How CISOs Stay Current When They’re Ignoring Vendor Pitches

We promise to keep your identity private while we discuss the troubles of two-factor authentication.

Share your feedback by joining the conversation on LinkedIn.

On this episode of the CISO/Security Vendor Relationship Podcast we discuss:

  • Why don’t more people use two-factor authentication? Does the UX still suck? Why can’t we agree on a common model for how to authenticate? Will U2F be the saving grace for 2FAStory on the debate.
  • What are the signs your employees are going rogue? We debate the need to monitor employees this way. Are internal intrusions the same as external? Is monitoring the monitoring devices enough? What are the signs? Discussion on LinkedIn and a recommended book: “Nothing to Hide: The False Tradeoff between Privacy and Security.”
  • We play a round of “What’s Worse?!” It’s the game where we determine which is the worst of two really bad practices. In this case, the CISOs have to choose between two unpleasant marketing practices.
  • How do CISOs balance compliance and security: The two aren’t equal, but compliance is a means to prove that you’re doing security right. Our guest hits it out of the park with a very clear explanation and also how to use compliance to better market your company.
  • How do CISOs discover new solutions: This might as well be the title of this podcast, but we delve into some unique angles that CISOs are taking as they’re avoiding traditional pitches from security vendors. Discussion on LinkedIn.
  • Ten-second security tip touting the value of passphrases: See this cartoon for more.


As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Allan Alford (@AllanAlfordinTX), CISO, Mitel.

Special thanks to our sponsor, SentinelOne, for supporting this episode and the podcast. Learn more about their autonomous endpoint protection.

Share your feedback by joining the conversation on LinkedIn.

The written content for this podcast was first published on Security Boulevard.