Since no one ever checks a research study’s methodology, why not just make up all the numbers? You’re in the risk analysis business, right? Chances are very good they’ll never check and research studies are a great way to get free press.



This show, like all the previous ones is hosted by me, David Spark (@dspark), founder of Spark Media Solutions and Mike Johnson. Our guest this week is Melody Hildebrandt (@mhil1), CISO of FOX.

Got feedback? Join the conversation on LinkedIn

Thanks to this week’s sponsors, Axonius and New Context


New Context helps fortune 500s build secure and compliant data platforms. New Context created “Lean Security”, a set of best practices designed to help enterprises manage and secure data for critical infrastructure, and offers professional services and a software solution, LS/IQ, to help enterprises build a secure and compliant data platforms for their business.
Huge congrats to Axonius for their two big wins at RSA this year. They were named Rookie Security Company of the Year by SC Media and they also won top prize at RSA’s Innovation Sandbox. They’ve been touted as the company trying to solve the least sexy part of cybersecurity, asset management. Go to Axonius’ site to learn more.

On this episode

Ask a CISO

It’s been reported many times, that the average life of a CISO is 18 months and Mike Johnson lasted 18 months at Lyft. At the time of Mike’s departure so many people were forwarding me articles regarding the stress level of CISOs, most notably around Nominet’s study that claimed that about 1 in 5 CISOs turn to alcohol or self-medicating. With two CISOs on the panel we discuss if this was the most high-pressured job they had and would you be eager and willing to jump back into the CISO role again.

Why is everybody talking about this now?

Couple weeks ago I wrote an article entitled “30 Security Behaviors that Set Off a CISO’s BS Detector.” There was quite a response from the community to this. Now that we’ve just finished RSA, did our CISOs see or hear anything that set off their BS detectors.

What’s Worse?!

We play two rounds of “What’s Worse?!” Both rounds are cases of employees putting security in very compromising positions.

What’s a CISO to do?

When we talk about security we’re often talking about protecting customer and employee data. While all companies have intellectual property they need to protect, at FOX, Melody Hildebrandt is having to deal with some very high profile individual assets that are of interest to many hackers. What are the factors a CISO must consider, that most security people probably aren’t thinking about, when you’re trying to secure a single media asset that’s worth hundreds of millions of dollars?

What do you think of this pitch?

After you hear this pitch, every security professional may be out of a job. Tip of the hat to Christopher Stealey of Barclays for providing this pitch he received.

You’re a CISO, what’s your take on this?

Ameer Shihadeh of Varonis asks a question of trying to overcome the objection from a security professional that they don’t have any security initiatives or projects.

And now this…

We field questions from our audience for the CISOs.

Got feedback? Join the conversation on LinkedIn.