The Cyber Ranch Podcast

The Cyber Ranch Podcast

Ride the cyber trails with one CISO (Allan Alford) and a diverse group of friends and experts who bring a human perspective to cybersecurity.


June 7, 2023 28 mins

Join Allan and his guest Jay Adams, CISO @ Enchoice and former security architect for several large private and public sector efforts - from M&A activities to massive public portals.

Jay is going through TX-RAMP right now, and both he and Allan have done research on FedRAMP and StateRAMP as well.

What are the differences?  Why might you choose one over the other?  What are the gotchas?

This is a great show and you'll get to learn a...

Mark as Played

This is Part 1 of an incredible series of interviews Allan conducted live at RSA 2023.  Guests include:

  • Gary Hayslip, CISO @ Softbank Investment Advisers
  • Michael Calderin, CISO @ YAGEO Group
  • David Cross, CISO @ Oracle SaaS Cloud
  • Audra Streetman, Security Strategist @ Splunk
  • Adrian Peters, CISO @ Vista Equity Partners
  • Robin Sundaram, CISO @ RELX
  • Merritt Baer, Office of the CISO @ AWS
  • Rob Wood, CISO @ Centers for Medicare & Medic...
Mark as Played
May 31, 2023 33 mins

This week's show is exciting because Allan has been waiting for Andy's book on leadership to come out for quite some time.  The book is called “1% Leadership – Master The Small, Daily Improvements That Set Great Leaders Apart”, and it consists of 54 chapters - each of which presents a specific facet of good leadership in a nearly "buffet style" manner. You can pick and choose topics that resonate with you and dive right in.

Allan p...

Mark as Played

This episode is a bit scary.  Adrian Sanabria, who on an earlier show busted many cybersecurity myths, is back again, this time analyzing the impact of Large Language Model Artificial Intelligence on a hypothesized skills gap on the bad guy side.

Premise One: Given how many organizations that are vulnerable and that have NOT been breached, the bad guys are suffering the same skills gap we are.

Premise Two: Exploit attacks (think of...

Mark as Played

This is Part 1 of an incredible series of interviews Allan conducted live at RSA 2023.  Guests include:

  • Chris Kennedy, CISO @ Citadel
  • Gary Hayslip, CISO @ Softbank Investment Advisers
  • Michael Calderin, CISO @ YAGEO Group
  • Reet  Kaur, CISO @ Portland Community College
  • Rob LaMagna-Reiter, CISO @ Hudl
  • Matthew Lang, vCISO
  • David Cross, CISO @ Oracle SaaS Cloud
  • Audra Streetman, Security Strategist @ Splunk
  • Vishal Amin, General Manager...
Mark as Played

Leadership skills, technical skills, cybersecurity skills, pluck, drive and determination are all on display as Allan interviews Merav Bahat, CEO @ Dazz and Mickey Bresman, CEO @ Semperis.

Dazz has completed a Series A investment round.  Semperis a Series C.  It turns out that the skills each CEO needs are still remarkably the same.

Saddle up for another episode, where Allan asks his guests:

  1. What’s the coolest thing that has ha...
Mark as Played

What is security chaos engineering?  You may remember Kelly Shortridge, our very first guest, who came on the show to talk about behavioral economics and cybersecurity.  Well Kelly is back to talk about her new book, "Security Chaos Engineering: Sustaining Resilience in Software and Systems".


Security chaos engineering is derived from chaos engineering, a relatively new discipline in software development that seeks to test distri...

Mark as Played

Bryan Liebert is one smart cookie.  Who bakes cybersecurity cakes.  But seriously, Bryan has been a CISO, consultant, architect, and has served many other roles in cybersecurity.  His specialty is creating simple to digest (we could not help it, sorry!) models for managing and reporting on cybersecurity programs and practices.

Join Bryan and Allan as they serve up (we're still doing it!) a lively and informative episode!

Sponsored ...

Mark as Played

Adrian Wright, "The Cynical CISO" of LinkedIn fame, joins Allan to discuss four areas where cybersecurity is perhaps getting it wrong:

  1. Cybersecurity viewed as a necessary evil, related to The Twilight Zone
  2. Ownership, Authority, Accountability: Inventory and Means of Control
  3. Are WE the baddies?
  4. (Largely) Forgotten Security Principles

Allan and Adrian dissect cybersecurity practice in this great episode!

Sponsored by our goo...

Mark as Played

Join us for a SPECIAL EDITON! episode of The Cyber Ranch Podcast LIVE! from CISO XC in Dallas-Fort Worth, Texas!

The topic is data security: its challenges and how to overcome them.

Joining Allan are Cecil Pineda of R1 ("Cecil the CISO") and Gene Moore of Securiti.

The conversation is live and lively, recorded as-is and delivered to you.


Sponsored by Securiti -

Mark as Played

We always think of cybersecurity startups as companies who contribute to the tech stack in an organizational environment - usually the enterprise.  We also think of personal cybersecurity in terms of protecting Grandma or our kids from the bad guys.  But these two worlds intersect far more than you would think, and the techniques for addressing these problems intersect as well.

This week Allan is joined by Leigh Honeywell, CEO at T...

Mark as Played
April 12, 2023 33 mins

Emily Heath is a well-known and well-respected figure in cybersecurity.  She has been a CISO three times in a variety of industries, including software and a major airline.  She has been in law enforcement, is a partner at a VC firm, and serves on boards of directors as well.

With this wealth of experience she has come to value design partnerships - working with small startups to help craft their solutions to meet hers and their ne...

Mark as Played

This week Allan is joined by Karla Reffold, COO at Orpheus Cyber.  Yes, that makes her a vendor, but, yes, she follow's the show's rules:  She is a friend, not a sponsor; she is not all vendory; and most importantly she is a subject matter expert on this week's topic: advisory boards!

In fact, Karla has written an ebook on the subject which is available here:

Topics covered in t...

Mark as Played

Becoming a CISO means changing a lot of perspectives.  Individual contributors need to learn this, and the CISO is the best one to teach them.  "They're never going to get it!" is a mantra used by both sides of that dialogue, and that is not a solution.  Will and Allan discuss:


- What precepts really are "obvious"

- How does one onboard leadership and business perspectives?

- What should CISOs do to ensure their teams gain those ...

Mark as Played

This episode is a story about an entire vendor encounter gone horribly wrong.  Allan is joined by Paul Moreno, VP of InfoSec at Catawii, formerly SVP of Cybersecurity at Adyen, investor and advisor.  Paul found a cybersecurity vendor.  Paul found good references.  Paul got referrals from peers.  Paul did a PoC.  And after that, it all went downhill.  Paul was kind enough to share his story as he and Allan pick apart the failings an...

Mark as Played

Join Allan and Dr. Mike Brass (whose degree is in archaeology!) as they jointly explore the technical side of the house vs. the GRC side of the house, noting that GRC can be a great path to CISO.

Hear Mike's journey from IT technician to GRC to CISO.

Topics Allan and Mike cover:

  • The tension between tech teams and GRC teams, and how a CISO can bridge the two teams
  • Reasons why GRC makes such a great background for the CISO role (...
Mark as Played

We have this idea that we can be perfect.  And we know that idea is unsound.  So we settle for imperfection.  But are we doing that purposefully?  Do we have a conscious plan for embracing imperfection?  How can we, as cyber professionals, embrace our imperfection meaningfully and with intent?


Join Allan and Robin Sundaram as they explore this topic, covering areas such as:

  • NIST CSF is all about imperfection
  • Embracing CMDB im...
Mark as Played

In this episode, Allan is joined by Omkhar Arasaratnam, a force in the industry and an expert in the intersection of software and security (you may remember Omkhar from an earlier show about supply chain security).

They challenge each other to a game, "Technical Case vs. Business Case", where they must provide both arguments for a given technology deployment.  The real subtext here is that whenever these two get together, they alwa...

Mark as Played

Join Allan, Shaun Marion (CISO of McDonald's) and ChatGPT itself for a lively conversation about the implications of this new tool, AI in general, and nuances about ChatGPT's usage.

Even after controls were put into place to prevent ChatGPT from helping the bad guys, Allan and Shaun were able to trick it into giving up details on hacking, authoring phishing emails and more.

Shaun and Allan explore the potential for abuse and the po...

Mark as Played
February 15, 2023 30 mins

How important are communications after your company has been breached?  They can make or break customer perception, and the perception of the world.  Bad communications are perceived as bad intent.

Joining Allan this week is Heather Noggle, owner of Codistac - a company that specializes in cyber communications, advocacy and awareness.  She studied communications in college, and takes this stuff very seriously.

The pair cover LastPa...

Mark as Played

Popular Podcasts

    Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.

    Crime Junkie

    If you can never get enough true crime... Congratulations, you’ve found your people.


    In order to tell the story of a crime, you have to turn back time. Every season, Investigative journalist Delia D'Ambra digs deep into a mind-bending mystery with the hopes of reigniting interest in a decades old homicide case.


    It’s a lighthearted nightmare in here, weirdos! Morbid is a true crime, creepy history and all things spooky podcast hosted by an autopsy technician and a hairstylist. Join us for a heavy dose of research with a dash of comedy thrown in for flavor.


    Unforgettable true crime mysteries, exclusive newsmaker interviews, hard-hitting investigative reports and in-depth coverage of high profile stories.

Advertise With Us

For You

    Music, radio and podcasts, all free. Listen online or download the iHeart App.


    © 2023 iHeartMedia, Inc.