In this episode, we talk about application security with guest Tanya Janca. Hear our discussion on the tension between authentication and authorization, the prevalence of API security flaws, the new OWASP API Security Top 10, and the inadequacy of API security measures.

On this week of the Ask A CISO podcast, we sit down with Izar Tarandach and Matthew J. Coles as they discuss their motivations for writing their book, Threat Modeling: A Practical Guide for Development Teams, define what Threat Modeling is, and help us understand how we can benefit from threat modeling and the fundamentals of secure development.

Join us on this episode of the Ask A CISO podcast as we discuss AI and ML in cybersecurity with Diana Kelley, CISO and co-founder of Cyberize. With International Women's Day in a week, we also looked at the challenges of recruiting women and diversity in the tech sphere.

On this podcast's fourth episode, we learn about mobile security from Amit Modi, the Chief Technology Officer (CTO) and CISO of Movius Interactive Corporation, a leading global provider of cloud-based secure mobile communications software. We also chat about how mobile security will evolve with the advent of Artificial Intelligence (AI).

On this episode, we had the opportunity to speak to Tyler Young, the CISO at BigID, a leading modern data security vendor that helps organizations with their data security, privacy, compliance, and governance.

After a brief hiatus, we are back with Season 3 of the Ask A CISO podcast. There are quite a few things we are doing differently this season (details below), but first, let's welcome our first guest for the new season: Fausto Lendeborg, Co-Founder and Chief Customer Officer of Secberus, and learn more about his start in cybersecurity, DDoS attacks, dealing with alert fatigue, and understanding what IaC, SaC, and PaC are.

Veteran cybersecurity professional and our U.S.-based host Jeremy Snyder sits in the guest seat this week to talk about his new startup, FireTail.io, a company that offers simple yet effective API security. In this episode, we explore a topic that we have not featured before in the previous 40+ episodes -- API Security and its relation to cloud security.

Fabrice A. Marie, former CISO of Lazada and Air Asia, joins our host Raphaël Peyret this week on the Ask A CISO podcast to talk about his experiences and how the version of Linux from his new startup can help organizations with cybersecurity.

Sounil Yu, author of The Cyber Defense Matrix, joins host Jeremy Snyder this week to talk about his bestselling book, and what we could all learn from it. We also held our first-ever giveaway, a copy of Sounil's book. If you participated in it, tune in to find out if you've won!

Mikko Hypponen, bestselling author of If It’s Smart, It’s Vulnerable, joins us this week to talk about the Hypponen Law, the future of the internet, and the worrying trend that he foresees in the future with respect to cybercriminal gangs, and how he thinks we can best combat the new developments when they come to fruition. He also laments the loss of privacy in the internet age and gives us a few tips to secure our environments and regain some of our privacy.

So you’ve made the transition to the cloud, but you’re wondering how it is that your cloud costs are so high. Is it supposed to be that way when the cloud promises competitive advantages and cost savings? It’s all down to cloud sprawl and practicing good cyber hygiene, according to Nick Lumsden, our guest this week. Join host Jeremy Snyder as he speaks with Nick Lumsden, co-founder, and CTO at Tenacity Cloud to understand how cyber hygiene is key to reducing cloud sprawl, cloud costs, and your attack surfaces.

The old mantra that humans are the weakest link in cybersecurity should be discarded, according to George Finney. Listen in as we talk to him about why he thinks so, and why he drew from psychology, neuroscience, history, and economics for his first book Well Aware. We also had George define Zero Trust and talk about his new book Project Zero Trust, which includes a foreword from John Kindervag, the “father” of Zero Trust.

Cybersecurity awareness training can be long and boring. With shorter attention spans and work at the back of your mind, sitting through a training session may seem like a waste of time . How should cybersecurity awareness training be conducted in this landscape? We speak to Theo Nasser, Founder, and CEO of RIght-Hand Cybersecurity, to learn about modern cybersecurity awareness training and people-centric cybersecurity.

We speak to Harlan Carvey, Senior Incident Responder in R&D at Huntress, to understand what threat hunting is, and even learn how surprisingly easy it is to tell if an account has been compromised! Harlan and host Jeremy also explore the claim that there's a lack of cybersecurity talents, and whether organizations should have an organic incident response, outsource the function to managed service providers, or adopt an approach that combines both choices.

It seems like the adversaries have all the advantages stacked in their favor. They can attack any time, and only need to get lucky once to breach our cloud investments. On the other hand, we have to ensure that our cloud infrastructure is always secure. So what can we do about this complicated problem? We speak with Philippe Humeau of CrowdSec to understand how we can leverage our numbers as a countermeasure. Along the way, we also discuss social engineering, and what we can do to avoid falling victim to phishing attacks.

Our ancestors shared information on threats with their communities to ensure survival. The same is necessary for today's digital landscape. Businesses need to share information pertinent to their verticals to remain resilient against threats, but how can we do that in a diverse business environment while encouraging sharing? We speak to John Lee, Managing Director at Global Resilience Federation Asia Pacific to learn the important roles ISACs play and how they help organizations like yours build cyber resilience.

As an employer, it can be difficult to gauge the hands-on experience of potential cybersecurity hires. Yes, they come with the right degrees and the right certifications, but can they do what you are hiring them to do? How can you assess their hands-on capabilities? Eric Basu and his company, Haiku, Inc., created World of Haiku to help bridge the gap between employers and aspiring cybersecurity professionals. We talk to him this week to learn how the game came about, the difference between gamified training and games that train, and future plans for the game.

How familiar are you with Open Source software and projects? Are they viable? Are they even safe to use? Host Mark Fuentes helps us get the answers to these questions and learns why some proprietary software companies choose to go the Open Source route from Harish Pillay, Head of Community Architecture and Leadership at Red Hat Asia Pacific.

Are startups still viable today? Where are they in the digital ecosystem and what does Microsoft have to do with startups? We speak to Michael Smith Jr., the newly-appointed APAC GM of Microsoft Startups, to get his insights and opinions on the startup ecosystem in Singapore, and how Microsoft is positioned to facilitate the growth of startups.

Dan Lohrmann, award-winning CISO, keynote speaker, mentor, columnist, and bestselling co-author of the book Cyber Mayday and the Day After joins us this week to talk about cybersecurity roles in the public and private sectors, checklists for dealing with disruptions to your business, what organizations can learn from breaches, and much more including a lesson from a blackout on how tabletop exercises should be conducted.