Look for any podcast host, guest or anyone
Showing episodes and shows of

Allan Alford

Shows

The Cyber Ranch PodcastThe Cyber Ranch PodcastWhy We Need To Rethink All of ItHowdy, y’all, and welcome to The Cyber Ranch Podcast.  Today we tackle WHY?  Why do we have this show?  Why do we ask the questions we ask and host the guests we host?  Why does any of this matter? More importantly, WHY do we all keep doing the same things over and over, saying the same things over and over, and expecting better results? WHAT  can we change? Join Allan Alford, many times CISO, and cybersecurity podcaster of many years now.  Joining Allan is Drew Simonis, who has been co-hosting the show now...2025-01-0138 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastPeople, Process & Technology: People with Jeremiah RoeJeremiah Roe has held many roles in cybersecurity:  Field CISO, Red Teamer, Advisor, Consultant, Etc.  He currently advises for OffSec, who provide quality cybersecurity training.  Drew Simonis and Allan Alford determined that Jeremiah would be a great guest for launching a 3-part mini series - each of the three shows exploring People, Process and Technology respectively. The three cover the following topics in a lively conversation that journeys into several aspects of People as they relate to cybersecurity: People, Process, and Technology - Which is most important? If they knew what we knew about cybersecurity, would the...2024-07-3138 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastMeasuring Leadership (And Followership!)If leadership exists in good and bad forms, so must followership. Leadership can exist both by designation, and dynamically, as manifested by folks who may not have an official leader title. And yet we don't measure followership, and our measurements of leadership leave something to be desired... Join Allan Alford as he flies solo this week exploring these topics and suggesting a better way forward. Y'all be good now! 2024-07-0330 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastThe Positives of Cybersecurity LIVE! at CISO XC with Dani Woolf and GuestsHowdy, y’all, and welcome to The Cyber Ranch Podcast… AND The Audience 1st Podcast!  What you are about to hear was recorded LIVE! at the CISO XC conference in Dallas-Fort Worth, Texas (my very favorite conference!)  I am your host, Allan Alford, CEO of Alford & Adams Consulting.  I have co-host on this episode, Dani Woolf, of the Audience 1st podcast!    On her show, Dani interviews security buyers so vendors can more efficiently market and sell to them without ruffling their feathers (or piss them off).  What we’re doing on this joint endeavor is interviewing various CISOs and other folks a...2024-05-2938 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastThe Negatives of Cybersecurity LIVE! at CISO XC with Dani Woolf and GuestsHowdy, y’all, and welcome to The Cyber Ranch Podcast… AND The Audience 1st Podcast!  What you are about to hear was recorded LIVE! at the CISO XC conference in Dallas-Fort Worth, Texas (my very favorite conference!)  I am your host, Allan Alford, CEO of Alford & Adams Consulting.  I have co-host on this episode, Dani Woolf, of the Audience 1st podcast!  On her show, Dani interviews security buyers so vendors can more efficiently market and sell to them without ruffling their feathers (or piss them off).  What we’re doing on this joint endeavor is interviewing various CISOs and other folks...2024-05-2229 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastWhen It's Good To Deprioritize Security with Drew SimonisHowdy, y’all, and welcome to The Cyber Ranch Podcast!  That’s Drew Simonis, CISO @ Juniper Networks, former CSO @ Hewlett Packard Enterprise, former CISO at Willis – you get the idea.  Drew’s posts on LinkedIn are pure fire – not in the hot takes way, but because of the quality of the thinking behind them.  Drew has also been on the show a couple of times now, and we keep inviting him back because he’s always worth hearing from.  Drew and Allan were chatting this afternoon about the idea that oftentimes cybersecurity does not matter – and that that’s okay!  So we decided...2024-05-1633 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastLeadership Conflicts with Tom LeDucThis one was recorded LIVE! in Podcast Alley at the CyberMarketingCon 2023 put on by the Cybersecurity Marketing Society in Austin, Texas.   Marketing!?!!?  Say what!?!?   Yup!  Allan went down to Austin to catch up with industry players and to participate in the conference as a "creator", i.e., podcaster. While there Allan ran into his friend Tom LeDuc, CMO at Semperis, and he got Tom to hop on the mic with him to discuss leadership challenges such as conflict, territorialism, jurisdictional disputes, startup mindset vs. bigger mindset...  The two o...2024-01-1726 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastIdentity as the Perimeter with Adam BatemanHowdy, y’all, and welcome to The Cyber Ranch Podcast!  Our guest is Adam Bateman, CEO and Co-Founder at Push Security, based in the UK.  Another of our cyber friends from across the pond!  Is a former director at the security consultancy MWR who were renowned in the industry for their specialist research and red team capability. Adam started off as a red teamer himself, and then went on to build and lead the detection and response division of MWR, where they specialized in defending organizations against state-sponsored attacks.   Adam came up in the world of offensive security, and it show...2023-12-1331 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastDefining Budgets with Tim RohrbaughHowdy, y’all, and welcome to The Cyber Ranch Podcast!  That’s Tim Rohrbaugh, Founder/Principal at DefaultDenySec, former CISO for JetBlue Airways, advisor, investor: yup!  Another Cyber Ranch guest with an awesome history!  Tim and Allan were chatting a while back about budgeting cybersecurity programs, and they found out that they disagreed on a rather key point.  In true Cyber Ranch fashion, Allan immediately asked Tim to come back to the show and to dig into the issue with him.  They are starting with disagreement, which always makes for a better show... Allan maintains that the cybersecurity budget sh...2023-11-0136 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastBad Behaviors: A Better Way LIVE! with Chris TillettChris Tillett is a well-known figure in our industry.  He is in product management and R&D at Palo Alto Networks.  He is also a great guy, funny, and can wield the snark quite well.  He is the perfect foil for Allan Alford as the two of them take the gloves off, pick on one another, and tear apart bad vendor and bad CISO behaviors.  LIVE!  At Black Hat!   The two tackle some of the most sensitive pain points on both sides of the fence, and get into solutioning some of the most common CISO/vendor...2023-10-1133 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastAllan Interviews EVERYONE at Black HatDid you miss Black Hat this year?  Well you won't miss the great conversations that were had, as Allan captured so many good ones for this special Black Hat retrospective episode.   Did you get to attend Black Hat this year?  See if your experience was as amazing as Allan's!  This show is LIVE and untarnished.  It's the real Black Hat experience!   In this episode, Allan talks to (in alphabetical order, with timestamps):   1:02 - Dani Woolf, Founder & CEO at Audience 1st 3:06 - Daniel Blackford, Manager of Threat...2023-08-1634 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastAllan Answers LinkedIn QuestionsThis week Allan flies solo and tackles a variety of questions that came in from LinkedIn - including his origin story. Allan tackles the following questions: How does a CISO protect themselves from prosecution? How does one get value from a cybersecurity assessment? How should one pick a cybersecurity solution or company? How do you "disconnect" from cybersecurity? How to start and sustain a cybersecurity podcast - why and why not? Allan's orgin story Allan argues with himself over two issues NOTE: Allan states: "I have no idea why anyone would want to hear my o...2023-07-0629 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastZero Trust & DSPM with Claude Mandy - SPECIAL LIVE EDITIONThis episode was recorded LIVE at the 2023 Symmetry Systems Unconference on Zero Trust, adjunct to RSAC 2023. Allan is joined by his friend Claude Mandy, former CISO, former analyst, and now Chief Evangelist at Symmetry Systems.  Like Allan, Claude is a Zero Trust enthusiast.  The podcast was the capstone to a long day of Zero Trust presentations, panels, book reviews and other great topics and conversations. Join Allan and Claude at this live recording that covers: - How does DSPM fit into Zero Trust? - Allan's victory at a recent Digital Fight Cl...2023-06-2222 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastHow to Trust Your Vendors - A Scary Case Study with Paul MorenoThis episode is a story about an entire vendor encounter gone horribly wrong.  Allan is joined by Paul Moreno, VP of InfoSec at Catawii, formerly SVP of Cybersecurity at Adyen, investor and advisor.  Paul found a cybersecurity vendor.  Paul found good references.  Paul got referrals from peers.  Paul did a PoC.  And after that, it all went downhill.  Paul was kind enough to share his story as he and Allan pick apart the failings and deliberate on ways we can all avoid such encounters. Topics covered are: - How to spot lies - Vetting...2023-03-2228 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastTech Teams, GRC Teams, and the CISO with Dr. Mike BrassJoin Allan and Dr. Mike Brass (whose degree is in archaeology!) as they jointly explore the technical side of the house vs. the GRC side of the house, noting that GRC can be a great path to CISO. Hear Mike's journey from IT technician to GRC to CISO. Topics Allan and Mike cover: The tension between tech teams and GRC teams, and how a CISO can bridge the two teams Reasons why GRC makes such a great background for the CISO role (and how to get there) What engineering/architecture folks should know about...2023-03-1527 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastHow Do We Embrace Imperfection with Robin SundaramWe have this idea that we can be perfect.  And we know that idea is unsound.  So we settle for imperfection.  But are we doing that purposefully?  Do we have a conscious plan for embracing imperfection?  How can we, as cyber professionals, embrace our imperfection meaningfully and with intent?   Join Allan and Robin Sundaram as they explore this topic, covering areas such as: NIST CSF is all about imperfection Embracing CMDB imperfection Vulnerability Management and Patch Management Product/Project Rollouts Dev teams and the pipeline Imperfection and GRC It's a great conversation and you ar...2023-03-0833 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastBISO Bonanza with Ann Hines, James Binford and Matt WinkelerDo you want to be a CISO one day?  Are you a CISO today who wants to strengthen your ties into the rest of the business?  The Business Information Security Officer (BISO) role is one you should explore. The role can vary quite a bit, as you will hear on this episode with not one, not two, but three BISOs joining Allan Alford to discuss the role and its nuances:  where it fits, what is required, how it is best positioned and managed. Allan has been a BISO himself and has managed BISOs as well, so...2023-02-0832 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastManaging Careers with Luis ValenzuelaThis episode is jam-packed with wisdom that is delivered at a rapid pace.  Some folks will find themselves rewinding and taking notes.  Luis Valenzuela, Director of Data Loss Prevention and Data Governance at InComm Payments, joins Allan Alford to talk about managing careers - how to manage your own, and, for leaders, how to help your team manage theirs.  Topics include: - Pivotal career transitions - Is a plan _really_ required? - Principles, foundations, and successful behaviors - Practical steps and resources - Is the power of envisioning enough? ...2023-01-1130 minThe Cyber Ranch PodcastThe Cyber Ranch Podcast100th Episode Call-In Special with 21 Guests!To celebrate the 100th episode, Allan decided to let the audience participate in the show.  21 people called in and answered a wide variety of questions about cybersecurity.  It is a fantastic show and it is very fun to hear all the different perspectives from folks who have just about every role in cybersecurity you can imagine: 00:00:58 - Brent Deterding - What can practioners do to show more love to vendors? 00:03:07 - Evgeniy Kharam - How important are soft skills in cybersecurity? 00:03:54 - Evgeniy Kharam - What are we doing wrong in cybersecurity? 00:05:17 - Andy El...2023-01-041h 32The Cyber Ranch PodcastThe Cyber Ranch PodcastCan We Even Measure Risk? with Andy Ellis and Chris Roberts - EXPLICITThis is another "'E' for explicit" show as this one is another LIVE! show from the CISO XC conference in Dallas-Fort Worth. Why the 'E'?  Because halfway through Allan Alford's conversation with Andy Ellis (CISO at Orca, Operating Partner at YL Ventures, former CISO at Akamai), Chris Roberts (CISO at Boom Supersonic) joins the stage with some fine whisky and his own clever takes on measuring risk. Join Allan, Andy, and Chris as they deconstruct risk, extolling its virtues, and hopefully change the way you think about risk altogether. Is likelihood times impact valid? Is the 5x5 g...2022-12-1436 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastIs It Even Our Job to Make Them Care About Cybersecurity? with Yaron LeviIn this episode, Allan Alford plays Devil's advocate - challenging the practitioner community to refute the idea that we should quit trying to make the organization care and simply make suggestions and accept the organization's level of risk tolerance. Allan posted this topic on LinkedIn and it created quite a buzz. The show features quotes from Simon Goldsmith, Kevin Pope, Malcolm Harkins, and others. Listen to hear a deconstruction of this position, and hear some great arguments both for and against it. We'll give away the ending - the argument is ultimately refuted - but...2022-12-0727 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastGeopolitics, APTs and Cybersecurity with Dan HoldenDan Holden, a 20+ year industry veteran, former vendor, and current CISO at Big Commerce joins Allan Alford at the ranch to talk about the BIG picture.  Join them on this wild trail ride that goes as far back as the Monroe Doctrine of 1823, the pre-cursors to WWI, Regan-era cyber doctrine, cyber and modern warfare, lessons learned from the COVID economy (hint: GDP is now part of critical infrastructure), famous APT heists, modern global imperialism... This show ties these threads together into a forward-looking vision for cybersecurity that includes shifts in global prioritization of cybersecurity, federal regulations, and changes to t...2022-11-1653 minThe Cyber Ranch PodcastThe Cyber Ranch Podcast3 Very Practical Tips with Duane GranThis week Allan Alford is joined by Duane Gran, Director of Information Security at Converge Technology Solutions to discuss three different aspects of the CISO craft -- and to offer practical, concrete guidance on how to achieve the right outcomes: Eliminating the culture of "No!" Managing Third-Party Risk Building a "No Blame" Culture The common thread behind all of these themes is relationship building and goodwill - but the details are well worth the listen! Sponsor Links: Thank you to our sponsor Axonius for bringing this episode to life! The Axonius...2022-11-0935 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastTired Topics in Cybersecurity - Part One with Rich Mason and Michael SantarcangeloWe have all seen the conversations on LinkedIn where someone starts with a hotly debated topic, and the debate goes on and on, nothing is concluded, and then the next week, someone else posts the same topic and starts the gerbil wheel spinning again. We have seen this phenomenon with common complaints too. These are, in short, tired conversations. Join Allan Alford, Rich Mason, and Michael Santarcangelo as they rope in some of these tired topics and propose alternative ways of looking at them. This one runs a bit longer than usual because the conversation...2022-10-191h 03The Cyber Ranch PodcastThe Cyber Ranch PodcastFighting the Increase in Cyber Attacks with Leon RavennaLeon Ravenna, CISO & CIO at KAR Global, former VP of Security & Compliance at Interactive Intelligence joins Allan this week to talk about the increases in cybersecurity threats and risks - increases in breadth and depth of various attacks and increases in our own problems in dealing with those attacks. It has implications for all of us, as we have not necessarily seen an increase in the right defensive capabilities to maintain parity. COVID and work-from-home have not helped either... Questions covered this show: 1. You mentioned firewall attacks, social engineering, HR/interview/job fraud.  Of course t...2022-09-0739 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastAsk CISO Allan Alford Anything pt. 2Allan Alford, CISO/CTO and host of the Cyber Ranch podcast, resumes his session of AMA, or “ask me anything,” to cover the remaining questions left by curious cybersecurity practitioners on his LinkedIn. Previously, Allan posed two questions: If you could ask a 5-time CISO any question, what would it be? How about a cybersecurity startup CTO? Using the responses he received, Allan continues to walk through every topic under the cybersecurity umbrella and give further insight into what it means to be a CISO.   Timecoded Guide: [00:00] Avoiding FUD (fear, uncertainty, and doubt) in yo...2022-08-2435 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastAsk CISO Allan Alford AnythingAllan Alford, CISO/CTO and host of the Cyber Ranch podcast, changes things up this week with a session of AMA, or “ask me anything”. Instead of hosting a guest, Allan takes center stage. On LinkedIn, Allan posed two questions: If you could ask a 5-time CISO any question, what would it be? How about a cybersecurity startup CTO? Using the responses he received, he walks through every topic under the cybersecurity umbrella and gives further insight into what it means to be a CISO.   Timecoded Guide: [00:00] Seeing the best of the job in th...2022-08-1740 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastBetter User Awareness Training with Tim SilverlineTim Silverline, VP of Security at Gluware, joins host Allan Alford on the Ranch this week for a discussion about user awareness training and the latest and greatest (as well as not the greatest) methods around phishing simulations. Tim and Allan get into the nitty gritty of how your company can improve user awareness results through avoiding basic click-through models, considering advanced warning for certain training exercises, and understanding risk quantification when evaluating employee metrics.   Timecoded Guide: [04:30] Running the right phishing simulation for your user base and gauging your results appropriately [10:08] P...2022-06-2928 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastOpen Door Security w/ James Allan-McLean“When people come to Security and tell you everything they are doing, that’s a real win.” - James Allan-McLean    Allan is joined by James Allan-McLean, Group CISO at Soletanche Freyssinet and former Information Security Manager within the British military, to talk about his ‘Open Door Security’ method and the benefits of transparent, no-strings-attached approach to security. In this episode, Allan and James take a deep dive into this methodology and address questions such as:      -What is Open Door Security?     -What does a successful Open Door Security program look like?     -How to go...2022-06-1525 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastDevSecOps w/ Chris HughesAllan is joined by Chris Hughes, CISO & Co-founder at Aquia and adjunct professor at UMGC, to talk about all things DevSecOps (Development, Security and Operations). They explore the DevSecOps phrase itself, as well as why security should be treated as an integral component and not a separate entity. In this episode, Allan and Chris take a deep dive into the subject and bring clarity to questions, such as:     -What roles help achieve security in DevOps?     -What are the cultural barriers to implementing secure DevOps?     -What are some common mistakes as well as best tips?2022-06-0828 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastBoard Reporting Metrics Pt. 2 w/ Andy EllisAndy Ellis, CISO at Orca Security, is back for part 2 of this series on Board Reporting Metrics. In Episode 1, Andy and host Allan Alford addressed some of the most common questions posed by the board and shared their perspective on what the board needs to know from a cybersecurity standpoint. In this episode, they continue the conversation by fielding questions from LinkedIn on topics such as:     -Vulnerability and threat hunting metrics     -Top 3 metrics to report to the board and why     -Breach reporting implications and much more!  Check out part 1 of Board Reporti...2022-06-0144 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastBoard Reporting Metrics Pt. 1 w/ Andy EllisIn this episode, Allan is joined by the CISO at Orca Security, Andy Ellis, to share his thoughts on board reporting metrics. What does the board need to know from a cybersecurity perspective? One of the questions is often: “Are we secure?” Is that even the right question? How much should you talk about compliance? Do you speak of IT assets? What about speaking to specific controls? Listen to this episode to hear the common questions posed by the board and how to answer them with metrics. In some cases, it is teaching them to ask different questions. This epis...2022-05-2553 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastGetting a Seat at “The Table” w/ Brent Deterding“Having a seat at the table doesn’t mean getting your way all the time. It means having a seat and I think that is very important to understand.” - Brent Deterding  In this episode, Allan is joined by the CISO at Afni, Brent Deterding, to explore how CISOs can earn and keep their seat at the executive table. Brent was a fan of the Learned Helplessness episode of The Cyber Ranch Podcast with Steve Mancini, and furthered the conversation as it relates to the often espoused topic of CISOs needing a seat at “the table.” Brent discusses t...2022-05-1832 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastAll About SBOMs w/ Chris Castaldo“Knowing what’s in your software, in your organization, can help you quickly determine if you are impacted by a new vulnerability.” - Chris Castaldo  In this episode, Allan is joined by author and CISO, Chris Castaldo, to share his knowledge on Software Bills of Materials (SBOMs) and their potential implications and use. Chris explains the concept and purpose of SBOMs, his tips for signing and securing SBOMs in terms of the CI/CD pipeline, and his thoughts on SBOMs being a roadmap for “bad guys.” Lastly, he shares advice on managing and understanding contracts.  Listen to Ch...2022-05-1125 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastTotal Greenfield Innovation w/ Guillaume RossWhat would you do if you could build your security program from scratch?  In this episode, Allan is joined by the Head of Security at Fleet, Guillaume Ross, to talk about his time building out an innovative and out-of-the-box security program and the steps he took to make it all happen. Guillaume walks us through how he developed and maintained a serverless, container based environment, his tips for securing PCs and Macs within a serverless environment, and how to establish department and business buy-in and overall cooperation. Lastly, he details steps to ensure resilience in an ‘everything as...2022-05-0433 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastSecuring Cryptocurrency and NFTs w/ Nick PercocoWhat are the security implications of cryptocurrency and NFTs and what do we need to know in order to transact safely? In this episode, Allan is joined by the Chief Security Officer at Kraken, Nick Percoco, to talk about securing the cryptocurrency and NFT spaces. Allan and Nick reflect on the events of the Mt. Gox bitcoin breach of 2013, address some of the most common misconceptions about crypto assets, and explore the biggest security challenges users and retail investors face when navigating the space. Lastly, Nick considers what cybersecurity lessons can be drawn from the security practices within the...2022-04-2728 minThe Cyber Ranch PodcastThe Cyber Ranch Podcast”Playing Well With Others” - The Tech Stack w/ Tommy ToddAllan is joined by the Vice President of Security at Code42, Tommy Todd, to talk about how the tech stack can “play well with others”. In this episode, Tommy takes a deep dive into exploring how APIs and automation can help solve our needs in cybersecurity – from incident response to the tech stack. The two discuss how to evaluate security products during a Proof Of Concept (POC) for integration capabilities and tips on addressing ROI concerns.   Guest Bio: Tommy Todd has over 20 years of cybersecurity experience, primarily focused on data privacy and data protect...2022-04-2033 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastThriving In A Male Dominated Industry w/ Ashley RoseAllan is joined by the founder and CEO of Living Security, Ashley Rose, to speak about her experiences as a female entrepreneur and leader in a male dominated industry. She details the story behind her non-traditional route into cybersecurity and how she leverages her unique skills and vision to disrupt and transform the community. Ashley shares how she overcomes bias and business challenges in the field as well as the inspiration behind her creative marketing strategies. Lastly, the two highlight the lack of diversity and representation in the space and give advice to young entrepreneurs and females in, and...2022-04-1326 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastWhy CISOs and CIOs Don’t Get Along w/ Nick VigierThis episode of the Cyber Ranch Podcast was recorded LIVE on stage at the CISO 360 Conference in New York City, hosted by Pulse Conferences. Nick Vigier, a seasoned CISO and former CIO, joins Allan in addressing the elephant in the room: Why don’t CISOs and CIOs don’t get along? Nick draws on his experience in both positions to share his unique perspective on the CISO and CIO relationship. In this episode, Allan and Nick highlight the operating differences between the two positions and explore the opposing interests that exist around topics such as budgets and repo...2022-04-0627 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastLearned Helplessness in Cybersecurity w/ Steve ManciniThis topic couldn’t be more relevant given recent events in the security community. Allan Alford is joined by Steve Mancini, CISO at Eclypsium, to have a refreshing conversation about the negative messaging, thinking, and tropes in cybersecurity - not just the stuff that the press says about us, or even the stuff we say about each other - but the self-defeating stuff we think and say to ourselves. Steve addresses the reinforcement of negative catchphrases and how it affects the psyche of the community and explores how burnout is creating a culture of sleepless nights and ma...2022-03-3038 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastLeveraging Employee Strengths for Cyber Roles w/ Nick VigierThere are numerous personality tests available to help identify personality traits, but many of them have very little scientific validity or reliability.  Such tests often aspire to explain what you are good at and what you are bad at, and miss the mark. In this episode, Allan is joined by his friend and owner of Rising Tide Security, Nick Vigier, to explore CliftonStrengths – a personality measurement that focuses less on ability, and more upon your predilections - what energizes you, and what and drains you - and with a pretty good degree of scientific validity and reliability. Nick and All...2022-03-2342 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastA Full Data Approach w/ Paola SaibeneIn the episode, Allan is joined by the Principal at Teknion Data Solutions, Paola Saibene, to bring clarity to an often misunderstood topic: data governance. Paola helps to distinguish the difference between data governance and data management, examines the intersection between data ethics and cybersecurity, and explores the best methodology for applying risk frameworks. Lastly, she takes time to express the importance of being people focused and “humanizing” cybersecurity.   Guest Bio: Paola Saibene is the Principal at Teknion Data Solutions, Former CISO, CEO, VP of Enterprise Risk Management, Data Privacy Officer, Strategy Officer, CTO...2022-03-1630 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastThe Great Resignation & Cybersecurity w/ Jessie BoltonWith a looming skills/people gap in cybersecurity and retention at an all time low, it begs the question: Where is everyone? In this episode, Allan Alford and guest Jessie Bolton sit down to discuss the elusive “Great Resignation” and how it is affecting the cybersecurity community. Tune in to get the answers to the questions we are all asking ourselves, like: why are people resigning, how has the pandemic shifted our perspectives on work and boundary setting, how is the “great resignation” impacting security organizations, and how can we attempt to solve this issue?   Links:2022-03-0928 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastHow Old is Data Risk Management? w/ G. Mark HardyIn this episode, Allan is joined by the President at National Security Corporation, Navy veteran, and host of the CISO Tradecraft podcast, G. Mark Hardy. This show takes a fascinating dive into the origins of data risk management, measurement, and quantification. G Mark explores the stories and advice given from some of the greatest leaders in this space – whose advice still rings true today.    Key Takeaways: 01:52  G Mark’s bio 06:43  FIPS-65 - the “grandaddy” of risk management 11:34  The ALE method, explained! 14:35  Oldies, but STILL goodies  18:12  A stroll down ri...2022-03-0240 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastCISOs as Caretakers w/ Randy PottsIn this episode of The Cyber Ranch Podcast, Allan is joined by the CISO at Real Time Resolutions, Randy Potts. The two sit down to have a refreshing and raw conversation about the caretaking, responsibility, and code of ethics for CISOs - or lack thereof, and how to get back in touch with our “why” and mission.    Disclaimer: This episode briefly mentions pornography and gambling within an important and relevant context, and has therefore been categorized as explicit.    Key Takeaways: 01:43  Randy’s bio 03:08  Caring for “the people” 09:08  Stew...2022-02-2333 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastCyber Mentoring w/ David BelangerIn this episode, Allan is joined by David Belanger, CISO at Maxor National Pharmacy, to talk about the challenges of breaking into cybersecurity. David discusses the importance of establishing mentor/mentee relationships in the community, why building a personal brand and expanding your network is a must when finding work, and tips for newcomers looking to break into the field. Lastly, the two touch on the power of visualization and staying humble throughout your career journey.   Key Takeaways:  01:27  Bio & CISO life 02:57  Let’s define Mentor/Mentee 04:21  What makes cybersecurity mentors...2022-02-1634 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastRationalizing the Tech Stack w/ Mark ButlerIn this episode, Allan invites Mark Butler, an Advisory CISO at TRACE3, to talk about tech stack rationalization and how to get the most out of your technology investment. Mark shares advice on everything from how to properly analyze, identify, and consolidate your tools, both in the stack and cloud environment, to coaching your application specialists on embracing change.    Key Takeaways 01:10  Bio 02:36  What is tech stack rationalization? 03:46  Where to get started 06:20  Evaluation - a 3 prong approach 08:08  The security architecture alignment 10:51  What about contractual obligati...2022-02-0937 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastPenetration Testing Programs LIVE w/ Phillip WylieIn this episode, Allan is joined LIVE on stage at FutureCon Dallas 2022 by U.S Bank Senior Cloud Penetration Tester, co-author of The Pen Tester Blueprint, podcast host, and college instructor, Phillip Wylie. Phillip journeys into his past to share how he went from pro wrestler to pentester, gives writing advice to future authors in the field, explores the art of pentesting, and the best starter certifications for pentesters. Lastly, Phillip explores the best advice he’s ever received and the dangers of burnout.    Key takeaways:  01:27  Phillip's origin story - wrestling men and bears2022-02-0246 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastWhat We’re Doing Wrong in the SOC w/ Yaron LeviAllan is joined by Yaron Levi, CISO at Dolby, to talk about the SOC and why we are going about it all wrong. Allan and Yaron identify and examine the three main areas of concern: the data, the analyst, the analysis – and how to improve upon them. Lastly, Yaron shares his thoughts on what steps and approaches need to be taken in order to successfully accomplish the SOC’s goal.     Key Takeaways: 01:35  Bio 02:36  What are we doing wrong in the SOC? 06:54  Hypothesizing 11:22  How much gets left out when we mak...2022-01-2629 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastInvesting in Cybersecurity Startups w/ Kathy WangJoin Allan as he discusses investing in cybersecurity startups with the perfect guest for the subject: Kathy Wang, CISO at Very Good Security, investor at Silicon Valley CISO Investments, investor at Firebolt Ventures, and former founder as well! Allan and Kathy talk about investment goals, the process from start to finish, how to get started, the buy-in costs, returns, what to expect, partnering, etc. Join them as they dive into this fascinating topic: DISCLAIMER: NOBODY ON THIS SHOW IS A FINANCIAL ADVISOR OR PLANNER, AND NOTHING SAID ON THIS SHOW CONSTITUTES FINANCIAL ADVICE...2022-01-1233 minThe Cyber Ranch PodcastThe Cyber Ranch Podcast50th Episode Special w/ Many GuestsIn this special episode, Allan invites a few familiar voices back to the show, conducts a countdown of his Top 5 most popular shows, and reviews some of the most common guest responses. Lastly, Allan issues some important thank you's and shares a few comments and feedback from the listeners.   Highlights: Top 3 guest answers to "What keeps you going in cybersecurity?" Top 3 guest answers to "What surprises you the most in cybersecurity?" Top 5 shows by download   Visits from: Tim Rohrbaugh, CISO - Jet Blue...2022-01-0547 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastMinimum Viable Security w/ Chris Roberts & Cecil Pineda: EXPLICIT CONTENTAllan hosts a live podcast at the August, 2021 CISO XC event in the Dallas-Forth Worth area. He is joined by Chris Roberts, chief geek at Hillbilly Hit Squad, and Cecil Pineda, then head of the vICSO and GRC programs at Critical Start. The topic is Minimum Viable security, tactical frameworks, the challenges with large frameworks, and the challenges of competing frameworks. This show was recorded after happy hour and the audience and participants both imbibed.  It's a rowdy show and features some explicit content.   Key Takeaways: 0:00 Allan’s holiday greeting 0...2021-12-2245 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastOrganizational Resilience w/ Marnie WilkingIn this episode, Allan is joined by Marnie Wilking, CISO at Wayfair. Marnie has directed Information Security and multi-discipline Risk Management Programs for more than 15 years --  providing a unique set of skills and experience to manage operational risks and improve risk management among diverse businesses. Join Allan and Marnie as they define organizational resilience, discuss its goals and enablers, and analyze the COVID pandemic through its lens.   Key Takeaways: 01:26  Bio 03:42  Organizational resilience 06:40  COVID benefits; business enabling? 09:47  Building hybrid work environments 11:11  Virtual offices and home fatigue...2021-12-1533 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastThe vCISO Life w/ Dan DoggendorfWelcome to another live show of the Cyber Ranch! Allan is joined by Dan Doggendorf, a creative cybersecurity leader with a passion for simplicity, efficiency, accountability, common sense, and honesty. The duo discusses the ins and outs of being a VCISO, how one walks the path and what the industry can do to make this role better. This show was conducted at the Cybersecurity Conference 9 (CSC 9) conducted by the North Texas Chapter of ISSA. All proceeds from the event went directly to scholarships for the Collin College cybersecurity program.   Key Takeaways:   01:47...2021-12-0835 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastGRC: ”Now What?” w/ Security & Compliance WeeklyThis week, Allan is joined by Frederick Lee aka “Flee”, Chief Security Officer and Head of IT at Gusto, Jeff Man, host of Security & Compliance Weekly, and notorious infosec curmudgeon, and by Kat Valentine, Security and Compliance Weekly co-host.  A few weeks ago Allan appeared on their show to discuss “GRC: ‘What?’ and ‘So What?’.  In that episode, found here, they take a deep dive into GRC in terms of understanding is purpose and value. In this crossover episode, the group continues the conversation to talk about “GRC: ‘Now what?’ (The cultural impact and implementation, risk register, achieving actionable r...2021-12-0143 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastThe CMO‘s Perspective w/ Nathan Burke and Julie O‘BrienCISOs complain on social media about bad marketing – when they are targeted inappropriately, or with messages that don’t resonate, or with messages that outright lie. This week Allan Alford decides to hear from the other side, and invites his two favorite CMOs to the show. Julie O’Brien, CMO at AttackIQ, and Nathan Burke, CMO at Axonious, sit down with Allan to send a message to cyber security professionals about the vital role marketing plays in the industry, what is good marketing and bad marking, and how marketing affects all of our careers more than we know. Hear differ...2021-11-2439 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastPractical Working (And Hiring!) from Home w/ Brian CastagnaBrian Castagna (CISO at Seven Bridges - a genomics company) is a CISO with a proven track record of successfully building information security programs at cloud technology companies. He is on a mission to humanize the new work environment - our own home. Join Allan and Brian as they touch on transitioning from an office environment, both mentally and physically, hiring remotely, work/life balance and much more.   Key Takeaways: 01:33 Bio 02:22 Remote work 03:00 Hiring a remote workforce 10:50 What’s the human side of working from home? 1...2021-11-1729 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastThreat-Informed Defense, CISA, CVEs and ATT&CK w/ MITRE EngenuityThis week, Allan is joined by some serious heavy hitters in cyber. Richard Struse (Director for the Center for Threat-Informed Defense at MITRE Engenuity), Jonathan Baker (Director of Research & Development, Center for Threat-Informed Defense at MITRE Enginuity), and Jonathan Reiber (Sr. Director for Cybersecurity Strategy and Policy @ AttackIQ). The four are here to have a conversation about CISA's new BOD that outlines 290 key vulnerabilities that require focus, the coincidental mapping of the CVE database to MITRE ATT&ACK, and the implications for all of us.  Of special note is the fact that ATT&CK is already mapped to NIST S...2021-11-1033 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastA Day in the Life of Two CISOs w/ Mustapha KebbehMustapha Kebbeh, CISO at Brinks and heavy-hitter in the Dallas/Fort Worth Cyber community, joins Allan again this week as they cover a topic Mustapha noted was absent so far in the series…  Namely, “What is a day in the life of a CISO?” Mustapha and Allan get into details of what they do and don’t do, what their teams do and don’t do, what bits are boring, what bits are surprising, and what bits are the most fun. Join them as they talk about real situations and practical solutions while describing the very best and worst parts of th...2021-11-0332 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastPractical Trust-Centric Security w/ Omar KhawajaOmar Khawaja is an experienced CISO with a strong technical background, who managed to find some very creative ways to manage his security program that go against his engineering instincts. Join Allan and Omar as they discuss why trust-based security is the more suitable option to have a fundamentally better security program and team.  Hear why Omar and Allan believe that investing in people will pay far more dividends than the latest tech tool.  And more importantly, gain some very practical and concrete tips for managing and measuring your security program.   Key Takeaways: 01:19                     Bio 03:26       ...2021-10-2734 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastCISO in the Supply Chain w/ Emilio EscobarAllan is joined this week by Emilio Escobar, CISO at Data Dog and former VP of Information Security at Hulu. He is also a long-term developer of Ettercap, a comprehensive suite for man-in-the-middle attacks. Like many of us, Emilio started his journey in infosec as a hacker kid, exploring the world through modems and BBSs. Emilio is not a security vendor CISO, but is a CISO for a company that is in the supply chain for many other companies. He has to balance internal and external duties as a result. Come listen as Allan and...2021-10-2030 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastIs Resilience Even the Goal? Antifragility w/ Sounil YuAllan is joined by Sounil Yu, one of cybersecurity's most well-known contributors. Sounil has a long history in cybersecurity, and is also the inventor of The Cyber Defense Matrix and the DIE Triad. Sounil and Allan discuss cyber resilience and contrast it with "antifragility", a notion introduced by Nassim Nicholas Taleb. Sounil argues that in cybersecurity, antifragility should be the goal, and not resilience. Antifragility allows for stronger data protection, as it does not just survive stresses and attacks, but actually encourages them. Sounil explains how antifragility also neatly dovetails with his DIE (Distributed, Immutable...2021-10-1430 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastIs the SOC Dead? w/ Erik BlochAllan's guest this week is Erik Bloch. Erik Bloch is a cyber security leader, influencer, and pioneer. He currently sits as Senior Director of Detection and Response at Sprinklr, but has held many rolls in cybersecurity, including being a product manager for SIEM products more than once. This last point is relevant, because it makes it even more surprising that Erik is convinced that the SOC's utility has passed... Join Allan and Erik as they dive deep into why he thinks SOC is failing, the alternatives, what it takes to make an impactful change in...2021-10-0731 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastThe Value of Threat Intelligence w/ Samara WilliamsAllan's guest is Samara Williams, Manager of Threat Operations at Cardinal Health, speaker, advocate and passionate member of the threat intelligence community. Samara broke into cyber via a rotational program, sampling many cyber jobs at many cyber companies in a short order - a fantastic start in cyber that turbocharged her maturity and experience. She quickly developed a passion for threat intelligence, and has worked in that space ever since. Join Samara and Allan for a deep dive into threat intel, its pros and cons, its value, and its potential... Key Takeaways: 01:28...2021-09-2931 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastPractical Realities of Ransomware Management w/ Bryan HurdThis week, Allan is joined by Bryan Hurd. Bryan is a multi-talented cyber security professional who has founded and operated programs dating back to the early nineties. Currently Chief of Office for Stroz Friedberg (AON Cyber), he started his career in NCIS, founding the Navy’s first ever cyber counterintelligence program in 1993. Join Bryan and Allan for a masterclass on ransomware, incident response, and preparedness. Having both consulted on ransomware situations many times, they offer a wealth of practical tips, do’s, don’ts, and gotchas. You can also hear their perspectives on the roles and processes in taking...2021-09-2241 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastWHY We Measure Risk w/ Sameer SaitIn this episode Allan interviews his friend Sameer Sait, former CISO at Amazon, Forcepoint and Arrow Electronics, who joins Allan for a discussion about WHY we measure risk. It is about more than just asking for money. (And who are you actually asking money from? Hint: It is not the Board). How does risk measurement change in the beginning of the CISO’s journey vs. later when the program is more mature? What is the goal of good risk metrics? What is the role of cyber insurance in all this? What about business traction an...2021-09-1533 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastWhat Comes After the CISO Role? w/ Helen PattonHost Allan Alford interviews his friend Helen Patton, advisory CISO at Cisco, and former CISO at Ohio State University. Helen and Allan discuss the career path of the CISO – specifically what comes after the CISO role has been fulfilled - and how there is not a clear path defined for the post-CISO career. Allan and Helen discuss several models for post-CISO life that they themselves have explored, and that other CISO friends have as well, such as: shifting back and forth from CISO to vendor, shifting back and forth between CISO and advisory CISO roles at VC’s and...2021-09-0830 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastHumans Are Not the Weakest Link in Cybersecurity w/ George FinneyAllan is joined by George Finney, CSO at Southern Methodist University and author of the book Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future. George’s mission is clear: unite the cybersecurity community through proven strategy, and help preserve and leverage the humanity within cybersecurity. He believes that the community as a whole under-plays the human role, and he and Allan discuss potential changes to the way we view security awareness training and the role of users in general. Key Takeaways: 00:18 Intro/Bio ...2021-09-0128 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastDoes SOAR Meet Its Promises? w/ Benjamin CorllHost Allan Alford interviews Benjamin Corll, VP of Cybersecurity and Privacy at Coats, about security orchestration, automation, and response (SOAR). Bejamin and Allan critique SOAR's promises and premises, what else it could be doing, its pricing and overhead, and lack of standards as well. But it is not all negative - Benjamin does share stories as well of SOAR's successes in his shop, and of the things it does do well... Come on down the ranch and give this show a listen! Key Takeaways: 0:09 – Intro 0:55 – Benjamin's background and day job ...2021-08-2528 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastThe Modern CISO w/ James AzarHost Allan Alford interviews guest James Azar, host of the CyberHub CISO Talk Podcast, and CISO in the financial services space. James and Allan discuss the techniques and approaches of the modern CISO, and contrast this with some of the older approaches of the job. James defines the cultural shift between the old and new as having taken place since September, 2017 (the Equifax breach). James and Allan discuss the impact on the team, business, clients, customers, and shares their thoughts and experience on how to stay modern. “What keeps you going in cybersecurity?” as the signature final question for...2021-08-1828 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastFrameworks Over Time w/ Derly Gutierrez, Mustapha Kebbeh and Patrick BenoitIn this, the very first LIVE episode, Allan Alford interviews guests Derly Gutierrez, Head of Information Security at 1010Data, Patrick Benoit, BISO at CBRE, and Mustapha Kebbeh, CISO at Brinks, as they discuss the use of security frameworks in general and over time. Regarding framework compliance, do we choose one or do we choose many? Do we embrace them fully or partially? What changes our approach to frameworks over time? Security strategies are explained throughout the episode, along with the notions of business adaptation and adoption, regulation and other requirements, and "minimum viable security" approaches that...2021-08-1131 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastBurnout, Toxicity, and Overcoming Obstacles w/ Marilise de VilliersOn this episode, Allan invites Marilise de Villiers, Founder and CEO at ROAR! Coaching & Consulting, to come on down to the ranch and discuss how to deal with toxic situations, how to overcome obstacles in the workplace, how to avoid burnout, and how to spot our own negative behaviors that interfere with our success. Marilise and Allan cover toxic workplaces and bosses, share personal stories, and discuss the internal mechanisms which allow external toxicity to harm us, as well as the internal behaviors to prevent that. They discuss obstacles, and how big obstacles should be embraced...2021-08-0425 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastMigrating from Monolithic to Cloud w/ Greg RogersIn this episode, Allan interviews Greg Rogers, CISO at Legal & General America, about migrating legacy, monolithic, internally facing, manually tested, waterfall applications to Cloud, CI/CD with automation, customer-facing applications, all with modern development languages and environments. Greg migrated just about everything legacy to just about everything modern across a series of monolithic applications. In this episode he gives tips on the technical aspects of his journey, tools and techniqes for overcoming cultural barriers as well. Greg outlines what he did in-house, and what he leveraged from out-of-house - from code to services. Ultimately...2021-07-2827 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastCredential Stuffing w/ Dr. Sam SmallIn this episode, Allan's friend Dr. Sam Small, CISO of Zero Fox, joins us to chat about credential stuffing, its implications and the defenses against it. Several statistics are given from a few industry reports on credential stuffing, including the Verizon DBIR and F5's report. Several techniques to foil credential stuffing are explored, as well as common traps when combatting credential stuffing. OWASP provides some guidance in this area. The criminal's abilities vis a vis breach sharing and botnet as a service are discussed as well. Finally, Sam explains what keeps...2021-07-2127 minThe Cyber Ranch PodcastThe Cyber Ranch Podcast”Ugly Exits” w/ Naomi BuckwalterOn today’s episode with Allan, we talk “Ugly Exits” with Naomi Buckwalter, Director of Information Security. Of course, to start the episode, Naomi answers Allan’s question of how she got started in cyber. They circle back to the topic at hand, “Ugly Exits”. Under this umbrella are: being fired, laid off, "burning bridges", or being encouraged to leave in a "voluntary" manner. Allan shares statistics for some of these categories, including a substantial statistic on those who have been outright fired. When it comes to burning bridges, so many people walk away from a company that...2021-07-1429 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastAgile for Security Programs w/ Tim RohrbaughOn today’s episode with Allan, we have Tim Rohrbaugh, CISO at JetBlue, here to talk about Agile methodology and how it can be applied to an entire security program. Tim got into cyber through the military. From the military he went into consulting and ended up at JetBlue. At JetBlue that he is always trying to find ways to invest dollars in security programs to balance what is going on. Along with that, he strives to keep his team motivated and moving forward. Agile is a software programming methodology, and it replaced Waterfall. Waterfall was th...2021-07-0725 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastAll About Analysts w/ Christina RichmondWith us today is Christina Richmond program Vice President at IDC. She's an industry analyst, and she's here to talk to us all about the analyst lifestyle. Allan starts the episode asking Christina to share all about how she got into cyber and what her day job is like. Christina actually began by working in the storage space, and discovered security. To her it was like a drug. What does she do throughout her days? Partakes in hundreds and hundreds of calls with companies who need help with launches and marketing, specifically in growing areas of cybersecurity. In...2021-06-3027 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastThe Journey to Passwordless Authentication w/ Derly GutierrezWith us today is Derly Gutierrez, Head of Security at 1010 Data, and veteran. Derly is here with us today to talk about the journey to passwordless authentication and the flaws and strenghts of today's authentication methoods. Allan and Derly refer to studies and surveys about the problems with passwords and the challenges of implementing passwordless approaches. Derly emphasizes the need for other complementary technologies such as Role-Based Access Control (RBAC), Privileged Access Management (PAM), and system-to-system communications. The two discuss corporate and personal use of passwordless solutions, talk about legal precedence and the future...2021-06-2328 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastApplication Security w/ Taylor LehmannWith us today is Taylor Lehmann, former ciso several times over in the healthcare sector, and currently Americas leader for security, networking, identity, and compliance solution architecture at AWS. Taylor and Allan talk about application security: why it's important, who are the personas, the value of threat modeling, infrastructure as code, how to get started, and relationships with developers. Taylor, a Boston boy, starts the show trying to say, "Howdy!" correctly. Taylor started at PWC and grew into a healthcare CISO. He has now transitioned to AWS. Key Takeaways 1:40 How Taylor got...2021-06-1629 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastSolving The Global Cyber Problem w/ Ian Thorton-TrumpWith us today is Ian Thornton-Trump, Chief Information Security Officer at Cyjax and an ITIL-certified IT professional with 25 years of experience in IT security and information technology. Ian shares his background which started back in the Canadian military. During those times, "IT" was called "automated data processing", and it is quite clear how far this has advanced. He joined the Royal Canadian Mounted Police and spent a year working on criminal intelligence. Soon after he became a consultant and made his way to the UK in 2015. Oftentimes organizations have not planned or prepared for risk, and...2021-06-0928 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastFAIR from the Trenches w/ Drew BrownWith us today is Drew Brown, IT Security Manager at the Commonwealth of Pennsylvania. Drew is here to talk about FAIR and his real-world usage of it and testing it in the trenches. Drew shares a little bit about his background in cyber, and a little bit about his day job. He spent 15 years in IT. That opened the door then for him to be the CISO for one of the state agencies. Now his title is IT Security Manager but essentially he is responsible for communicating security and risks and working within a law enforcment agency to...2021-06-0226 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastClever Hiring Practices w/ Andy EllisWith us today is Andy Ellis, operating partner at YL Ventures, former Akamai CSO and newly inducted member of the CSO Hall of Fame. We're here to talk about nonstandard hiring practices and how Andy has built an amazing team using nonstandard approaches. Andy began his career in cyber ("I remember back then, you know, we didn't call it cyber, but I think we've all given up and, and that's now the name for our career field.") as an Air Force ROTC cadet, spent 20 years at Akamai, and joined an advisor program at YL Ventures. Andy...2021-05-2629 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastMeasuring Risk w/ Richard SeiersenToday we talk with Richard Seiersen, co-author of “How to Measure Anything in Cybersecurity Risk”. Richard shared that at his first CISO position, he was challenged with addressing prioritization of risk, which led to his authoring a book with Doug Hubbard. What can cyber learn from older risk disciplines? The life table used broadly to measure time-to-event data goes back 500 years. Businesses keep falling back to the classic 5x5 "likelihood and impact" matrix which is an inconsistent, non-math-based method. Without math it is really just casting spells in the board room. There are...2021-05-1930 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastBecoming a CISO w/ Accidental CISOWith us today, is a very special guest, Accidental CISO, of Twitter fame. His anonymity on Twitter, allows him to be a little more “truthy” about the CISO game than a lot of us can afford to be on social media. We have distorted his voice a bit to protect that anonymity. “Accidental” shares how he got into cyber, and that is a culmination of being in a career where he had to fill “all” the hats. He stepped away from his CISO role a few years ago and is now in consulting where he has the opportunity to help othe...2021-05-1228 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastBreach & Attack Simulation w/ Marlys RodgersToday we talk with Marlys Rodgers, who has been in cyber for over 20 years. She currently is CISO for CSAA Insurance Group and is running security for the company as well as running governance risk and compliance for technology. She shares that it feels like she is constantly balancing assessing with preventing. Allan brings up breach and attack simulation (BAS), and when it is most appropriate to implement in the context of the maturity of a security program. Marlys feels BAS is most effective when some, or most, of the intended controls are in place so you can...2021-05-0527 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastEnterprise Security Architecture: A $110b Case Study w/ John Petrie With us today is John Petrie, Counselor to the NTT Global CISO. He is responsible for managing the growing internal security challenges for the NTT operating companies across the globe. Retired in 1996 from the Marines John began his career in multiple security positions. He shares that his major responsibility of today is creating the enterprise security architecture (“ESA”) for NTT. Allan used to work for NTT DATA Services, and shares that John is working for the ultimate parent company of the NTT global conglomerate – a full 3 companies of inheritance between John’s company and Allan’s former com...2021-04-2827 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastPrograms for Women & Veterans in Cyber w/ WiCyS - SPECIAL EDITION With us today are Lynn Dohm, Executive Director of Women in Cybersecurty (WiCyS) and Martha Laughman, Veterans Iniative Lead at WiCyS and Director of Workforce Development at Smoothstack. Lynn and Martha are here to talk about the amazing programs for women and women veterans at WiCyS. WiCyS is so much more than a conference for women in cybersecurity. Its presence spans the globe and its programs are myriad. Mentorship, student scholarships, training, special interest groups, job boards, veterans' assistance, and apprenticeships are all available. Smoothstack is a partner of WiCyS, and has created a program for...2021-04-2629 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastData Risk Governance w/ Patrick Benoit Howdy, y’all, and welcome to The Cyber Ranch Podcast! With us today is Patrick Benoit, Global Head of Cyber GRC, and BISO at CBRE. Patrick is here to talk about Data Risk Governance, a slightly new twist on an old problem. Like our host, Patrick is also from the Dallas-Fort Worth area of Texas. To start the conversation, Allan asks Patrick to share a little about himself, his background in information security and what he does at his day job. Patrick began his career in the military, eventually coming over to consulting and enterprise. He has built ou...2021-04-2131 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastVishing, Smishing and STIR/SHAKEN w/ Mike Manrod Welcome to The Cyber Ranch Podcast, recorded under the big blue skies of Texas, where one CISO explores the cybersecurity landscape with the help of friends and experts! Today, host and CISO Allan Alford interviews Mike Manrod, CISO at Grand Canyon Education. Mike has done quite a bit of research on vishing, smishing and the upcoming STIR/SHAKEN legislation meant to combat those two. To start the conversation, Allan asks Mike to share a little about himself, his background in information security and what he does at his day job. Mike started as an IT technologist who orginally...2021-04-1423 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastMaturing Purple Teaming w/ Gabe Lawrence Welcome to The Cyber Ranch Podcast, recorded under the big blue skies of Texas, where one CISO explores the cybersecurity landscape with the help of friends and experts! Today, host and CISO Allan Alford interviews Gabe Lawerence, General Manager of Cyber Security Protection at Toyota Motor North America. Gabe has seen the good and bad of purple teaming, and we’re here today to discuss what a mature purple teaming organization looks like. To start the conversation, Allan asks Gabe to share a little about himself, his background in information security and what he does at his day jo...2021-04-0729 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastInterview with a Vendor w/ Dutch Schwartz In this episode, host and CISO Allan Alford interviews his friend Dutch Schwartz, Principal Security Specialist at Amazon Web Services. Dutch is a vendor, but do not press 'stop' just yet! Dutch is an empathetic outsider, an observor, and a constant learner and researcher. He brings some unique insights to our practice. Dutch talks about his encounters with CISOs and their direc staffs, and opines on the debate as to how technical a CISO should be (versus business-oriented). Allan and Dutch discuss healthy vs. unhealthy (Dutch prefers the term 'challenging') security cultures. Dutch talks...2021-03-3130 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastAdvancing Cybersecurity Careers w/ Christophe Foulon In this episode, host and CISO Allan Alford interviews his friend Chris Foulon, Sr. Manager of Cybersecurity at a leading fintech compnay, and co-host of the "Breaking into Cybersecurity" podcast. Chris has 15 years in information security, having started at the helpdesk years ago. His biggest desire in infosec is helping others. In his day job Chris gets to work with every part of the business. On the subject of the personnel shortage in cybersecurity, Chris believes that there is no shortage. Rather, he suggests that hiring managers limit their choices by holding out for too high...2021-03-2427 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastDeveloping Leadership w/ Gary Hayslip Today, host and CISO Allan Alford interviews friend and fellow CISO Gary Hayslip. Besides being a brilliant business leader, Gary is an author, mentor, and one of the best all-around humans Allan knows! To start the conversation, Allan asks Gary to share about himself and his background in cybersecurity. While he had a natural interest in computers and technology more generally, Gary’s formal entrance to the cybersecurity field came during his time in the military. He developed a love for security, and as he’s climbed within the industry in the years after his military service, he’s also...2021-03-1728 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastThe Post-COVID Reckoning w/ Dr. Rebecca Wynn - SPECIAL EDITION In this show, host Allan Alford interviews Dr. Rebecca Wynn about information security decisions made during COVID and what the 2021 "reckoning" might look like. Dr. Wynn is a well-recognized CISO and Chief Privacy Officer, who faced some large-scale challenges during 2020. Allan welcomes Dr. Wynn to the cyber ranch! The show starts with Allan asking Dr. Wynn to introduce herself and to tell the listeners a bit about her background. Dr. Wynn has received quite a lot of recognition in the field. Allan and Rebecca Wynn share a wealth of connections in the CISO community, and both...2021-03-1528 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastBusiness-Oriented Security w/ Chris Castaldo In this show, host Allan Alford interviews his friend Chris Castaldo about how to align information security with the business. Chris is the CISO at Crossbeam, and is also the author of the book "Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit", available for pre-order at Amazon. Chris, like Allan, views himself as a very business-oriented CISO. Allan welcomes Chris down to the ranch to discuss business orientation and alignment of information security in detail. The show starts with Allan asking Chris to introduce himself and to tell the listeners a bit of his background...2021-03-1027 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastSupply Chain Security w/ Omkhar Arasaratnam Today, host and CISO Allan Alford interviews Omkhar Arasaratnam, a veteran of the cybersecurity industry, on the topic of supply chain security. With a career in security going all the way back to 2004, and with experience working for IBM and several financial institutions before becoming an Engineering Director at Google, Omkhar brings much hard-earned insight to the table! Looking to tap into that insight, Allan poses two questions for Omkhar. First, how would he characterize or define supply chain security and its implications? And second, how would he explain the SolarWinds breach and its fallout? Omkhar centers his...2021-03-0327 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastStartups & VCs in InfoSec w/ Will Lin In this show, host Allan Alford interviews his friend Will Lin about startups and venture capital. Will Lin is a venture capitalist with ForgePoint Capital, focusing exclusively on the information security space. First and foremost, Will views his current role as a way to help others. Allan welcomes Will on to the show to help his listeners learn more about the startup world, the venture capital world, and how those two intersect. The show starts with Allan asking Will why he thinks startups are such a prevalent force in the cyber security world. Will is not sure, but...2021-02-2427 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastStorytelling in InfoSec w/ Chris Cochran & Ron Eddings of Hacker Valley On this episode of The Cyber Ranch Podcast, host Allan Alford is joined by Ron Eddings and Chris Cochran from Hacker Valley Studio. The episode begins with Ron and Chris sharing how they came to cyber security and the roles they’ve held in the space. While they came up in the cyber security space through different channels, they now work together at Marqeta, Ron as a Security Architect Leader and Chris as the Director of Security Engineering. Additionally, together they host the Hacker Valley Podcast. Allan is curious how the podcast affects their day jobs and their da...2021-02-2227 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastVulnerability Management w/ Anne Marie Zettlemoyer Allan Alford interviews Anne Marie Zettlemoyer about the topic of vulnerability management. Anne Marie is a visiting fellow with the National Security Institute at George Mason University, and one of the all-around sharpest minds Allan knows in information security! Anne Marie is deeply entrenched in the world of information security, and she loves her work. She began her career in accounting and finance, but by serendipity was introduced to security through a position updating a company’s payment system. From there, she was recruited into the Secret Service, where she developed a passion for the information security field...2021-02-1024 minThe Cyber Ranch PodcastThe Cyber Ranch PodcastBehavioral Economics & InfoSec w/ Kelly Shortridge Behavioral Economics has altered our perceptions of what actually motivates human beings. How do these theories about our more primitive behaviors as well as our intellectual biases apply to information security? Allan Alford & Kelly Shortridge discuss in the context of infosec programs and events in a whirlwind of conversation. Sponsored by our friends at AttackIQ Podcast: The Cyber Ranch Podcast Episode 2: Behavioral Economics and InfoSec with Kelly Shortridge On this episode of The Cyber Ranch Podcast, host Allan Alford is joined by Kelly Shortridge, VP of Product Management at Capsule8. Their conversation begins with Kelly introducing...2021-02-0325 min