strategy

Jan
23
Season 3 Episode 1 - The Interim CISO

Season 3 Episode 1 - The Interim CISO

Joined by fellow Interim CISO veterans Yael Nagler of Yass Partners and Aurobindo Sundaram of RELX, host Jerry Perullo reflects
1 min read
Dec
15
The Risk Acceptance Myth

The Risk Acceptance Myth

The notion of "Risk Acceptance" has always challenged me. For the uninitiated, Risk Acceptance is a concept often discussed in
4 min read
Oct
19
Cyber Governance: What is Fair to Expect from Board Directors and Management? 3 of 4

Cyber Governance: What is Fair to Expect from Board Directors and Management? 3 of 4

Episode 3: Incidents In Episode 1 of this series I talked about oversight of cybersecurity threats and how a Board
10 min read
Aug
25
Overrated? On TPRM, SBOM, Solarwinds, and Supply Chain Security

Overrated? On TPRM, SBOM, Solarwinds, and Supply Chain Security

We've all run to the same side of the boat on supply chain security when it comes to cyber. Rather
2 min read
Feb
08
Season 2 Episode 1 - Board/CISO Interaction

Season 2 Episode 1 - Board/CISO Interaction

Returning from 6 months as the interim CISO of Silicon Valley Bank, host Jerry Perullo speaks about Board/CISO interaction
1 min read
Nov
22
Cyber Governance: What is Fair to Expect from Board Directors and Management? 2 of 4

Cyber Governance: What is Fair to Expect from Board Directors and Management? 2 of 4

Episode 2: Risks In Episode 1 of this series I talked about oversight of cybersecurity threats and how a Board
6 min read
Oct
20
Episode 07 - Bug Bounties with guest Casey Ellis

Episode 07 - Bug Bounties with guest Casey Ellis

Bugcrowd founder Casey Ellis joins #lifeafterCISO to talk about bug bounty programs in the wake of the Joe Sullivan Uber
1 min read
Oct
17
Cyber Governance: What is Fair to Expect from Board Directors and Management? 1 of 4

Cyber Governance: What is Fair to Expect from Board Directors and Management? 1 of 4

With mounting pressure around cyber literacy in the Boardroom, Directors are looking for specifics around what will be expected of
8 min read
Aug
22
Vulnerability management is dead. But GRC is hiring...

Vulnerability management is dead. But GRC is hiring...

I used to have a TVM team. Threat & Vulnerability Management. The individuals in there had the word "Vulnerability" in their
2 min read
Aug
19
How much AppSec is too much?

How much AppSec is too much?

I've been using the term "West Coast CISO" a lot lately. While it feels like CISOs used to be either
3 min read