hpr_transcripts/hpr3424.txt

Episode: 3424
Title: HPR3424: Infosec Podcasts Part 6 - Infosec Leadership
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr3424/hpr3424.mp3
Transcribed: 2025-10-24 23:07:46

---

This is Hacker Public Radio Episode 3424 for Thursday, the 16th of September 2021.
Tid's show is entitled Infosic Podcasts Part 6 Infosic Leadership and is part of the series podcast
recommendations it is hosted by Trey and is about 12 minutes long and carries a clean flag.
The summary is presenting my favorite information security leadership podcasts.
This episode of HPR is brought to you by Ananasthost.com.
Get 15% discount on all shared hosting with the offer code HPR15. That's HPR15.
Better web hosting that's honest and fair at Ananasthost.com.
Thank you to everyone who has listened to my previous episodes. This is the final episode in the
Infosic Podcasts series. I listened to many, many podcasts. The vast majority of these are related
to information security because there are so many podcasts to list. I have broken this
recommendation series down into six different episodes based on the topics. Part 1 was on news
and current events. You can listen to that in Episode 3324. Part 2 was general information security
which you can listen to in Episode 3334. Part 3 was career and personal development which you can
listen to in Episode 3344. Part 4 is social engineering. You can listen to in Episode 3368.
Part 5 was Episode 3387 and it combined hacks and attacks, technical information and learning,
Infosic community, social history, just a hodgepodge of catch all topics. And now Part 6 is on
information security leadership. So before we get started, I'd like to talk about a term that I'm
going to use many, many, many, many, many times throughout this podcast. And the term is CISO.
That is an acronym, capital C, capital I, capital S, capital O, Charlie, India, Sierra, Oscar.
It stands for chief information security officer. Some people may pronounce it CISO,
I pronounce it CISO, other people pronounce it CISO, but it means the same thing. It stands for
chief information security officer. And from the title, it sounds like this is an executive
leadership position, similar to chief executive officer, chief finance officer, etc. But this is
often not the case and we'll discuss that here in a little bit. The other thing I want to talk
about is security leadership, because security leadership is changing. The old way, the classic way
of security leadership was experienced technologists, usually old white guys who had worked their way up
through the ranks and eventually reached a level where they were leading all of the security
portion of an organization. They may or may not have the skills for management that were needed,
they may or may not have the skills for business that were needed, but they were promoted because
of their technology skills. These folks would usually report through IT to the CIO, to the CTO,
CIO, that would be chief information officer or CTO, chief technology officer.
These folks also often ran the department of no. Information security was the department of no
because it blocked everything or tried to block everything that was bad. And as a result,
it slowed down business. People would say, well, you know, I want to put this software on my
computer, no, not until we evaluate it. I want to be able to have a split tunnel VPN, because
you know, the things that I'm accessing that are out on the internet, I can't get quickly
enough when I come through the VPN. No, you can't do that. No, a variety of different things.
That was the classic security leadership, and it did a lot to protect our organizations,
but it did not do a lot to partner with business and to help business to succeed.
Now, the new way of security leadership is based around experienced business professionals
with leadership skills and security understanding. These folks can report through IT again,
through the CIO or CTO, or they may report through legal, especially if an organization has
compliance requirements. They might also report through the chief finance officer
if the organization has governance or compliance reasons, especially given the financial impacts
of attacks lately, you know, the direct costs of something like a ransomware attack,
and the fines, the fines related to release of private information, violations of things like
GDPR and other regulations. So in some organizations, the CISO would report through finance.
In some organizations, the CISO actually has a seat at the table. He reports to the CEO
like other C-level execs, or he may report directly to the board and has a seat at the table
that makes him somewhat equivalent to other C-level executives. That's very rare.
But the new CISO empowers business to succeed in a secure way. They have a yes and
approach to security. Yes, we will do what we can to empower the business to succeed,
and we're going to try to do it in a secure manner. They can still slow down the business,
but only when needed. And it's more like the illustration I like to use is like breaks on a racecar.
You know, a racecar can go super fast, but it's going to be limited by how much control you have.
If you don't have the control to be able to break going into turns or to be able to control the
vehicle in the event of something going wrong, you're not going to be able to take that vehicle
to the limits that it needs to be able to go to succeed. Breaks are what empowers the
driver to push the car to success. And that's what the new CISO does. That's what new security
leadership mentality does. All right, with all that in mind, let's talk about the leadership
podcasts. The first one I'd like to talk about is the CISO Tradecraft podcast hosted by
G Mark Hardy. This is a weekly podcast and it discusses topics related to becoming a CISO
or maturing as a CISO. Oftentimes this will address technical subjects that a business-oriented
CISO may or may not be fully fluent in and give them kind of a breakdown of what it is.
You know, I really enjoyed when he did a breakdown of blockchain, for instance, because that's
not something that a lot of us are really very familiar with. Or it might go the other way.
It might break down some of the business-related topics and political-related topics,
not not political with government, but more of the internal politics in an organization that a
CISO needs to be aware of as they're leading. That a technical CISO may not necessarily have
a full familiarity with. You can find CISO Tradecraft podcast by googling
CISO Tradecraft podcast or by clicking on the link in the show notes.
The second podcast I'd like to discuss is the CISO vendor relationship podcast. This is hosted
by David Spark and guests. He may have various different guests on weekly. This is a weekly
podcast that addresses the challenges experienced both by security professionals and by the vendors with
whom they interact. It was originally built out of a frustration that was being expressed by
vendors not being able to communicate with security professionals and by security leadership
being frustrated that all they're getting are these vendor cold calls from people that don't
understand their business and a lot of frustration there. It's a very, very fun podcast. You can
learn a lot listening to it. My favorite part happens to be the What's Worse scenarios which are a
risk exercise comparing to two unpleasant options and choosing which one presents the least risk.
Very, very fun podcast. You can find it by googling CISO vendor relationship podcast or CISO
series or you can click on the link in the show notes. Next, let's talk about the CISO talks
with an S podcast. CISO talks podcast. This is a talk show series with discussions of current trends
in the world of information security with CISOs and other security leaders that are on the
front lines. You can find this by googling CISO talks plural or by clicking on the link in the
show notes. Now the reason I specified CISO talks is because the next podcast I'd like to discuss
is the CISO talk podcast singular. This hosted by James Azar. This is also a weekly podcast
and it presents the CISO perspective or CISO point of view on cybersecurity and talent development
technology leadership a lot more. James Azar is very opinionated. He has very specific things that
will trigger him including his buzz word graveyard specific buzz words that just are a bit much.
Those are things that make this podcast entertaining. You can find it by googling CISO talk podcast
or by clicking on the link in the show notes. Next is the cyber ranch podcast. I really enjoy
this one. I enjoy all of them but I really enjoy the cyber ranch podcast hosted by Alan Alfred
and it's run through the Hacker Valley Studios organization. It's a weekly podcast and it has
interviews with security leaders discussing various relevant topics. I like Alan's approach and how
he just shares and how he he brings information out of the guests very down to earth just excellent
podcasts to listen to. You can find it by googling the cyber ranch podcast or by clicking on
the link in the show notes. Next is CISO's secrets CISO apostrophe S secrets. It's currently hosted
by Grant Asplund and sponsored by Checkpoint. This includes interviews with security leaders
across a wide range of interview a wide range of industries. It addresses real issues facing
security professionals and business. You can find it by googling CISO secrets podcast or by
clicking on the link in the show notes. Next is the CISO's stories podcast. This is hosted by Todd
Fitzgerald and Sam Curry and it's part of the security weekly family of podcasts. This is
based originally on interviews with security leaders who contributed to the book CISO Compass
navigating cybersecurity leadership challenges with insights from pioneers. These episodes are
usually about 20 minutes long very informative sometimes a little noisy sometimes the interviews
sound like they were conducted in a restaurant or a bar or a lounge but good information from people
who've been in the industry for a very long time and know their stuff. You can find it by googling
CISO's stories podcast or by clicking on the link in the show notes. The last episode of this
entire series is the new CISO hosted by ExeBeam's chief security strategist Steve Moore also
sponsored by ExeBeam. This podcast has interviews with industry leading security visionary leaders
discusses how to lead security teams how to lead business interacting with business leaders
and other information like that. You can find this podcast by googling the new CISO podcast
or by clicking on the link in the show notes. Well that wraps up this series. I welcome any
feedback you might have in the comments section for this episode or any of my other episodes on
the HPR site. Thank you very much for listening and have an awesome day.
You've been listening to Hacker Public Radio at Hacker Public Radio dot org. We are a community
podcast network that releases shows every weekday Monday through Friday. Today's show, like all our
shows, was contributed by an HPR listener like yourself. If you ever thought of recording a podcast
and click on our contributing to find out how easy it really is. Hacker Public Radio was founded
by the digital dog pound and the infonomican computer club and is part of the binary revolution at
binwreff.com. If you have comments on today's show, please email the host directly, leave a comment
on the website or record a follow-up episode yourself. Unless otherwise stated, today's show is
released on the creative comments, attribution, share a like, 3.0 license.
Initial commit: HPR Knowledge Base MCP Server - MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-10-26 10:54:13 +00:00			`Episode: 3424`
			`Title: HPR3424: Infosec Podcasts Part 6 - Infosec Leadership`
			`Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr3424/hpr3424.mp3`
			`Transcribed: 2025-10-24 23:07:46`

			`---`

			`This is Hacker Public Radio Episode 3424 for Thursday, the 16th of September 2021.`
			`Tid's show is entitled Infosic Podcasts Part 6 Infosic Leadership and is part of the series podcast`
			`recommendations it is hosted by Trey and is about 12 minutes long and carries a clean flag.`
			`The summary is presenting my favorite information security leadership podcasts.`
			`This episode of HPR is brought to you by Ananasthost.com.`
			`Get 15% discount on all shared hosting with the offer code HPR15. That's HPR15.`
			`Better web hosting that's honest and fair at Ananasthost.com.`
			`Thank you to everyone who has listened to my previous episodes. This is the final episode in the`
			`Infosic Podcasts series. I listened to many, many podcasts. The vast majority of these are related`
			`to information security because there are so many podcasts to list. I have broken this`
			`recommendation series down into six different episodes based on the topics. Part 1 was on news`
			`and current events. You can listen to that in Episode 3324. Part 2 was general information security`
			`which you can listen to in Episode 3334. Part 3 was career and personal development which you can`
			`listen to in Episode 3344. Part 4 is social engineering. You can listen to in Episode 3368.`
			`Part 5 was Episode 3387 and it combined hacks and attacks, technical information and learning,`
			`Infosic community, social history, just a hodgepodge of catch all topics. And now Part 6 is on`
			`information security leadership. So before we get started, I'd like to talk about a term that I'm`
			`going to use many, many, many, many, many times throughout this podcast. And the term is CISO.`
			`That is an acronym, capital C, capital I, capital S, capital O, Charlie, India, Sierra, Oscar.`
			`It stands for chief information security officer. Some people may pronounce it CISO,`
			`I pronounce it CISO, other people pronounce it CISO, but it means the same thing. It stands for`
			`chief information security officer. And from the title, it sounds like this is an executive`
			`leadership position, similar to chief executive officer, chief finance officer, etc. But this is`
			`often not the case and we'll discuss that here in a little bit. The other thing I want to talk`
			`about is security leadership, because security leadership is changing. The old way, the classic way`
			`of security leadership was experienced technologists, usually old white guys who had worked their way up`
			`through the ranks and eventually reached a level where they were leading all of the security`
			`portion of an organization. They may or may not have the skills for management that were needed,`
			`they may or may not have the skills for business that were needed, but they were promoted because`
			`of their technology skills. These folks would usually report through IT to the CIO, to the CTO,`
			`CIO, that would be chief information officer or CTO, chief technology officer.`
			`These folks also often ran the department of no. Information security was the department of no`
			`because it blocked everything or tried to block everything that was bad. And as a result,`
			`it slowed down business. People would say, well, you know, I want to put this software on my`
			`computer, no, not until we evaluate it. I want to be able to have a split tunnel VPN, because`
			`you know, the things that I'm accessing that are out on the internet, I can't get quickly`
			`enough when I come through the VPN. No, you can't do that. No, a variety of different things.`
			`That was the classic security leadership, and it did a lot to protect our organizations,`
			`but it did not do a lot to partner with business and to help business to succeed.`
			`Now, the new way of security leadership is based around experienced business professionals`
			`with leadership skills and security understanding. These folks can report through IT again,`
			`through the CIO or CTO, or they may report through legal, especially if an organization has`
			`compliance requirements. They might also report through the chief finance officer`
			`if the organization has governance or compliance reasons, especially given the financial impacts`
			`of attacks lately, you know, the direct costs of something like a ransomware attack,`
			`and the fines, the fines related to release of private information, violations of things like`
			`GDPR and other regulations. So in some organizations, the CISO would report through finance.`
			`In some organizations, the CISO actually has a seat at the table. He reports to the CEO`
			`like other C-level execs, or he may report directly to the board and has a seat at the table`
			`that makes him somewhat equivalent to other C-level executives. That's very rare.`
			`But the new CISO empowers business to succeed in a secure way. They have a yes and`
			`approach to security. Yes, we will do what we can to empower the business to succeed,`
			`and we're going to try to do it in a secure manner. They can still slow down the business,`
			`but only when needed. And it's more like the illustration I like to use is like breaks on a racecar.`
			`You know, a racecar can go super fast, but it's going to be limited by how much control you have.`
			`If you don't have the control to be able to break going into turns or to be able to control the`
			`vehicle in the event of something going wrong, you're not going to be able to take that vehicle`
			`to the limits that it needs to be able to go to succeed. Breaks are what empowers the`
			`driver to push the car to success. And that's what the new CISO does. That's what new security`
			`leadership mentality does. All right, with all that in mind, let's talk about the leadership`
			`podcasts. The first one I'd like to talk about is the CISO Tradecraft podcast hosted by`
			`G Mark Hardy. This is a weekly podcast and it discusses topics related to becoming a CISO`
			`or maturing as a CISO. Oftentimes this will address technical subjects that a business-oriented`
			`CISO may or may not be fully fluent in and give them kind of a breakdown of what it is.`
			`You know, I really enjoyed when he did a breakdown of blockchain, for instance, because that's`
			`not something that a lot of us are really very familiar with. Or it might go the other way.`
			`It might break down some of the business-related topics and political-related topics,`
			`not not political with government, but more of the internal politics in an organization that a`
			`CISO needs to be aware of as they're leading. That a technical CISO may not necessarily have`
			`a full familiarity with. You can find CISO Tradecraft podcast by googling`
			`CISO Tradecraft podcast or by clicking on the link in the show notes.`
			`The second podcast I'd like to discuss is the CISO vendor relationship podcast. This is hosted`
			`by David Spark and guests. He may have various different guests on weekly. This is a weekly`
			`podcast that addresses the challenges experienced both by security professionals and by the vendors with`
			`whom they interact. It was originally built out of a frustration that was being expressed by`
			`vendors not being able to communicate with security professionals and by security leadership`
			`being frustrated that all they're getting are these vendor cold calls from people that don't`
			`understand their business and a lot of frustration there. It's a very, very fun podcast. You can`
			`learn a lot listening to it. My favorite part happens to be the What's Worse scenarios which are a`
			`risk exercise comparing to two unpleasant options and choosing which one presents the least risk.`
			`Very, very fun podcast. You can find it by googling CISO vendor relationship podcast or CISO`
			`series or you can click on the link in the show notes. Next, let's talk about the CISO talks`
			`with an S podcast. CISO talks podcast. This is a talk show series with discussions of current trends`
			`in the world of information security with CISOs and other security leaders that are on the`
			`front lines. You can find this by googling CISO talks plural or by clicking on the link in the`
			`show notes. Now the reason I specified CISO talks is because the next podcast I'd like to discuss`
			`is the CISO talk podcast singular. This hosted by James Azar. This is also a weekly podcast`
			`and it presents the CISO perspective or CISO point of view on cybersecurity and talent development`
			`technology leadership a lot more. James Azar is very opinionated. He has very specific things that`
			`will trigger him including his buzz word graveyard specific buzz words that just are a bit much.`
			`Those are things that make this podcast entertaining. You can find it by googling CISO talk podcast`
			`or by clicking on the link in the show notes. Next is the cyber ranch podcast. I really enjoy`
			`this one. I enjoy all of them but I really enjoy the cyber ranch podcast hosted by Alan Alfred`
			`and it's run through the Hacker Valley Studios organization. It's a weekly podcast and it has`
			`interviews with security leaders discussing various relevant topics. I like Alan's approach and how`
			`he just shares and how he he brings information out of the guests very down to earth just excellent`
			`podcasts to listen to. You can find it by googling the cyber ranch podcast or by clicking on`
			`the link in the show notes. Next is CISO's secrets CISO apostrophe S secrets. It's currently hosted`
			`by Grant Asplund and sponsored by Checkpoint. This includes interviews with security leaders`
			`across a wide range of interview a wide range of industries. It addresses real issues facing`
			`security professionals and business. You can find it by googling CISO secrets podcast or by`
			`clicking on the link in the show notes. Next is the CISO's stories podcast. This is hosted by Todd`
			`Fitzgerald and Sam Curry and it's part of the security weekly family of podcasts. This is`
			`based originally on interviews with security leaders who contributed to the book CISO Compass`
			`navigating cybersecurity leadership challenges with insights from pioneers. These episodes are`
			`usually about 20 minutes long very informative sometimes a little noisy sometimes the interviews`
			`sound like they were conducted in a restaurant or a bar or a lounge but good information from people`
			`who've been in the industry for a very long time and know their stuff. You can find it by googling`
			`CISO's stories podcast or by clicking on the link in the show notes. The last episode of this`
			`entire series is the new CISO hosted by ExeBeam's chief security strategist Steve Moore also`
			`sponsored by ExeBeam. This podcast has interviews with industry leading security visionary leaders`
			`discusses how to lead security teams how to lead business interacting with business leaders`
			`and other information like that. You can find this podcast by googling the new CISO podcast`
			`or by clicking on the link in the show notes. Well that wraps up this series. I welcome any`
			`feedback you might have in the comments section for this episode or any of my other episodes on`
			`the HPR site. Thank you very much for listening and have an awesome day.`
			`You've been listening to Hacker Public Radio at Hacker Public Radio dot org. We are a community`
			`podcast network that releases shows every weekday Monday through Friday. Today's show, like all our`
			`shows, was contributed by an HPR listener like yourself. If you ever thought of recording a podcast`
			`and click on our contributing to find out how easy it really is. Hacker Public Radio was founded`
			`by the digital dog pound and the infonomican computer club and is part of the binary revolution at`
			`binwreff.com. If you have comments on today's show, please email the host directly, leave a comment`
			`on the website or record a follow-up episode yourself. Unless otherwise stated, today's show is`
			`released on the creative comments, attribution, share a like, 3.0 license.`