Shows
CISO MindMap PodcastCMM 12 - Identify and Manage Security DebtSend us fan mail via text by clicking here!Back from a few weeks off, the lads come together to discuss recommendation number 3 from Rafeeq’s 2025 CISO MindMap, Identity and Management Security Debt. This is a practical discussion that hopefully offers some ideas to improve the overall operations of your security program.After a quick recap of the first 2 recommendations from the 2025 CISO MindMap, your hosts begin defining security debt in the context of software, hardware and systems. The concept of risk management is quickly brought into scope as a key com...2025-05-2531 minCISO MindMap PodcastCMM 11 - Rationalize & Consolidate Security Tools - Recommendation #2 from the 2025 CISO MindMapSend us fan mail via text by clicking here!In this episode of the CISO MindMap Podcast, hosts Scott Hawk and Rafeeq Rehman dive into Recommendation #2 from the 2025 CISO Mind Map: Consolidate and Rationalize Security Tools.The discussion centers around the challenges organizations face with tool overload, the diminishing returns of excessive tools, and strategies to optimize cybersecurity operations.Key Takeaways:The Problem of Tool Overload:Many organizations use dozens of security tools, often leading to inefficiencies, alert fatigue, and fragmented risk views.Excessive tools can consume valuable time for maintenance and configuration instead...2025-04-2029 minCISO MindMap PodcastCMM 10 - Securing GenAI, Recommendation #1 from the 2025 CISO MindMapSend us fan mail via text by clicking here!Is it too soon for another podcast on AI? The gents think not. The first recommendation of the 2025 CISO MindMap is about securing AI and this week’s podcast attempts to go fairly deep into real-world experiences and recommendations. Your hosts try not to assume everyone is tuned in to all the different types, modes and capabilities of AI, so hopefully you’ll find this episode to be basic enough for newcomers and detailed enough to take action.In Rafeeq’s blog, he makes several recommendations which a...2025-04-1333 minCISO MindMap PodcastCMM 9 - The 2025 Edition of the CISO MindMapSend us fan mail via text by clicking here!The lads are excited to be back with a new CISO MindMap Podcast and this episode is extra special. They’re introducing the 2025 Edition of the CISO MindMap, available immediately at Rafeeq’s website. The latest edition makes six recommendations that will be introduced in this episode. Expect to go deeper into each recommendation in the coming weeks.This year's recommendations are:#1 - it is time for securing genai#2 - consolidate and rationalize security tools#3 - identif...2025-04-0622 minCISO MindMap PodcastCMM 8 - Building or Outsourcing Your SOCSend us fan mail via text by clicking here!In this episode, Rafeeq and Scott discuss the many considerations involved with building your own Security Operations Center SOC. While in no way a comprehensive analysis, the discussion attempts to make the concepts manageable. If you're a small company growing past a few IT headcount, the topic should help you create a vision for your situation. If you’re a larger company and looking to expand, these pointers may be of help This conversation focused on budgeting, structure, and decision-making processes, including the choice between building in-hou...2025-03-0236 minCISO MindMap PodcastCMM 7 - Business Lingo For CISOsSend us fan mail via text by clicking here!Welcome to Episode 7 of the CISO MindMap Podcast. This week, Rafeeq and Scott discuss a range of topics related to business acumen. Tucked away in this topic are references to some common themes of this podcast. Themes such as brand-building, business performance, and business alignment are spread throughout the conversation. This episode breaks down the business acumen topic into five areas:Business ManagementAccounting & FinanceSales & MarketingIndustry Specific KnowledgeLegal Terminology and Conceptshttps://rafeeqrehman.com/https://www.linkedin.com/in/scott-a-hawk/https://www.linkedin.co...2025-02-2334 minCISO MindMap PodcastCMM 6 - Six Essential Ingredients of a Successful SOCSend us fan mail via text by clicking here!This week, Scott and Rafeeq go wide across the CISO MindMap discussing six key concepts for every Security Operations Center. As the conversation kicks off, Rafreeq takes a few minutes to discuss a recent FBI warning related to texting.The six elements discussed are People/Staffing, Processes, Technology Stack, Governance, Data Sources, and Threat Intelligence. Check out Rafeeq’s blog for written commentary on these topics.During the conversation, Scott mentions a security incident from Christmas Eve 2024. He laments not recalling the specifics but as...2025-02-1640 minCISO MindMap PodcastCMM 5 - GenAI Risks & Use CasesSend us fan mail via text by clicking here!It’s January 2025 and this podcast is the first of the year. Our first topic is Artificial Intelligence (AI). Or said more specifically, Generative AI. GenAI represents a potential for massive change in modern society. Although various forms of AI have been working their way into security tools and workflows for years, Generative AI has burst on the scene and leveraging it should be a top priority of security professionals.In this episode, your hosts are covering content from both Rafeeq’s CISO MindMap and Cybersecurity Learn...2025-01-1340 minCISO MindMap PodcastCMM 4 - Tribulations of the CISOSend us fan mail via text by clicking here!Numerous factors determine how long a CISO remains in their position and some can be controlled by the individual. In this episode of the CISO MindMap Podcast, Rafeeq and Scott discuss both the pitfalls and success criteria pertinent to the CISO role. From budgets to culture, they tackle some of the key elements driving the success or failure of the cybersecurity organization.https://rafeeqrehman.com/https://www.linkedin.com/in/scott-a-hawk/https://www.linkedin.com/in/rafeeq/2025-01-0527 minCISO MindMap PodcastCMM 3 - Five Recommendations for CISOsSend us fan mail via text by clicking here!As 2024 draws to a close, Rafeeq and Scott discuss the most recent set of recommendations from the 2024 CISO MindMap. As has been the case, the recommendations cover a wide range of disciplines and are designed to help CISOs build the effectiveness of their teams and organizations.During the discussion on AI, Rafeeq mentions the OWASP resource for Large Language Models. You can find that here. https://rafeeqrehman.com/https://www.linkedin.com/in/scott-a-hawk/https://www.linkedin.com/in/rafeeq/2024-12-2930 minCISO MindMap PodcastCMM 2 - The CISO Role & The Structure of the CISO MindMapSend us fan mail via text by clicking here!On the second episode of the CISO Mind Map Podcast, we chat about the role of CISO and key characteristics of the role across small and large companies. Topics range from the scope of the position to the specific reporting structures. If you are a CISO, you will probably see yourself in this podcast. If you are an aspiring CISO, we hope this podcast provides some background for your career planning.We also provide a high level of view of the structure of the CISO Mind Ma...2024-12-2234 min
CISO MindMap PodcastCMM 1 - Introduction to the CISO MindMap PodcastSend us fan mail via text by clicking here!Welcome to the first episode of the CISO MindMap Podcast. We hope to bring to life Rafeeq Rehman's famous CISO MindMap. With thousands of followers and readers, each year Rafeeq updates the CISO MindMap to help the community understand the scope and responsibilities of modern information security professionals. In this episode, meet your hosts Scott Hawk and Rafeeq Rehman where they discuss the origins of the CISO MindMap and the plans for future versions of this podcast.https://rafeeqrehman.com/https://www.linkedin.co...2024-12-1530 min
Great Security DebateStop, Collaborate and PivotOver the past 18 months, the way we work has changed including within the security field. On this episode of The Great Security Debate, Dan, Brian and Erik dig into some of the long-term implications of working today and beyond. From remote work to in-person or hybrid : what works best?Does security have a talent shortage, and how is it exacerbated by leadership issues?Was innovation and productivity stifled during COVID by remote work?How to build strong remote teams and learning from the history of global remote teams?Does...2021-09-131h 00