Oops, all Interviews: Switching to Cyber, CISO Reflections, and the State of TPCRM - Lenny Zeltser, Helen Patton, Alexandre Sieira - ESW #452

Interview with Helen Patton about her new book, Switching to Cyber

Helen joins us to discuss her second book, "Switching to Cyber." Her first book discussed strategies for handling various stages of the cybersecurity career, while this one, co-written with Josiah Dykstra, provides a guide for switching to cyber mid-career.

Check out her book, Switching to Cyber: The Mid-Career Guide to Launching a Cybersecurity Career:

• on Amazon
• on Barnes & Noble
• and on the publisher's website

Interview with Lenny Zeltzer: Reflections on Being a CISO

After a cybersecurity career in various roles, doing everything from product management to malware analysis training, Lenny spent 6 years in the CISO seat at Axonius, from near the inception of the company through its growth from its modest Series A stage in 2019 to the present, with nearly a billion in funding today.

Lenny's CISO Essays:

• What Being a CISO Taught Me About Security Leadership
• As a CISO, Are You a Builder, Fixer, or Scale Operator?
• The Chief Insecurity Officer

Interview with Alexandre Sieira: The state of TPCRM is shifting

The gold standard for third party cyber risk management has long been the humble questionnaire. While we've seen security rating services companies generate scores by scanning a company's external resources. Both approaches are widely considered inaccurate for either creating trust relationships or determining the true risk of doing business with a third party.

Every analysis of this problem comes to the same conclusion: without internal data about the state of systems and the security program, TPCRM can't improve substantially. Most this believe this to be an impossible problem: third parties would never share data this sensitive with a customer and first parties assume the same.

What if they did?

That's exactly the premise behind Tenchi Security, and Alexandre joins us to talk about how they've accomplished the 'impossible' in Brazil and aim to expand their success to the US.

Resources:

• Thoughts from a panel discussion at a recent FS-ISAC event, shared on LinkedIn
• Predicts 2026: Third-Party Cybersecurity Risk Management Evolves for the AI Era (Gartner Subscribers only, sorry)

Show Notes: https://securityweekly.com/esw-452