We’re comparing ourselves to media you already know in hopes you’ll better understand our product and listen to our show. It’s our first self-produced live recording of the CISO/Security Vendor Relationship Podcast from San Francisco and it came out awesome.


This show, like all the previous ones is hosted by me, David Spark (@dspark), founder of Spark Media Solutions and Mike Johnson, CISO of Lyft. Our guest for this live show is Andy Steingruebl (@asteingruebl), CSO of Pinterest.

Check out all the awesome photos from our first self-produced live recording.

Thanks to our sponsors

The Synack Crowdsourced Security platform delivers effective penetration testing at scale. Synack uses the world’s top security researchers and AI-enabled technology to find what scanners and regular testing do not. It’s used by US Dept of Defense and leading enterprises for better security. To learn more, go to synack.com.

New Context helps fortune 500s build secure and compliant data platforms. New Context created “Lean Security”, a set of best practices designed to help enterprises manage and secure data for critical infrastructure, and offers professional services and a software solution, LS/IQ, to help enterprises build a secure and compliant data platforms for their business.

Create an economical and secure private network for your company with OpenVPN. Used by Fortune 500 companies and IT, Access Server keeps your internal data safe with end-to-end encryption, secure remote access, and extension for your centralized unified threat management. Go to openvpn.net/ciso-series to test drive Access Server for free.  

Got feedback? Join the conversation on LinkedIn.

On this episode

Why is everybody talking about this now?

Chris Roberts with Attivo Networks caused a flurry of discussion when he argued that using the term “security” is meaningless. He said, “There is no such thing as security. There is just a measurement of risk.” He went on to say we shouldn’t be talking about security risk, but only business risk. Would it be a good idea to change the terminology?

How are CISOs are digesting the latest security news?

France’s data protection regulator, CNIL, issued Google a $57 million fine for failing to comply with its GDPR obligations. Not the first GDPR fine, but it’s first big tech giant. And it’s not nearly as much as it could have been. But it’s the biggest fine so far. Are GDPR fines starting to get real? Will this embolden even more fines?

Hey, you’re a CISO, what’s your take on this?

On LinkedIn Mike Johnson brought up the discussion of security vendors marketing what they’re not. He claimed that this tactic is doomed to fail, and should just stop. Why is it a failed tactic?

It’s time to play, “What’s Worse?!”

We get a little philosophical in this round of “What’s Worse?!”

Um…What do they do?

I read the copy from a vendor’s website and the two CISOs try to figure out, “What do they do?”

Ask a CISO

A listener asks, “What are the signs that tell you that a vendor is serious about improving the security of their product?”

How are CISOs are digesting the latest security news?

A caustic attendee to DerbyCon brings down the entire event because the organizers didn’t know how to handle his behavior. How can event producers in the security space avoid this happening in the future?

And now this…

We take questions from our audience.

Got feedback? Join the conversation on LinkedIn.