Shows
CvCISO PodcastCVCISO Podcast Ep. 77 Featuring Brian Gibbs and Academy's Launching of the CvCISO Level 3 CoursesTakeaways Every organization needs information security leadership. Level 3 courses are designed for complex environments. Communication is key for effective risk management. Understanding budgeting is crucial for cybersecurity professionals. Complexity in environments can lead to security vulnerabilities. The role of a VCISO is to provide leadership and guidance. Building a justified budget is essential for cybersecurity success. Experience in the field is necessary for effective consulting. Networking and community support are vital for growth. Continuous learning and adaptation are necessary in cybersecurity. Summary In this episode of CBC So Podcast, host Andy and guests discuss the importance of cyber...
2025-12-2252 minCvCISO PodcastCVCISO Podcast Episode 76 How to Avoid Scams, Fraud, and Criminals This ChristmasSummary This podcast episode discusses essential cybersecurity tips for the holiday season, emphasizing the importance of situational awareness, identifying scams, and protecting personal information. The hosts share insights on how to navigate online shopping safely, the risks associated with social media sharing, and the significance of educating family members about cybersecurity. They also highlight the need for trust and verification in all communications, especially during the holiday season when scams are prevalent. Takeaways Situational awareness is crucial during the holiday season. Don't rush your online purchases; take your time. Be cautious of fake shipping notices and charities. Gener...
2025-12-1558 minCvCISO PodcastCVCISO podcast episode 75 Special Richard Stroble and Respecting the Importance of our HealthSummary In this episode, the hosts and guests discuss the importance of health—mental, physical, and spiritual—in the context of their professional lives in security. They share personal experiences with health challenges, strategies for maintaining well-being, and the significance of accountability in both personal and professional realms. The conversation emphasizes the need for community support and the impact of food choices on overall health, while also touching on the role of spirituality and gratitude in fostering a positive mindset. Takeaways Health is crucial for effective work performance. Mental health stigma needs to be addressed openly. Sharing personal...
2025-12-0755 minCvCISO PodcastCvCISO Podcast Episode 74 Special Guest Dan Ovick and Holiday Awareness ResourcesSummaryIn this episode of CBC So Podcast, the hosts discuss various aspects of cybersecurity, particularly focusing on the upcoming holiday season and the associated risks. They introduce their guests, including Dan Ovick, who shares his journey in cybersecurity and the importance of community networking. The conversation shifts to holiday cybersecurity awareness, discussing the increase in scams and cyber threats during this time. The hosts emphasize the need for best practices in online safety, incident response planning, and the importance of educating youth about social media and cybersecurity. They conclude with final thoughts and advice for listeners...
2025-11-2652 minCvCISO PodcastCvCISO Podcast Episode 73 Glen Legus, CvCISO Foundations Course InstructorSummary In this episode of the CBC So podcast, host Andy and guests discuss various aspects of information security, including the importance of context in decision-making, market trends, and the value of leadership in security practices. They share personal stories and insights on navigating business challenges, the role of confidence, and the evolution of the CVCISO program. The conversation emphasizes the need for strategic thinking and community engagement in the field of information security. Takeaways The VC So market is stronger than ever. Context is crucial for making informed decisions. Confidence plays a significant role in business success. Investing in secu...
2025-11-171h 05CvCISO PodcastCvCISO Podcast Episode 72 The Road to Hell Is Paved With ConvenienceSummary In this episode of the CVC So Podcast, host Andy welcomes a diverse group of cybersecurity professionals, including Joe Moldenhauer, who shares her inspiring journey from the casino industry to becoming a cybersecurity analyst. The conversation emphasizes the importance of community, support, and purpose in the cybersecurity field, as well as the value of learning from experiences and the need for diverse perspectives. The guests discuss overcoming challenges, the significance of self-discipline, and the role of purpose in career development, ultimately encouraging listeners to pursue their passions and make a positive impact in the industry. takeaways
2025-11-101h 27CvCISO PodcastCvCISO Podcast Episode 71 Happy Halloween with Jo MoldenhauerSummary In this episode of the CVC So Podcast, host Andy welcomes a diverse group of cybersecurity professionals, including Joe Moldenhauer, who shares her inspiring journey from the casino industry to becoming a cybersecurity analyst. The conversation emphasizes the importance of community, support, and purpose in the cybersecurity field, as well as the value of learning from experiences and the need for diverse perspectives. The guests discuss overcoming challenges, the significance of self-discipline, and the role of purpose in career development, ultimately encouraging listeners to pursue their passions and make a positive impact in the industry. takeaways
2025-11-011h 04CvCISO PodcastCvCISO Podcast Episode 69 James Keltgen and Live Testing of Your IR PlanTakeaways Incident response plans are essential for effective cybersecurity management. Situational awareness is crucial for identifying potential threats. Communication during an incident is key to effective management. Training new employees quickly can reduce vulnerabilities. Creating a positive culture around cybersecurity encourages reporting of incidents. Personal incident response plans can help individuals prepare for potential threats. Lessons learned from incidents can improve future responses. Defining roles in incident response can streamline communication and actions. Understanding the adversary's tactics can enhance preparedness. Not every incident needs to be a disaster; proactive planning can lead to positive outcomes. Summary In this...
2025-10-1654 minCvCISO PodcastCvCISO Podcast Episode 68 The Password That Shut Down a 158-Year-Old BusinessIn this episode, the hosts discuss the cyber attack on Knights of Old, a 158-year-old logistics company that was shut down due to a ransomware attack. They explore the preventable nature of the incident, the lessons learned, and the role of Virtual Chief Information Security Officers (VCSOs) in advising clients on cybersecurity best practices. The conversation also delves into the Akira ransomware group, their tactics, and the importance of foundational cybersecurity measures. Takeaways The Knights of Old incident highlights the importance of multi-factor authentication. Cybersecurity incidents can lead to significant job losses and business closures. VCSOs play a crucial role in...
2025-10-0450 minCvCISO PodcastCvCISO Podcast Episode 67 Mental Health & Stress Resources for vCISOsSummary In this episode, the hosts discuss the anxiety that VCSOs face in their roles, exploring coping mechanisms, the importance of transparency, and how to handle mistakes. They delve into the phenomenon of the Sunday blues, share personal experiences, and emphasize the value of community support and learning from scenarios. The conversation highlights the need for self-awareness and the significance of building confidence through experience in managing anxiety effectively. Takeaways Anxiety is a common experience for VCSOs.Coping mechanisms can include open communication and self-care.The Sunday blues can affect many professionals, not just...
2025-09-2747 minCvCISO PodcastCvCISO Podcast Episode 66 Who a vCISO Should Have on Quick Dial(in Support of their clients)Summary In this episode, the hosts discuss the essential support structures for Virtual Chief Information Security Officers (VCSOs), emphasizing the importance of personal and professional relationships. They explore the need for a strong support system, including therapists and trusted friends, to navigate the challenges of the VCSO role. The conversation also highlights the significance of building a reliable Rolodex of contacts for incident response and other professional needs, as well as the value of community engagement and continuous improvement in the cybersecurity field. Takeaways Therapists should be part of your support system. Personal relationships are crucial for mental health. Self-awareness help...
2025-09-2247 minCvCISO PodcastCvCISO Podcast Episode 65 Nick Mullen and the Importance of Developing RelationshipsSummary In this episode, the hosts engage in a lively discussion with guest Jumpin Slick Nick about the importance of building relationships in the cybersecurity field. They explore the challenges of networking, overcoming imposter syndrome, and the role of vulnerability in professional growth. The conversation emphasizes the significance of effective communication, kindness, and genuine interest in fostering connections. The hosts share personal experiences and insights, highlighting that building trust and credibility is essential for success in any professional environment. TakeawaysBuilding relationships is crucial for success in cybersecurity.Trust, credibility, and likability are key com...
2025-09-1733 minCvCISO PodcastCvCISO Podcast Episode 64 Joe Erle and the State of Cyber InsuranceTakeaways Cyber insurance is essential for businesses to manage risk. Understanding the nuances of cyber insurance policies is crucial. The cyber insurance industry has evolved significantly post-COVID. Claims can be denied due to misrepresentation of information. Insurance applications are becoming more standardized across providers. Brokers play a vital role in ensuring accurate information is provided. Accurate information is critical to avoid claims denial. Risk management should be integrated with cyber insurance strategies. Collaboration between VCs and insurance agents can enhance risk management. Incident response planning is essential for effective cyber insurance coverage. Summary In this episode, the conversation revolves around the...
2025-09-0853 minCvCISO PodcastCvCISO Podcast Episode 63 The Salt Typhoon AttackSummary In this episode, the hosts discuss the Salt Typhoon hacking group, their recent attacks on US companies, and the broader implications of cybersecurity threats. They explore the reasons behind the naming of hacker groups, the importance of risk management, and the need for situational awareness in organizations. The conversation delves into the role of the Chinese government in cyber attacks, the techniques used by hackers, and notable breaches that have occurred. The episode emphasizes the need for better cybersecurity practices and the potential consequences of neglecting fundamental security measures. In this conversation, the speakers delve into the complexities o...
2025-09-0849 minCvCISO PodcastCvCISO Podcast Episode 62: The AI Myth or Fact GameThe podcast features a lively discussion among hosts and guests. Cybersecurity news is a critical topic in today's digital landscape. AI raises ethical questions regarding likeness and consent. Recent breaches highlight the need for accountability in cybersecurity. Community engagement is essential for raising awareness about cybersecurity issues. Information security is more about life skills than technical skills. Accountability in cybersecurity can lead to significant improvements. Engaging listeners creatively can enhance podcast experience. AI can generate misleading information that appears real. Companies can be held liable for harmful AI outputs. Training AI does not always require new data from scratch. Open-source...
2025-08-3046 minCvCISO PodcastCvCISO Podcast Episode 61 : St. Paul Ransomware Cyber AttackIn this episode, the hosts discuss the recent cybersecurity attack on St. Paul, Minnesota, exploring the nature of the attack, the implications for city services, and the importance of effective communication and incident response planning. They emphasize the need for transparency and accountability in handling such incidents, as well as the role of cyber insurance in mitigating risks. The conversation highlights the frustrations surrounding the lack of information and preparedness in the face of cyber threats. In this conversation, the speakers discuss the critical aspects of incident response in cybersecurity, emphasizing the importance of controlling the narrative, maintaining effective communication...
2025-08-3057 minCvCISO PodcastCvCISO Podcast Episode 60 Top 10 Mistakes vCISO's MakeSummary In this episode, the hosts discuss the top 10 mistakes made by Virtual Chief Security Officers (VCSOs) and how to avoid them. They emphasize the importance of understanding the role of a VCSO, effective communication with business leaders, and the need for a strategic approach to security rather than relying solely on tools. The conversation also covers the significance of building relationships, personal development, and measuring relevant metrics to drive meaningful change in security programs. Takeaways Acting like a CISO when you're a VCSO...
2025-08-2150 minCvCISO PodcastCvCISO Podcast Episode : 59 CvCISO Red FlagsSummaryIn this episode of the CvcISO So Podcast, hosts Evan Francen, Dave, and Jordon explore the humorous side of cybersecurity by identifying various red flags in VC engagements. The conversation is filled with laughter as they share funny anecdotes and insights about what to look out for in cybersecurity practices, emphasizing the importance of awareness and vigilance in the field. The hosts also touch on legal and ethical concerns, making the discussion both entertaining and informative. In this engaging conversation, the speakers explore the intersection of humor and seriousness in cybersecurity, discussing various red flags that can indicate...
2025-08-2049 minCvCISO PodcastCvCISO Podcast Episode 58: Hourly Work or Objective Based DifferencesKeywords CVCISO, pricing models, objective-based pricing, hourly pricing, client relationships, communication, mentorship, community support, value delivery, business growth takeawaysObjective-based pricing aligns with client needs and expectations.Hourly pricing can create a liability for service providers.Building trust with clients is essential for long-term relationships.Communication is key to managing client expectations and scope creep.Value should be prioritized over hours worked in service agreements.Community support can enhance professional growth and learning.Mentorship can provide guidance in unfamiliar projects.Transparency with clients fosters trust and understanding.Understanding client needs helps in setting appropriate pricing m...
2025-08-1253 minCvCISO PodcastCvCISO Podcast Episode 57: Incident ResponseSummaryIn this episode, the hosts explore key elements of effective cybersecurity incident response. They emphasize the importance of distinguishing between events and incidents, properly classifying incidents by severity, and understanding the strategic role of a vCISO (Virtual Chief Information Security Officer). The conversation highlights the value of proactive planning, clear communication, and meticulous documentation throughout the incident lifecycle. Common challenges—such as lack of authority, inadequate tooling, and communication breakdowns—are also discussed as critical areas for improvement in incident management.Takeaways- Incident response is vital for organizations to effectively manage and mitigate secu...
2025-08-0653 minCvCISO PodcastCvCISO Podcast Episode 56: AI and Its Societal ImpactSummary In this episode, the hosts discuss the pervasive influence of AI in our lives, particularly its implications for education, creativity, and ethical considerations. They explore the rapid deployment of AI technologies without adequate understanding or guidelines, the accountability of AI developers, and the potential for manipulation of information through AI. The conversation emphasizes the need for responsible use and education surrounding AI, as well as the long-term consequences of dependency on these technologies. In this conversation, the speakers delve into the multifaceted implications of AI on society, the environment, and individual decision-making. They discuss the significant resources r...
2025-06-1356 minCvCISO PodcastCvCISO Podcast Episode 55: How to Engage C-SuiteSummary In this episode, the hosts discuss effective communication strategies for engaging with C-suite executives. They emphasize the importance of concise messaging, understanding executive priorities, and building relationships based on empathy and common interests. The conversation highlights the need for adaptability in communication styles and the significance of listening to executives to provide valuable insights. The hosts share personal experiences and best practices for navigating the complexities of executive interactions. In this conversation, the speakers discuss effective communication strategies for engaging with executives, particularly in the context of information security and risk management. They emphasize the importance of u...
2025-06-0936 minCvCISO PodcastCvCISO Podcast Episode 54: How to Find Your WhySummary In this episode, the hosts explore the concept of 'why' and its significance in personal and professional life. They discuss the importance of discovering one's core values and how these values shape actions and decisions. Through personal reflections and exercises, the conversation delves into the impact of admiration on self-discovery and the role of relationships in understanding values. The hosts emphasize the need to communicate one's 'why' to foster connections and the importance of leaving a positive impact on others. In this conversation, the participants explore the significance of genuine connections, the discovery of core values, and t...
2025-05-3050 minCvCISO PodcastCvCISO Podcast Episode 53: Mental Health Awareness MonthSummary In this episode, the hosts discuss Mental Health Awareness Month, sharing personal stories and insights about mental health challenges. They emphasize the importance of being open about mental health, the stigma surrounding it, and the role of therapy. The conversation also touches on misconceptions about mental health, the impact of diet and exercise, and the effects of COVID-19 on mental well-being. The hosts encourage listeners to share their stories and seek help when needed, reinforcing that mental health is a crucial aspect of overall well-being. In this conversation, the speakers delve into the complexities of mental health, d...
2025-05-231h 06CvCISO PodcastCvCISO Podcast Episode 52: Essential Questions vCISOs Need to AskSummaryIn this episode of the CvCISO Podcast, the hosts engage in a light-hearted conversation that transitions into deeper discussions about the importance of relationships in business, essential questions to ask when engaging with clients, understanding business motivations, and the significance of trust and credibility in professional interactions. In this conversation, the speakers delve into the importance of building authentic relationships in business, particularly in the context of venture capital. They discuss how being transparent and genuine can foster better connections with clients. The dialogue emphasizes the significance of understanding the dynamics of a business, defining...
2025-05-0245 minCvCISO PodcastCvCISO Podcast Episode 51: Salary Expectations for vCISOsSummaryIn this episode, the hosts discuss the complexities surrounding the compensation and role of a Virtual Chief Information Security Officer (VCISO). They explore various factors influencing salary, the distinction between VCISO and CISO roles, and the importance of technical knowledge and mentorship in developing effective security leaders. The conversation also highlights the challenges faced in client engagements and the need for clear communication regarding roles and responsibilities. In this conversation, the participants delve into the complexities of client assessments, the importance of communication in building relationships, and the challenges faced in cybersecurity development. They discuss...
2025-04-2544 minCvCISO PodcastCvCISO Podcast Episode 50: How to Stay Educated as a vCISOSummaryIn this special 50th episode of the CvCISO Podcast, the hosts celebrate their milestone while discussing the importance of continuing education for venture capitalists (VCs). They explore various strategies for staying educated, including maximizing conference experiences, understanding CPE requirements, and aligning learning with career goals. The conversation emphasizes the significance of being proactive in professional development and the various avenues available for earning CPEs, including independent learning and community involvement. In this conversation, the speakers discuss the importance of maximizing the value of Continuing Professional Education (CPE) credits, emphasizing the need for passion and engagement...
2025-04-1854 minCvCISO PodcastCvCISO Podcast Episode 49: Embellishing Credentials - A Dangerous GameSummaryIn this episode, the hosts discuss the controversy surrounding Mark Lanterman, a forensic expert accused of embellishing his credentials. They explore the implications of credibility and integrity in the cybersecurity field, particularly for expert witnesses. The conversation delves into the ethical responsibilities of professionals and the potential legal ramifications of misrepresentation. The hosts reflect on the importance of validating claims and the consequences of failing to do so, both personally and professionally. In this conversation, the speakers delve into the implications of dishonesty, particularly in professional settings. They discuss the consequences of lies, the importance...
2025-04-1143 minCvCISO PodcastCvCISO Podcast Episode 48: Infragard Critical InfrastructureSummaryIn this episode, Meg and Dave discuss the importance of viewing information security not just as an IT issue, but as an organizational and societal concern. They explore how different departments within an organization contribute to security and the need for a holistic approach. The conversation also delves into the societal dependency on technology and the implications of critical infrastructure failures. They emphasize the importance of collaboration between sectors to enhance security and resilience in communities. In this conversation, Dave and Meg explore the complexities of cybersecurity consulting, focusing on the importance of regulatory standards...
2025-04-0853 minCvCISO PodcastCvCISO Podcast Episode 47: Fear of FailureSummary In this episode, the hosts discuss the concept of failure, exploring its inevitability and the importance of embracing it as a part of growth. They share personal anecdotes and insights from a book titled 'Chasing Failure,' emphasizing that failure can lead to unexpected opportunities and learning experiences. The conversation also touches on the fear of failure, the need for a supportive culture that accepts failure, and the distinction between rational and irrational fears surrounding failure. In this conversation, the speakers delve into the complex nature of failure and success, exploring how failures can...
2025-03-2841 minCvCISO PodcastCvCISO Podcast Episode 46: Meet DaveSummary In this episode of the CvCISO Podcast, host Evan Francen and co-hosts Jordan and Meg welcome Dave Tuckman, the new Executive Director at the Academy. They discuss Dave's background in IT and cybersecurity, his transition to FRSecure, and the importance of awareness training in the industry. The conversation also touches on work-life balance, the therapeutic role of music, and the vision for the Academy to uplift others through education and community building in cybersecurity. In this engaging conversation, the speakers delve into the importance of mentorship and building relationships for personal and professional success. They explore aspirations f...
2025-03-2151 minCvCISO PodcastCvCISO Podcast Episode 45: Building a Security First CultureSummary In this episode, the hosts discuss the importance of integrating security into business culture while maintaining a fun and engaging environment. They explore the concept of a 'security first' mentality, emphasizing that security should not overshadow business objectives but rather be a part of them. The conversation highlights the significance of situational awareness, employee empowerment, and the role of leadership in fostering a security-conscious culture. The hosts also challenge the notion that people are the weakest link in security, advocating for better system designs and training to enhance overall security awareness. In this conversation, the speakers delve i...
2025-03-1449 minCvCISO PodcastCvCISO Podcast Episode 44: Essential Tips for vCISOsSummary In this episode, the hosts discuss essential tips for Virtual Chief Security Officers (VCSOs), emphasizing the importance of understanding the business context before addressing security concerns. They highlight the need for preparation, relationship building, and simplifying complex security concepts to effectively communicate with business leaders. The conversation also covers the significance of asset inventory, prioritizing impactful security initiatives, and using analogies to convey security risks in a relatable manner. In this conversation, Evan Francen discusses the importance of building impactful relationships within a business to achieve significant wins. He emphasizes leveraging credibility when making recommendations, the power of...
2025-03-061h 03CvCISO PodcastCvCISO Podcast Episode 43: DOGE and Information SecuritySummary In this episode, Evan and Jordon dive into the controversial topic of Doge, discussing its implications on government efficiency and information security. They explore the emotional responses surrounding political decisions, the role of trust in government, and the privacy concerns that arise from data access. The conversation emphasizes the importance of questioning narratives and understanding the complexities of the system, particularly in relation to social security and data security. In this conversation, Evan Francen and Jordon discuss the inefficiencies and challenges within government systems, particularly focusing on identity recovery and cybersecurity. They explore the emotional manipulation prevalent i...
2025-02-2751 min
Sunsets & SnowdriftsEpisode 10: Cozy Connections and Digital SafetyThis month on the Sunsets & Snowdrifts podcast, Michael and Evan explore how to stay emotionally connected and secure during the colder months with actionable advice on combatting winter blues, online privacy check-ups, and creative ways for staying cozy in a digital world.Let’s make this winter a season of well-being both on and offline!Subscribe to Sunsets & Snowdrifts so you never miss a beatThis podcast is brought to you by SecurityStudio and Ostra Cybersecurity.To learn more about how to partner with Ostra, https://www.ostra.net/contact/ or follo...
2025-02-2055 minCvCISO PodcastCvCISO Podcast Episode 42: Breaking Into Cybersecurity - A Guide for NewcomersSummaryIn this episode, the hosts discuss the various pathways into the cybersecurity field, addressing the challenges faced by newcomers and those looking to transition into the industry. They share personal stories of their journeys, the importance of having a clear purpose, and the role of education and certifications in building a successful career in cybersecurity. The conversation emphasizes the need for practical experience and the realities of job expectations in the current market. In this conversation, the speakers discuss the importance of practical experience over formal education in the cybersecurity field. They emphasize the need...
2025-02-1857 minCvCISO PodcastCvCISO Podcast Episode 41: MentorshipSummary In this episode, the hosts discuss the significance of mentorship in personal and professional development. They explore the nuances of what mentorship means, the difference between wisdom and education, and how informal mentorship can occur within communities. The conversation emphasizes the importance of experience, the role of mentors in shaping careers, and the reciprocal nature of mentorship relationships. The hosts also touch on the idea that everyone has the potential to be a mentor, regardless of their formal title or position. In this conversation, Evan Francen and Meg discuss the multifaceted nature of mentorship, emphasizing t...
2025-02-0750 minCvCISO PodcastCvCISO Podcast Episode 40: AI in the WorkplaceSummaryIn this episode, the hosts discuss the significance of mentorship in personal and professional development. They explore the nuances of what mentorship means, the difference between wisdom and education, and how informal mentorship can occur within communities. The conversation emphasizes the importance of experience, the role of mentors in shaping careers, and the reciprocal nature of mentorship relationships. The hosts also touch on the idea that everyone has the potential to be a mentor, regardless of their formal title or position. In this conversation, Evan Francen and Meg discuss the multifaceted nature of mentorship, emphasizing...
2025-02-0456 minCvCISO PodcastCvCISO Podcast Episode 39: vCISO Role in BCI and DRPSummaryIn this episode, the hosts and guests delve into the concept of Zero Trust Architecture, discussing its legitimacy, implementation challenges, and the importance of understanding its principles. They explore how Zero Trust can enhance security while also serving as a business strategy that can potentially reduce costs and increase revenue through better risk management and compliance. The conversation highlights the complexities of adopting Zero Trust in large organizations and emphasizes the need for clear definitions and practical steps to implement it effectively. In this conversation, the speakers delve into the critical aspects of...
2025-01-2455 minSunsets & SnowdriftsEpisode 9: New Year, New Perspectives (And Cyber Safety)Start the new year with new perspectives on cyber safety. Mike and Evan are here to share their goal-setting strategies, daily journaling tips, and easy cybersecurity habits to keep your digital life safe in 2025!Subscribe to Sunsets & Snowdrifts so you never miss a beatThis podcast is brought to you by SecurityStudio and Ostra Cybersecurity.To learn more about how to partner with Ostra, https://www.ostra.net/contact/ or follow us on https://www.linkedin.com/company/ostra-inc/.To learn more about SecurityStudio, https://securitystudio.com/contact/ or follow us on https...
2025-01-2357 minCvCISO PodcastCvCISO Podcast Episode 38: Zero Trust: Is it Real?In this episode, the hosts and guests delve into the concept of Zero Trust Architecture, discussing its legitimacy, implementation challenges, and the importance of understanding its principles. They explore how Zero Trust can enhance security while also serving as a business strategy that can potentially reduce costs and increase revenue through better risk management and compliance. The conversation highlights the complexities of adopting Zero Trust in large organizations and emphasizes the need for clear definitions and practical steps to implement it effectively. In this conversation, the speakers delve into the critical aspects of security policies, breach notifications, and the implementation...
2025-01-1757 minCvCISO PodcastCvCISO Podcast Episode 37: MN Local Chapter 2024 Year in ReviewIn this episode of the CvCISO Podcast, the hosts and guests discuss the Minnesota Local Chapter's progress, focusing on community building, mental health check-ins, and the importance of support structures in the information security field. They share insights on how the chapter has fostered a sense of belonging and collaboration among its members, highlighting accomplishments and future goals for growth and authenticity within the community. In this engaging conversation, the participants explore various themes including the humorous use of iPhone shortcuts, the importance of authenticity in professional relationships, and the value of diverse perspectives in the cybersecurity community. They discuss...
2025-01-1051 minCvCISO PodcastCvCISO Podcast Episode 36: A Year in ReviewSummary In this episode, the hosts discuss updates on the CvCISO Academy, reflecting on the past year and looking forward to 2025. They emphasize the importance of community engagement, new leadership roles, and the need for standardization in cybersecurity practices. The conversation also touches on personal growth and the value of continuous learning, with lighthearted moments shared among the hosts. In this conversation, the speakers discuss the importance of uplifting relationships, continuous learning, and situational awareness in both personal and professional contexts. They explore how these themes relate to cybersecurity, highlighting key events and trends from 2024, the impact of m...
2024-12-2758 minCvCISO PodcastCvCISO Podcast Episode 35: vCISO Habits and RoutinesSummary In this episode of the CvCISO Podcast, hosts Evan, Meg, and Jordon discuss the essential routines and habits for vCISOs, emphasizing the importance of building strong relationships, understanding pricing, and the value of intangibles in cybersecurity. They explore the pathways to entering the cybersecurity field, including education and gaining practical experience, while also addressing the confusion surrounding the industry and the need for clear communication. In this conversation, Evan Francen discusses the importance of effective communication and relationship-building in the role of a Virtual Chief Security Officer (vCISO). He emphasizes the need for thorough preparation, the value o...
2024-12-2050 minSunsets & SnowdriftsEpisode 8: Home For the HolidaysThis month, we're diving into how to talk about cybersecurity with your loved ones—without the geeky tech talk or panic. Let’s make online safety part of your holiday traditions in a way that feels natural, supportive, and empowering for everyone.This podcast is brought to you by SecurityStudio and Ostra Cybersecurity.To learn more about how to partner with Ostra,https://www.ostra.net/contact/ or follow us on https://www.linkedin.com/company/ostra-inc/.To learn more about SecurityStudio, https://securitystudio.com/contact/ or follow us on https://www.linkedin.com/company...
2024-12-1256 minCvCISO PodcastCvCISO Podcast Episode 34: Routines and HabitsSummary In this episode, the speakers explore various themes surrounding self-care, routines, and habits. They discuss the importance of embracing natural beauty, the significance of hydration and morning rituals, and the symbolism behind daily habits like showering. The conversation also delves into the social aspects of habits, particularly focusing on smoking and drinking, and how these habits can foster connections or lead to negative consequences. In this conversation, the speakers explore various personal habits and their impacts on mental health, relationships, and overall well-being. The conversation also touches on the significance of gratitude and contentment in daily life, e...
2024-12-0652 minCvCISO PodcastCvCISO Podcast Episode 33: Navigating the Assessment Landscape Pt 3Summary In this episode of the CvCISO Podcast, the hosts engage in a light-hearted conversation that transitions into a serious discussion about access control policies, the role of IT in managing access, and the importance of user account reviews. They explore the risks associated with shared accounts and the significance of system and service accounts in cybersecurity. The episode concludes with a focus on authentication and password management, emphasizing the need for robust security practices. In this conversation, the participants discuss various aspects of organizational security, focusing on password policies, password management systems, encryption, mobile device security, remote work...
2024-12-0256 minCvCISO PodcastCvCISO Podcast Episode 32: Navigating the Assessment Landscape Pt 2Summary In this episode of the CvCISO Podcast, the hosts continue their assessment discussion, focusing on the roles of CEO, CFO, and VC. They explore the importance of separation of duties, risk management, and the impact of experience on wisdom. The conversation transitions into the assessment process, covering topics such as screening and background checks, security policies, employee monitoring, and training for privileged users. The hosts emphasize the need for awareness training and the significance of having a structured approach to security in small businesses. In this conversation, the speakers delve into various aspects of information security, focusing on...
2024-11-2354 minCvCISO PodcastCvCISO Podcast Episode 31: Navigating the Assessment Landscape Pt 1Summary In this episode, the hosts engage in a mock assessment to explore the intricacies of conducting information security assessments. They discuss the importance of understanding risk management, setting expectations, and building rapport with clients. The conversation highlights the human factors involved in assessments, the significance of administrative controls, and the need for clear communication about policies and insurance. Through their dialogue, they aim to demystify the assessment process and provide insights into effective risk management strategies. In this conversation, the speakers discuss effective strategies for conducting assessments in information security, emphasizing the importance of not wasting executives' time...
2024-11-1852 minCvCISO PodcastCvCISO Podcast Episode 30: Tips and Tricks for Your First AssessmentSummary In this episode, the hosts share insights on overcoming intimidation, the value of community support, and practical tips for new assessors to build confidence and improve their skills. The conversation emphasizes the significance of being oneself and learning from experiences, even when they feel uncomfortable. In this engaging conversation, the speakers explore the importance of authenticity in assessments, the value of learning through experience, and the significance of mentorship in career progression. They share personal anecdotes that highlight the lessons learned from real-life scenarios, emphasizing the need for collaboration and continuous improvement in training programs. The discussion a...
2024-11-1240 min
CvCISO PodcastEpisode 29: Keeping it Real - The Scary Side of vCISO WorkSummary In this episode, the hosts discuss the scary aspects of being a Virtual Chief Information Security Officer (vCISO), including the challenges of limited control and high accountability, navigating client expectations, and the constantly shifting threat landscape. They emphasize the importance of understanding roles and responsibilities, combating fear with knowledge, and the value of community support in the cybersecurity field. In this conversation, the speakers delve into the complexities of professional roles in cybersecurity, emphasizing the importance of authenticity, the pressure to justify one's value, and the realities of on-call responsibilities. They discuss the inevitability of breaches and the...
2024-10-3140 minCvCISO PodcastEpisode 28: Truth or MythSummary In this episode, the hosts engage in a lively discussion about various statements related to cybersecurity, exploring whether they are truths or myths. They delve into the costs associated with cybersecurity, the role of VCISOs, the importance of communication in cybersecurity, and the relevance of the CVCISO course. The conversation emphasizes the need for a proper understanding of cybersecurity's value and the fun aspects of being a VCISO. In this conversation, the speakers discuss the importance of finding joy in work, the misconceptions surrounding cybersecurity responsibilities, the vulnerability of small businesses to cyber threats, and the critical role...
2024-10-2550 minCvCISO PodcastEpisode 27: Handling Objections as a vCISOSUMMARYIn this episode of the CvCISO Podcast, hosts Evan, Jordon, and Meg engage in a lively discussion about overcoming objections in vCISO consulting, the importance of framing security in business terms, and leveraging data to support their recommendations. They also touch on personal challenges and the role of emotional intelligence in navigating objections, emphasizing the need for clear communication and understanding the root causes of objections. In this engaging conversation, the speakers explore various themes including the importance of humor in communication, the need for flexibility and challenging ideas, and the significance of building credibility through quick wins...
2024-10-1859 minCvCISO PodcastEpisode 26: Is the CVCISO Program Credible?In this episode, Jordon, Meg, and Evan discuss the credibility of the CvCISO certification with special guest Lyle Melnychuk. They explore the value of the certification, the importance of community support, and the real-world application of the training. The conversation delves into the distinction between credibility and recognition, emphasizing that true credibility comes from experience and the ability to implement knowledge effectively. The hosts also highlight the need for collaboration within the industry and the role of local chapters in enhancing the program's credibility. Ultimately, they conclude that the CvCISO certification is credible due to its practical application a...
2024-10-091h 08Sunsets & SnowdriftsEpisode 7: The Human Side of CybersecurityIn this episode of Sunsets and Snowdrifts, Evan and Michael delve into the complexities of cybersecurity, focusing on the human element and emotional intelligence. They discuss the importance of understanding why people fall for phishing attacks, the role of emotions in decision-making, and the need for a supportive culture in cybersecurity. The conversation emphasizes the significance of situational awareness, learning from mistakes, and the power of authenticity in fostering a secure environment. The hosts advocate for open discussions about failures and the importance of balancing security measures with business needs.This podcast is brought to you by SecurityStudio...
2024-10-0749 minCvCISO PodcastEpisode 25: Understanding the Role of vCISOIn this episode of the CvCISO Podcast, hosts Evan, Meg, and Jordon engage in a candid discussion about mental health, the role of a Virtual Chief Information Security Officer (vCISO), and the critical distinction between compliance and risk management in information security. They explore the importance of understanding security risks, the misconceptions surrounding compliance, and the need for a relationship-driven approach in consulting.The conversation emphasizes the empowerment of business owners to make informed decisions about their security practices, moving beyond mere compliance to a more holistic risk management strategy.TakeawaysTalking with...
2024-10-071h 00CvCISO PodcastEpisode 24: Communication, Trust, and AuthenticityIn this episode, the Evan, Meg, and Jordon engage in a deep conversation about the importance of communication, trust, and authenticity in both personal and professional relationships. They explore how understanding one's audience and being aware of the impact of words can enhance interactions. The discussion emphasizes the need for vulnerability, empathy, and the courage to have difficult conversations. The hosts share personal anecdotes and insights on navigating societal sensitivities, the art of being oneself, and the significance of transparency in fostering genuine connections.TakeawaysAlways consider your audience when communicating.Trust is essential for...
2024-09-2954 minCvCISO PodcastEpisode 23: Radical Acceptance and Mental HealthIn Episode 23 of the CvCISO Podcast, hosts Meg, Evan, and Jordon discuss the concept of radical acceptance and its implications for mental health. They explore how radical acceptance can help individuals cope with their realities, the stigma surrounding mental health, and the importance of self-acceptance. The conversation also touches on the differences between guilt and conviction, practical applications of radical acceptance in both personal and professional settings, and the connection between acceptance and change. The hosts emphasize the need for open discussions about mental health and the importance of creating safe spaces for sharing experiences.Takeaways...
2024-09-2037 minCvCISO PodcastEpisode 22: Recent S2 Changes & Clarifying InfoSec DefinitionsIn this conversation, Evan, Jordon, and Meg discuss the recent changes at Security Studio and attempt to define some common information security terms/buzzwords.This is Jordon's topic this week, and he decided to play a game of sorts. He chooses a common information security term or buzzword, Evan and Meg give their definitions of the term/buzzword, then he compares our definitions to what ChatGPT says. The terms/buzzwords he chose were "Zero Trust", "Pentesting", "Nextgen", and "Threat Hunting". The perspectives shared by the CvCISO Podcast crew might be enlightening, but they're certainly entertaining!See...
2024-09-171h 09CvCISO PodcastEpisode 21: Events, Incidents, Breaches, and CompromisesJoin hosts Evan, Meg, and Jordon in this engaging episode of the CvCISO Podcast as they explore critical topics in information security, including the definitions and distinctions between events, incidents, breaches, and compromises, and how aligning these definitions with clients and stakeholders is vital for clear communication. The discussion moves into personal experiences with intrusion detection systems, the challenges of false positives, and the process of fine-tuning these systems for better situational awareness. Along the way, they highlight how precision and clarity in incident response can prevent misunderstandings and help build trust w...
2024-09-1455 minSunsets & SnowdriftsEpisode 6: Looking back (so far) on 2024 and Ahead to 2025In this episode, Evan and Michael welcome Paul Dobbin, Chief Growth Officer of Ostra Cybersecurity. Paul opened with a question about what we're concerned about as we come up on the 4th quarter of 2024 and start planning for 2025. Michael started with AI and its impact on traditionally successful social engineering attacks, and Evan started with the importance of situational awareness and better communications. The intriguing conversation that followed is sure to keep you engaged and entertained!Towards the end of the show, Paul mentioned the upcoming launch of Evan's new podcast, "InfoSec to Insanity" on September 19. Learn more h...
2024-09-1253 minCvCISO PodcastEpisode 20: Taking the Non-Technical PathIn this episode of the CvCISO Podcast, Evan and Meg sit down with Sonal Chandler, founder of Minerva Consulting, to discuss her journey into cybersecurity as a non-technical professional. Sonal shares how she built credibility through certifications and emphasizes the value of diverse perspectives in the industry. The conversation covers key topics, including the challenges of hiring in cybersecurity, the importance of asking 'why' to drive creativity, and the supportive nature of the CvCISO program. Sonal also talks about building client trust, overcoming biases in assessments, and the role of effective communication and transparency. Finally, they explore the significance of...
2024-08-3058 minCvCISO PodcastEpisode 19: The Art of LikabilityIn this episode of the CvCISO Podcast, hosts Meg, Jordon, and Evan explore how likability plays a crucial role in building strong relationships. They discuss essential strategies such as active listening, being fully engaged, and showing authentic interest in others. The episode also highlights the impact of body language, the importance of authenticity, and the value of maintaining self-awareness without over-relying on external validation. Tune in to gain actionable insights on how likability can boost both your personal and professional connections.To learn more about the CvCISO Program, visit: https://securitystudio.com/academy
2024-08-2357 minCvCISO PodcastEpisode 18: CvCISO Training Program Plans & UpdatesIn this episode, Jordon, Evan, and Meg cover a range of topics, from personal hobbies like attending concerts, painting, fishing, and watching dog movies, to Evan’s plans for a puppy party while his wife is away. They also dive into important updates within the CvCISO community, discussing the creation of a LinkedIn group, potential quarterly meetups, and the development of CvCISO courses with accompanying textbooks. The episode underscores the value of community in providing support, sharing knowledge, and fostering accountability.To learn more about the CvCISO Program, visit: https://securitystudio.com/academy
2024-08-161h 01CvCISO PodcastEpisode 17: Finding Your Niche in the Cybersecurity IndustryIn this episode, our hosts sit down with cybersecurity experts Lyle Melnychuk and Brian Gibbs to discuss their journeys from traditional IT roles to cybersecurity leadership. They delve into the challenges of making this transition, the critical role of trust and client service, and the necessity of a strong cybersecurity foundation. The discussion offers valuable insights for those starting their careers in cybersecurity, stressing the importance of hands-on experience over formal education. Lyle and Brian share their diverse paths within the industry, the importance of mastering the basics like policy and asset management, and the benefits of programs like CISSP...
2024-08-091h 05Sunsets & SnowdriftsEpisode 5: Truth In Cyber: Taking the PledgeIn this episode, our hosts discuss the CrowdStrike outage and the industry's collective response to high-profile breaches, highlighting misleading practices and predatory sales tactics. They emphasize the need for greater transparency and truth in cybersecurity, exploring systemic issues that contribute to these problems. The episode introduces the Truth In Cyber initiative, led by Kennedy, which aims to transform the industry by promoting honesty and better practices. Tune in to learn more about fixing a broken industry and how you can be part of the change. Visit https://truthincyber.org/ to take the pledge and join the movement.This...
2024-08-051h 00CvCISO PodcastEpisode 16: The Power of Mentorship & Community in CybersecurityIn this episode, our hosts and special guests explore the crucial role of mentorship and community in the cybersecurity industry. They address the challenges faced when transitioning from IT to InfoSec, emphasizing the importance of support, transparency, and vulnerability. Discover how local chapters provide a supportive environment for cybersecurity professionals.Key topics include the importance of security in information management, practical experience in policy management and communication, the enjoyment of conducting assessments, and balancing availability with security. The conversation also highlights the need for continuous learning and collaboration in the cybersecurity community and encourages individuals to take ownership...
2024-08-0246 minCvCISO PodcastEpisode 15: The Challenges and Rewards of Being a Virtual CISOIn this episode, Evan Francen and Meg Perron sit down with Greg Schaffer, a seasoned virtual Chief Information Security Officer (vCISO) and the host of the Virtual CISO Podcast. Together, they delve into the critical pillars of trust, credibility, and likability in the cybersecurity industry. Greg shares his inspiring journey from a network engineer to a CISO, eventually leading to the creation of his own virtual CISO services. He opens up about the unique challenges and rewards of being a virtual CISO, highlighting the importance of integrity and a servant mindset in this ever-evolving field.Throughout the conversation...
2024-07-261h 03CvCISO PodcastEpisode 14: Decoding Cybersecurity Leadership: Fractional CISO vs. vCISOIn this episode, our hosts tackle the world of cybersecurity leadership with special guests Brent Forrest and Lyle Melnychuk. They bring their extensive experience to the table to dissect and differentiate between two crucial roles: the fractional CISO and the vCISO.What exactly distinguishes a fractional CISO from a vCISO? How do these roles impact organizations differently? Our hosts and guests explore how these roles differ in scope, engagement models, and strategic alignment within organizations. Discover the unique advantages each role offers.To learn more about the CvCISO program, visit: https://www.securitystudio.com/academy/academy-overview
2024-07-1955 minSunsets & SnowdriftsEpisode 4: Pitfalls of Checking the Compliance BoxIn this episode of Sunsets & Snowdrifts, we delve into the essential topic of cybersecurity compliance and how to avoid the “checkbox mindset.” Join us as we clarify what true compliance entails, differentiate between cybersecurity standardization and compliance, and emphasize the importance of a security-first approach. Our experts provide valuable insights on how to integrate security into your company culture, distinguish between information security and cybersecurity, and the mindset security consultants should adopt for effective client communication. Tune in for actionable strategies to enhance your cybersecurity practices beyond mere compliance!This podcast is brought to you by SecurityStudio and Ostr...
2024-07-1057 minCvCISO PodcastEpisode 13: Get Yourself a Kevin: Mastering the Transition to a Successful vCISO RoleIn this episode, our hosts discuss the transition to a Virtual Chief Security Officer (vCISO) role. They discuss the motivations behind choosing a vCISO career and the key factors to consider when making this shift. Learn about the unique benefits of being a vCISO, such as consulting for multiple clients and having greater control over security decisions.Through sharing their own experiences, the hosts offer valuable advice for those contemplating a career change to vCISO. They highlight the importance of having a clear purpose, commitment, and vision, as well as the necessity of a strong support system. The...
2024-07-0549 minCvCISO PodcastEpisode 12: Convenience vs. SecurityIn this episode, Evan and Jordon explore the tension between convenience and security, and the common resistance to stronger security practices. They dive into the recent Snowflake breach, scrutinizing the company's lack of transparency and accountability. They discuss the critical importance of taking responsibility for data breaches and the profound impact on affected individuals. The conversation emphasizes the necessity of multi-factor authentication as a basic security measure, contrasting it with the risks of single-factor authentication.The hosts also address how businesses can responsibly leverage technology, simplify processes, and prioritize impactful measures. Key takeaways include the need for transparent...
2024-06-2848 minCvCISO PodcastEpisode 11: Leading Through Organizational ChangeIn this episode, Evan Francen, Meg Perron, Jordon Darling, and special guest Jim Perron work through the nuances of leading through organizational change. They explore the importance of aligning leadership with the business’s mission and language, forging strong relationships with influential leaders, and the role of personal growth in enhancing leadership impact. The discussion underscores the necessity of speaking the business language, understanding stakeholder motivations, and embodying core values that emphasize selfless service. Listeners will gain valuable insights into the timing and momentum in leadership, situational awareness, and the need for genuine industry care and a mission larger than on...
2024-06-1457 minSunsets & SnowdriftsEpisode 3: AI in CybersecurityIn this episode, our hosts will be diving into the transformative role of AI in cybersecurity. From past discussions on AI biases and its real vs. buzzword status, they'll now focus on its direct impact on cybersecurity, touching on how AI is reshaping cybersecurity, the societal and workforce implications, and the reality behind the marketing buzzword.This podcast is brought to you by SecurityStudio and Ostra Cybersecurity.To learn more about how to partner with Ostra, start a conversation with our team or follow us on LinkedIn.To learn more about SecurityStudio, contact us or fol...
2024-06-0758 minCvCISO PodcastEpisode 10: All About MentorshipIn this episode, Jordon Darling and Evan Francen explore the power of mentorship and the role it plays in personal and professional development. They discuss the qualities of a good mentor, the spectrum of mentorship, and the importance of setting an example for others. The hosts share personal experiences and insights, emphasizing the value of humility, authenticity, and care in mentorship.For more information on the CvCISO program visit: https://cvciso.com
2024-06-0736 minCvCISO PodcastEpisode 9: Mental Health Awareness for vCISOsIn this impactful episode, our hosts dive deep into the critical topic of mental health awareness, specifically focusing on its significance for Virtual Chief Security Officers (vCISOs). Join us as we explore the importance of creating safe spaces for open conversations about mental health struggles and the urgent need to dismantle the stigma surrounding mental health issues. Through candid discussions and personal anecdotes, we uncover the transformative power of acceptance and support in overcoming mental health challenges. We emphasize the crucial role business owners play in fostering a mentally healthy workplace and the necessity of leading by example to promote w...
2024-05-2451 minCvCISO PodcastEpisode 8: A Pulse on K-12 CybersecurityIn this episode of the CvCISO Podcast, we dive into the crucial topic of cybersecurity in K-12 education with our special guests, Jonathan Skarin and Chris Rule. Jonathan, from an education agency in Iowa, and Chris, working within a school district in Wyoming, share their insights on the challenges and triumphs of implementing robust cybersecurity measures in schools.They discuss the importance of prioritizing cybersecurity to ensure the safety and digital responsibility of students. They emphasize the need for increased funding, awareness, and leadership in the education sector to protect our schools and prepare students for the digital age.
2024-05-171h 03CvCISO PodcastEpisode 7: The "Officer" in vCISOIn this episode, the hosts discuss the importance of the 'O' in vCISO (virtual Chief Information Security Officer) and how vCISOs can effectively communicate and work with leadership. They emphasize the need for vCISOs to have a seat at the table and be involved in strategic decision-making. The team also explores the challenges of being a virtual CISO and the importance of positioning oneself as an officer rather than just an analyst or manager. They discuss strategies for breaking down barriers and building relationships with C-level executives, as well as the importance of understanding the culture of the organization. The...
2024-05-1041 minSunsets & SnowdriftsEpisode 2: A Pulse on Mental Health in the Cyber IndustryIn this episode, our hosts dive into a crucial yet often overlooked aspect of the cyber industry: mental health. Evan Francen and Michael Kennedy have a candid conversation about the significance of prioritizing mental well-being and share their insights on the importance of leaning on others and fostering a culture of openness within the industry. They emphasize the critical role of leaders in creating a supportive environment where team members feel comfortable sharing their struggles and seeking help when needed. They also explore the concept of truth-telling and transparency in the cyber industry, highlighting how these values not only enhance...
2024-05-031h 02CvCISO PodcastEpisode 6: Communicating Your ValueIn this episode, the hosts discuss the importance of effectively communicating their value as a vCISO (Virtual Chief Information Security Officer) and how it applies to other industries as well. The hosts discuss the need to understand the client's problem and align with their motivations. The hosts share their personal stories and experiences in building relationships with clients and the importance of empathy and understanding. The conversation explores the importance of storytelling in communicating value and building relationships with customers. The hosts discuss how stories can create a connection and evoke emotions, making it easier for customers to understand the v...
2024-05-0356 minCvCISO PodcastEpisode 5: Essential Advice for an Aspiring vCISOIn this episode, the conversation is about essential advice for aspiring vCISOs (Virtual Chief Information Security Officers), focusing on integrity, ethics, and establishing clear boundaries. They emphasize the importance of understanding the information security landscape and developing technical skills, even without being experts. Soft skills like effective communication, compassion, and understanding are deemed crucial for building relationships and safeguarding people. Participants share personal experiences, advocating for thinking like a business leader and speaking the language of business. Networking and collaboration are highlighted as vital for learning, gaining diverse perspectives, and receiving support. The hosts emphasize the importance of honing these...
2024-04-2657 minCvCISO PodcastEpisode 4: Imposter SyndromeIn this podcast episode, the hosts engage in a deep dive into the topic of imposter syndrome as Meg Perron shares her journey of grappling with it after a significant career change. They explore the psychological roots of imposter syndrome, including pervasive feelings of self-doubt and the fear of being exposed as a fraud. Throughout the discussion, they highlight the crucial roles of self-awareness, self-acceptance, and empathy in recognizing one's value and capabilities. The conversation also covers the importance of maintaining a supportive network and finding a balance between confidence and humility. Emphasizing personal growth and honest self-reflection, the speakers...
2024-04-1957 minCvCISO PodcastEpisode 3: Aligning InfoSec Objectives with Business GoalsIn this conversation, the hosts discuss the importance of understanding the organization and industry as a CISO. They emphasize that successful CISOs are not just about technology, but also about aligning information security objectives with business goals. They highlight the need for CISOs to have people skills and the ability to communicate effectively with non-technical stakeholders. The hosts also discuss the role of mentorship and the importance of continuous learning in the field of information security. They explore how CISOs can contribute to the organization's bottom line by increasing revenue through market differentiation and improving efficiency through asset management. Overall...
2024-04-1254 minCvCISO PodcastEpisode 2: So You're a vCISO, Now What?Join our hosts for episode two as they dive into the VCISO journey, from the challenge of landing that first customer to the ongoing quest of building trust, credibility, and honesty in client relationships. They discuss the art of demonstrating value without resorting to fear tactics, emphasizing communication and continuous self-improvement. The hosts talk about fostering trust through regular goal check-ins and personal accountability, understanding that while you can't change others, you can always evolve yourself to better fit your client's needs. Whether you're just starting or seeking to refine your VCISO practice, this episode offers valuable insights into the...
2024-04-0550 minSunsets & SnowdriftsEpisode 1: The Origin Story"Sunsets and Snowdrifts: Life on the Cyber Horizon" kicks off its first episode with a warm introduction from host Frank Gurnee in California, joined by cybersecurity experts Evan Francen and Michael Kennedy, bringing their insights from the contrasting climates of Puerto Vallarta, Mexico, and Minnesota, respectively. The podcast aims to unravel the complexities of cybersecurity for a diverse audience, including MSPs, vCISOs, and enthusiasts. After a light-hearted start and Evan and Kennedy's background stories, the discussion shifts to serious recent cybersecurity events, including major data breaches and legal challenges faced by MSPs, sparking a conversation on responsibility and preventive strategies...
2024-04-041h 02CvCISO PodcastEpisode 1: The StartWelcome to the inaugural episode of our podcast, where we dive deep into the world of information security and beyond. Join us as we explore stories, experiences, and perspectives from industry professionals.In this episode, we kick off by introducing ourselves and delving into the importance of mental health, the power of different perspectives, and the necessity of context in decision-making. We delve into the crucial topic of establishing credibility in a vCISO (Virtual Chief Information Security Officer) setting. We discuss strategies for borrowing credibility, building confidence through education, and the importance of humility in admitting mistakes and...
2024-03-291h 02
UNSECURITY: Information Security PodcastUNSECURITY Episode 172: How You Can Ensure Multi-Factor Authentication is Secure, Industry NewsIt's another episode with Evan running the show! This week he goes into detail about the antiquated technology still in use at some companies and even government agencies like the IRS.Also discussed: FRSecure's annual CISSP mentor program, SecurityStudio's CvCISO program, and a recent breach involving GitHub which impacted dozens of organizations.Contents:00:00 - Intro00:35 - Ensuring that MFA is effective23:00 - News28:00 - Closing thoughts & shout outsGive episode 172 a listen or watch and send any questions, comments, or feedback to unsecurity@protonmail.com.Don't forget to...
2022-04-2630 minUNSECURITY: Information Security PodcastUNSECURITY Episode 171: Antiquated Technology Still in Use, Unauthorized GitHub Repository AccessIt's another episode with Evan running the show! This week he goes into detail about the antiquated technology still in use at some companies and even government agencies like the IRS.Also discussed: FRSecure's annual CISSP mentor program, SecurityStudio's CvCISO program, and a recent breach involving GitHub which impacted dozens of organizations.Give episode 171 a listen and send any questions, comments, or feedback to unsecurity@protonmail.com.
2022-04-1930 min
Audience 1stWhen You Focus on the Mission, You Will Make the Money | Evan FrancenEven if you don't win right now on customer acquisition - you will absolutely win on the churn rate.
People will not leave you.
They will stay with you forever because they trust you.
When I listened to Evan Francen, CEO of FRSecure and SecurityStudio, chat with Ryan Cloutier on their podcast, he said one thing that stood out to me:
“I don’t want any friends.”
I called bullshit.
And so, here we are, having a down-to-earth, candid conversation, full of “F'“ bombs and the “S” word 😱, about what motivates hi...
2022-04-0749 min
Audience 1stWhen We Connect in Meaningful Ways, We Create Active Defenders | Ryan CloutierThe best security controls are employees who are active participants in the defense of the organization.
When I began researching security professionals I wanted to connect with and begin building relationships with, Ryan Cloutier, President of SecurityStudio, was at the top of my list.
Why?
Because, like me, he believes in the mission before money vs. profit-at-all costs.
Part of Ryan’s motivation and the battle of things he fights against are shady marketing tactics, misleading messages, and unauthentic relationships that add more stress to his life.
In this episode, I ha...
2022-03-2439 min
Security SimplifiedEpisode 15 - Common Incident Response Questions (Incident Management Series)Episode 15 is the 4th installment in the Security Simplified Incident Management Series. Over the course of dozens of years and 100s of incidents we've heard a lot of questions, and some are more common than others. When we're in the middle of an information security incident, just about every question is valid.Tune in to this episode to hear some of the most common questions incident response clients have asked us. We'll share our common responses too.At SecurityStudio, our mission is: "Simplify Information Security For ALL".#MissionBeforeMoney.
2022-03-2121 minUNSECURITY: Information Security PodcastUNSECURITY Episode 148: Carolina Cyber Center, State Government Security, and Industry NewsIn this episode, Brad and Evan discuss state government security issues and working with the Carolina Cyber Center, to provide higher education students with hands-on practical experience using SecurityStudio to deliver information security risk assessments to SMBs.Also included in episode 148 is a conversation about PDEIS at the Cybersecurity Summit and updates about the future of the Unsecurity Podcast!As always, they review some industry news, including a bug in Microsoft Exchange leaking 372,000 domain credentials, 100M IoT devices that were exposed by a zero-day bug, and a hacking group that used ProxyLogon exploits to breach hotels...
2021-09-2954 min
HR Data LabsEvan Francen - Secure Your S#!t: Cybersecurity in HR AnalyticsSend us a textA passionate advocate for cybersecurity, Evan Francen has been helping people learn about the importance of cybersecurity through his writing, his podcast, his YouTube channel, his public speaking engagements, and more! Cybersecurity has become a massively important aspect of running a business and yet, it’s still an afterthought of many CEOs in the world today.In this episode, Evan talks about what you can do to strengthen your own cybersecurity at home, and why your smart devices might not be the smartest choices after all.Chapters:[0:00 - 4:24] In...
2021-08-1939 minUNSECURITY: Information Security PodcastUNSECURITY Episode 139: Recapping the First Half of 2021 in Security with Ryan Cloutier and John HarmonEvan is down in Mexico and took Ryan Cloutier (Head of SecurityStudio) and John Harmon (President at FRSecure) down with him. The two replace Brad this week, and together, the three break down what the first half of 2021 looked like in the security industry.Give this episode a listen and send questions, comments, and feedback to unsecurity@protonmail.com.
2021-07-1356 min
Human-Centered SecurityAvoid the Temptation to Start Cybersecurity Conversations with “You’re Doing It Wrong” with Ryan CloutierIn this episode, we talk about:How security experts can more effectively communicate with end users.The issue of delayed consequences in the digital realm and how that impacts how people behave.The role accountability plays in improving information security.Ryan Cloutier is the principal security consultant for SecurityStudio. He is an experienced IT/cybersecurity professional with over 15 years experience developing cybersecurity programs for Fortune 500 organizations. Ryan is a virtual Chief Information Security Officer for K12 districts across the country and is Certified Information Systems Security Professional (CISSP) and is proficient in cloud security, dev-ops, and...
2021-06-1639 minUNSECURITY: Information Security PodcastUNSECURITY Episode 62: Cyber Threats from Iranian Tension, Ryan at SecurityStudioYou'd probably have to be living under a rock to not know what's going on between the United States and Iran. What you may not know is that there are imminent cyber threats as a result of the tension. Episode 62 outlines some of the incidents we've already seen as a result, what we can expect to see moving forward, and how what you can do to protect yourself. Listen in with Brad, Evan, and Ryan, and let us know what you think at unsecurityu@protonmail.com.
2020-01-1452 minUNSECURITY: Information Security PodcastUNSECURITY Episode 61: 2019 Recap, Looking Ahead, Ryan Cloutier, New BookEpisode 61 welcomes recurring guest, Ryan Cloutier, as he begins his new venture with SecurityStudio. Together, Ryan, Brad, and Evan (calling in from sunny Cancun) recap 2019 and look ahead to 2020. Give it listen and let us know what you think!
2020-01-0657 minUNSECURITY: Information Security PodcastUNSECURITY Episode 59: John Harmon, SecurityStudio Roadshow Recap, Industry News RecapIn episode 59, Brad and Evan are joined by FRSecure President John Harmon. They discuss the upcoming holiday break, recap the SecurityStudio Roadshow so far, and talk about the latest news in the industry.
2019-12-231h 07UNSECURITY: Information Security PodcastUNSECURITY Episode 47: S2Org Launch, #S2Roadshow, Partner Jumpstart, Industry NewsIn episode 47, we catch up with Evan as he still returns to "normal" after his visit to Bulgaria, learn about the launch of S2Org and Evan and John's upcoming #S2Roadshow, and get the scoop on the SecurityStudio partner jumpstart. Give it a listen and let us know what you think at unsecurity@protonmail.com.
2019-09-301h 11UNSECURITY: Information Security PodcastUNSECURITY Episode 46: Hacks & Hops Recap, Roadshow, Mental Health, Industry NewsEpisode 46 features jam-packed discussions on the most recent installment of FRSecure's Hacks & Hops event series, the upcoming speaking engagements Evan and Brad are preparing for (including the big SecurityStudio roadshow), the importance of mental health in the security industry, and some recent infosec news stories. Give it a listen and let us know what you think at unsecurity@protonmail.com.
2019-09-231h 07