We’re giving away private networks to everybody. Even if you think you don’t need one, you want one. It’s all on this week’s episode of CISO/Security Vendor Relationship Podcast.

This show, like all the previous ones is hosted by me, David Spark (@dspark), founder of Spark Media Solutions and Mike Johnson. Our sponsored guest this week is Francis Dinha, CEO of OpenVPN.

Francis Dinha, CEO, OpenVPN
Francis Dinha, CEO, OpenVPN

Thanks to this week’s sponsor, OpenVPN


Create an economical and secure private network for your company with OpenVPN. Used by Fortune 500 companies and IT, Access Server keeps your internal data safe with end-to-end encryption, secure remote access, and extension for your centralized unified threat management. Go to openvpn.net/ciso-series to test drive Access Server for free.  

Got feedback? Join the conversation on LinkedIn

On this episode

What’s a CISO to do?

A few years back I interviewed Francis Dinha about hiring talent. Dinha had the fortune to be able to mine his own community of people of open source volunteers. It’s become a great resource for hiring talent. Finding those passionate communities are key for finding talent. We discuss other possible resources and why it’s critical or maybe not critical to hire people who’ve contributed to the open source community.

Why is everybody talking about this now?

Given the number of default passwords being used and connected devices with little to no security, does achieving “zero trust” have to be the InfoSec equivalent of climbing Mt. Everest? We discuss simplifying security architecture so achieving “zero trust” isn’t a badge of honor but rather something everybody can easily do.

“What’s Worse?!”

Another round where we debate an open source conundrum.

Please, enough. No, more.

What have we heard enough with VPNs and what would we like to hear a lot more?

Let’s dig a little deeper

John Prokap, CISO of HarperCollins, said on our live NYC recording, “If you patch your systems, you will have less threats that will hurt you.” I posted John’s basic security advice as a meme, and it got a flurry of response. My favorite came from Greg Van Der Gaast of CMCG who said, “The fact that this is quote/post-worthy in 2019 boggles my mind.” The issue of “why aren’t you doing this” came up and people discussed integration issues, hard to keep up, and the fact that patches can often break applications. Is this a cycle that’s impossible to break?

Got feedback? Join the conversation on LinkedIn

Creative Commons photo attribution with logo addition to The Garner Circle PR LLC.