PODCAST

The Cyber Ranch Podcast

Allan Alford

Ride the cyber trails with one CISO (Allan Alford) and a diverse group of friends and experts who bring a human perspective to cybersecurity.

Board Reporting Metrics Pt. 1 w/ Andy Ellis
In this episode, Allan is joined by the CISO at Orca Security, Andy Ellis, to share his thoughts on board reporting metrics. What does the board need to know from a cybersecurity perspective? One of the questions is often: “Are we secure?” Is that even the right question? How much should you talk about compliance? Do you speak of IT assets? What about speaking to specific controls? Listen to this episode to hear the common questions posed by the board and how to answer them with metrics. In some cases, it is teaching them to ask different questions. This episode is a master class in board communication in cybersecurity, and the conversation went into such depth that a Part 2 is already being planned. Check out Andy’s previous episode here Sponsor Links:  Thank you to our sponsor Axonius for bringing this episode to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone Guest Bio: Andy Ellis is a visionary technology and business executive with deep expertise in security, managing risk, and leading an inclusive culture. A graduate of MIT and former US Air Force officer, Andy designed, built, and brought to market many of Akamai’s security products, leading the Fortune 1000 company from its start as a content delivery network into an industry powerhouse with a billion-dollar dedicated cybersecurity business. In his twenty year tenure, Andy led Akamai’s information security team from a single individual to a 90+ person team, over 40% of whom were women. In running Akamai’s security program, Andy designed systems, governed risk management, implemented policy, and supported go-to-market functions. Widely respected across the cybersecurity industry for his pragmatic approach to aligning security and business needs, Andy regularly speaks and writes on cybersecurity, leadership, diversity & inclusion, and decision making. Additional Links: Stay in touch with Andy Ellis on LinkedIn Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store  Continue this conversation on our Discord Listen to more from the Hacker Valley Studio and The Cyber Ranch Podcast
2d ago
53 mins
Getting a Seat at “The Table” w/ Brent Deterding
“Having a seat at the table doesn’t mean getting your way all the time. It means having a seat and I think that is very important to understand.” - Brent Deterding  In this episode, Allan is joined by the CISO at Afni, Brent Deterding, to explore how CISOs can earn and keep their seat at the executive table. Brent was a fan of the Learned Helplessness episode of The Cyber Ranch Podcast with Steve Mancini, and furthered the conversation as it relates to the often espoused topic of CISOs needing a seat at “the table.” Brent discusses the power of shifting your mindset, how lack of confidence has created a cycle of self sabotaging, and ways we can collectively improve our current standing.   Sponsor Links:  Thank you to our sponsor Axonius for bringing this episode to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone   Guest Bio: Brent is an Executive CISO whose mission is to enable Afni and its global workforce to support their customers securely and confidently. Prior to being a CISO, for over 20 years, he was a security practitioner with a security vendor specializing in threat detection, incident response, and security strategy. His efforts helped hundreds of organizations detect, respond to, and mitigate attacks.   Additional Links: Stay in touch with Brent Deterding on LinkedIn Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store  Continue this conversation on our Discord Listen to more from the Hacker Valley Studio and The Cyber Ranch Podcast
May 18 2022
32 mins
All About SBOMs w/ Chris Castaldo
“Knowing what’s in your software, in your organization, can help you quickly determine if you are impacted by a new vulnerability.” - Chris Castaldo  In this episode, Allan is joined by author and CISO, Chris Castaldo, to share his knowledge on Software Bills of Materials (SBOMs) and their potential implications and use. Chris explains the concept and purpose of SBOMs, his tips for signing and securing SBOMs in terms of the CI/CD pipeline, and his thoughts on SBOMs being a roadmap for “bad guys.” Lastly, he shares advice on managing and understanding contracts.  Listen to Chris Castado’s previous Cyber Ranch episode here and be sure to grab a copy of his book!    Guest Bio: Chris Castaldo is the author of “Start-up Secure: Baking Cybersecurity into your Company from Founding to Exit”. He is an experienced and industry recognized CISO with over 20 years of experience in cybersecurity. Chris is an expert in building cybersecurity programs from the ground up and specializes in applying cybersecurity in start-ups from seed to exit. He is also a Visiting Fellow at the National Security Institute (NSI) at George Mason University's Antonin Scalia Law School.   Links: Sponsored by our good friends at  Axonius Stay in touch with Chris Castaldo on LinkedIn Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store  Continue this conversation on our Discord Listen to more from the Hacker Valley Studio and The Cyber Ranch Podcast
May 11 2022
25 mins
Total Greenfield Innovation w/ Guillaume RossSecuring Cryptocurrency and NFTs w/ Nick Percoco”Playing Well With Others” - The Tech Stack w/ Tommy ToddThriving In A Male Dominated Industry w/ Ashley RoseWhy CISOs and CIOs Don’t Get Along w/ Nick Vigier
This episode of the Cyber Ranch Podcast was recorded LIVE on stage at the CISO 360 Conference in New York City, hosted by Pulse Conferences. Nick Vigier, a seasoned CISO and former CIO, joins Allan in addressing the elephant in the room: Why don’t CISOs and CIOs don’t get along? Nick draws on his experience in both positions to share his unique perspective on the CISO and CIO relationship. In this episode, Allan and Nick highlight the operating differences between the two positions and explore the opposing interests that exist around topics such as budgets and reporting structure. Lastly, Nick shares why engaging in empathetic conversations around metrics, business impact, and risk management is the ultimate key to a more harmonious relationship.   Guest Bio: Nick is a technology and security leader focused on innovation to drive business results. In his 18 years of security leadership, he has focused on building high performance teams to ensure security is a business driver rather than a cost center. His focus on all areas of security ranging from physical security to risk management through to application security, infrastructure security, and operations gives him a unique perspective on how security can positively impact an organization.    Links  Stay in touch with Nick Vigier on LinkedIn  Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at  Axonius
Apr 6 2022
27 mins
Learned Helplessness in Cybersecurity w/ Steve ManciniLeveraging Employee Strengths for Cyber Roles w/ Nick Vigier
There are numerous personality tests available to help identify personality traits, but many of them have very little scientific validity or reliability.  Such tests often aspire to explain what you are good at and what you are bad at, and miss the mark. In this episode, Allan is joined by his friend and owner of Rising Tide Security, Nick Vigier, to explore CliftonStrengths – a personality measurement that focuses less on ability, and more upon your predilections - what energizes you, and what and drains you - and with a pretty good degree of scientific validity and reliability. Nick and Allan explore what makes CliftonStrengths different from the other personality assessments and how Nick leverages that information to better understand his team and colleagues, and to help folks find the right role in cybersecurity. The two sit down to dissect Allan’s own assessment results to identify his top 5 energizers, as well as his top energy drainers. And lastly, Nick shares why he favors the idea of personality development plans vs professional development plans in the workplace.    Guest Bio: Nick Vigier is the Owner of Rising Tide Security and former CISO at ID.me, DigitalOcean, and former CIO at Gemini. Nick is a technology and security leader focused on innovation to drive business results. In his 18 years of security leadership, he has focused on building high performance teams to ensure security is a business driver rather than a cost center. His focus on all areas of security ranging from physical security to risk management through to application security, infrastructure security, and operations gives him a unique perspective on how security can positively impact an organization.    Links: Stay in touch with Nick Vigier on LinkedIn and Twitter. Take the CliftonStrengths assessment here Follow Allan Alford on LinkedIn and Twitter Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at  Axonius
Mar 23 2022
42 mins
A Full Data Approach w/ Paola SaibeneThe Great Resignation & Cybersecurity w/ Jessie BoltonHow Old is Data Risk Management? w/ G. Mark HardyCISOs as Caretakers w/ Randy PottsCyber Mentoring w/ David BelangerRationalizing the Tech Stack w/ Mark ButlerPenetration Testing Programs LIVE w/ Phillip WileyWhat We’re Doing Wrong in the SOC w/ Yaron LeviCybersecurity Centers of Excellence w/ Rafal LosInvesting in Cybersecurity Startups w/ Kathy Wang