Episode: 3424 Title: HPR3424: Infosec Podcasts Part 6 - Infosec Leadership Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr3424/hpr3424.mp3 Transcribed: 2025-10-24 23:07:46 --- This is Hacker Public Radio Episode 3424 for Thursday, the 16th of September 2021. Tid's show is entitled Infosic Podcasts Part 6 Infosic Leadership and is part of the series podcast recommendations it is hosted by Trey and is about 12 minutes long and carries a clean flag. The summary is presenting my favorite information security leadership podcasts. This episode of HPR is brought to you by Ananasthost.com. Get 15% discount on all shared hosting with the offer code HPR15. That's HPR15. Better web hosting that's honest and fair at Ananasthost.com. Thank you to everyone who has listened to my previous episodes. This is the final episode in the Infosic Podcasts series. I listened to many, many podcasts. The vast majority of these are related to information security because there are so many podcasts to list. I have broken this recommendation series down into six different episodes based on the topics. Part 1 was on news and current events. You can listen to that in Episode 3324. Part 2 was general information security which you can listen to in Episode 3334. Part 3 was career and personal development which you can listen to in Episode 3344. Part 4 is social engineering. You can listen to in Episode 3368. Part 5 was Episode 3387 and it combined hacks and attacks, technical information and learning, Infosic community, social history, just a hodgepodge of catch all topics. And now Part 6 is on information security leadership. So before we get started, I'd like to talk about a term that I'm going to use many, many, many, many, many times throughout this podcast. And the term is CISO. That is an acronym, capital C, capital I, capital S, capital O, Charlie, India, Sierra, Oscar. It stands for chief information security officer. Some people may pronounce it CISO, I pronounce it CISO, other people pronounce it CISO, but it means the same thing. It stands for chief information security officer. And from the title, it sounds like this is an executive leadership position, similar to chief executive officer, chief finance officer, etc. But this is often not the case and we'll discuss that here in a little bit. The other thing I want to talk about is security leadership, because security leadership is changing. The old way, the classic way of security leadership was experienced technologists, usually old white guys who had worked their way up through the ranks and eventually reached a level where they were leading all of the security portion of an organization. They may or may not have the skills for management that were needed, they may or may not have the skills for business that were needed, but they were promoted because of their technology skills. These folks would usually report through IT to the CIO, to the CTO, CIO, that would be chief information officer or CTO, chief technology officer. These folks also often ran the department of no. Information security was the department of no because it blocked everything or tried to block everything that was bad. And as a result, it slowed down business. People would say, well, you know, I want to put this software on my computer, no, not until we evaluate it. I want to be able to have a split tunnel VPN, because you know, the things that I'm accessing that are out on the internet, I can't get quickly enough when I come through the VPN. No, you can't do that. No, a variety of different things. That was the classic security leadership, and it did a lot to protect our organizations, but it did not do a lot to partner with business and to help business to succeed. Now, the new way of security leadership is based around experienced business professionals with leadership skills and security understanding. These folks can report through IT again, through the CIO or CTO, or they may report through legal, especially if an organization has compliance requirements. They might also report through the chief finance officer if the organization has governance or compliance reasons, especially given the financial impacts of attacks lately, you know, the direct costs of something like a ransomware attack, and the fines, the fines related to release of private information, violations of things like GDPR and other regulations. So in some organizations, the CISO would report through finance. In some organizations, the CISO actually has a seat at the table. He reports to the CEO like other C-level execs, or he may report directly to the board and has a seat at the table that makes him somewhat equivalent to other C-level executives. That's very rare. But the new CISO empowers business to succeed in a secure way. They have a yes and approach to security. Yes, we will do what we can to empower the business to succeed, and we're going to try to do it in a secure manner. They can still slow down the business, but only when needed. And it's more like the illustration I like to use is like breaks on a racecar. You know, a racecar can go super fast, but it's going to be limited by how much control you have. If you don't have the control to be able to break going into turns or to be able to control the vehicle in the event of something going wrong, you're not going to be able to take that vehicle to the limits that it needs to be able to go to succeed. Breaks are what empowers the driver to push the car to success. And that's what the new CISO does. That's what new security leadership mentality does. All right, with all that in mind, let's talk about the leadership podcasts. The first one I'd like to talk about is the CISO Tradecraft podcast hosted by G Mark Hardy. This is a weekly podcast and it discusses topics related to becoming a CISO or maturing as a CISO. Oftentimes this will address technical subjects that a business-oriented CISO may or may not be fully fluent in and give them kind of a breakdown of what it is. You know, I really enjoyed when he did a breakdown of blockchain, for instance, because that's not something that a lot of us are really very familiar with. Or it might go the other way. It might break down some of the business-related topics and political-related topics, not not political with government, but more of the internal politics in an organization that a CISO needs to be aware of as they're leading. That a technical CISO may not necessarily have a full familiarity with. You can find CISO Tradecraft podcast by googling CISO Tradecraft podcast or by clicking on the link in the show notes. The second podcast I'd like to discuss is the CISO vendor relationship podcast. This is hosted by David Spark and guests. He may have various different guests on weekly. This is a weekly podcast that addresses the challenges experienced both by security professionals and by the vendors with whom they interact. It was originally built out of a frustration that was being expressed by vendors not being able to communicate with security professionals and by security leadership being frustrated that all they're getting are these vendor cold calls from people that don't understand their business and a lot of frustration there. It's a very, very fun podcast. You can learn a lot listening to it. My favorite part happens to be the What's Worse scenarios which are a risk exercise comparing to two unpleasant options and choosing which one presents the least risk. Very, very fun podcast. You can find it by googling CISO vendor relationship podcast or CISO series or you can click on the link in the show notes. Next, let's talk about the CISO talks with an S podcast. CISO talks podcast. This is a talk show series with discussions of current trends in the world of information security with CISOs and other security leaders that are on the front lines. You can find this by googling CISO talks plural or by clicking on the link in the show notes. Now the reason I specified CISO talks is because the next podcast I'd like to discuss is the CISO talk podcast singular. This hosted by James Azar. This is also a weekly podcast and it presents the CISO perspective or CISO point of view on cybersecurity and talent development technology leadership a lot more. James Azar is very opinionated. He has very specific things that will trigger him including his buzz word graveyard specific buzz words that just are a bit much. Those are things that make this podcast entertaining. You can find it by googling CISO talk podcast or by clicking on the link in the show notes. Next is the cyber ranch podcast. I really enjoy this one. I enjoy all of them but I really enjoy the cyber ranch podcast hosted by Alan Alfred and it's run through the Hacker Valley Studios organization. It's a weekly podcast and it has interviews with security leaders discussing various relevant topics. I like Alan's approach and how he just shares and how he he brings information out of the guests very down to earth just excellent podcasts to listen to. You can find it by googling the cyber ranch podcast or by clicking on the link in the show notes. Next is CISO's secrets CISO apostrophe S secrets. It's currently hosted by Grant Asplund and sponsored by Checkpoint. This includes interviews with security leaders across a wide range of interview a wide range of industries. It addresses real issues facing security professionals and business. You can find it by googling CISO secrets podcast or by clicking on the link in the show notes. Next is the CISO's stories podcast. This is hosted by Todd Fitzgerald and Sam Curry and it's part of the security weekly family of podcasts. This is based originally on interviews with security leaders who contributed to the book CISO Compass navigating cybersecurity leadership challenges with insights from pioneers. These episodes are usually about 20 minutes long very informative sometimes a little noisy sometimes the interviews sound like they were conducted in a restaurant or a bar or a lounge but good information from people who've been in the industry for a very long time and know their stuff. You can find it by googling CISO's stories podcast or by clicking on the link in the show notes. The last episode of this entire series is the new CISO hosted by ExeBeam's chief security strategist Steve Moore also sponsored by ExeBeam. This podcast has interviews with industry leading security visionary leaders discusses how to lead security teams how to lead business interacting with business leaders and other information like that. You can find this podcast by googling the new CISO podcast or by clicking on the link in the show notes. Well that wraps up this series. I welcome any feedback you might have in the comments section for this episode or any of my other episodes on the HPR site. Thank you very much for listening and have an awesome day. You've been listening to Hacker Public Radio at Hacker Public Radio dot org. We are a community podcast network that releases shows every weekday Monday through Friday. Today's show, like all our shows, was contributed by an HPR listener like yourself. If you ever thought of recording a podcast and click on our contributing to find out how easy it really is. Hacker Public Radio was founded by the digital dog pound and the infonomican computer club and is part of the binary revolution at binwreff.com. If you have comments on today's show, please email the host directly, leave a comment on the website or record a follow-up episode yourself. Unless otherwise stated, today's show is released on the creative comments, attribution, share a like, 3.0 license.