Our motto for hiring: We never give up on our unreasonable expectations.



This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our sponsored guest is Brandon Traffanstedt, global director of systems engineering, CyberArk.

Thanks to this week’s podcast sponsor, CyberArk

At CyberArk, we believe that sharing insights and guidance across the CISO community will help strengthen security strategies and lead to better-protected organizations. CyberArk is committed to the continued exploration of topics that matter most to CISOs related to improving and integrating privileged access controls.

Got feedback? Join the conversation on LinkedIn.

On this week’s episode

Are we making the situation better or worse?

On LinkedIn, Gabriel Friedlander of Wizer asked, “Should we be doing home risk assessments?” Could we create bigger problems if we do that? Gabriel’s post generated a debate on what actions can significantly reduce risk. Is there value in a home risk assessment and if so, what’s it going to reveal?

It’s time for “Ask a CISO”

On reddit, crossfire14 asks, “Why are helpdesk roles requiring 2-3 years experience? I thought they were entry level friendly? Im trying to start at lower positions to work my way into infosec yet I cant seem to qualify for any helpdesk roles because of exp?” I looked and actually these entry level positions are often asking for 3-5 years experience. Is this required? If not, what IS required for an entry level help desk role and what’s the best way to show that?

“What’s Worse?!”

Two horrible company debilitating options that have happened in real life. How would you survive either one?

Please, Enough. No, More

Our topic is Privileged Access Management, or PAM. What have Mike and Brandon heard enough about with PAM, and what would they like to hear a lot more?

Links mentioned on the show:

CyberArk’s DNA – DNA is CyberArk’s discovery solution that reaches out to scan for privileged accounts on-premise.

SkyArk – This one doesn’t require any kind of contact and is focused on doing everything that DNA does, but on privileged access, roles, and permissions in AWS and Azure.

The great CISO challenge

Outsider attacks, insider attacks, your assets, networks, people, and controls – what DOESN’T always change in security? If we assume that consistency is synonymous with simplicity, is it always an uphill battle to try to keep security simple especially if we’re expanding into new services and cloud environments? Could this be why the foundations are still a struggle for everyone?