CISO Series: We're very good at saying we care about diversity
2021-11-23 Filed in: CISO Series
It’s extremely easy to say you want to diversify. In fact, I’ll do it right now three times.
We want diversity.
We’re very pro diversity and it’s our focus for the next year.
Diversity is a very important part of our security program.
Please don’t ask to though look at the lack of diversity on our staff. It doesn’t match our rhetoric.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Sujeet Bambawale (@sujeet), CISO, 7-11.
LISTEN: https://cisoseries.com/were-very-good-at-saying-we-care-about-diversity/
We want diversity.
We’re very pro diversity and it’s our focus for the next year.
Diversity is a very important part of our security program.
Please don’t ask to though look at the lack of diversity on our staff. It doesn’t match our rhetoric.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Sujeet Bambawale (@sujeet), CISO, 7-11.
LISTEN: https://cisoseries.com/were-very-good-at-saying-we-care-about-diversity/
Cloud Security Reinvented: Drew Daniels
2021-10-21 Filed in: Cloud Security Reinvented
Cloud Security Reinvented: Deneen DeFiore
2021-10-18 Filed in: Cloud Security Reinvented
CISO Series: A Quick Way to Tell Which Vendors You Should Avoid
2021-10-12 Filed in: CISO Series
Do you really need to ask hundreds of questions to know if you want to work with a vendor?
On this week’s CISO Series CISO/Security Vendor Relationship Podcast, David Spark and I welcome guest Nick Selby, CSO, Paxos Trust Company to discuss:
- How do you suss out security vendors to make sure they're not a risk?
- How do you battle a typosquatter?
- What types of preparations do you have in place to know you're well prepared for an incident?
- How should CISOs and CIOs share cybersecurity ownership?
LISTEN: https://cisoseries.com/a-quick-way-to-tell-which-vendors-you-should-avoid/
On this week’s CISO Series CISO/Security Vendor Relationship Podcast, David Spark and I welcome guest Nick Selby, CSO, Paxos Trust Company to discuss:
- How do you suss out security vendors to make sure they're not a risk?
- How do you battle a typosquatter?
- What types of preparations do you have in place to know you're well prepared for an incident?
- How should CISOs and CIOs share cybersecurity ownership?
LISTEN: https://cisoseries.com/a-quick-way-to-tell-which-vendors-you-should-avoid/
CISO Series: What's the ROI of Nothing Happening?
2021-09-21 Filed in: CISO Series
On this week’s CISO Series CISO/Security Vendor Relationship Podcast, David Spark and I welcome my colleague Ryan Gurney, CISO-in-residence, YL Ventures to discuss:
- What’s a better sign than “nothing happened” to indicate you did a good job in cybersecurity?
- What happens when your company wants to use a really insecure SaaS product?
- What a CISO-in-Residence does for a VC firm
LISTEN: https://cisoseries.com/whats-the-roi-of-nothing-happening/
“There's an art to learning how to get other people to solve problems that is more powerful than doing it yourself.”
- What’s a better sign than “nothing happened” to indicate you did a good job in cybersecurity?
- What happens when your company wants to use a really insecure SaaS product?
- What a CISO-in-Residence does for a VC firm
LISTEN: https://cisoseries.com/whats-the-roi-of-nothing-happening/
“There's an art to learning how to get other people to solve problems that is more powerful than doing it yourself.”
Cloud Security Reinvented: Ben Waugh
2021-09-20 Filed in: Cloud Security Reinvented
Cloud Security Reinvented: Ty Sbano
2021-09-20 Filed in: Cloud Security Reinvented
CISO Series: Could We Speak To Your CISO To Confirm He Received the Cupcakes?
2021-09-14 Filed in: CISO Series
This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Branden Newman, svp, CISO, MGM Resorts.
Listen here: https://cisoseries.com/could-we-speak-to-your-ciso-to-confirm-he-received-the-cupcakes/
“It's generous to say that somebody saying military grade means they're meeting a specific standard.. anybody who's meeting a specific standard is going to tell you what their specific standard is.”
Cyberwire Pro: Andy Ellis, Former Akamai CSO & CSO Hall of Fame 2021, on transparency in cybersecurity initiative
2021-09-08 Filed in: Guest Appearances
CISO Series: Make Your Friends Jealous with Our Hand-Crafted Passwords
2021-09-07 Filed in: CISO Series
This week’s CISO/Security Vendor Relationship Podcast was actually recorded in front of a small live audience at The Passwordless Summit in Newport, Rhode Island. The event was sponsored by HYPR, our sponsor for this episode as well. Joining me and my co-host, Andy Ellis (@csoandy), operating partner, YL Ventures, was our sponsored guest, Brian Heemsoth (@bheemsoth), head of cyber defense and monitoring, Wells Fargo.
Listen here: https://cisoseries.com/make-your-friends-jealous-with-our-hand-crafted-passwords
“We're often throwing bodies at solutions as our technologies aren't adequate. We're driven by how many alerts can we show you.”
Listen here: https://cisoseries.com/make-your-friends-jealous-with-our-hand-crafted-passwords
“We're often throwing bodies at solutions as our technologies aren't adequate. We're driven by how many alerts can we show you.”
Hacker Valley: There is No Skills Gap
2021-08-31 Filed in: Guest Appearances
CISO Series: Are you asking how secure are we?
2021-08-31 Filed in: CISO Series
This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Kevin Morrison, CISO, Alaska Air.
Listen here: https://cisoseries.com/are-you-asking-how-secure-are-we-or-how-insecure-am-i/
“If you don't have a path for hiring that junior person and developing them all the way up to become a senior person, you know what you're not going to have?... Anybody.”
Listen here: https://cisoseries.com/are-you-asking-how-secure-are-we-or-how-insecure-am-i/
“If you don't have a path for hiring that junior person and developing them all the way up to become a senior person, you know what you're not going to have?... Anybody.”
CISO Series: We Shame Others Because We’re So Right About Everything
2021-08-17 Filed in: CISO Series
Listen here: https://cisoseries.com/we-shame-others-because-were-so-right-about-everything/
“I hate the ‘blame the user’ model of phishing tests. Phishing tests are to inform you about how bad your email infrastructure actually is. The user is just one piece of it.”
“I hate the ‘blame the user’ model of phishing tests. Phishing tests are to inform you about how bad your email infrastructure actually is. The user is just one piece of it.”
Tech Talks Daily
2021-07-10 Filed in: Guest Appearances
1650: A Chat With Award-Winning CSO Andy Ellis From YL Ventures
Tech Talks Daily / Neil Hughes
https://techblogwriter.libsyn.com/yl-ventures-2
YL Ventures funds and supports brilliant Israeli tech entrepreneurs from seed to lead. With headquarters in Silicon Valley and Tel Aviv, YL Ventures manages $260 million and specializes in cybersecurity. It accelerates the evolution of portfolio companies via strategic advice and U.S.-based operational execution, leveraging a powerful network of CISOs and global industry leaders.
Andy Ellis was recently named operating partner at YL Ventures, has been inducted into IDG's CSO Hall of Fame. The former CSO at Akamai Technologies will now be supporting YL Ventures' portfolio companies post-investment with product development, go-to-market strategies, and customer engagements.
In today's episode, Andy shares his story and insights from his career. We discuss why VC firms and investing in Israeli cybersecurity startups and why more CISOs are taking advisor/investor roles. I also learn what brings him to Israeli cybersecurity companies.
Tech Talks Daily / Neil Hughes
https://techblogwriter.libsyn.com/yl-ventures-2
YL Ventures funds and supports brilliant Israeli tech entrepreneurs from seed to lead. With headquarters in Silicon Valley and Tel Aviv, YL Ventures manages $260 million and specializes in cybersecurity. It accelerates the evolution of portfolio companies via strategic advice and U.S.-based operational execution, leveraging a powerful network of CISOs and global industry leaders.
Andy Ellis was recently named operating partner at YL Ventures, has been inducted into IDG's CSO Hall of Fame. The former CSO at Akamai Technologies will now be supporting YL Ventures' portfolio companies post-investment with product development, go-to-market strategies, and customer engagements.
In today's episode, Andy shares his story and insights from his career. We discuss why VC firms and investing in Israeli cybersecurity startups and why more CISOs are taking advisor/investor roles. I also learn what brings him to Israeli cybersecurity companies.
CISO Series: How Cisos Make it Worse for other CISOs
2021-06-15 Filed in: CISO Series | Guest Appearances
CISO Series / David Spark & Mike Johnson
https://cisoseries.com/how-cisos-make-it-worse-for-other-cisos/
(full transcript at link)
https://cisoseries.com/how-cisos-make-it-worse-for-other-cisos/
(full transcript at link)
Cloud Security Podcast
2021-06-10 Filed in: Guest Appearances
Cloud Security Podcast / Ashish Rajan
https://www.linkedin.com/video/live/urn:li:ugcPost:6808374241436811265/
https://www.linkedin.com/video/live/urn:li:ugcPost:6808374241436811265/
Cyber Ranch
2021-05-26 Filed in: Guest Appearances
Cyber Ranch / Allan Alford
Clever Hiring Practices w/ Andy Ellis
https://hackervalley.com/cyberranch/clever-hiring-practices-w-andy-ellis/
With us today is Andy Ellis, operating partner at YL Ventures, former Akamai CSO and newly inducted member of the CSO Hall of Fame. We're here to talk about nonstandard hiring practices and how Andy has built an amazing team using nonstandard approaches.
Andy began his career in cyber ("I remember back then, you know, we didn't call it cyber, but I think we've all given up and, and that's now the name for our career field.") as an Air Force ROTC cadet, spent 20 years at Akamai, and joined an advisor program at YL Ventures.
Andy found a solution that addresses hiring needs and the talent shortage, while also building a very clever and very innovative team.
According to Andy, the simple answer is it's expensive, and it takes a lot of time to do right.
Allan asks, “What keeps you going in cyber?” Andy answers, “I've always seen myself as improving the systems that I walk through, that when I encounter a system, I want to tweak it and figure out what makes it work and make it work better."
Key Takeaways
1:24 Andy shares his background and how he got to cyber
3:12 Working for a venture capital firm
7:12 Hiring and building a team
12:26 The abnormal hires that just make sense
15:46 Clever role adjustments
17:10 More nonstandard hires
19:03 Confused? Whose confusion is it?
21:02 The academy
24:42 Putting a teacher in
25:21 Budget technique
27:09 Why isn’t everyone hiring this way?
28:30 What keeps you going in cyber?
Clever Hiring Practices w/ Andy Ellis
https://hackervalley.com/cyberranch/clever-hiring-practices-w-andy-ellis/
With us today is Andy Ellis, operating partner at YL Ventures, former Akamai CSO and newly inducted member of the CSO Hall of Fame. We're here to talk about nonstandard hiring practices and how Andy has built an amazing team using nonstandard approaches.
Andy began his career in cyber ("I remember back then, you know, we didn't call it cyber, but I think we've all given up and, and that's now the name for our career field.") as an Air Force ROTC cadet, spent 20 years at Akamai, and joined an advisor program at YL Ventures.
Andy found a solution that addresses hiring needs and the talent shortage, while also building a very clever and very innovative team.
- For new roles, look and see if you have somebody who's almost senior that you can promote to do that job. And backfill the almost senior person instead. Try not to hire senior people, try to hire the most junior person you can get away with and promote everybody up the chain. The real trick is to figure out how your HR and finance teams are going to operate and play them off against each other.
- Now that we have covered your promotion from within strategy, let's talk about hiring some folks for certain roles on the team that at a glance would make no sense at all for a CSO. And yet is really, really effective and repeatable.
- Andy’s flagship is hiring librarians. There is an entire career field dedicated to managing libraries and learning technical language to be able to do that.
- Everyone is in the business of publishing a report about their data, right? This is just taking technical data and technical jargon and making it consumable to people who've never seen this data before. There's an entire industry that does that. We call it journalism. So, we hire journalists to come in and be those storytellers.
- Hire teachers. Put a teacher in a position and to learn how deep do they need to go on a daily basis, and then make sure they get one level deeper. Because you're always going to have problems if you teach exactly to your domain knowledge. So, make sure your domain knowledge is always little bit deeper than whatever your job requires which is usually going to be sufficient to keep you out of trouble.
According to Andy, the simple answer is it's expensive, and it takes a lot of time to do right.
Allan asks, “What keeps you going in cyber?” Andy answers, “I've always seen myself as improving the systems that I walk through, that when I encounter a system, I want to tweak it and figure out what makes it work and make it work better."
Key Takeaways
1:24 Andy shares his background and how he got to cyber
3:12 Working for a venture capital firm
7:12 Hiring and building a team
12:26 The abnormal hires that just make sense
15:46 Clever role adjustments
17:10 More nonstandard hires
19:03 Confused? Whose confusion is it?
21:02 The academy
24:42 Putting a teacher in
25:21 Budget technique
27:09 Why isn’t everyone hiring this way?
28:30 What keeps you going in cyber?
Off the Record
2021-05-17 Filed in: Guest Appearances
Off the Record / Adam Janofsky
Ep 46: When Pipelines Run Dry
Levi and Adam discuss the latest news on the Colonial Pipeline attack, and what the future of ransomware might look like. Andy Ellis, the former CSO of Akamai, joins later in the episode to talk about advising and investing in cybersecurity companies.
https://the-record.captivate.fm/episode/when-pipelines-run-dry
Ep 46: When Pipelines Run Dry
Levi and Adam discuss the latest news on the Colonial Pipeline attack, and what the future of ransomware might look like. Andy Ellis, the former CSO of Akamai, joins later in the episode to talk about advising and investing in cybersecurity companies.
https://the-record.captivate.fm/episode/when-pipelines-run-dry
techspective
2021-05-10 Filed in: Guest Appearances
TechSpective
Andy Ellis Shares Insights on Leadership (and DC Comics)
https://techspective.net/2021/05/10/andy-ellis-shares-insights-on-leadership-and-dc-comics/
Andy Ellis Shares Insights on Leadership (and DC Comics)
https://techspective.net/2021/05/10/andy-ellis-shares-insights-on-leadership-and-dc-comics/
Cyber Professional Podcast
2021-04-20 Filed in: Guest Appearances
Cyber Pro Podcast
https://youtu.be/vUmbbIaafHA
Andy shares his thoughts and experience with Jeff Chao on the role of Security Leadership
https://youtu.be/vUmbbIaafHA
Andy shares his thoughts and experience with Jeff Chao on the role of Security Leadership
Decipher
2021-01-21 Filed in: Guest Appearances
Decipher
Andy Ellis returns
https://duo.com/decipher/decipher-podcast-andy-ellis-returns
Andy Ellis, CSO of Akamai, joins Dennis Fisher to discuss the importance of setting priorities, how to assess your strengths and weaknesses as an organization, and the NFL draft.
Andy Ellis returns
https://duo.com/decipher/decipher-podcast-andy-ellis-returns
Andy Ellis, CSO of Akamai, joins Dennis Fisher to discuss the importance of setting priorities, how to assess your strengths and weaknesses as an organization, and the NFL draft.