You put those qualifications on your resume, and I queried. So don’t blame me for getting your hopes up.



This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week Brandon Greenwood, vp, security, Overstock.com.

Thanks to this week’s podcast sponsor Trend Micro

Trend Micro Incorporated, a global leader in cybersecurity solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses, and governments provide layered security for data centers, cloud environments, networks, and endpoints. For more information, visit www.trendmicro.com.

Got feedback? Join the conversation on LinkedIn.

On this week’s episode

How CISOs are digesting the latest security news

Paul Martini of iboss asks, “What network weaknesses has the current pandemic revealed?”

Close your eyes and visualize the perfect engagement

As evidenced by a previous episode, security recruiters have a hard time getting some respect. Let’s discuss this issue from the viewpoint of the candidate. On Peerlyst, David Froud of Concept Security felt that the recruiter approach of saying I have a perfect job for you was misguided. Mike and our guest talk about their early security careers and how welcome they were to approaches from security recruiters.

What’s Worse?!

Crappy tools or crappy team? What’s worse?

I tell ya, CISOs get no respect

On CSO Online, Neal Weinberg has a story about hard truths security professionals have to deal with. One item was the outright lack of respect, being misunderstood and underappreciated, from the board and your coworkers. I know the generic response is communications and listen, but I want to know what are ways to command leadership so those do pay attention to you and you do get that respect. We discuss specific turning points in security leadership careers that allowed Mike and our guest to do this.

Vendors have questions. Our CISOs have answers

Dennis Underwood of Cyber Crucible asks if you can you be a threat hunter if you have to sign NDAs. Are NDAs the cover up so companies don’t have to reveal information about their failed defenses? And are NDAs a common occurrence in bug bounties?