The New CISO is a podcast hosted by Exabeam Chief Security Strategist, Steve Moore. A former IT security leader himself, Steve sits down with Chief Information Security Officers to get their take on cybersecurity trends, what it takes to lead security teams and how things are changing in today’s world.
What career path is best? When is a data breach is over? How do you manage limited IT budgets for maximum ROI? Informative and educational, The New CISO answers your burning cybersecurity questions. Whether you’re a current or aspiring CISO, The New CISO provides practical advice, guidance, and lessons learned from peers.
Have a topic or guest you’d like to see featured on The New CISO? Email us at firstname.lastname@example.org
Hosted by Steve Moore
Steve Moore is Vice President and Chief Security Strategist at Exabeam, helping drive solutions for threat detection and advising customers on security programs and breach response. He is the host of the “The New CISO Podcast” and a Forbes Tech Council member. Prior to Exabeam, Moore served as Staff VP of Cybersecurity Analytics at Anthem, a Fortune 30 healthcare company. Moore’s experience includes leading the investigation of state sponsored cyberespionage campaigns, breach response, associated legal depositions, and client management. He’s passionate about cybersecurity, teamwork and leadership excellence.
Episode 15: Taking a Step back and Learning to Trust the Experts on Your Team
Steve is the CISO at Cambia Health Solutions, responsible for information security across the Cambia family of companies – the holding company for Regence BCBS plans in OR/WA/UT/ID, as well as a handful of health and wellness startups – and executive leadership of the information security organization.
Learning how to step back from work can be a great way to get clarity on how to tackle the projects that really need your attention. But for this to work, you have to learn to trust the experts on your team. Inversely, earning that same level of trust with stakeholders means that a CISO has to take the time to understand how they’re measured on their own success and what motivates them.
Episode 14: Why 3rd Party Security Testing is the New Password Rotation
As professionals, how do we streamline our transition into leadership, and once we’re there, how can we empower those we lead to keep doing what they love without wearing them down? To that point, are there self-imposed hoops we’re making our security teams jump through just to say we’ve “ticked a box?”
Chris Castaldo is the Chief Information Security officer at Dataminr, and is a transformational cybersecurity executive who’s built cybersecurity functions and teams at startups, telecommunication cloud providers, Edtech companies, and also worked at the National Security Agency solving some of the most challenging national cybersecurity issues. Chris is also a US Army Operation Iraqi Freedom veteran, and he currently resides with his family in Maryland.
Episode 13: Unique Challenges, but Opportunities for Women in Cybersecurity
Cybersecurity is a male-dominated field, and oftentimes an unforgiving environment in which to work. In this episode, we touch on the challenges women in security face, and how these translate into unique opportunities.
Olivia Rose is the CISO at Mailchimp, with more than 16 years experience in security advising and consulting executives and C-Level clients. She’s held multiple leadership positions, including at IBM Internet Security Systems (ISS) and Solutionary (NTT); and founded QloudSecure, which helped companies like Costco and Google improve their security maturity programs.
Episode 12: 2020 Cyber Security Trends
On this episode we welcome back two previous guests, Brian Haugli and Scott Morris, to talk about security trends we see going into 2020, specifically changes to the role of the CISO, breaking out of that purely IT and security silo; and helping our organizations better understand risk. We also discuss how to build smarter security solutions, and implement effective capabilities.
Episode 11: Partnering with Higher Education to Prepare Students for a Career in Cybersecurity
Building effective cyber programs in higher education can help prepare the next generation of CISOs for the challenges of an industry in flux. And for those programs to match the realities of industry, real-world experience and mentorship are crucial elements to weave into their DNA.
A United States Air Force veteran, Marc Crudgington serves as the Chief Information Security Officer, SVP Information Security for Woodforest National Bank and is an active member of the University of Houston CIS Industry Advisory Board and Sam Houston State University Digital and Cyber Forensic Engineering Advisory Board.
Episode 10: Assessing Security Reporting Structures
As a modern CISO and security expert, a challenge you may face is that a leader you report to might not understand the business of security. Given that, how do we influence and ultimately correct existing lines of reporting.
Leonard (Lenny) Levy is an accomplished information security executive with over 20 years’ experience addressing cybersecurity challenges. Most recently he served as the interim Chief Information Security Officer for Providence St. Joseph Health, a $26 billion catholic healthcare system.
Episode 9: Digital Trust for Digital Transformation
As a CISO, experience in a broad range of business functions incorporating security often paves the way for future career growth and with an evolving cybersecurity industry, opportunities arise for some CISOs to reshape the way their organization sees them; from a security office into a “trust office.”
Lakshmi Hanspal is the Global CISO at Box, joining the company in January of 2019. In this senior leadership role, she’s responsible for corporate, physical and cyber security of Box’s footprint, including data protection and privacy. Prior to joining Box, Lakshmi was the CISO for SAP Ariba and has held senior positions across Paypal and Bank of America, among other companies. Her career spans across 23+ years in information security, risk management and privacy, with 16+ years in the financial and payments space.
Episode 8: Securing a Cybersecurity Organization
As cybersecurity becomes entrenched in the business cycle, other business functions have expanded their interactions with security teams.That said, the understanding of what a CISO does – hasn’t always followed the same trajectory. How do we as security practitioners help our organizations interact with our security teams, and help them understand the role we play in an increasingly at-risk world?
Currently the CISO of Netskope, Lamont Orange has managed cybersecurity programs, developed cybersecurity talent and maintained and socialized internal security programs for more than 20 years.
Episode 7: Understanding the Adversary
Building a career in security can be a challenge, even for those of us who start off early. For some however, the job can be a natural progression from her Majesty’s armed forces to helping secure the 2012 Olympics and ultimately becoming a CISO. So how do you channel these unique experiences into something that will withstand the diverse threats organizations face today?
Mick Jenkins is the Chief Information Security Officer at Brunel University and a former counter terrorism officer in the British Armed Forces.
Episode 6: Contributing to the Cybersecurity Community
Not too long ago you’d be hard pressed to find cybersecurity communities to engage with, whereas today their ubiquity might be putting them at risk. With so many – and often topical – security communities, how do we ensure the important issues take center stage; promote information sharing, avoid political problems and the sins of our past, all while nurturing young security talent for the future?
Scott Morris is the Vice President, Chief Information Security Officer at BlueCross BlueShield Western New York, where he’s responsible for leading the Enterprise Information Assurance team, including information security, regulatory compliance and process assurance, and incident/problem management.
Episode 5: Does Security Training Really Work?
If we believe that employees are our first line of defense against attacks – like phishing, credential theft, and business email compromise, we need their active participation. But is security training – specifically phishing training – really effective? Should we be doing it differently? We touch on the idea of training versus education, positive reinforcement versus negative, suggestions for engaging with employees, and the best sushi in Vegas.
David Tyburski is the Global Chief Information Security Officer for Wynn Resorts, where for over the last 10 years, he has been responsible for leading the enterprise strategy for information security, identity / access, governance, and incident management for the Las Vegas based developer and operator of high-end luxury hotels and casinos.
Episode 4: Winning Over the Board
The CISO and the board generally share something in common – they both want to manage risk and make the business successful. But a CISO has to earn the board’s trust, even when it’s well established that they’re the security subject matter expert.
Colin Anderson is Vice President of Information Technology, Global Chief Information Security Officer at Levi Strauss & Co. In this role he manages an international team responsible for information risk management, regulatory compliance, information privacy, and IT enterprise risk management.
Episode 3: What It Means to Be an Honest Broker
Learn what it means to be an “honest broker” in the context of security leadership—an agent of trust and transparency for a business. Brian covers strategies for delivering the right message to the board, the learning opportunities that come with candor, and the honest truth about managing the inherent stress of being a CISO.
Brian Haugli is a partner at Side Channel Security, a consulting firm in the Boston area. Previously VP and chief security officer for The Hanover Insurance Group, he’s a seasoned security leader who’s held numerous roles within the federal government responsible for strategic initiatives involving cybersecurity and information risk management.
Episode 2: The Ins and Outs of Budgeting
Andrew Wild, CISO at QTS Data Centers, talks about building an IT security budget, the challenges of prioritizing resources to balance risk, and the value of cooperation–something often more difficult to obtain than the budget itself.
Andrew Wild is CISO of QTS Data Centers. As an information security and risk management executive with over 25 years of experience, he has built and managed numerous corporate information security programs and is known for leading by example with a positive and energetic attitude.
Episode 1: Lessons Learned from a Virtual CISO
Matt Klein, Virtual CISO and Executive Advisor at Optiv, sits down with Steve Moore to share his insights on teamwork, getting visibility at the executive level, and the right prep for effective board conversations.
Matt Klein is a virtual CISO and executive advisor for Optiv. He advises enterprises on how to transition through leadership changes, improve security and reduce risk, and identify areas of opportunity where information technology can help contribute value to the bottom line.