Resilience Matters - Andrew Harding, Theresa Lanowitz - BSW #361
What are the barriers to cyber resilience today? Why is it so difficult? And what is coming next, that will generate resilience challenges further down the line? After five years of focusing on the short- and medium-term future of cybersecurity and edge, this year, LevelBlue wanted to understand what is preventing cyber resilience—and what business leaders are doing about it. Theresa Lanowitz, Chief Evangelist at LevelBlue, joins us to discuss the results of their research. Segment Resources: LevelBlue.com/futuresreport This segment is sponsored by LevelBlue. Visit to learn more about them! While CISOs are often responsible for technology implementation, they are not getting the support they need at a strategic level. The Accelerator found that 73% of CISOs expressed concern over cybersecurity becoming unwieldy, requiring risk-laden tradeoffs, compared to only 58% of both CIOs and CTOs. Understanding the C-suite’s business priorities is critical for shaping effective cybersecurity strategies. Identifying how these essential roles look at the business helps to ensure alignment among CIOs, CTOs, and CISOs, as well as the teams that report into them. It’s a key first step towards bolstering cyber defenses, especially with the CEO and Board support. This segment is sponsored by LevelBlue. Visit to learn more about cyber resilience and how to start the conversation in your organization! Employees spend up to 80% of their working hours in a web browser, and threat actors are increasingly leveraging browsers to target users and initiate attacks. Disrupting the tool employees use for 80% of their job would have massive impact on productivity. Rather than ripping and replacing, enterprises can turn any browser into a secure enterprise browser. Segment Resources: Menlo homepage: Menlo research on three new nation state campaigns: Every browser should be a secure enterprise browser: Defending against zero-hour phishing attacks: This segment is sponsored by Menlo Security. Visit or schedule a demo to learn more about the role of browser security in eliminating the risk of highly evasive threats! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/32644342
info_outline
Security Money: Crowdstrike Crashes the Index - BSW #360
08/12/2024
Security Money: Crowdstrike Crashes the Index - BSW #360
This week, it’s time for security money, our quarterly review of the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. This quarter, Crowdstrike crashes the index, as Thoma Bravo acquires another index company. The index is currently made up of the following 25 pure play cybersecurity public companies: Secureworks Corp Palo Alto Networks Inc Check Point Software Technologies Ltd. Rubrik Inc Gen Digital Inc Fortinet Inc Akamai Technologies, Inc. F5 Inc Zscaler Inc Onespan Inc Leidos Holdings Inc Qualys Inc Verint Systems Inc. Cyberark Software Ltd Tenable Holdings Inc Darktrace PLC SentinelOne Inc Cloudflare Inc Crowdstrike Holdings Inc NetScout Systems, Inc. Varonis Systems Inc Rapid7 Inc Fastly Inc Radware Ltd A10 Networks Inc In the leadership and communications segment, The Cybersecurity Leadership Crisis Dooming America’s Companies, Judge Rejects SEC’s Aggressive Approach to Cybersecurity Enforcement, Is It Time to Pivot Your Strategy?, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/32551402
info_outline
Say Easy, Do Hard - Job Search Strategies for CISOs - Part 1 - Merlin Namuth, Brad Rager - BSW #359
08/05/2024
Say Easy, Do Hard - Job Search Strategies for CISOs - Part 1 - Merlin Namuth, Brad Rager - BSW #359
Inspired by my co-host Jason Albuquerque, this quarter's Say Easy, Do Hard segment is Job Search Strategies for CISOs. In part 1, we discuss the challenges facing the CISO role and it's hiring. As CISOs leave the role, the position is not necessarily being refilled. How will this impact future CISO hiring? Inspired by my co-host Jason Albuquerque, this quarter's Say Easy, Do Hard segment is Job Search Strategies for CISOs. In part 2, Jason proposes we blow it all up, while Ben recommends a certification board for CISOs. We have no shortage of suggestions for how to fix the CISO hiring problem. Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/32445152
info_outline
Identity Security Posture Management - Allan Alford, Dor Fledel - BSW #358
07/29/2024
Identity Security Posture Management - Allan Alford, Dor Fledel - BSW #358
Identity, the security threat that keeps on giving. For the 17th year in a row, identity is one of the top threats identified in the Verizon DBIR. Why? Dor Fledel, Senior Director of Product Management at Okta and Co-Founder of Spera, joins Business Security Weekly to discuss the challenges of identity and how to solve them. From numerous disparate identity systems to a proliferation is SaaS application usage, Dor explains why Identity SecurityPosture Management is critical component to identify vulnerabilities, prioritize risks, and streamline remediation. If you're struggling with securing your identities, don't miss this interview. Segment Resources: This segment is sponsored by Okta. Visit to learn more about them! The CISO role has been evolving for 20 years, but the last 2 years have accelerated that evolution. Some might say it's evolving into extinction. What are the factors driving this evolution? Allan Alford, CEO at Alford and Adams Consulting and host of The Cyber Ranch Podcast, joins Business Security Weekly to discuss this evolution and some of the factors driving these trends. In this interview, Allan will share his insights: Migratory Trends of the CISO CISO Skill Sets: Technical or Business? The Language of the CISO Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/32337637
info_outline
Closing CISO-CEO Communication Gap Requires a Common Business Language - Sumedh Thakar, Jeff Recor - BSW #357
07/23/2024
Closing CISO-CEO Communication Gap Requires a Common Business Language - Sumedh Thakar, Jeff Recor - BSW #357
Back in April, we covered a story on episode #348 titled "CISO-CEO communication gaps continue to undermine cybersecurity". In that article, Sumedh Thakar, the CEO at Qualys, stated "CISOs must translate technical risks into business impact for CEOs." But he didn't say how. So, we invited him on the show to explain. In this episode, Sumedh walks us through real life interactions with his CISO and Board and explains why security needs to be communicated in business terms. Security is a risk management discipline. No one understand that more than Jeff Recor. Jeff has built risk management practices for Deloitte, Grant Thornton, and Accenture and has recently formed his own risk consulting practice. In this unscripted interview, Jeff will share his insights on the evolution of security as a risk management discipline, what CEOs and Boards really need, and how CISOs can be successful as a business leader. Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/32258602
info_outline
Solving the Complexities of Cyber Insurance for SMBs - Brian Fritton - BSW #356
07/15/2024
Solving the Complexities of Cyber Insurance for SMBs - Brian Fritton - BSW #356
Cyber insurance underwriting is all over the map. With such a variation in application requirements, how should small and medium businesses prepare to receive the best policy for the price? Brian Fritton joins Business Security Weekly to discuss a systematic approach to preparing for cyber insurance. By working with the underwriters, this approach provides implementation guidance on the controls required to maximize your coverage, including premium discounts, higher ransomware supplements, and a reduction is deductibles. If you're struggling with cyber insurance, don't miss this interview. In the leadership and communications section, The Board’s understanding of cybersecurity, What does your CEO need to know about cybersecurity?, As CISOs grapple with the C-suite, job satisfaction takes a hit, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/32149192
info_outline
Technology Rationalization in Cybersecurity - Max Shier - BSW #355
07/09/2024
Technology Rationalization in Cybersecurity - Max Shier - BSW #355
On average, CISOs manage 50-75 security products. Many of these products have either not been deployed or only partially deployed, while others overlap of products. How do CISOs effectively consolidate their products to a manageable size? Max Shier, Chief Information Security Officer at Optiv Security, joins Business Security Weekly to discuss technology rationalization within cybersecurity. Max will discuss how to inventory your security products, identify overlap, and pick the right products for your organization. In the leadership and communications section, Bringing the boardroom to the cyber battlefield, Navigating the CISO Role: Common Pitfalls for New Leaders, Ask Better Questions to be a Better Leader, and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/32058247
info_outline
CISOs 2023 Planning Guide: Forecast The Recession's Impact On Your Program - Jeff Pollard - BSW Vault
07/01/2024
CISOs 2023 Planning Guide: Forecast The Recession's Impact On Your Program - Jeff Pollard - BSW Vault
Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on October 11, 2022. As 2023 approaches, security leaders are hard at work preparing their budgets, identifying their projects, and setting their priorities for the next twelve months. At the same time, the growth mode days of cybersecurity spending appear to be over as budgets receive more scrutiny than ever. Join us as we discuss the pressures and problems that CISOs will encounter in 2023, and how they can best defend their cybersecurity budgets while the economy slips into a downturn. Show Notes:
/episode/index/show/sswaudio/id/31961217
info_outline
Building a Successful API Security Strategy - Luke Babarinde, Bhawna Singh - BSW #354
06/25/2024
Building a Successful API Security Strategy - Luke Babarinde, Bhawna Singh - BSW #354
With 71% of web traffic coming from API calls last year and the average organization maintaining 613 API endpoints, a robust strategy is needed to protect APIs against automated threats and business logic attacks. Tune in as Luke Babarinde, Global Solution Architect, shares the key steps to building a successful API security strategy. This segment is sponsored by Imperva. Visit to learn more about them! In the age of AI, driving a business forward requires balancing three very significant considerations: growth through innovation, productivity through operational efficiency, and trust through security. To better understand how AI impacts the intersection of security, innovation, and operational efficiency, Okta commissioned an AlphaSights survey of 125 executives across three regions, targeting the decision-makers typically tasked with helming those efforts at companies: CSOs/CISOs for their focus on security CTOs for their focus on innovation CIOs for their focus on operational efficiency Bhawna Singh, Chief Technology Officer at Okta, is here to discuss the results. Segment Resources: This segment is sponsored by Okta. Visit to learn more about them! Visit for all the latest episodes! Show Notes:
/episode/index/show/sswaudio/id/31880207
info_outline
Zero Trust Is Not A SKU - Saša Zdjelar - BSW Vault
06/17/2024
Zero Trust Is Not A SKU - Saša Zdjelar - BSW Vault
Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on August 9, 2022. Zero Trust is the security buzzword of the moment, and while it is a very powerful approach, nearly every enterprise security product on the market – and some that aren’t even security products — are saying they enable Zero Trust. The problem is this: you can’t buy zero trust. It’s an approach, an architecture, and a journey, not software, hardware, or a service to deploy. Zero Trust also provides a rare opportunity in security - to reduce cost, improve security AND enhance end-user and customer experience. Show Notes:
/episode/index/show/sswaudio/id/31719712