Why were we brought to this event? Why can’t we leave? I don’t think we have enough clues to get out of this vendor meeting. We struggle to remember our safe word in the latest episode of the CISO/Security Vendor Relationship Podcast.


This show, like all the previous ones is hosted by me, David Spark (@dspark), founder of Spark Media Solutions and Mike Johnson, CISO of Lyft. Our guest this week is Richard Seiersen (@RichardSeiersen), former CISO of LendingClub.

Enormous thanks to our sponsor this week, Axonius, simple asset management for cybersecurity.

Got feedback? Join the conversation on LinkedIn

On this episode:


We realize that Mike’s comment about burning found USB drives was spot on. According to an experiment conducted by Sophos, about 2/3rds of found USB drives were infected.

What’s a CISO to do?

You’ve been invited to a vendor dinner, but you feel trapped. Where can you go?

We discuss what constitutes a good vendor dinner and which ones make you feel trapped? Here’s a link to that Onion article I referenced on the show: “‘First Date Going Really Well,’ Thinks Man Who Hasn’t Stopped Talking Yet.”

Ask a CISO

Are CISOs swayed when a vendor sells themselves as “market leading?” Could it actually be a detractor? What about the array of current clients? Does that have any impact?

What’s Worse?!

Mike Johnson says this could be the most even comparison ever!

How a vendor helped me this week

We talked about an article I released last week, “How to Make a Huge Impact in the Security Community with Zero Marketing,” which told the story of building thought leadership and industry influence through open source and related contributions, but not marketing.

Ask a CISO

How quickly is risk being created in your environment and how quickly can you reduce it? More importantly, can you measure that? Our guest, Richard Seiersen, author of the upcoming book, “The Metrics Manifesto: Confronting Security With Data” (Wiley 2019), explains.

Got feedback? Join the conversation on LinkedIn


Creative Commons photo attributions to qlexxx and decade_null.