In this episode, Allan tackles the idea of selling the CISO mission. He deconstructs the types of CISOs and the "selling" they must do.  Sometimes you really are selling, but most of the time you should be solving business problems. Allan speaks to: Business objectives met Business risks reduced Maturity And also deconstructs the art of selling itself. Hint: Business Impact Analysis is a valuable tool in this whole process. Special thanks to Helen Patton and Melanie Ensign for prompting this exploration. Y'all be good now ..read more

Our guest this week is Jonathan Rau, VP and Distinguished Engineer over at Query, and a proponent of what he calls "SecDataOps".  Jonathan is quite active on LinkedIn and his takes, though often spicy, tend to be spot-on.  Allan has come to enjoy following Jonathan's posts, and he was excited to have Jonathan come on the show and share his insights. Allan asks Jonathan, in a VERY lively conversation: What is SecDataOps? What is its focal point? Who should be in charge? What skills are required to participate? Who has those skills? What about the trifecta of people/process/technology ..read more

This is part two in our neurodiversity series.  Our guest roster this time also includes Dr. Ursula Alford, a psychologist who routinely works with the neurodiverse populace. The lineup of guests covers ADHD, Autism, challenges unique to women with neurodiversity, how leaders should manage neurodivergent team members and more. Y'all be good now ..read more

Geoff Hancock is Deputy CEO and CISO for Access Point Consulting, Former Global Director and CISO over at World Wide Technology.  He’s also a Senior Fellow and Adjunct Professor at George Washington University and has held various C-suite and executive roles at Verizon, CGI Federal Advanced Technology, Microsoft, and Advanced Cybersecurity Group.  He is back at the 'Ranch this week to talk about CISO Communications. Allan asks Geoff: You say the first step is prioritizing clarity in communication. What does that mean to you? Your next step is developing strategic storytelling. Can y ..read more

Howdy, y'all!  Allan went down to Orlando, Florida and recorded three LIVE! shows at Zero Trust World, a conference sponsored by ThreatLocker.  This is the first of those three shows.   James Keeler of LMT Technology Solutions has a steady hand on the incident response wheel and a lot of experience under his belt as well.  After seeing James speak on a panel at Zero Trust World, Allan asked him to be on the show.   Join Allan as he asks James to walk us through his philosophy of incident response, the underpinnings, the steps and just about everything else about Incide ..read more

This week Allan is joined by Leigh Honeywell (CEO of Tall Poppy) Nathan Case (Federal CISO at Snyk), and Ryan Macababbad (Currently looking.  HIRE HER!), three cybersecurity professionals with broad backgrounds in cyber, and all three of whom are neurodivergent.   Allan in fact, has been recently diagnosed as being on the autism spectrum, albeit 'high functioning' (as the diagnosis indicates) or 'low support needed' (as the autism community prefers to call it).   With his recent diagnosis, Allan decided to reach out to friends in the neurodiverse community to discuss: The posit ..read more

Fun fact:  There are more vulnerabilities and exploits below the OS layer than above it! CPUs, BIOS, Firmware, embedded Linux, FPGAs, UEFI, PXE...  The list goes on an on.  What are we supposed to do about that? Allan asked Yuriy to come down to the 'Ranch to discuss this issue with him.  Yuriy is CEO at Eclypsium, member of the Forbes Technology Counsel, Founder of the open source CHIPSEC project, former head of Threat Research at McAfee, form Senior Principle Engineer at Intel…  He is uniquely qualified to discuss these issues. Full DISCLAIMER: Allan is CISO at Eclyp ..read more

In this episode, Allan flies solo, as he is finally willing to speak on an issue he has been mulling and fussing over for some time:  the two-fold CISO laments of: "We have all the accountability and none of the authority!" "We don't own the risk - we advise the business" Allan is refuting both of these claims. Allan calls up examples such as project managers, contract lawyers, CFOs in his argument. He also demonstrates that we have far more authority than we think, and also that we can earn even more. As to advising the business, and the business owning the risk, we have here two contr ..read more

We declared a while back that 'not having a seat at the table' was a tired CISO topic.  So we decided to solution the complaint. Hopefully we pulled it off. Join Allan and Jim McConnell, Principal at Ask McConnell, LLC and former Fellow in Corporate Security Protection Operations at Verizon, as they take on the challenge of solving this common lament. There is a fierce round of "answer pong" as they throw out suggestions on how to earn that seat, but they also cover: What does it mean to have a seat at the table? Ownership vs. advising Bridging the chasm between the two Supplier/Vendor t ..read more

Pat Benoit, CISO at Brinks, returns to the 'Ranch to visit Allan and to chat about his newest achievement - Pat got a NACD Directorship Certification! Allan has often thought about doing this as well, so he got Pat on the mic to talk about his whole experience: Why did you do it? How hard was it? What was involved? What do you hope to get out of it? Did you farm around for alternatives? Is there more you plan to do? As topics for shows go, this one is short and sweet.  But Pat, as always, spins a very human tale that will keep you engaged. Y'all be good now ..read more