CISO/Security Vendor Relationship Podcast and Series has moved to CISOSeries.com. We're no longer buying their albums because we've had enough of the "can do no wrong" toxic culture of cybersecurity rock stars. On this episode of the CISO/Security Vendor Relationship Podcast we are elevating the little known indie InfoSec professionals. This show, like all the previous ones is hosted by me, David Spark (@dspark), founder of Spark Media Solutions and Mike Johnson, CISO of Lyft. Our guest this week is independent analyst, Kelly Shortridge (@swagitda_). Follow her musings at Swagitda. This episode is sponsored by Vulcan Cyber, your automated vulnerability remediation solution. Put an end to manual-only patch management and reduce vulnerability risk with a cloud-based solution that bridges the vulnerability remediation gap. Automate and orchestrate the vulnerability remediation process with Vulcan Cyber. On this episode: Why is everybody talking about this now? We do a health check on where we are in terms of security enabling the business. What have been the greatest strides and where are we falling behind? We reference a post by CISO of Mitel, Allan Alford. Please, Enough. No, More. We discuss the phenomenon of cybersecurity rock stars and why their “they can do no wrong” pass is toxic to the industry. What’s Worse?! Tip of the hat to Kip Boyle, CEO of Cyber Risk Opportunities for this week’s question. Ask a CISO The phenomenon of security buzzwords. When is it actually used to describe a product and when is it used to fill up space in a marketing campaign? What’s a CISO to do? We talk about people being the problem in security, but it’s not in the way you think it is.