Set It. Forget It. Reset It. Repeat.

As long as you reset it and repeat, everything in cybersecurity is “set it and forget it”.

This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Brett Conlon (@DecideSecurity), CISO, Edelman Financial Engines.

Check out Tricia Howard’s dramatic readings of cold emails.

Thanks to this week’s podcast sponsor, Keyavi Data

Our Keyavi breaks new ground by making data itself intelligent and self-aware, so that it stays under its owner’s control and protects itself immediately, no matter where it is or who is attempting access. Keyavi is led by a team of renowned data security, encryption, and cyber forensics experts. See for yourself at

Got feedback? Join the conversation on LinkedIn.

On this week’s episode

Why is everybody talking about this now

On LinkedIn and on Twitter, I asked “Is there anything in cybersecurity that’s ‘set it and forget it’?” There were plenty of funny answers like “Passwords” and the “Off” switch. But there were some interesting answers like whitelists from Brian Haugli of Sidechannel security and ethics from Stephen Gill of Russel Holdings. So many treat security as “set it and forget it” but we know that’s a path to insecurity. Regardless, is there ANYTHING in security we can set and forget?

Question for the board

Our guest claims he’s got an awesome board. I don’t think we’ve ever heard that on our show. In most cases there’s either fear of the board or the CISO doesn’t even get direct conversation with the board. I asked our guest what is it about his board that’s so awesome and what tips could he give to CISOs to move their board into that territory?

What’s Worse?!

Who is going to handle physical assets the worst?

If you haven’t made this mistake, you’re not in security

Alexander Rabke, Splunk, asked, “How should sales people handle situations when, in fact, you are a security company with a security vulnerability (he also talked about a product not working) – what do you tell customers. How do you like to see this handled by the vendor?” I know a first response is to be honest, but they want to hold onto your business. What’s a way salespeople could go about doing that?

What do you think of this pitch?

We’re not talking vendor pitches in this segment. We’re talking candidate pitches. Gary Hayslip, CISO, Softbank Investment Advisers and former guest on this show has an article on Peerlyst, a platform which is unfortunately going away, about finding your first job in security. Hayslip’s first tip asks, “What information do you have?” Researching yourself is good advice, but I want to extend that to a question that I think puts you ahead of the pack and ask, “What’s your unfair advantage?” It’s a question that I heard investor Chris Sacca ask startups and I think it can also apply to individuals applying for jobs. Agree? If so, what are some good unfair advantages from candidates that have put them over the top?

David Spark is the founder of CISO Series where he produces and co-hosts many of the shows. Spark is a veteran tech journalist having appeared in dozens of media outlets for almost three decades.