Defense in Depth

All links and images can be found on CISO Series Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Howard Holton, CEO, GigaOm. Joining is Tyler King, senior director - threat operations and response, Sinclair. In this episode: Career insurance In the trenches together Who are you actually selling to? Common sense, uncommon in sales A huge thanks to our sponsor, Material Security Legacy email security only watches the door. Material protects your entire cloud workspace—email, files, and accounts—as one ecosystem. It's more coverage for less than the cost of a legacy SEG. One price, no surprises: just security that covers the whole surface area. Learn more at material.security.

All links and images can be found on CISO Series We think of cybersecurity as a discipline. But when do ideas like best practices and NIST frameworks change into a system of belief? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Davi Ottenheimer, principal, Flying Penguin. Joining is Joshua Copeland, director of security, Crescendo. In this episode: Tools, not religion The case for structured discipline The management problem underneath Fix the damn holes A huge thanks to our sponsor, ThreatLocker ThreatLocker delivers Zero Trust Network Access and Zero Trust Cloud Access that verifies both user and device before granting access to specific applications. No broad access, nothing exposed, and no reliance on credentials alone. It's a smarter way to control access and reduce risk. Learn more at ThreatLocker.com/CISO.

All links and images can be found on CISO Series We know human-paced security controls can't be applied to autonomous AI agents. So what needs to change with CNAPP and cloud security? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Dan Benjamin, vp product - data, identity, and AI security, Palo Alto Networks. In this episode: The detection ceiling A category gap, not a feature gap Resilience by design An insider threat with no face A huge thanks to our sponsor, Palo Alto Networks Cortex Cloud unifies code, cloud, and SOC on a single data, risk, and control plane — giving teams the context, workflows, and agentic intelligence to turn risk into resolution. Native AI agents investigate and act within enterprise guardrails, delivering real-time protection from workload to network edge. Cloud security that outpaces machine-speed threats. Visit Palo Alto Networks and search cortex cloud.  

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our guest, Paul Guerra. In this episode: Read the contract How vendors win before the evaluation ends The fallout The real cost A huge thanks to our sponsor, Native Security Native makes secure-by-design inherent to how the cloud operates. It's the control plane for built-in cloud security, unifying and governing native controls, so security intent is defined once and applied consistently across providers. Learn more at native.security.

All links and images can be found on CISO Series All security startups will tell you they talk to potential customers. The problem is that you limit your development when you only talk to CISOs who might buy. It's not the same guidance you'll get from a CISO who advises. Check out this post by Val Tsanev of the Cyber Risk Alliance for the discussion that is the basis of our conversation. This week's episode is co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Steve Jensen, CISO, University of Maine System. In this episode: Building for whom? The only feedback loop that matters Valid, but for whom? Rethink the advisor roster A huge thanks to our sponsor, Material Security Legacy email security only watches the door. Material protects your entire cloud workspace—email, files, and accounts—as one ecosystem. It's more coverage for less than the cost of a legacy SEG. One price, no surprises: just security that covers the whole surface area. Learn more at material.security. 

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Rob Allen. In this episode: The vulnerable stack Changing the structural economics Change the terrain The cost-benefit equation A huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

All links and images can be found on CISO Series Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Heath Renfrow, co-founder, Fenix24. In this episode: Knowing which systems to save first Recovery is a business conversation, not an IT ticket Not all systems are created equal Recovery knowledge as a governed asset A huge thanks to our sponsor, Fenix24   Fenix24 is the world's leading breach recovery firm, providing rapid ransomware restoration, full asset visibility, and threat informed hardening. Alongside expert recovery services, Fenix24 delivers ongoing managed protection that secures backups, infrastructure, and critical controls, helping organizations stay resilient, recoverable, and prepared for modern cyber threats. Learn more at fenix24.com.

What Makes a Successful Security Vendor Demo? All links and images can be found on CISO Series. Check out this post from Adam Palmer for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Geoff Belknap. Joining is Ken Beasley, BISO, Kaiser Permanente. In this episode: Show me the problem, not the product Walking in blind Discovery is the demo Define the use case, set the clock A huge thanks to our sponsor, Fenix24 Fenix24 is the world's leading breach recovery firm, providing rapid ransomware restoration, full asset visibility, and threat informed hardening. Alongside expert recovery services, Fenix24 delivers ongoing managed protection that secures backups, infrastructure, and critical controls, helping organizations stay resilient, recoverable, and prepared for modern cyber threats. Learn more at fenix24.com.

Should You Use Native or 3rd Party Cloud Management Tools? All links and images can be found on CISO Series. Check out this post from Steve Zalewski for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is their sponsored guest, Gal Ordo, co-founder and CPO, Native. In this episode: More tools, more problems A gap in design Catching what slips through Competence over complexity A huge thanks to our sponsor, Native Security Native makes secure-by-design inherent to how the cloud operates. It's the control plane for built-in cloud security, unifying and governing native controls, so security intent is defined once and applied consistently across providers. Learn more at native.security.

How Should We Measure the Performance of a CISO? All links and images can be found on CISO Series. Check out this post from the cybersecurity subreddit for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is Jason Richards, vp, information security, CHG Healthcare. In this episode: Likability as a career strategy The storytelling gap How the math actually gets done The unofficial scorecard A huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Ross Young, co-host, CISO Tradecraft. Joining them is Dan Walsh, CISO, Datavant. Be sure to check out Ross's book Cybersecurity's Dirty Secret: Why Most Budgets Go to Waste. In this episode: Patterns hiding in plain sight Activity vs. advancement The human cost Frameworks about frameworks A huge thanks to our sponsor, Fenix24 Fenix24 is the world's leading breach recovery firm, providing rapid ransomware restoration, full asset visibility, and threat informed hardening. Alongside expert recovery services, Fenix24 delivers ongoing managed protection that secures backups, infrastructure, and critical controls, helping organizations stay resilient, recoverable, and prepared for modern cyber threats. Learn more at fenix24.com.

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is Adam Palmer, CISO, First Hawaiian Bank. Be sure to check out David's book, Three Feet from Seven Figures: One-on-One Engagement Techniques to Qualify More Leads at Trade Shows. In this episode: Lead with insight, not persuasion Recognize the opportunity when it arrives Strategy over features Keep it efficient A huge thanks to our sponsor, Endor Labs Discover how AI coding agents are reshaping software supply chain risk in the State of Dependency Management. Original research from Endor Labs shows 49% of dependency versions have known vulnerabilities (and that 34% don't actually exist). Get the report to see how "shadow AI" is reshaping attack surfaces. Learn more at endorlabs.com.

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining is their sponsored guest, Matt Brown, solutions architect, Endor Labs. In this episode: The development disconnect Functionality first, security second The incentive problem Speed as the common ground A huge thanks to our sponsor, Endor Labs Discover how AI coding agents are reshaping software supply chain risk in the State of Dependency Management. Original research from Endor Labs shows 49% of dependency versions have known vulnerabilities (and that 34% don't actually exist). Get the report to see how "shadow AI" is reshaping attack surfaces. Learn more at www.endorlabs.com.

All links and images can be found on CISO Series. Check out this post by Caleb Sima for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Evan McHenry, CISO, Robinhood. In this episode: The information paradox Setting realistic expectations Prioritization over noise The cart before the horse Huge thanks to our sponsor, Endor Labs Discover how AI coding agents are reshaping software supply chain risk in the State of Dependency Management. Original research from Endor Labs shows 49% of dependency versions have known vulnerabilities (and that 34% don't actually exist). Get the report to see how "shadow AI" is reshaping attack surfaces.  

All links and images can be found on CISO Series. Check out this post, CISO, Upwind Security, for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap, CISO, LinkedIn. Joining us is Octavia Howell, vp and CISO, Equifax Canada. In this episode: Beyond the quota The hard truth beats the polished bluff Paying for someone else's mistakes Reducing friction, increasing trust Huge thanks to our sponsor, ThreatLocker ThreatLocker takes a deny-by-default approach to endpoint security — controlling what applications can run, what can access data, and what can elevate privileges. Used by organizations that want to reduce attack surface without relying on detection alone. Learn more at threatlocker.com/ciso.

All links and images can be found on CISO Series. This week's episode is co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Mark Eggleston, CISO, CSC. In this episode: Breaking trust to test it Technical controls over testing The measurement imperative Fire drills, not gotchas Huge thanks to our sponsor, Scanner All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data lakes, 10x cheaper than SIEMs. Loved by analysts. Built for AI agents. Learn more at scanner.dev.

All links and images can be found on CISO Series. This week's episode is co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Cliff Crosland, co-founder and CEO, Scanner.dev. In this episode: Earning autonomy gradually The blast radius question The reality check Today's value, tomorrow's evolution Huge thanks to our sponsor, Scanner All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data lakes, 10x cheaper than SIEMs. Loved by analysts. Built for AI agents. Learn more at scanner.dev.

All links and images can be found on CISO Series. Check out this post by Dr. Chase Cunningham, CSO at Demo-Force, for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Brett Conlon, CISO, American Century Investments. In this episode: The experience paradox Who benefits from the narrative Kitchen sink job postings The aggregation problem Huge thanks to our sponsor, Scanner All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data lakes, 10x cheaper than SIEMs. Loved by analysts. Built for AI agents. Learn more at scanner.dev  

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is their sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: Getting permissions right The fundamentals that still fail Know what you have Simple controls, outsized impact Huge thanks to our sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.

All links and images can be found on CISO Series. Check out this post by Patrick Garrity of VulnCheck for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is Tom Doughty, CISO, Generate:Biomedicines. In this episode:  The 3Ms of product clarity Buzzwords work because buyers aren't experts Investor pressures distort messaging Threading the needle Huge thanks to our sponsor, Alteryx Alteryx is a leading AI and data analytics company that powers actionable insights that help organizations drive smarter, faster decisions. Alteryx One helps security, risk, and operations leaders cut hours of manual work to minutes, generate trusted insights at scale, and turn raw data into action faster than ever. Learn more at www.alteryx.com.

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Geoff Belknap. Joining them is sponsored guest Matt Goodrich, director of information security, Alteryx. In this episode: The integrity challenge Zero trust for AI outputs Guardrails over garbage It looks good... Huge thanks to our sponsor, Alteryx Alteryx is a leading AI and data analytics company that powers actionable insights that help organizations drive smarter, faster decisions. Alteryx One helps security, risk, and operations leaders cut hours of manual work to minutes, generate trusted insights at scale, and turn raw data into action faster than ever. Learn more at www.alteryx.com.

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by me, David Spark, the producer of CISO Series, and Jerich Beason, CISO, WM. Their guest is Pam Lindemoen, CSO and vp of strategy, RH-ISAC. In this episode: From loudest to most trusted Letting go of the win Listening over proving Beyond right and wrong Huge thanks to our sponsor, Alteryx Alteryx is a leading AI and data analytics company that powers actionable insights that help organizations drive smarter, faster decisions. Alteryx One helps security, risk, and operations leaders cut hours of manual work to minutes, generate trusted insights at scale, and turn raw data into action faster than ever. Learn more at www.alteryx.com.  

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Ejona Preci, group CISO, LINDAL Group. In this episode:  Consequence, not controls The credibility gap Defining the undefined Expanding the mandate A huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

All links and images can be found on CISO Series. Check out this post by Binoy Koonammavu of Secusy AI for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is best-selling cybersecurity author Peter Gregory. His upcoming study guide on AI governance can be pre-ordered here. In this episode: Speaking the language of leadership Beyond translation: the trust factor Making risk tangible When translation isn't enough Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

All links and images can be found on CISO Series. Check out this post by Nick Nolen of Redpoint Cyber for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Erika Dean, former CSO, Robinhood. In this episode: Delegation requires accountability The reality of daily decision-making The gap between theory and practice Beyond the advisory role Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO

All links and images can be found on CISO Series. Check out this post by Christofer Hoff of Truist for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Caleb Sima, builder, WhiteRabbit. Joining them is Crystal Chatam, vp of cybersecurity, Speedcast. In this episode: Understanding the fundamentals The grift of superficial expertise Hands-on experience matters  A vulnerability at the leadership level Huge thanks to our sponsor, Stellar Cyber By shining a bright light on the darkest corners of security operations, Stellar Cyber empowers organizations to see incoming attacks, know how to fight them, and act decisively – protecting what matters most. Stellar Cyber's award-winning open security operations platform includes AI-driven SIEM, NDR, ITDR, Open XDR, and Multi-Layer AI™ under one unified platform with a single license. With ⅓ of the global top 250 MSSPs and over 14,000 customers worldwide, Stellar Cyber is one of the most trusted leaders in security operations. Learn more at https://stellarcyber.ai/.  

All links and images can be found on CISO Series. Check out this post by Ross Haleliuk of Venture in Security for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Davi Ottenheimer, vp, trust and digital ethics, Inrupt. In this episode: Network security isn't dying—it's evolving The observability layer that can't be replaced What's old is new again The innovation gap Huge thanks to our sponsor, HackerOne Discover how AI innovators like Adobe, Anthropic, and Snap are using AI to find and fix vulnerabilities across the software development lifecycle. HackerOne, the global leader in offensive security solutions, reveals all in the CISOs' guide to securing the future of AI. Download it now to see how AI can strengthen your security posture. Learn more at https://www.hackerone.com/  

All links and images can be found on CISO Series. Check out this post by Kevin Paige, CISO at ConductorOne, for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: When configuration drift becomes operational reality The garden that never stops growing From detection to cultural shift The maturity gap Huge thanks to our sponsor, ThreatLocker ThreatLocker® Defense Against Configurations continuously scans endpoints to uncover misconfigurations, weak firewall rules, and risky settings that weaken defenses. With compliance mapping, daily updates, and actionable remediation in one dashboard, it streamlines hardening, reduces attack surfaces, and strengthens security. Learn more at https://www.threatlocker.com/

All links and images can be found on CISO Series. Check out this post by Kevin Paige, CISO at ConductorOne, for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is Julie Tsai, CISO-in-Residence, Ballistic Ventures. In this episode: Is least privilege dead? Modern tactics, timeless principle Implementation over ideology Pragmatism over purity Huge thanks to our sponsor, Cyera AI is moving fast - can your security keep up? Join the leaders shaping the future of data and AI security at DataSecAI Conference 2025, hosted by Cyera, Nov 12–13 in Dallas. Register now at https://datasecai2025.com/did.

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining them is their sponsored guest Bobby Ford, chief strategy and experience officer, Doppel. In this episode: Beyond the click High-risk users demand different metrics Building engagement over punishment Creating a security culture through community Huge thanks to our sponsor, Doppel Doppel is protecting the world's digital integrity. Impersonators adapt fast — but so does Doppel. By pairing AI with expert analysis, we don't just detect deception; we dismantle it. Our platform learns from every attack, expands its reach across digital channels, and disrupts threats before they cause harm. The result? Impersonators lose. Businesses become too costly to attack. And trust stays intact. Learn more at https://www.doppel.com/  

All links and images can be found on CISO Series. Check out this post by Mike Gallardo for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Geoff Belknap. Joining them is Alex Guilday, BISO, Royal Caribbean Group. In this episode: Timing the approach When persistence becomes harassment Playing the long game The necessity argument Huge thanks to our sponsor, Cyera AI is moving fast - can your security keep up? Join the leaders shaping the future of data and AI security at DataSecAI Conference 2025, hosted by Cyera, Nov 12–13 in Dallas. Register now at https://datasecai2025.com/did. 

All links and images can be found on CISO Series. Check out this post by Evgeniy Kharam for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is Ryan Dunn, Leader of Product and Supply Chain Technology, Specialized Bicycle Components.  And check out "Architecting Success: The Art of Soft Skills in Technical Sales: Connect to Sell More" by Evgeniy Kharam we referenced in this episode. In this episode: Beyond the technical playbook Influencing without authority Partnering, not just selling The deliberate work of connection Thanks to our sponsor, HackerOne Built on 580,000+ validated vulnerabilities, $81M in payouts this year, and insights from 1,950 enterprise programs, the 2025 Hacker-Powered Security Report shows how leading organizations reduce risk and prove outcomes. Get practical guidance on attacker focus, response patterns, and board-ready metrics. Watch the Q&A, then download the report to operationalize what works for you.  https://www.hackerone.com/report/future-of-ai?utm_medium=Paid-Newsletter&utm_source=cisoseries&utm_campaign=Parent-FY25-AIAwarenessCampaign-GL

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Bil Harmer, security advisor, Craft Ventures. Joining them is James Bruce, business security services director, WPP. In this episode: Turning visibility into actionable intelligence Pure visibility still provides an essential security foundation Finding strategic value The risk of gaps in identity management Huge thanks to our sponsor, ThreatLocker Human error remains one of the top cybersecurity threats. Just one wrong click can open the door to ransomware or data loss. With ThreatLocker, unauthorized apps, scripts, and devices are blocked before they can ever run. See how ThreatLocker can help you gain more control over your environment.  Threatlocker.com/CISO  

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Dan Walsh, CISO, Datavant. Joining them is their sponsored guest, Ash Hunt, vp, strategy, EMEA, Cyera. In this episode: The access creep challenge Bridging intent and execution Looking for integrity Racing against exponential complexity Huge thanks to our sponsor, Cyera     AI is moving fast - can your security keep up? Join the leaders shaping the future of data and AI security at DataSecAI Conference 2025, hosted by Cyera, Nov 12–13 in Dallas. Register now at https://www.cyera.com/?utm_source=cisoseries        

All links and images can be found on CISO Series. Check out this post by David Mundy of Tuskira for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is Jason Taule, CISO, Luminis Health. In this episode: ROI challenges  Venture capital saturation Risk aversion and organizational politics A GTM transformation Huge thanks to our sponsor, Doppel Doppel is the first social engineering defense platform built to dismantle deception at the source. It uses AI and infrastructure correlation to detect, link, and disrupt impersonation campaigns before they spread - protecting brands, executives, and employees while turning every threat into action that strengthens defenses across a shared intelligence network. Learn more at https://www.doppel.com/platform

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is our sponsored guest, Kara Sprague, CEO, HackerOne. In this episode: Shadow AI as a control problem Rethinking identity for autonomous agents When process meets momentum Beyond blocking: channeling AI usage Huge thanks to our sponsor, HackerOne Built on 580,000+ validated vulnerabilities, $81M in payouts this year, and insights from 1,950 enterprise programs, the 2025 Hacker-Powered Security Report shows how leading organizations reduce risk and prove outcomes. Get practical guidance on attacker focus, response patterns, and board-ready metrics. Watch the Q&A, then download the report to operationalize what works for you. https://www.hackerone.com/report/hacker-powered-security  

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is CISO Series reporter and CISO herself, Hadas Cassorla. In this episode: Security poverty line excludes SMBs  Skills gap and channel dynamics slow SMB security adoption The startup disadvantage cycle Technology adoption flows from enterprise complexity to market simplification Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is our sponsored guest Mokhtar Bacha, founder and CEO, Formal. In this episode: Access management faces transformation  AI agents demand new authentication paradigms AI complexity demands simplified governance approaches Data-centric identity management replaces role-based approaches Huge thanks to our sponsor, Formal Formal secures humans, AI agent's access to MCP servers, infrastructure, and data stores by monitoring and controlling data flows in real time. Using a protocol-aware reverse proxy, Formal enforces least-privilege access to sensitive data and APIs, ensuring AI behavior stays predictable and secure. Visit joinformal.com to learn more or schedule a demo.

All links and images can be found on CISO Series. Check out this post by Geoff Belknap, co-host of Defense in Depth, for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and John Overbaugh, CISO, Alpine Investors. Joining us is our sponsored guest, Pukar Hamal, founder and CEO at SecurityPal. In this episode:  When business moves faster than security Turning obstacles into opportunities The art of saying "not like that" Know your regulatory landscape Huge thanks to our sponsor, SecurityPal AI SecurityPal is the leader in Customer Assurance, helping companies accelerate security assurance without compromising accuracy. Their AI + human expertise approach, dynamic Trust Center, and modern TPRM solution eliminate manual work and streamline vendor security at scale. To learn more, visit securitypal.ai.

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Justin Berman, formerly vp of platform engineering and CISO at Thirty Madison Health. In this episode:  Maps without transportation The untouchable employee problem Attestation theater The lightbulb moment Huge thanks to our sponsor, SecurityPal SecurityPal is the leader in Customer Assurance, helping companies accelerate security assurance without compromising accuracy. Their AI + human expertise approach, dynamic Trust Center, and modern TPRM solution eliminate manual work and streamline vendor security at scale. To learn more, visit securitypal.ai.

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode:  Legacy infrastructure creates the biggest hurdles More marketing than methodology Implementation complexity makes zero trust a Sisyphean task Don't ignore human factors Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit Threatlocker.com/CISO  

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is Terry O'Daniel, former CISO at Amplitude. In this episode:  Beyond prioritization: aligning risk with reality From signals to strategy The Case for Maturity Models Security Starts With Culture Huge thanks to our sponsor, SecurityPal SecurityPal is the leader in Customer Assurance, helping companies accelerate security assurance without compromising accuracy. Their AI + human expertise approach, dynamic Trust Center, and modern TPRM solution eliminate manual work and streamline vendor security at scale. To learn more, visit securitypal.ai.

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is their sponsored guest, Matt Eberhart, CEO, Query. In this episode:  Quality over quantity in AI decision-making Process before technology The connectivity challenge The context complexity paradox Huge thanks to our sponsor, Query Query is a Federated Search and Analytics platform that builds a security data mesh, giving security teams real-time context from all connected sources. Analysts move faster and make better decisions with AI agents and copilots that handle the grunt work and guide each step. Learn more at query.ai

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is Jason Thomas, senior director, technology security, governance, and risk, Cystic Fibrosis Foundation. In this episode:  The trust deficit Defending the non-technical roles The business accountability gap The communication imperative Huge thanks to our sponsor, Query.ai Query is a Federated Search and Analytics platform that builds a security data mesh, giving security teams real-time context from all connected sources. Analysts move faster and make better decisions with AI agents and copilots that handle the grunt work and guide each step. Learn more at query.ai

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by me, David Spark, the producer of CISO Series, and Dan Walsh, CISO, Datavant. Joining them is Sneha Parmar, former information security officer, Lufthansa Group Digital. In this episode: Shifting left, broadening out The insurance wake-up call Building trust into the system Security's identity crisis A huge thanks to our sponsor, Doppel Doppel is the first social engineering defense platform built to dismantle deception at the source. It uses AI and infrastructure correlation to detect, link, and disrupt impersonation campaigns before they spread - protecting brands, executives, and employees while turning every threat into action that strengthens defenses across a shared intelligence network. Learn more at https://www.doppel.com/platform

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is David Cross, CISO, Atlassian. In this episode: The experience prerequisite The bootcamp reality check The compensation conundrum The domain expertise imperative A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.  

All posts and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Steve Knight, former CISO, Hyundai Capital America. In this episode: Streamlining vendor evaluations  Moving beyond compliance theater The scorecard skeptics Finding the right balance Thanks to our sponsor, Formal Formal secures humans, AI agent's access to MCP servers, infrastructure, and data stores by monitoring and controlling data flows in real time. Using a protocol-aware reverse proxy, Formal enforces least-privilege access to sensitive data and APIs, ensuring AI behavior stays predictable and secure. Visit joinformal.com to learn more or schedule a demo.

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining is Hanan Szwarcbord, vp, CSO and head of infrastructure, Micron Technology. In this episode Embracing growth An urgent need for creativity Get the business context Embrace your inner theater kid Huge thanks to our sponsor, Query.ai Query is a Federated Search and Analytics platform that builds a security data mesh, giving security teams real-time context from all connected sources. Analysts move faster and make better decisions with AI agents and copilots that handle the grunt work and guide each step. Learn more at query.ai

All links and images can be found on CISO Series. Check out this post by Justin Pagano at Klaviyo for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Jesse Webb, CISO and svp information systems, Avalon Healthcare Solutions. In this episode: Align the incentives The feature and enforcement disconnect Putting the right people in the right place A need for transparency   Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest Jason Steer, CISO, Recorded Future. In this episode We don't need more indicators Creating more work Generating actionable intelligence Design for what you can do Huge thanks to our sponsor, Recorded Future Every day, security teams face an impossible challenge: sorting through millions of threats, each potentially critical. But somewhere in that noise are the signals you can't afford to miss. Recorded Future's gives you the power to outpace AI-driven threats through intelligence tuned specifically to your needs, enabling you to act with precision. Their advanced AI detects patterns human eyes might miss, while their experts provide context that machines alone cannot. Visit recordedfuture.com to learn more about securing what matters to your business.

All images and links can be found on CISO Series. Check out this post by Gautam 'Gotham' Sharma of AccessCyber for the discussion that is the basis of our conversation on this week's episode, co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is Krista Arndt, associate CISO, St. Luke's University Health Network. In this episode: Verify then trust Dishonesty on all sides A lack of flexibility What about integrity? Huge thanks to our sponsor, Formal Formal secures humans, AI agent's access to MCP servers, infrastructure, and data stores by monitoring and controlling data flows in real time. Using a protocol-aware reverse proxy, Formal enforces least-privilege access to sensitive data and APIs, ensuring AI behavior stays predictable and secure. Visit joinformal.com to learn more or schedule a demo.

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Dennis Pickett, vp, CISO, Westat. In this episode: Stop siloing cybersecurity Leading the charge A culture of ownership Preparing for resilience A huge thanks to our sponsor, Recorded Future Every day, security teams face an impossible challenge: sorting through millions of threats, each potentially critical. But somewhere in that noise are the signals you can't afford to miss. Recorded Future's gives you the power to outpace AI-driven threats through intelligence tuned specifically to your needs, enabling you to act with precision. Their advanced AI detects patterns human eyes might miss, while their experts provide context that machines alone cannot. Visit recordedfuture.com to learn more about securing what matters to your business.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Yaron Levi, CISO, Dolby. Joining us is Joey Rachid, CISO, Xerox. In this episode: It's a balancing act Choose to leave the kids' table Your team is essential Don't change CISOs midstream Huge thanks to our sponsor, Blackslash Backslash offers a new approach to application security by creating a digital twin of your application, modeled into an AI-enabled App Graph. It categorizes security findings by business process, filters "triggerable" vulnerabilities, and simulates the security impact of updates. Backslash dramatically improves AppSec efficiency, eliminating legacy SAST and SCA frustration. Learn more at https://www.backslash.security/  

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Howard Holton, COO, Gigaom. Joining us is our sponsored guest, Rob Allen, chief product officer at ThreatLocker. In this episode:  Reinforcing zero trust Focus on effectiveness Understanding zero trust limitations What's next Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is Jay Jay Davey, vp of cyber security operations, Planet.  In this episode: Aligning incentives The realities of the job Delivering ROI Holistic cybersecurity Thanks to our sponsor, Backslash Security Backslash offers a new approach to application security by creating a digital twin of your application, modeled into an AI-enabled App Graph. It categorizes security findings by business process, filters "triggerable" vulnerabilities, and simulates the security impact of updates. Backslash dramatically improves AppSec efficiency, eliminating legacy SAST and SCA frustration. Learn more at www.backslash.security.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Eric Gold, chief evangelist, BackSlash. In this episode: Start with the culture Moving AppSec to a higher level A strategy for security Maturing the basics Thanks to our sponsor, Backslash Security Backslash offers a new approach to application security by creating a digital twin of your application, modeled into an AI-enabled App Graph. It categorizes security findings by business process, filters "triggerable" vulnerabilities, and simulates the security impact of updates. Backslash dramatically improves AppSec efficiency, eliminating legacy SAST and SCA frustration.  

All links and images for this episode can be found on CISO Series. Check out this post from Jerich Beason, CISO at WM, for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Dan Walsh, CISO, Datavant. Joining us is Rinki Sethi, vp and CISO, BILL. In this episode: You need a solid foundation A lot depends on the role Underappreciated skills Structures and frameworks Huge thanks to our sponsor, Recorded Future Every day, security teams face an impossible challenge: sorting through millions of threats, each potentially critical. But somewhere in that noise are the signals you can't afford to miss. Recorded Future's gives you the power to outpace AI-driven threats through intelligence tuned specifically to your needs, enabling you to act with precision. Their advanced AI detects patterns human eyes might miss, while their experts provide context that machines alone cannot. Visit recordedfuture.com to learn more about securing what matters to your business.

All links and images for this episode can be found on CISO Series. Check out this post from Caleb Sima of WhiteRabbit for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Alex Hutton, CISO, Atlantic Union Bank. In this episode: The race to differentiate  Don't blame Gartner Simplifying is complicated Seeking connection Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.  

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Jason Elrod, CISO, MultiCare Health System. Joining us is our sponsored guest, Nick Muy, CISO, Scrut Automation. In this episode: Supercharging teams Shifting to proactive A unique opportunity A human in the legal loop HUGE thanks to our sponsor, Scrut Automation Scrut Automation empowers compliance and risk teams of all sizes to build enterprise-grade security programs effortlessly. With powerful automation, AI-driven efficiencies, and seamless integrations, Scrut eliminates compliance debt and enables proactive risk management—helping your business stay secure as it scales. Visit www.scrut.io to learn more or schedule a demo.

All links and images for this episode can be found on CISO Series. Check out this post by Tallis Jordan of the U.S. Army Cyber Command for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is Montez Fitzpatrick, CISO, Navvis. In this episode: Start with foundations Learning to learn Don't get hustled Building a pipeline HUGE thanks to our sponsor, Scrut Automation Scrut Automation empowers compliance and risk teams of all sizes to build enterprise-grade security programs effortlessly. With powerful automation, AI-driven efficiencies, and seamless integrations, Scrut eliminates compliance debt and enables proactive risk management—helping your business stay secure as it scales. Visit www.scrut.io to learn more or schedule a demo.

All links and images for this episode can be found on CISO Series. Check out this post from Yaron Levi for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining us is Yaron Levi, CISO, Dolby. In this episode: A knowledge deficit Talk is cheap What's the difference? Answer the preliminaries HUGE thanks to our sponsor, Scrut Automation Scrut Automation empowers compliance and risk teams of all sizes to build enterprise-grade security programs effortlessly. With powerful automation, AI-driven efficiencies, and seamless integrations, Scrut eliminates compliance debt and enables proactive risk management—helping your business stay secure as it scales. Visit www.scrut.io to learn more or schedule a demo.

All links and images for this episode can be found on CISO Series. Check out this post by Rachel Bicknell of Dell Technologies quoting Mic Merritt of Merritt Collective for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Jimmy Sanders, president, ISSA International. Joining them is Ngozi Eze, CISO, Levi Strauss.   In this episode: Stop the unicorn hunt Job post inflation Structural misalignment We've got to do better Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Howard Holton, CTO, GigaOm. Joining us is Francis Odum, founder, Software Analyst Cybersecurity Research. In this episode: Rebalancing the SOC The case for consolidation It comes down to data Concentric cycles Thanks to our podcast sponsor, Palo Alto Networks Cortex Cloud, the next generation of Prisma Cloud, merges best-in-class CDR with industry-leading CNAPP for real-time cloud security. Harness the power of AI and automation to prioritize risks with runtime context, enable remediation at scale, and stop attacks as they occur. Bring together your cloud and SOC on the unified Cortex platform to transform end-to-end operations. Experience the future of real-time cloud security at https://www.paloaltonetworks.com/cortex/cloud.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Lee Parrish, CISO, Newell Brands. Joining us is David Tyburski, vp of information security and CISO, Wynn Resorts. In this episode: CISOs need to stick around Culture forward CISOs need support This isn't always about budget  Thanks to our podcast sponsor, Palo Alto Networks! Cortex Cloud, the next generation of Prisma Cloud, merges best-in-class CDR with industry-leading CNAPP for real-time cloud security. Harness the power of AI and automation to prioritize risks with runtime context, enable remediation at scale, and stop attacks as they occur. Bring together your cloud and SOC on the unified Cortex platform to transform end-to-end operations. Experience the future of real-time cloud security at https://www.paloaltonetworks.com/cortex/cloud.  

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Elad Koren, vp, product management, Cortex Cloud, Palo Alto Networks. In this episode: Context drives the decision A full-spectrum understanding Think practical The long play Thanks to our podcast sponsor, Palo Alto Networks Cortex Cloud, the next generation of Prisma Cloud, merges best-in-class CDR with industry-leading CNAPP for real-time cloud security. Harness the power of AI and automation to prioritize risks with runtime context, enable remediation at scale, and stop attacks as they occur. Bring together your cloud and SOC on the unified Cortex platform to transform end-to-end operations. Experience the future of real-time cloud security at https://www.paloaltonetworks.com/cortex/cloud.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and DJ Schleen, former distinguished security architect, Yahoo. Joining us is our sponsored guest Heath Renfrow, co-founder, Fenix24. In this episode: Get creative Shift the focus of backups Failing the test Moving beyond false hope Thanks to our podcast sponsor, Fenix24 You've invested in cybersecurity, but can your business recover when it counts? The Securitas Summa program from the Conversant Group combines resistance, managed protection, and rapid recovery to minimize downtime and restore operations faster than anyone else. Resilience isn't optional. Click to see how it works.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Andrew Wilder, CISO, Vetcor. In this episode: It comes down to growth Maintenance mode is anything but simple An asymmetric arrangement Integrating with the business  Thanks to our podcast sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us Sneha Parmar, information security officer, Lufthansa Group Digital Hangar. In this episode: Build the foundation Building at scale Excelling at boring Knowing what you've got is half the battle Thanks to our podcast sponsor, Fenix24 You've invested in cybersecurity, but can your business recover when it counts? The Securitas Summa program from the Conversant Group combines resistance, managed protection, and rapid recovery to minimize downtime and restore operations faster than anyone else. Resilience isn't optional. Click to see how it works.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining us is Gaurav Kapil, CISO, Bread Financial. In this episode: It helps to have a vision The benefit of planning It's never too early to start Don't make rash decisions Thanks to our podcast sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images for this episode can be found on CISO Series. Check out this post by Marc Ashworth, CISO at First Bank for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Shawn Bowen, vp, deputy CISO - Gaming, Microsoft. Joining us is Ken Athanasiou, CISO, VF Corporation. In this episode: Frustration is a two-way street Sales is data driven Give customers the tools they need Start a conversation Thanks to our podcast sponsor, Noma Security Secure your entire Data & AI Lifecycle—from development to production and classic data engineering to GenAI. Noma's full-lifecycle platform delivers seamless protection against risks like misconfigured data pipelines, malicious models, and adversarial AI attacks, empowering AppSec teams with complete visibility, security, and compliance—without disrupting data and AI teams' workflows.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: The promise and perils of LLMs A boon for defenders Raising the bar Muddying the waters Thanks to our podcast sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Ross Young, CISO-in-residence, Team8, and Jeroen Schipper, CISO, Gemeente Den Haag. In this episode: Creating authority Don't reinvent the wheel Accountable for quality Make the distinction clear Thanks to our podcast sponsor, Fenix24 You've invested in cybersecurity, but can your business recover when it counts? The Securitas Summa program from the Conversant Group combines resistance, managed protection, and rapid recovery to minimize downtime and restore operations faster than anyone else. Resilience isn't optional. Click to see how it works.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode  co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Itai Tevet, CEO, Intezer. In this episode: Build for what you can handle Rethinking alerts Building trust into your system Seeing the bigger picture Thanks to our podcast sponsor, Intezer Intezer's AI-driven solution automates alert triage and investigations, cutting through the noise to highlight serious threats. By integrating with your security tools, it escalates only 4% of alerts for fast remediation, helping SOC teams focus on what matters. Learn more at intezer.com today!

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining us is Yaron Levi, CISO, Dolby. In this episode: You can't manage what you don't know you have Vulnerability management doesn't have an endpoint This is about tradeoffs A unique approach Thanks to our podcast sponsor, Intezer Intezer's AI-driven solution automates alert triage and investigations, cutting through the noise to highlight serious threats. By integrating with your security tools, it escalates only 4% of alerts for fast remediation, helping SOC teams focus on what matters. Learn more at intezer.com today!

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Dan Walsh, CISO, Paxos. Joining us is Sharon Milz, CISO, Time. In this episode: A vicious cycle Not all training is created equal Don't forget the human factor We can still define success Thanks to our podcast sponsor, Intezer Intezer's AI-driven solution automates alert triage and investigations, cutting through the noise to highlight serious threats. By integrating with your security tools, it escalates only 4% of alerts for fast remediation, helping SOC teams focus on what matters. Learn more at intezer.com today!

All links and images for this episode can be found on CISO Series. Check out these posts for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Ross Haleliuk, author, Venture in Security. Be sure to check out Ross's podcast, Inside the Network, and his book Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup. In this episode: A market response to industry failure Is this a business or a feature? The economics of startups Practicality over novelty Thanks to our podcast sponsor, Nudge Security Manage SaaS security and governance at scale with Nudge Security. Discover all SaaS accounts ever created by anyone in your org on Day One, including genAI tools. Surface identity security risks and resolve them with automated playbooks. Start your free 14-day trial today.

All links and images for this episode can be found on CISO Series. Check out these posts for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is Allan Cockriel, group CISO, Shell. In this episode: Striking a balance  Will we see a talent exodus? Playing by the same rules This is an organizational responsibility Thanks to our podcast sponsor, SpyCloud Cybercrime doesn't take breaks. Protect your organization from ransomware, account takeover, and online fraud with SpyCloud. SpyCloud recaptures stolen identity data from breaches, infostealer malware, and phishing attacks that put your business at risk. Teams use SpyCloud's advanced analytics and powerful automation to stay ahead of attackers. Visit spycloud.com for your free risk report and start disrupting cybercrime today.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest Karthik Krishnan, founder and CEO, Concentric AI. In this episode: Meet the new risk, same as the old risk Understanding where your risks are coming from Identifying best practices Know what you're getting into Thanks to our podcast sponsor, Concentric AI Concentric AI's DSPM solution automates data security, protecting sensitive data in real-time. Our AI-driven solution identifies, classifies, and secures on-premises and cloud data to reduce risk across your enterprise. Seamlessly integrated with tools like Microsoft Copilot, Concentric AI empowers your team to innovate securely and maintain compliance all while eliminating manual data protection tasks. Ready to put RegEx and trainable classifiers in the rear view mirror? Contact Concentric AI today! 

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Damon Fleury, chief product officer, SpyCloud. In this episode: A holistic view Adding sophistication to identity Your employees can help Cracking the code Thanks to our podcast sponsor, SpyCloud Cybercrime doesn't take breaks. Protect your organization from ransomware, account takeover, and online fraud with SpyCloud. SpyCloud recaptures stolen identity data from breaches, infostealer malware, and phishing attacks that put your business at risk. Teams use SpyCloud's advanced analytics and powerful automation to stay ahead of attackers. Visit spycloud.com for your free risk report and start disrupting cybercrime today.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Joe Lewis, CISO, CDC. In this episode: Don't underestimate the quality of life benefits We're still learning What is the case for return-to-office? Moving past gimmicks Thanks to our podcast sponsor, SpyCloud Cybercrime doesn't take breaks. Protect your organization from ransomware, account takeover, and online fraud with SpyCloud. SpyCloud recaptures stolen identity data from breaches, infostealer malware, and phishing attacks that put your business at risk. Teams use SpyCloud's advanced analytics and powerful automation to stay ahead of attackers. Visit spycloud.com for your free risk report and start disrupting cybercrime today.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Shawn Bowen, VP and deputy CISO - Gaming, Microsoft. Joining us is Adam Fletcher, CSO, Blackstone. In this episode: Neglected tools drain resources Who's to blame? Technology is the last step Buying tools to solve business problems Thanks to our podcast sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Shawn Bowen, VP, Deputy CISO - Gaming, Microsoft. Joining us is Patty Ryan, senior director, CISO, QuidelOrtho. In this episode: Recognizing humanity Death by a thousand meetings What are we looking for? Find your value Thanks to our podcast sponsor, GitGuardian GitGuardian is a Code Security Platform that caters to the needs of the DevOps generation. It provides a wide range of code security solutions, including Secrets Detection, Infra as Code Security, and Honeytoken, all in one place. A leader in the market of secrets detection and remediation, its solutions are already used by hundreds of thousands of developers in all industries. Try now gitguardian.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Davi Ottenheimer, vp, trust and digital ethics, Inrupt. Sir Tim Berners-Lee co-founded Inrupt to provide enterprise-grade software and services for the Solid Protocol. You can find their open positions here. In this episode: LLMs lack integrity controls A valid criticism Doubts in self-policing AI New tech, familiar problems  Thanks to our podcast sponsor, Concentric AI Concentric AI's DSPM solution automates data security, protecting sensitive data in real-time. Our AI-driven solution identifies, classifies, and secures on-premises and cloud data to reduce risk across your enterprise. Seamlessly integrated with tools like Microsoft Copilot, Concentric AI empowers your team to innovate securely and maintain compliance all while eliminating manual data protection tasks. Ready to put RegEx and trainable classifiers in the rear view mirror? Contact Concentric AI today!

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Dennis Pickett, vp, CISO, Westat. In this episode: Not all education requires tests Understand your users Building reflexes An ounce of prevention Thanks to our podcast sponsor, Concentric AI Concentric AI's DSPM solution automates data security, protecting sensitive data in real-time. Our AI-driven solution identifies, classifies, and secures on-premises and cloud data to reduce risk across your enterprise. Seamlessly integrated with tools like Microsoft Copilot, Concentric AI empowers your team to innovate securely and maintain compliance all while eliminating manual data protection tasks.  Ready to put RegEx and trainable classifiers in the rear view mirror? Contact Concentric AI today!

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Russell Spitler, CEO and co-founder, Nudge Security. In this episode: Defining responsibilities Understanding the problem A different role for security Focus on the data Thanks to our podcast sponsor, Nudge Security Get a full inventory of all SaaS accounts ever created by anyone in your org, in minutes, along with automated workflows to scale SaaS security and governance. No agents, browser plug-ins or network changes required. Start today with a free 14-day trial.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our guest, Adam Arellano, vp, enterprise cybersecurity, PayPal. In this episode: Accounting for mindset The importance of ethics A matter of incentives Understanding what is teachable Thanks to our podcast sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Nick Muy, CISO, Scrut Automation. In this episode: Segment and test Focus on you Embrace the risk lifecycle Not all vendors are the same Thanks to our podcast sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Our best-in-class features like process automation, AI, and 75+ native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit www.scrut.io to learn more or schedule a demo.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Sherron Burgess, CISO, BCD Travel. In this episode: Disingenuous claims rub everyone the wrong way.  Don't put the CISO behind the 8-ball The sales hustle They didn't understand the assignment Thanks to our podcast sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Our best-in-class features like process automation, AI, and 75+ native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit www.scrut.io to learn more or schedule a demo.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and John Underwood, vp, information security, Big 5 Sporting Goods. Joining us is our guest, Mike Lockhart, CISO, EagleView. In this episode: Marketing versus strategy A distinction without a difference? Terminology follows function Security convergence  Thanks to our podcast sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Our best-in-class features like process automation, AI, and 75+ native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit www.scrut.io to learn more or schedule a demo.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is our sponsored guest Rob Allen, chief product officer, ThreatLocker. In this episode: Can you retrofit zero trust? The business case for deny by default Seizing an opportunity Zero trust doesn't stand alone Thanks to our podcast sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Bil Harmer, operating partner and CISO, Craft Ventures. In this episode: A time and a place for Field CISOs This isn't a new role Consulting the Field CISO Words mean things Thanks to our podcast sponsor, Cyera Cyera's AI-powered data security platform gives companies visibility over their sensitive data, context over the risk it represents, and actionable, prioritized remediation guidance.
 As a cloud-native, agentless platform, Cyera provides holistic data security coverage across SaaS, PaaS, IaaS and On-premise environments. Visit www.cyera.io to learn more.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Jim Bowie, CISO, Tampa General Hospital. In this episode: The goal is to connect to the business The hard truth about soft skills Balancing risk Looking beyond communication Thanks to our podcast sponsor, SeeMetrics SeeMetrics automates cybersecurity metrics programs, continuously measuring and helping prioritize risks based on context. SeeMetrics unifies siloed data from your security stack and offers hundreds of ready-to-use metrics. Once connected with SeeMetrics, security teams reduce risk, minimize exposure and optimize performance while eliminating tedious repetitive manual work. Ready to automate your security programs? start connecting your environment at seemetrics.co

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Christina Shannon, CIO, KIK Consumer Products. Joining us is Andrew Cannata, CISO, Primo Water. In this episode: The lure of an IPO is debatable Does an IPO make you a target or just more vulnerable? M&A changes your context Ambiguity creates risk Thanks to our podcast sponsor, Cyera Cyera's AI-powered data security platform gives companies visibility over their sensitive data, context over the risk it represents, and actionable, prioritized remediation guidance.
 As a cloud-native, agentless platform, Cyera provides holistic data security coverage across SaaS, PaaS, IaaS and On-premise environments. Visit www.cyera.io to learn more.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Shirley Salzman, CEO and co-founder, SeeMetrics. In this episode: Finding the purpose in metrics Using metrics to answer business questions Speaking to your audience Communication is a two-way street Thanks to our podcast sponsor, SeeMetrics SeeMetrics automates cybersecurity metrics programs, continuously measuring and helping prioritize risks based on context. SeeMetrics unifies siloed data from your security stack and offers hundreds of ready-to-use metrics. Once connected with SeeMetrics, security teams reduce risk, minimize exposure and optimize performance while eliminating tedious repetitive manual work. Ready to automate your security programs? start connecting your environment at seemetrics.co.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is our sponsored guest, Adam Bateman, CEO, Push Security. The SaaS attacks matrix community resource mentioned by Adam in the episode can be found here. Editorial note: Geoff Belknap is an advisor to Push Security. In this episode: Where are we going wrong Finding the missing pieces  Protecting an expanding border It starts with understanding risk Thanks to our podcast sponsor, Push Security Prevent, detect and respond to identity attacks using Push Security's browser agent. Enable Push's out-of-the-box controls or integrate Push with your SIEM, XDR and SOAR. Block phishing attacks, detect session hijacking and stop SSO passwords being exposed. Find out what else the Push browser agent can do at pushsecurity.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Lamont Orange, CISO, Cyera. In this episode: The data security check has come due Putting data security at the heart of defense in depth  Automation is key You need to know what you're protecting Thanks to our podcast sponsor, Cyera Cyera's AI-powered data security platform gives companies visibility over their sensitive data, context over the risk it represents, and actionable, prioritized remediation guidance.
 As a cloud-native, agentless platform, Cyera provides holistic data security coverage across SaaS, PaaS, IaaS and On-premise environments. Visit www.cyera.io to learn more.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Christina Shannon, CIO, KIK Consumer Products. Joining us is our guest, Tomer Gershoni, CSO, Zoominfo. In this episode: Moving beyond technology The art of a CISO CISOs always operate in context Elevating the CISO conversation Thanks to our podcast sponsor, SeeMetrics SeeMetrics automates cybersecurity metrics programs, continuously measuring and helping prioritize risks based on context. SeeMetrics unifies siloed data from your security stack and offers hundreds of ready-to-use metrics. Once connected with SeeMetrics, security teams reduce risk, minimize exposure and optimize performance while eliminating tedious repetitive manual work. Ready to automate your security programs? start connecting your environment at seemetrics.co

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Yaron Levi, CISO, Dolby. Joining us is our guest, Neil Watkins, svp technology and cybersecurity services, i3 Verticals. In this episode: Visibility doesn't matter without context Not all visibility is created equal Don't forget to bring people into the loop Remediation doesn't scale with more visibility Thanks to our podcast sponsor, GitGuardian GitGuardian is a Code Security Platform that caters to the needs of the DevOps generation. It provides a wide range of code security solutions, including Secrets Detection, Infra as Code Security, and Honeytoken, all in one place. A leader in the market of secrets detection and remediation, its solutions are already used by hundreds of thousands of developers in all industries. Try now gitguardian.com

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Sasha Pereira, vp of infrastructure and CISO, WASH. In this episode: Is working the help desk a great place to get entry level cyber security skills? So why is it so often overlooked or even looked down upon?  What kind of experience do you need? What is the ideal path to break into the cybersecurity industry? Thanks to our podcast sponsor, Push Security! Prevent, detect and respond to identity attacks using Push Security's browser agent. Enable Push's out-of-the-box controls or integrate Push with your SIEM, XDR and SOAR. Block phishing attacks, detect session hijacking and stop SSO passwords being exposed. Find out what else the Push browser agent can do at pushsecurity.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our guest, Russ Ayers, svp of cyber & deputy CISO, Equifax. In this episode: Are we  seeing AI and LLM rapidly push into what was science fiction into production? What happens as our ability to generate realistic sound, video, and images opens the obvious door for indistinguishable fakes from the real thing?  How do we keep up as security professionals? What are the security implications for this tech hitting the consumer market? Thanks to our podcast sponsor, Sonrai Security A one-click solution that removes excessive permissions and unused services, quarantines unused identities, and restricts specific regions within the cloud. Later, maintain this level of security by automatically enforcing policies as new accounts, roles, permissions, and services are added to your environment. Start a free trial today! sonrai.co/ciso

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Vivek Ramachandran, founder, SquareX. In this episode: Are secure web gateways still an effective tool in the enterprise? As the browser has changed a lot in the last decade, are Secure Web Gateways - SWGs still keeping up?  Why is this a problem? Does anyone have a better solution? Thanks to our podcast sponsor, SquareX SquareX helps organizations detect, mitigate and threat-hunt web attacks happening against their users in real-time, including but not limited to malicious sites, files, scripts, and networks. Find out more at sqrx.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest Richard Stiennon, chief research analyst, IT-Harvest. In this episode: In this episode: Why do so many vendors claim to offer zero-trust solutions? Is that framework even applicable to some product categories?  Do your eyes roll when you hear "zero trust solution"? What do most people think it is, and what's the reality? Thanks to our podcast sponsor, SquareX SquareX helps organizations detect, mitigate and threat-hunt web attacks happening against their users in real-time, including but not limited to malicious sites, files, scripts, and networks. Find out more at sqrx.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our sponsored guest, Sandy Bird, co-founder and CTO, Sonrai Security. In this episode: Why does scaling least privilege in the cloud remain challenging? Is throwing more people at the problem feasible?  How are you managing it? What aspects haven't been considered? Thanks to our podcast sponsor, Sonrai Security A one-click solution that removes excessive permissions and unused services, quarantines unused identities, and restricts specific regions within the cloud. Later, maintain this level of security by automatically enforcing policies as new accounts, roles, permissions, and services are added to your environment. Start a free trial today! sonrai.co/ciso

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Emily Heath, general partner, Cyberstarts. In this episode: How do CISOs feel about sales pitches? Do they have legitimate complaints? When do these legitimate complaints cross the line to sounding entitled? Do CISOs need to show a little more empathy to sales? Thanks to our podcast sponsor, SquareX SquareX helps organizations detect, mitigate and threat-hunt web attacks happening against their users in real-time, including but not limited to malicious sites, files, scripts, and networks. Find out more at sqrx.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our sponsored guest, Mackenzie Jackson, developer advocate, GitGuardian. In this episode: How to manage data leaks outside your perimeter? When data leaks increasingly come from third-parties, what can you do to protect your organization? How do we even begin to address this problem?  Is there a one size fits all fix? Thanks to our podcast sponsor, GitGuardian GitGuardian is a Code Security Platform that caters to the needs of the DevOps generation. It provides a wide range of code security solutions, including Secrets Detection, Infra as Code Security, and Honeytoken, all in one place. A leader in the market of secrets detection and remediation, its solutions are already used by hundreds of thousands of developers in all industries. Try now gitguardian.com

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Phil Davis, attorney, healthcare cybersecurity and privacy, Hall Render. In this episode: In today's current climate, is the role of the CISO still worth it? Does the position carry a lot of potential liability? Do the upsides still outweigh the risks? Do CISOs tend to have more responsibility than authority? Thanks to our podcast sponsor, Sonrai Security A one-click solution that removes excessive permissions and unused services, quarantines unused identities, and restricts specific regions within the cloud. Later, maintain this level of security by automatically enforcing policies as new accounts, roles, permissions, and services are added to your environment. Start a free trial today! sonrai.co/ciso

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Paul Connelly, former CISO, HCA HealthcareGot feedback? In this episode: How important is onboarding new cyber talent? Does it set the tone for their tenure with your organization? What should CISOs do to make sure onboarding is effective for both sides? What are the mistakes CISOs should avoid, and what are the best ways to excel?  Thanks to our podcast sponsor, OffSec OffSec helps companies like Cisco, Google, and Salesforce upskill cybersecurity talent through comprehensive training and resources. With programs ranging from red team and blue team training and more, your team will be ready to face real-world threats. Request a free trial for your team to explore OffSec's learning library and cyber range.

All links and images for this episode can be found on CISO Series. Check out this post Monte Pedersen of The CDA Group for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.  Joining us is our guest, Jerry Davis, division director for cyber defense at Truist Bank. In this episode: Why does advancing your career require more than just technical skills? Does it require you to build relationships within your organizations, particularly with your boss? How can you consciously build these relationships with an eye to leveling up your career? How do you develop soft skills? Thanks to our podcast sponsor, OffSec OffSec helps companies like Cisco, Google, and Salesforce upskill cybersecurity talent through comprehensive training and resources. With programs ranging from red team and blue team training and more, your team will be ready to face real-world threats. Request a free trial for your team to explore OffSec's learning library and cyber range.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our sponsored guest, Spencer Thompson, CEO, Prelude. In this episode: Why does it take so long to integrate new tools and get them up to speed? Are we always in a state where we are always lacking readiness? What should we be measuring? Do we focus too much on singular events? Thanks to our podcast sponsor, Prelude Prelude Detect is the world's only production-scale detection and response testing platform. Automatically transform your threat intelligence into validated detections and preventions in less than five minutes. Integrate with CrowdStrike, Microsoft Defender, SentinelOne, and more to enable machine speed detection and response engineering 🏎️ Learn more at preludesecurity.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Ron Gula, president and co-founder, Gula Tech Adventures. In this episode: Why is it so darn expensive to get any training on the defender side? Why is there a mountain of free education for red teaming? Shouldn't blue team training should be free or less expensive as well? Is this the firewall that's preventing us from having all those cyber experts we so desperately need? Thanks to our podcast sponsor, Query Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Ben Sapiro, head of global cyber security services, Manulife. In this episode: Why do we see a dearth of CISOs listed in executive leadership? Is this just a factor of company reporting structure? Or do CISOs really not have a seat at the table with the business? How do we convince the C-suite? Thanks to our podcast sponsor, Query Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Matt Eberhart, CEO, Query. In this episode: Isn't the whole point of a single pane of glass making sense of your data? But when these dashboards are limited to a single platform, how useful are they? Does it seem like all they've led to is more browser tabs or more monitors crowding your analysts? We know we want to take action based on our data, so how do we get there? Thanks to our podcast sponsor, Query Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is my guest, Mario Trujillo, staff attorney, Electronic Frontier Foundation. In this episode: Data is the life blood of an organization but what happens when you collect too much? Do you put risk on both your organization and for any individuals that data belongs too? Is it still wise to collect as much data as possible? How can CISOs embrace data minimization that doesn't clash with the needs of the business? Thanks to our podcast sponsor, Material Security Material Security is purpose-built to stop attacks and reduce risk across Microsoft 365 and Google Workspace with unified cloud email security, data loss prevention, and posture management. Learn more at material.security.

All links and images for this episode can be found on CISO Series. The Verizon DBIR found that about half of all breaches involved legitimate credentials. It's a huge attack surface that we're only starting to get a handle of. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Adam Koblentz, field CTO, Reveal Security. In this episode: Where are we in terms of monitoring anomalous behavior of our users? Why are we still struggling to understand what happens after threat actors are in our networks? How are new AI-based tools helping us to scale efforts? What's working and where do we need to improve? Thanks to our podcast sponsor, Reveal Security Reveal Security ITDR detects identity threats - post authentication - in and across SaaS applications and cloud services. Powered by unsupervised machine learning, it continuously monitors and validates the behavior of trusted human users, APIs and other entities, accurately detecting anomalies that signal an in-progress identity threat. Visit reveal.security

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Mike Levin, deputy CISO, 3M. In this episode: Why do security startups fail? All startups are an inherently risky proposition, but what are the specific challenges for startups in our industry? What's unique about cybersecurity startups? What's the most common reason you've seen a cyber startup not succeed? Thanks to our podcast sponsor, RevealSecurity! Reveal Security ITDR detects identity threats - post authentication - in and across SaaS applications and cloud services. Powered by unsupervised machine learning, it continuously monitors and validates the behavior of trusted human users, APIs and other entities, accurately detecting anomalies that signal an in-progress identity threat. Visit reveal.security

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Derek Fisher, Executive director of product security, JPMorgan. In this episode: A security program shouldn't stop at compliance, but that doesn't mean we should undervalue it, right? Why are we so quick to dismiss compliance as simple check boxes? Why is compliance important and why is it often getting a bad name these days? What are the elements that make a great solution? Thanks to our podcast sponsor, RevealSecurity! Reveal Security ITDR detects identity threats - post authentication - in and across SaaS applications and cloud services. Powered by unsupervised machine learning, it continuously monitors and validates the behavior of trusted human users, APIs and other entities, accurately detecting anomalies that signal an in-progress identity threat. Visit reveal.security

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Alexandra Landegger, Executive Director and CISO, Collins Aerospace. In this episode: Why do mergers and acquisitions always present challenges to an organization? When it comes to cybersecurity, how involved should a CISO be before AND after an acquisition? Can cybersecurity considerations make or break a deal? What skills did you find yourself flexing with your first M&A experience? Thanks to our podcast sponsor, Aphinia! Join Aphinia, a professional tribe of superheroes fighting cybercriminals. If you are a CISO, VP or a Director of cybersecurity, get instant free access to thousands of your peers, career advice, networking opportunities, consulting gigs and more. Join the good guys' team because the only way to succeed is together: https://aphinia.com/#signup_form

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Richard Ford, CTO, Praetorian. In this episode: When did we all agree that red teaming was about validating security? Does it seem like increasingly red teaming is a catch all term for a whole lot of testing that isn't clearly defined? Is this making it hard to see its value? Can moving red teaming upstream be more valuable to your organization? Thanks to our podcast sponsor, Praetorian Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our guest, Adam Glick, CISO, PSG. In this episode: Vendors need to reach out to CISOs, but what does a successful approach look like? Do vendors often spray and pray with outreach, rather than doing a bare minimum of research? What else can vendors do to try to create meaningful outreach to CISOs? How do you like security sales professionals to build a relationship with you? Thanks to our podcast sponsor, Praetorian Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Erik Decker, CISO, Intermountain Health. In this episode: Why are we all struggling trying to manage third-party risk? Why do the hated questionnaires seem like compliance checkbox efforts? Does anyone believe it reduces risk? What's the right approach and how do you strike the right balance? Thanks to our podcast sponsor, Praetorian Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our sponsored guest, Trevor Hilligoss, senior director of security research, SpyCloud. In this episode: What are the things that raise red flags that you're about to experience an attack? What signals set off your Spidey sense that things could go sideways? What are the early warning signs an attack is underway? Did you learn anything new? Thanks to our podcast sponsor, SpyCloud Get ahead of ransomware attacks by acting on a common precursor: infostealer malware. SpyCloud recaptures what's stolen from infostealer-infected systems, and alerts your team to take action before compromised authentication data can be used by criminals to target your business. Get our latest research and check your malware exposure at spycloud.com/ciso.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, David Christensen, VP, CISO, PlanSource. In this episode: How do you actually focus your patching efforts on the vulnerabilities that are seen as universally holding the most risk? With limited resources, is it possible to "patch all the things"? How do we focus patching efforts to fix the most vital issues quickly? What are the risks we're dealing with? Thanks to our podcast sponsor, SpyCloud Get ahead of ransomware attacks by acting on a common precursor: infostealer malware. SpyCloud recaptures what's stolen from infostealer-infected systems, and alerts your team to take action before compromised authentication data can be used by criminals to target your business. Get our latest research and check your malware exposure at spycloud.com/ciso.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our guest, Jerich Beason, CISO, WM. In this episode: Does generative AI come with a new set of risks? How can we address these risks to take advantage of its benefits? How do we approach a much desired technology we're not so sure how we should secure? How can we take what we've learned from past technological advances and apply it to mitigate risks with generative AI? Thanks to our podcast sponsor, SpyCloud Get ahead of ransomware attacks by acting on a common precursor: infostealer malware. SpyCloud recaptures what's stolen from infostealer-infected systems, and alerts your team to take action before compromised authentication data can be used by criminals to target your business. Get our latest research and check your malware exposure at spycloud.com/ciso.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our sponsored guest, Himaja Motheram, Censys. In this episode: How can one create a security program around unknown problems? Don't we know a lot of the things we lack visibility into that can cause security issues? But what about the things you don't even know about in the first place? Will that thing we don't even know to look at, ever cause a security issue? Thanks to our podcast sponsor, Censys Censys is the leading Internet Intelligence Platform for Threat Hunting and Exposure Management. We provide the most comprehensive, accurate, and up-to-date map of the internet, which scans 45x more services than the nearest competitor across the world's largest certificate database (>10B). Learn more at www.censys.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Russell Spitler, CEO and co-founder, Nudge Security. In this episode: Are businesses walking a tightrope with generative AI? How can organizations implement generative AI responsibly? What can we learn from previous transitions that can help us responsibly bring generative AI into the workplace milieu? What else are we missing? Thanks to our podcast sponsor, Nudge Security Nudge Security provides complete visibility of every SaaS and cloud account ever created by anyone in your org, in minutes. No agents, browser plug-ins or network proxies required. With this visibility, you can discover shadow IT, manage your SaaS attack surface, secure SaaS access, and respond effectively to SaaS breaches.

All links and images for this episode can be found on CISO Series. In increasingly complex technical defenses, threat actors frequently target the human element. This makes them a top attack vectors, but are they actually the weak leak in your defenses? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our guest, Christina Shannon, CIO, KIK Consumer Products. Thanks to our podcast sponsor, SPHERE SPHERE is the Identity Hygiene pioneer. It closes the loop on ownership, certification, and remediation challenges through an automated remediation process. By working with the IAM and PAM solutions organizations have in place, SPHEREboard automates discovery and remediation on an ongoing basis. Learn more at sphereco.com! In this episode: Threat actors frequently target the human element, but are they actually the weak leak in your defenses? Have we been treating humans wrong in our environment? Is the blame on security professionals for failing to design security systems to set humans up for success? Is it disingenuous to presume that cybersecurity would be perfect if not for users?

All links and images for this episode can be found on CISO Series. We often talk about the contradiction of seemingly entry-level security jobs requiring years of experience. But maybe that's because entry-level jobs don't actually exist. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us this week is our guest Jay Wilson, CISO, Insurity. Thanks to our podcast sponsor, SlashNext SlashNext Complete delivers zero-hour protection for how people work today across email, mobile, and browser apps.  With SlashNext's generative AI to defend against advanced business email compromise, smishing, spear phishing, executive impersonation, and financial fraud, your people are always protected anywhere they work.  Request a demo today. In this episode: What's "entry level" in cybersecurity and does it even exist? What causes the contradiction of seemingly entry-level security jobs requiring years of experience? Why does it seem like there are still no entry level jobs? How do job candidates get creative with their experience to get a foot in the door?

All links and images for this episode can be found on CISO Series. The Securities and Exchange Commission issued new cyber rules. What do these new rules mean for CISOs and will they ultimately improve our cybersecurity posture? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our guest, Jamil Farshchi, CISO, Equifax. Thanks to our podcast sponsor, Nudge Security Nudge Security provides complete visibility of every SaaS and cloud account ever created by anyone in your org, in minutes. No agents, browser plug-ins or network proxies required. With this visibility, you can discover shadow IT, manage your SaaS attack surface, secure SaaS access, and respond effectively to SaaS breaches. In this episode: The Securities and Exchange Commission issued new cyber rules. What do these new rules mean for CISOs and will they ultimately improve our cybersecurity posture? Are these rules something to celebrate, or are they just going to make a CISOs compliance efforts even more difficult? For those companies who actually follow the guidance, will this step up their cyber game considerably?

All links and images for this episode can be found on CISO Series. Are trade shows like RSA getting so big that there's not enough economic value for a CISO to attend? Or do these events have enough industry gravity to justify the spend? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest Lee Parrish, CISO, Newell Brands. Thanks to our podcast sponsor, Censys In this episode: Everyone sees value in security professionals coming together, but what specific value does a huge expo like RSA deliver? Are trade shows like RSA getting so big that there's not enough economic value for a CISO to attend? Or do these events have enough industry gravity to justify the spend? Will FOMO continue to force vendors to sponsor big shows like RSA?

All links and images for this episode can be found on CISO Series. Work from home flourished during the pandemic. Many workers love it and don't want to go back. Some organizations are pushing for a return to the office. Is in-office work necessary to improve productivity and cybersecurity posture? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us for the episode is our guest, Shawn Bowen, CISO, World Kinect Corporation. Thanks to our podcast sponsor, Nudge Security Nudge Security provides complete visibility of every SaaS and cloud account ever created by anyone in your org, in minutes. No agents, browser plug-ins or network proxies required. With this visibility, you can discover shadow IT, manage your SaaS attack surface, secure SaaS access, and respond effectively to SaaS breaches. In this episode: Is in-office work necessary to improve productivity and cybersecurity posture? Is this push for return to office just an effort for managers to return to the "good 'ole days" with no other rationale? So technology can be great from anywhere, but people cannot? Does successful work from home require a mature approach to leadership?

All links and images for this episode can be found on CISO Series. Large language models and generative AI are today's disruptive technology. This is not the first time companies just want to ban a new technology that everyone loves. Yet, we're doing it all over again. Whether its ChatGPT or BYOD, people are going to use desirable new tech. So if our job isn't to stop it, how do we secure it? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest, Carla Sweeney, SVP, InfoSec, Red Ventures. Thanks to our podcast sponsor, Censys Censys is the leading Internet Intelligence Platform for Threat Hunting and Exposure Management. We provide the most comprehensive, accurate, and up-to-date map of the internet, which scans 45x more services than the nearest competitor across the world's largest certificate database (>10B). Learn more at www.censys.com. In this episode: Whether its ChatGPT or BYOD, people are going to use desirable new tech. So if our job isn't to stop it, how do we secure it? Are tools like ChatGPT so different from what we've seen before that we can't apply lessons already learned? What risks are we solving for with it and where do we go from there? Is this just a security issue?

All links and images for this episode can be found on CISO Series. What do the people least in the know about cyber, want to know? What are they asking? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest, Caitlin Sarian, AKA cybersecuritygirl on TikTok. Thanks to our podcast sponsor, DataBee from Comcast Technology Solutions DataBee™, from Comcast Technology Solutions, is a cloud-native security, risk and compliance data fabric platform that transforms your security data chaos into connected outcomes. Built by security professionals for security professionals, DataBee enables users to examine the past, react to the present, and protect the future of the business. In this episode: What do the people least in the know about cyber, want to know? What are they asking? How important is it to understand what concerns the average person? Are these reasonable concerns or do you think they're directed by media pressure? How do regular, everyday people know what is safe and best practices without a clear path or studying cybersecurity in depth?

All links and images for this episode can be found on CISO Series. A security data lake, a data repository of everything you need to analyze and get analyzed sounds wonderful. But priming that lake, and stocking it with the data you want to get the insights you need is a more difficult task than it seems. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our sponsored guest, Matt Tharp, Head of Field Engineering, Comcast DataBee. Thanks to our podcast sponsor, Comcast Technology Solutions In this episode: What exactly is a data lake? How are people thinking about and handling the risks? If you want security data lakes to be successful, what customer problem are you trying to solve? How can you make it both dead simple to use AND highly effective?

All links and images for this episode can be found on CISO Series. A threat intelligence program sounds like a sound effort in any security program. But, can you pull it off? There are so many phases to execute properly. Blow it with any one of them and your threat intelligence effort is moot. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us today is our special guest Jon Oltsik, distinguished analyst and fellow, Enterprise Strategy Group. Thanks to our podcast sponsor, Comcast DataBee™, from Comcast Technology Solutions, is a cloud-native security, risk and compliance data fabric platform that transforms your security data chaos into connected outcomes.  Built by security professionals for security professionals, DataBee enables users to examine the past, react to the present, and protect the future of the business.  In this episode: A threat intelligence program sounds like a sound effort in any security program. But, can you pull it off? Which phase of a threat intelligence program gives you the most trouble, and why? What has been your personal experience, and does it change organization to organization? How do you measure the success of the program to prove the value of the work being done?

All links and images for this episode can be found on CISO Series. When you have an incident and you're engulfed by the stress that lasts more than a day, how do you manage and deal with it? And not only how do you manage your stress, but how do you manage everyone else's? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest, Tim Brown, CISO, Solarwinds. Thanks to our podcast sponsor, Push Security Do you have visibility of all the SaaS apps your employees are storing corporate data on? Are employees protecting all their accounts against identity-based attacks? Discover all the SaaS your employees use - including shadow apps and identities - and secure your data. Find out more at pushsecurity.com. In this episode: When you have an incident and you're engulfed by the stress that lasts more than a day, how do you manage and deal with it? And not only how do you manage your stress, but how do you manage everyone else's? During a major incident, which stress is more difficult to manage? Your own, or those around you? How is this everyone's concern?

All links and images for this episode can be found on CISO Series. We all know that our employees need to be more security aware, but what are the methods to get them there? How can we make our employees more security conscious? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest Jack Chapman, vp, threat intelligence, Egress. Thanks to our podcast sponsor, Egress Egress helps organization stop email security risks is by addressing both inbound and outbound threats together,. We recognize that people get hacked, make mistakes, and break the rules. Egress's Intelligent Cloud Email Security suite uses patented self-learning technology to detect sophisticated inbound and outbound threats, and protect against data loss. Learn more at egress.com. In this episode: We all know that our employees need to be more security aware, but what are the methods to get them there? How can we make our employees more security conscious? What does it take to get security to "stick" with your coworkers? Why does security remain so darn difficult?

All links and images for this episode can be found on CISO Series. Users have tried to upload sensitive company information and PII, personally identifiable information, into ChatGPT. Those who are successful getting the data in, have now made that data free to all. Will people's misuse of these generative AI programs be our greatest downfall to security and privacy? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest Suha Can, CISO, Grammarly. Thanks to our podcast sponsor, Opal Opal is building the next generation of intelligent identity. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower teams to understand and calibrate access end to end, and to build identity security for scale. Learn more by at www.opal.dev. In this episode: Will people's misuse of these generative AI programs be our greatest downfall to security and privacy? Is AI the problem? Or is poor human judgement the problem? Is it better to get started with any guardrails until setting up a full policy? What are we going to do now?

All links and images for this episode can be found on CISO Series. The demand for cybertalent is sky high. It's very competitive to get those people with skills. What if you were to train your staff and give them the skills you want? Essentially, what if you were to grow your own unicorn? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest, Jesse Whaley, CISO, Amtrak. Thanks to our podcast sponsor, Opal Opal is building the next generation of intelligent identity. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower teams to understand and calibrate access end to end, and to build identity security for scale. Learn more by at www.opal.dev. In this episode: What if you were to train your staff and give them the skills you want? What if you were to grow your own unicorn? What's the best way to grow your staff? How do you figure out the right mix of talent and prioritize the hiring, training, on the job, and other experiences?

All links and images for this episode can be found on CISO Series. What are we doing to improve access management? Make it too loose and it's the number one way organizations get breached. Put on too many controls and now you've got irritated users just trying to do their job. How does each organization find their sweet spot? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest Paul Guthrie (@pguthrie), information security officer, Blend. Thanks to our podcast sponsor, Opal Opal is building the next generation of intelligent identity. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower teams to understand and calibrate access end to end, and to build identity security for scale. Learn more by at www.opal.dev In this episode: What is the one most significant action you've taken to improve access management? What are we doing to improve access management? What is the correct balance between too many controls and not enough? How does each organization find their sweet spot?

All links and images for this episode can be found on CISO Series. With the growth of business-led IT, does SaaS security need to be a specific focus in a CISO's architectural strategy? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Steve Zalewski who also hosts Defense in Depth. Thanks to our podcast sponsor, AppOmni Do you know which 3rd party apps are connected to your SaaS platforms? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. Get visibility to all 3rd party apps — and their level of data access — with AppOmni. Visit AppOmni.com to request a free risk assessment. In this episode: With the growth of business-led IT, does SaaS security need to be a specific focus in a CISO's architectural strategy? Is the problem the architecture of the applications themselves or the fact that a non-security group is bringing these applications online? Is it both? Is this problem solvable? What technical controls can you put in place to mitigate risk from apps you deem risky?

All links and images for this episode can be found on CISO Series. When it comes to data, compliance, and reducing risk, where are we gaining control? Where are we losing control? And what are we doing about that? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. We welcome our sponsored guest Amer Deeba, CEO and Co-founder, Normalyze. Thanks to our podcast sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches. Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium. In this episode: When it comes to data, compliance, and reducing risk, where are we gaining control? Where are we losing control? And what are we doing about that? Is "losing control" inevitable? Is SaaS really extremely difficult to work with at scale?

All links and images for this episode can be found on CISO Series. If you're struggling to get your first job in security or you're trying to get back into the industry after being laid off, you need to lean on your security community. But like networking, you should find it before you need it. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Thanks to our podcast sponsor, Egress Egress helps organization stop email security risks is by addressing both inbound and outbound threats together,. We recognize that people get hacked, make mistakes, and break the rules. Egress's Intelligent Cloud Email Security suite uses patented self-learning technology to detect sophisticated inbound and outbound threats, and protect against data loss. Learn more at egress.com. In this episode: Are you struggling to get your first job in security or trying to get back into the industry after being laid off? What is the importance of building your security community network ? What should you look for in a community? What should you expect to put into it, and what should you expect to get back?

All links and images for this episode can be found on CISO Series. What should a cyber job description require, and what shouldn't it? What's reasonable and not reasonable? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Rob Duhart (@robduhart), deputy CISO, Walmart. Thanks to our podcast sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches. Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium. In this episode: What should a cyber job description require, and what shouldn't it? What's reasonable and not reasonable? Do these completely unrealistic job descriptions hurt the entire industry? What is it we need to put in a cyber job description, and what do we need to leave out? Who's losing out here?

All links and images for this episode can be found on CISO Series. Since so much technology today is not launched by the IT department, but by business units themselves. How do security professionals engage with business and application owners and have a conversation about security policy and procedures? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest Harold Byun (@haroldnhoward), chief product officer, AppOmni. Thanks to our podcast sponsor, AppOmni Do you know which 3rd party apps are connected to your SaaS platforms? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. Get visibility to all 3rd party apps — and their level of data access — with AppOmni. Visit AppOmni.com to request a free risk assessment. In this episode: What's your experience talking about security policy and procedures with business and application owners? How do security professionals engage with business and application owners? How do they have a conversation about security policy and procedures? Is there anything you learned that you didn't realize before?

All links and images for this episode can be found on CISO Series. There are millions of cybersecurity jobs open. Over time, that number has just been growing. What we're doing now does not seem to be working. So what's it going to take to fill all these jobs quickly? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Rich Gautier, former CISO for the U.S. Department of Justice, Criminal Division. Thanks to our podcast sponsor, Brinqa Understand your cyber assets, prioritize vulnerabilities, automate remediation, and continuously monitor cyber hygiene across the entire attack surface — infrastructure, applications and cloud — with Brinqa. See how at brinqa.com. In this episode: There are millions of cybersecurity jobs open. What's it going to take to fill all these jobs quickly? Are job description requirements partially to blame for holding back the industry from tapping into greater diversity of expertise? Is it better off if you hire, train, culturally integrate, and reward that person? Does burn out and a steep learning curve keep adding to the problem?

All links and images for this episode can be found on CISO Series. How do you create a positive security culture? It's rarely the first concept anyone wants to embrace, yet it's important everyone understands their responsibility. So what do you do, and how do you overcome inevitable roadblocks? Check out this post and this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest, Jadee Hanson, CISO/CIO for Code42. Thanks to our podcast sponsor, Code42 Code42 is focused on delivering solutions built with the modern-day collaborative culture in mind. Code42 Incydr tracks activity across computers, USB, email, file link sharing, Airdrop, the cloud and more, our SaaS-based solution surfaces and prioritizes file exposure and data exfiltration events. Learn more at Code42.com. In this episode: How do you create a positive security culture? Where do we run into struggles when trying to create a positive security culture? Given its importance, why is it rarely the first concept anyone wants to embrace? What do you do, and how do you overcome inevitable roadblocks?

All links and images for this episode can be found on CISO Series. All experienced security professionals were at one time very green. Entry level status means risk to your organization. That's if you give them too much access. What can you trust an entry level security professional to do that won't impose unnecessary risk? And how can those green professionals build trust to allow them to do more? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Kemas Ohale, vp, global information security, Lippert. Thanks to our podcast sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches. Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium. In this episode: What can you trust an entry level security professional to do that won't impose unnecessary risk? How can those green professionals build trust to allow them to do more? What can they do with zero experience? How can they graduate upwards?

All links and images for this episode can be found on CISO Series. What do we need to do to fix our processes to truly reduce risk and vulnerabilities? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Amad Fida (@brinqa), CEO, Brinqa. Thanks to our podcast sponsor, Brinqa Understand your cyber assets, prioritize vulnerabilities, automate remediation, and continuously monitor cyber hygiene across the entire attack surface — infrastructure, applications and cloud — with Brinqa. See how at brinqa.com. In this episode: What do we need to do to fix our processes to truly reduce risk and vulnerabilities? How to work with all departments to improve process, communication, and motivation? Why does security need to be treated as a function of the enterprise risk program? What are the elements that make a great solution?

All links and images for this episode can be found on CISO Series. Security professionals talk a lot about the reputational damage from breaches. And it seems logical, but major companies still do get breached and their reputation seems spared. What's the reality of what breaches can do to a company's reputation? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Cecil Pineda, CISO, R1. Thanks to our podcast sponsor, Brinqa Understand your cyber assets, prioritize vulnerabilities, automate remediation, and continuously monitor cyber hygiene across the entire attack surface — infrastructure, applications and cloud — with Brinqa. See how at brinqa.com. In this episode: Security professionals talk a lot about the reputational damage from breaches, so why do companies still get breached? What's the reality of what breaches can do to a company's reputation? Does a breach really result in lasting reputation damage? Are we more accepting of breaches now?

All links and images for this episode can be found on CISO Series. Do RFPs or request for proposals work as intended? It seems they're loaded with flaws yet for some organizations who must follow processes, they become necessary evils for both buyers and sellers. What can we do to improve the process? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Keith McCartney (@kmflgator), vp, security and IT, DNAnexus. Thanks to our podcast sponsor, TrustCloud TrustCloud is the all-in-one platform to accelerate sales and security reviews, automate compliance efforts, and map contractual liability across your business. Connect with us to learn how you can transform security from a cost center into a profit driver with TrustCloud's programmatic risk and compliance verification tools. In this episode:  Do RFPs or request for proposals work as intended? Does it seem they're loaded with flaws? Have they become necessary evils for both buyers and sellers? What can we do to improve the process?

All links and images for this episode can be found on CISO Series. What are the moves we should be making in cloud to improve our security? What constitutes a good cloud security posture? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Andy Ellis, operating partner, YL Ventures. We welcome our sponsored guest Yoav Alon, CTO, Orca Security. Thanks to our podcast sponsor, Orca Security Orca Security is the pioneer of agentless cloud security that is trusted by hundreds of enterprises globally. With continuous first-to-market innovations and expertise, the Orca Platform ensures security teams quickly identify and remediate risks to keep their businesses secure. Connect your first account in minutes by visiting www.orca.security. In this episode: What does successful cloud security look like? What are the moves we should be making in the cloud to improve our security? What constitutes a good cloud security posture? What should we be measuring when it comes to cloud security?

All links and images for this episode can be found on CISO Series. One CISO has had enough of the security vendor marketing emails and cold sales calls. He's blocking them all. But it's not a call to avoid all salespeople. He just doesn't have the time to be a target anymore. So how should vendors engage with such a CISO? And does CISO represent most CISOs today? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest Joy Forsythe, VP, Security, Thrive Global. Thanks to our podcast sponsor, Code42 Code42 is focused on delivering solutions built with the modern-day collaborative culture in mind. Code42 Incydr tracks activity across computers, USB, email, file link sharing, Airdrop, the cloud and more, our SaaS-based solution surfaces and prioritizes file exposure and data exfiltration events. Learn more at Code42.com. In this episode: How should vendors engage with CISOs who are tired of being targeted? How can vendors reach CISOs who have had enough of the security vendor marketing emails and cold sales calls? Does CISO represent most CISOs today? Is the sales "system" essentially broken?

All links and images for this episode can be found on CISO Series. Do we really need more categories of security products? Every new Gartner magic quadrant complicates the marketplace but at the same time helps us understand the other vectors we need to protect. Do new categories of security products help or hurt the industry? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Corey Elinburg (@celinburg), CISO, CommonSpirit Health. Thanks to our podcast sponsor, Egress In this episode: Do we really need more categories of security products? Does it seem like every new Gartner magic quadrant complicates the marketplace but at the same time helps us understand the other vectors we need to protect? Do new categories of security products help or hurt the industry? Does this make it hard to keep up to date on all new products?

All links and images for this episode can be found on CISO Series. How can security leaders and how do they go about matching business case to every security action you want to take? Is this the right way to sell security to the board? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Sravish Sridhar (@sravish), founder and CEO, TrustCloud. Thanks to our podcast sponsor, TrustCloud TrustCloud is the all-in-one platform to accelerate sales and security reviews, automate compliance efforts, and map contractual liability across your business. Connect with us to learn how you can transform security from a cost center into a profit driver with TrustCloud's programmatic risk and compliance verification tools. In this episode: How can security leaders best make a case for security? How do you go about matching business cases to every security action you want to take? Is this the right way to sell security to the board? How do you show that security can be aligned to business objectives?

All links and images for this episode can be found on CISO Series. Security tools are supposed to do a job. Either they need to alert you, protect you, or remediate an issue. But they don't always work and that's why we have breaches. Who's at fault, the tool or the administrators who configured the tool? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Kenneth Foster (@Kennethrfoster1), vp of IT governance, risk and compliance at FLEETCOR. Thanks to our podcast sponsor, AppOmni Do you know which 3rd party apps are connected to your SaaS platforms? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. Get visibility to all 3rd party apps — and their level of data access — with AppOmni. Visit AppOmni.com to request a free risk assessment. In this episode: Why do security tools fail? Who's at fault, the tool or the administrators who configured the tool? Is it usually because the control is ineffective or was the control misconfigured / ignored? Do InfoSec produts have an efficacy issue or an implementation issue?

All links and images for this episode can be found on CISO Series. We talk a lot on this show about what makes cybersecurity such a hard job, yet there are so many people who are in it and love it. What draws people to this profession and why do they love it so much? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest David Cross (@MrDBCross), CISO, Oracle SaaS Cloud. Thanks to our podcast sponsor, Orca Security Orca Security is the pioneer of agentless cloud security that is trusted by hundreds of enterprises globally. With continuous first-to-market innovations and expertise, the Orca Platform ensures security teams quickly identify and remediate risks to keep their businesses secure. Connect your first account in minutes by visiting www.orca.security. In this episode:  We talk a lot on this show about what makes cybersecurity such a hard job, yet there are so many people who are in it and love it. What draws people to this profession and why do they love it so much? Do you love the ability to influence the organization and leadership? Do you love making an impact by helping people and businesses with safer behaviors and activities?

All links and images for this episode can be found on CISO Series. We expect our users to be perfect security responders even when the adversaries are doing everything in their power to trick them. These scams are designed to make humans respond to them. Why aren't we building our security programs to account for this exact behavior that is simply not going to go away? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Ken Athanasiou, CISO, VF Corporation. Thanks to our podcast sponsor, Code42 In this episode:  Why do we expect our users to be perfect security responders even when the adversaries are doing everything in their power to trick them? Aren't these scams designed to make humans respond to them? Why aren't we building our security programs to account for this exact behavior that is simply not going to go away? Why do so many security practitioners treat our users as children to be managed instead of adults to be educated and assigned a level of accountability?

All links and images for this episode can be found on CISO Series. How do you make the argument that your company needs a CISO, and that YOU should be that leader? What do you need to demonstrate to prove you can be that person? Check out this post and this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest Radley Meyers (@radleymeyers), Partner, SPMB Executive Search. Thanks to our podcast sponsor, SPMB SPMB connects top executive talent to the world's best and fastest growing innovators across the country. A key area we bring extensive knowledge and expertise to is our dedicated Security Practice, leading both functional searches (CISO and VP's defining security strategy) and building out executive teams at top security software companies. In this episode:  How do you make the argument that your company needs a CISO, and that YOU should be that leader? What do you need to demonstrate to prove you can be that person? Do you have a sound understanding of the WHY behind the organization's existence and how value is added or taken away? How do you lay out a plan to win in whatever industry you are in because of security NOT despite it?

All links and images for this episode can be found on CISO Series. How do you become a CISO? It doesn't follow a linear pattern as many other professions. There are many different paths and there are many different entry points. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Yabing Wang, CISO, Justworks. Thanks to our podcast sponsor, SPMB SPMB connects top executive talent to the world's best and fastest growing innovators across the country. A key area we bring extensive knowledge and expertise to is our dedicated Security Practice, leading both functional searches (CISO and VP's defining security strategy) and building out executive teams at top security software companies. In this episode: How do you become a CISO? Why doesn't it follow a linear pattern as many other professions? Why are there so many different paths and entry points? Why is it valuable to know how others did it and how you can glean that knowledge and apply it to your situation?

All links and images for this episode can be found on CISO Series. What would it take to build your entire security program on open source software, tools, and intelligence? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome guest DJ Schleen (@djschleen), distinguished security architect, Yahoo Paranoids. Thanks to our podcast sponsor, SPMB SPMB connects top executive talent to the world's best and fastest growing innovators across the country. A key area we bring extensive knowledge and expertise to is our dedicated Security Practice, leading both functional searches (CISO and VP's defining security strategy) and building out executive teams at top security software companies. In this episode: What would it take to build your entire security program on open source software, tools, and intelligence? Is it possible/feasible/practical to run a security program entirely based upon free and open source software, open source tools, and open source intelligence? Is it true that the more open source you use the more people you need? Do commercial software systems, tools, and intelligence have value above what can be found in open source?

All links and images for this episode can be found on CISO Series. Businesses grow based on trust, but they have to operate in a world of risk. Even cybersecurity operates this way, but when it comes to third party analysis, what if we leaned on trust more than trying to calculate risk? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and our guest co-host is Yaron Levi (@0xL3v1), CISO, Dolby. Yaron and I welcome Dan Walsh, CISO, VillageMD. Thanks to our podcast sponsor, TrustCloud TrustCloud is the all-in-one platform to accelerate sales and security reviews, automate compliance efforts, and map contractual liability across your business. Connect with us to learn how you can transform security from a cost center into a profit driver with TrustCloud's programmatic risk and compliance verification tools. In this episode:  When it comes to third party analysis, what if we leaned on trust more than trying to calculate risk? Should we have a "glass half empty" or a "glass half full" attitude towards third party risk? Wouldn't it be better to measure the level of how much we can TRUST the 3rd party? Is it vitally important to assess how resilient the organization is to failure caused by each third party?

All links and images for this episode can be found on CISO Series The cybersecurity sales process is so terribly inefficient. And everyone, the targets and cybersecurity leaders, are losing valuable time because of that inefficiency. Where can we start making improvements? Check out this post for the discussion that's the basis for this podcast episode. This week's Defense in Depth is hosted by me, David Spark (@dspark), producer, CISO Series. Our guest co-host is John Overbaugh, CISO, ASG. John and I welcome our guest, Jerich Beason (@blanketsec), commercial CISO, Capital One. Thanks to our podcast sponsor, Compyl GRC solutions often cause process roadblocks within organizations. They are either antiquated and lack the functionality needed or so stripped down they can't fix the problems you set to solve. That's why the team over at Compyl created the all-in-one security and compliance automation platform. Compyl quickly integrates with the tools you use, and automates 85% of the day-to-day tasks, all while providing complete transparency and comprehensive reporting along the way. Start your free trial with Compyl today and see all the efficiency gains you can expect from a leading solution. Learn about Compyl today at www.compyl.com/getstarted. In this episode:  Why is the cybersecurity sales process so terribly inefficient? Where can we start making improvements? What could be done to improve the efficiency? What is the solution to removing wasted effort and time?

All links and images for this episode can be found on CISO Series. When you think about building a plan (and budget!) for your security program, do you lead with risk, maturity, or something else? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Ngozi Eze, CISO, Levi Strauss. Thanks to our podcast sponsor, runZero runZero is the cyber asset management solution that helps you find and identify every managed and unmanaged asset connected to your network and in the cloud. Get the data and context needed to effectively manage and secure your environment. Try runZero for free at runzero.com. In this episode: When you think about building a plan (and budget!) for your security program, do you lead with risk, maturity, or something else? What's the overall theme you lead with when you're building a security program? Why is it an important question to answer before you build your program? How greatly can it vary?

All links and images for this episode can be found on CISO Series Why do strongly supported security frameworks have such severe limitations when building a security program? Check out this post for the discussions that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest Stas Bojoukha, CEO, Compyl. Thanks to our podcast sponsor, Compyl GRC solutions often cause process roadblocks within organizations. They are either antiquated and lack the functionality needed or so stripped down they can't fix the problems you set to solve. That's why the team over at Compyl created the all-in-one security and compliance automation platform. Compyl quickly integrates with the tools you use, and automates 85% of the day-to-day tasks, all while providing complete transparency and comprehensive reporting along the way. Start your free trial with Compyl today and see all the efficiency gains you can expect from a leading solution. Learn about Compyl today at www.compyl.com/getstarted. In this episode: Why do strongly supported security frameworks have such severe limitations when building a security program? Is it because the product security landscape updates with such speed and ferocity that these frameworks can't keep up? Are most regulatory and third-party compliance "programs" simply non-prescriptive? Is the intention to achieve compliance with every single control?

All links and images for this episode can be found on CISO Series. Why is there a cybersecurity skills gap? Practically everyone is looking to hire, and there are ton of people getting training and trying to get into the industry, but we still have this problem. Why? Check out this post for the discussions that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome Edwin Covert (@ebcovert3), head of cyber risk engineering, Bowhead Specialty. Thanks to our podcast sponsor, Orca Security In this episode: Why is there a cybersecurity skills gap? Practically everyone is looking to hire, and there are tons of people getting training and trying to get into the industry, but we still have this problem. Why? Is there a problem with the system of hiring junior people, training, and preventing burnout? Is the problem gatekeepers who don't do anything to mentor or groom the next wave?

All links and images for this episode can be found on CISO Series. Given that your company's security is dependent on the security of your partners and others, what can we do to get more organizations above the security poverty line? Check out this post for the discussions that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest, Jason Kikta (@kikta), CISO, Automox. Thanks to our podcast sponsor, Automox Are you ready to ditch manual patching? With Automox, you can automatically patch your third-party applications, Windows, macOs, and Linux devices with one easy-to-use, cloud-native platform. Try for yourself with our free 15-day trial and have all your endpoints safe and secure in just 15 minutes. In this episode: Given that your company's security is dependent on the security of your partners and others, what can we do to get more organizations above the security poverty line? How can we give them guidance towards working on priorities in cybersecurity? How are the Vendors handling this? Can we create an "Adopt a Highway" program for cybersecurity?

All links and images for this episode can be found on CISO Series. "When the asset discovery market launched, every single company that offered a solution used the line, "You can't protect what you don't know." Everyone agreed with that. Problem is, "what you don't know" has grown… a lot." Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Huxley Barbee (@huxley_barbee), security evangelist, runZero. Thanks to our podcast sponsor, runZero runZero is the cyber asset management solution that helps you find and identify every managed and unmanaged asset connected to your network and in the cloud. Get the data and context needed to effectively manage and secure your environment. Try runZero for free at runzero.com. In this episode: Everyone agrees that, "You can't protect what you don't know", but what do you do when, "what you don't know" has grown…a lot? With all our efforts to know our assets, are we doing any better understanding? How do we decide what we should really be measuring? How do we determine what's most important in terms of asset management?

All links and images for this episode can be found on CISO Series A good high profile security threat seems like a good time to alert potential customers about how your product could help or even prevent a breach. Seems like a solid sales tactic for any industry that is not cybersecurity. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Angela Williams, CISO, UL. Thanks to our podcast sponsor, Automox Are you ready to ditch manual patching? With Automox, you can automatically patch your third-party applications, Windows, macOs, and Linux devices with one easy-to-use, cloud-native platform. Try for yourself with our free 15-day trial and have all your endpoints safe and secure in just 15 minutes. In this episode: Is tying your product to a high profile event a good sales tactic for vendors? How can vendors best help cybersecurity professionals during emergency situations? Is there a correct way for vendors to capitalize on a high profile event?

All links and images for this episode can be found on CISO Series Why do CISOs seem more stressed out than other C-level executives? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Jared Mendenhall, Head of information security, Impossible Foods. Thanks to our podcast sponsor, Compyl GRC solutions often cause process roadblocks within organizations. They are either antiquated and lack the functionality needed or so stripped down they can't fix the problems you set to solve. That's why the team over at Compyl created the all-in-one security and compliance automation platform. Compyl quickly integrates with the tools you use, and automates 85% of the day-to-day tasks, all while providing complete transparency and comprehensive reporting along the way. Start your free trial with Compyl today and see all the efficiency gains you can expect from a leading solution. Learn about Compyl today at www.compyl.com/getstarted. In this episode: Do CISOs undergo more stress than other C-Suite jobs? Why do CISOs seem more stressed out than other C-level executives? Is it because the role is not fully formed and that CISOs don't get enough resources? Do the blurred lines of the CISO job increase the stress? Even more so that the CEO?

All links and images for this episode can be found on CISO Series How detailed do we get in our conversation with business leaders? Do we dumb it down? Or is that a recipe for trouble? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Lee Parrish (@leeparrish), CISO, Newell Brands. Thanks to our podcast sponsor, Qualys Qualys is a pioneer and leading provider of cloud-based security and compliance solutions. In this episode: How detailed do we get in our conversation with business leaders? Do we dumb it down? Or is that a recipe for trouble? To what level does the C-Suite need to be cyber savvy? How essential is it for senior leaders to know more?

All links and images for this episode can be found on CISO Series Why are there so many vCISOs who have never been a CISO? Isn't it difficult to advise on a role you've never done? Do organizations feel comfortable hiring an inexperienced vCISO as their CISO? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Steve Tran, CSO, DNC. Thanks to our podcast sponsor, runZero runZero is the cyber asset management solution that helps you find and identify every managed and unmanaged asset connected to your network and in the cloud. Get the data and context needed to effectively manage and secure your environment. Try runZero for free at runzero.com. In this episode: Why are there so many vCISOs who have never been a CISO? Isn't it difficult to advise on a role you've never done? Do organizations feel comfortable hiring an inexperienced vCISO as their CISO? If the person has the requisite background, why does it matter what the title they had before is?

All links and images for this episode can be found on CISO Series As an outside observer, how can you tell if a company is staying cyber healthy? While there is no financial statement equivalency to let you know the strength of a company's security profile, there are signals that'll give you a pretty good idea. Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Matt Honea, CISO, SmartNews. Thanks to our podcast sponsor, Automox Are you ready to ditch manual patching? With Automox, you can automatically patch your third-party applications, Windows, macOs, and Linux devices with one easy-to-use, cloud-native platform. Try for yourself with our free 15-day trial and have all your endpoints safe and secure in just 15 minutes. In this episode: As an outside observer, how can you tell if a company is staying cyber healthy? What are the signals to let you know the strength of a company's security profile? How do we go about trying to determine a company's cyber health? Why is it important to know about another company's cyber health?

All links and images for this episode can be found on CISO Series The cyber attack surface just keeps growing to the point that it seems endless. Protecting it all is impossible. Is there anything that can be done to reduce that attack surface and limit your exposure? Check out this post for the discussion that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Jonathan Trull (@jonathantrull), CISO, Qualys. Thanks to our podcast sponsor, Qualys Qualys is a pioneer and leading provider of cloud-based security and compliance solutions. In this episode: Is there anything that can be done to reduce that attack surface and limit your exposure? Is attack surface reduction a new security development philosophy or is it just a rebranding of vulnerability management? And what value does it have in comparison to other popular theories such as zero trust and defense in depth? Is everything just another form of exposure management?

All links and images for this episode can be found on CISO Series Those reports on security procedures for the business are falling short. No one is reading them. What good are security controls if your staff doesn't know about them or adhere to them? Is it time to hire a marketing manager for the security team? Check out this post for the discussion that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Laura Deaner (@b3dwin), CISO, Northwestern Mutual. Thanks to our podcast sponsor, IANS Research CISOs, how does your compensation compare with your peers? Download IANS + Artico Search's 2022 CISO Compensation Benchmark Report. Find objective insights and comprehensive compensation data from over 500 CISOs across the U.S. and Canada. In this episode: What good are security controls if your staff doesn't know about them or adhere to them? Is it time to hire a marketing manager for the security team? Why does it make sense to think of who the stakeholder is and what's happening in their world? How to best build policies that don't get ignored?

All links and images for this episode can be found on CISO Series Cybersecurity budgets are increasing, by a lot. What's fueling the increase and where are those budgets being spent? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest sponsored guest Nick Kakolowski, senior director of research at IANS Research. Thanks to our podcast sponsor, IANS Research CISOs, how does your compensation compare with your peers? Download IANS + Artico Search's 2022 CISO Compensation Benchmark Report. Find objective insights and comprehensive compensation data from over 500 CISOs across the U.S. and Canada. In this episode: What's fueling the increase in cybersecurity budgets and where are those budgets being spent? Do we understand where the money is being spent? Is it on new hires? More tooling? Does training new hires provide a good ROI for an increased budget? Should we equate the success of a security program with the size of the budget? Or not?

All links and images for this episode can be found on CISO Series What's the difference between a head of security, a vp of security, and a CISO? Do job responsibilities change whether you're a security analyst or a threat engineer? Roles are confusing and so is the pay and responsibilities attached to them. Check out this post and this post for the basis of today's discussion. this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Hadas Cassorla, CISO, M1. Our guest is Renee Guttman, former CISO of Coca-Cola, Time Warner, Campbells. Thanks to our podcast sponsor, IANS Research CISOs, how does your compensation compare with your peers? Download IANS + Artico Search's 2022 CISO Compensation Benchmark Report. Find objective insights and comprehensive compensation data from over 500 CISOs across the U.S. and Canada. In this episode: What's the difference between a head of security, a vp of security, and a CISO? Do job responsibilities change whether you're a security analyst or a threat engineer? Why are cyber security roles so confusing? And why is there such a variance of pay and responsibilities attached to them?

All links and images for this episode can be found on CISO Series Instead of complaining about the security hiring process, walk a mile in a recruiter's shoes and have a little compassion to what they're going through, and how you might be able to help, at any level. Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap) with our guest Caleb Sima (@csima), CSO, Robinhood. Thanks to our podcast sponsor, Safe Security If your CFO or Board was to ask: 'How much could we lose to a cyber attack?' Would you know? Introducing SAFE - the industry's most complete Cyber Risk Quantification solution to help you answer those crucial questions in real-time: Visualize and measure cyber risk across your entire estate Discover your $ risk exposure per attack vector Gain personalized, actionable insights to tackle your most critical risks Communicate your real-time cyber risk posture to your Board Learn more at www.safe.security In this episode: Instead of complaining about the security hiring process, CISOs should walk a mile in a recruiter's shoes and have a little compassion to what they're going through. Have we thought about the process we're creating for candidates? Are we being responsible and thinking about the candidate's journey vs. being opportunistic?

All links and images for this episode can be found on CISO Series Are security programs drifting from a prevention to a resilience strategy? If so, are you truly operating in a resilient environment? Or are you still acting in a prevention stance but you know you should be resilient? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest David Ratner (@davidhratner), CEO, HYAS. Thanks to our podcast sponsor, HYAS "Better production environment security starts with visibility. After all, how can you protect your most valuable asset if you don't know A: what's expected and B: when something's happening that isn't expected? This is why HYAS Confront monitors traffic to alert you to anomalies, letting you address risks, threats, and changes, while blocking infiltrations before they become successful attacks. Don't just react, take your security back with HYAS. Visit HYAS.com" In this episode: Are security programs drifting from a prevention to a resilience strategy? If so, are you truly operating in a resilient environment? Or are you still acting in a prevention stance but you know you should be resilient? What does a resilience strategy look like? How does your security stack change when you choose resilience?

All links and images for this episode can be found on CISO Series How do you talk to non-technical business leaders about cybersecurity? It's a concern, it's a risk, they want to know so they can make logical business decisions. How do you help? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Our guest is Sara Hall, deputy CISO, MassMutual. Thanks to our podcast sponsor, HYAS "Better production environment security starts with visibility. After all, how can you protect your most valuable asset if you don't know A: what's expected and B: when something's happening that isn't expected? This is why HYAS Confront monitors traffic to alert you to anomalies, letting you address risks, threats, and changes, while blocking infiltrations before they become successful attacks. Don't just react, take your security back with HYAS. Visit HYAS.com" In this episode: How do you talk to non-technical business leaders about cybersecurity? It's a concern, it's a risk, they want to know so they can make logical business decisions. How do you help? Does storytelling and/or other strategies work? How do you have a risk discussion while also avoiding FUD - fear, uncertainty, and doubt?

All links and images for this episode can be found on CISO Series Why are cybersecurity professionals burning out? What's the dynamic of the job, the pressures being put on them, that causes the best to leave? And this industry can't afford to lose its best talent. Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and special guest co-host Shawn Bowen (@SMbowen), CISO, World Fuel Services. Our guest is Bozidar Spirovski (@spirovskib), CISO, Blue dot. Thanks to our podcast sponsor, HYAS Better production environment security starts with visibility. After all, how can you protect your most valuable asset if you don't know A: what's expected and B: when something's happening that isn't expected? This is why HYAS Confront monitors traffic to alert you to anomalies, letting you address risks, threats, and changes, while blocking infiltrations before they become successful attacks. Don't just react, take your security back with HYAS. Visit HYAS.com In this episode: Why are cybersecurity professionals burning out? What's the dynamic of the job, the pressures being put on them, that causes the best to leave? Are certain areas of cyber are more prone to burnout than others? Do we have a training and communication crisis in the field?

All links and images for this episode can be found on CISO Series You're starting a security program from scratch and you're trying to figure out where to start, what to prioritize, and how to architect it so it grows naturally and not a series of random patches over time. Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO. Our guest is Mark Bruns, CISO, First Bank. Thanks to our podcast sponsor, Keyavi Myth: Data can't protect itself. Fact: Now it does! You control where your data goes in the world, who can access it and when. On any device. Anytime. Anywhere. FOREVER. Learn more at Keyavi.com. In this episode: Have you ever had a purely greenfield situation? When starting a security program from scratch, how do you figure out where to start and what to prioritize? What are the top five actions if you were going to implement a brand new/greenfield security program? How do you architect a security program so that it grows naturally and not a series of random patches over time?

All links and images for this episode can be found on CISO Series Files are still the core of how people do business. How are you dealing with the onslaught of files coming into your network? People are sharing files across a multitude of platforms, and many for which you may not even know about. What checks and balances do you put in place to make sure you've got file integrity no matter the source? Check out this post for the discussion that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Aviv Grafi, founder and CTO, Votiro. Thanks to our podcast sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com. That's v-o-t-i-r-o.com In this episode: How are you dealing with the onslaught of files coming into your network? What checks and balances do you put in place to make sure you've got file integrity no matter the source? Who has the authority to decide whether a file should be protected or deleted?

All links and images for this episode can be found on CISO Series Hiring managers speak about looking for culture fit and diversity, but never at the same time. Can they coexist? Are they mutually exclusive? Check out this post for the discussion that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Sherron Burgess, CISO, BCD Travel. Thanks to our podcast sponsor, Votiro Can you trust that the files entering your organization are free of hidden threats like malware & ransomware? With Votiro you can. Votiro removes evasive and unknown malware from files in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with email, cloud apps & storage, and content collaboration platforms like Microsoft 365 - wherever files need to flow. Learn more at Votiro.com. In this episode: Hiring managers speak about looking for culture fit and diversity, but never at the same time. Can they coexist? Are they mutually exclusive? How can you learn and grow as a company if everyone fits into one box? Is reaching diversity an overnight achievement, or a longer journey?

All links and images for this episode can be found on CISO Series Cyber sales is hard. But don't let the difficulty of doing it get in way of your good judgement. So what is the right way to follow up with a CISO? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Jack Kufahl, CISO, Michigan Medicine. Thanks to our podcast sponsor, SolCyber At SolCyber we're hell-bent on delivering Fortune 500 level cyber security for small and medium-sized enterprises. When you're being targeted by the same bad guys, nothing else will do. We bring to the table a curated stack of leading technologies and around-the-clock SOC support, all simply priced per user. Let us do the heavy lifting. In this episode: What is the right way to follow up with a CISO? How to prevent the difficulty of sales from clouding your good judgement? What are some ideas on how best to reach out to CISOs and other potential customers?

All links and images for this episode can be found on CISO Series One day you want to be a CISO. What area of security you begin your studies? Or maybe you shouldn't be studying security. Check out this post for the discussion that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Evelin Biro (@wolfsgame), CISO, Alliant Credit Union. Thanks to our podcast sponsor, Qualys Qualys is a pioneer and leading provider of cloud-based security and compliance solutions. In this episode: What path should I take if I want to be a CISO? What security jobs/roles best prepare you to become a CISO? In what ways does the CISO role require totally different skills than the technical roles?

All links and images for this episode can be found on CISO Series What can we do to reduce the damage of a breach and the duration of detection and remediation? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our sponsored guest is Dave Klein (@cybercaffeinate), director, cyber evangelist, Cymulate. Thanks to our podcast sponsor, Cymulate The Ultimate Guide to Security Posture Validation: Learn how to effectively measure and reduce risk through continuous validation of your enterprise's security posture. Download the playbook here. In this episode: What can we do to reduce the damage of a breach and the duration of detection and remediation? How do we determine what's most important and how to best reduce risk? How can teams best reduce the impact of the "boom" you feel during a breach?

All links and images for this episode can be found on CISO Series Learning cyber is not a question for those who are just starting out. It's for everybody. Where and how do we learn at every stage of our professional careers? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Jerich Beason, CISO, Commercial, Capital One. Thanks to our podcast sponsor, SlashNext SlashNext protects the modern workforce from phishing and human hacking across all digital channels. SlashNext Complete™ utilizes our patented AI SEER™ technology to detect zero-hour phishing threats by performing dynamic run-time analysis on billions of URLs a day through virtual browsers and machine learning. Take advantage of SlashNext's phishing defense services for email, browser, mobile, and API. In this episode: Where do we go to learn at every stage of our professional careers? We discuss how the learning process never really stops, but is on-going with cyber professionals continuing to learn throughout their careers. Why is the "know-it-all" leader a red flag to avoid?

All links and images for this episode can be found on CISO Series You're a CISO, vCISO, or MSSP rolling into a company that has yet to launch a cybersecurity department. How do you communicate about cyber with the IT department? They're not completely new to cyber. What's the approach to engagement that helps, but doesn't insult? How do you offer practical cybersecurity advice? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our sponsored guest is sponsored guest Scott McCrady (@scottsman3), CEO, SolCyber. Thanks to our podcast sponsor, SolCyber At SolCyber we're hell-bent on delivering Fortune 500 level cyber security for small and medium-sized enterprises. When you're being targeted by the same bad guys, nothing else will do. We bring to the table a curated stack of leading technologies and around-the-clock SOC support, all simply priced per user. Let us do the heavy lifting. In this episode: How do you communicate about cyber with the IT department? What's the approach to engagement that helps, but doesn't insult? How do you offer practical cybersecurity advice?

All links and images for this episode can be found on CISO Series Cybersecurity boils down to securing your data or data protection. But that simple concept has turned into a monumental task that is only exacerbated every time we move our data to a new platform. How do we secure data today, to be ready for whatever comes next in computing? Check out this post and this post for the discussion that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and guest co-host Gary Hayslip (@ghayslip), global CISO, SoftBank Investment Advisers. Our sponsored guest is Elliot Lewis (@ElliotDLewis), CEO, Keyavi. Thanks to our podcast sponsor, Keyavi Myth: Data can't protect itself. Fact: Now it does! You control where your data goes in the world, who can access it and when. On any device. Anytime. Anywhere. FOREVER. Learn more at Keyavi.com. In this episode: How do we secure data today, to be ready for whatever comes next in computing? How do we go about building a data transformation program that's platform agnostic? Why has this simple concept turned into a monumental task?

All links and images for this episode can be found on CISO Series Is attack surface profiling the same as a pen test? If it isn't what unique insight can attack surface profiling deliver? Check out this post for the discussion that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Nick Shevelyov, former CSO, Silicon Valley Bank. Thanks to our podcast sponsor, Keyavi Myth: Data can't protect itself. Fact: Now it does! You control where your data goes in the world, who can access it and when. On any device. Anytime. Anywhere. FOREVER. Learn more at Keyavi.com. In this episode: Is attack surface profiling the same as a pen test? What unique insight can attack surface profiling deliver? Is "Attack Surface Profiling" more like a natural evolution from traditional vulnerability management?

All links and images for this episode can be found on CISO Series What's your best indicator that your security program is actually improving? And besides you and your team, is anyone impressed? Check out this post for the discussion that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Simon Goldsmith (@cybergoldsmith), director of information security, OVO Energy. Thanks to our podcast sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com. In this episode: What's the best indicator that your security program is actually improving? Does anyone care that you're actually improving your security posture? What should we be measuring to prove a security program is working and getting better?

All links and images for this episode can be found on CISO Series Interviewing for leadership positions in cybersecurity is difficult for everyone involved. There are far too many egos and many gatekeepers. What can be done to improve recruiting of CISOs? Check out this post and this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn with our guest Ty Sbano (@tysbano), CISO, Vercel. Thanks to our podcast sponsor, Thinkst Most Companies find out way too late that they've been breached. Thinkst Canary changes this. Deploy Canaries in minutes and then forget about them. Attackers tip their hand by touching 'em giving you the one alert, when it matters. With 0 admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents. In this episode: What can be done to improve CISO recruiting? Is there a disconnect between HR and what the company actually needs regarding a position? How long should the interview process take?

All links and images for this episode can be found on CISO Series How are nefarious actors using our own data (and metadata) against us? And given that, in what way have we lost our way protecting data that needs to be course corrected? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our sponsored guest is John Ayers (@cyberjohn1747), vp of advanced detection and response office of the CTO, Optiv. Thanks to our podcast sponsor, Optiv The modern enterprise needs a solution as unique as its business.   Optiv's Advanced Detection and Response (ADR) works with your organization to comb through the D&R clutter and find the ideal security solutions for your business. ADR delivers tailored detection and response backed by technology, real-time intel and deep expertise applied at touch. Bottom line: ADR finds and neutralizes threats fast, so you can focus on what matters. In this episode: How are nefarious actors using our own data (and metadata) against us? In what way have we lost our way protecting data that needs to be corrected? We examine how our interconnectedness is both a blessing and a curse. Is there already far too much sensitive data in essentially open source intelligence?

All links and images for this episode can be found on CISO Series Is it possible to position your security team as a profit center instead of the traditional cost center reporting to the CIO? Check out this post for the discussion that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Michael Weiss, CISO, Human Interest. Thanks to our podcast sponsor, Optiv The modern enterprise needs a solution as unique as its business.   Optiv's Advanced Detection and Response (ADR) works with your organization to comb through the D&R clutter and find the ideal security solutions for your business. ADR delivers tailored detection and response backed by technology, real-time intel and deep expertise applied at touch. Bottom line: ADR finds and neutralizes threats fast, so you can focus on what matters. In this episode: Is it possible to position your security team as a profit center instead of the traditional cost center reporting to the CIO? Is security still primarily an efficiency conversation or has effectiveness now changed the dialogue on how success is measured? How to go about measuring the value cybersecurity provides the enterprise. We examine the problems that can arise when security is treated as a profit center.

All links and images for this episode can be found on CISO Series For years we've been referring to malware protection as a cat and mouse game. The crooks come up with a new malware attack, and then the good guys figure out a way to stop it. And that keeps cycling over and over again. So where are we today with malware protection and is there any way to get ahead of the cycle? Check out this post and this post for the discussion that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Aviv Grafi (@avivgrafi), CTO and founder, Votiro. Thanks to our podcast sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com. In this episode: How can we take proactive approaches that are capable of stopping attacks, not just detecting them? What do you think we're doing really well in terms of malware, and where could we do a lot better? We examine the need for organizations to upgrade their defenses. Has ransomware made a massive target out of every organization?

All links and images for this episode can be found on CISO Series We all know and have experienced bad security awareness training. People can learn, and should learn about being cyber aware. How do you build a security awareness training program that sticks? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn with our guest Lisa Kubicki (@lmk2), trust and security, training and awareness director, DocuSign. Thanks to our podcast sponsor, Drata Save 200+ hours with Drata's automated continuous compliance solution for SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR, & CCPA. Drata connects to your techstack with 75+ integrations, including AWS, GitHub, GCP, & more to automate the compliance process. Kickstart your compliance journey by requesting a demo and get 10% off In this episode: We ask, "How do you build a security awareness training program that sticks?" How do you develop a program that resonates with staff and actually improves security outcomes? We get tips from the community on how they built a security awareness training program. We examine what a successful engagement would look like.

All links and images for this episode can be found on CISO Series You want to bring on entry level personal, But green employees, who are not well versed in security, IT, or your data introduce risk once they have access to it. What are ways to bring these people on while also managing risk? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Rich Lindberg, CISO, JAMS. Thanks to our podcast sponsor, SolCyber At SolCyber we're hell-bent on delivering Fortune 500 level cyber security for small and medium-sized enterprises. When you're being targeted by the same bad guys, nothing else will do. We bring to the table a curated stack of leading technologies and around-the-clock SOC support, all simply priced per user. Let us do the heavy lifting. In this episode: We ask, "What are ways to bring entry-level people onboard the company while also managing risk?" How does education stack up against on-the-job experience? Are there advantages to hiring an inexperienced greenthumb versus experienced only new hires?

All links and images for this episode can be found on CISO Series Zero trust is a hollow buzzword. In any form of security, there exist critical points where we have to trust. What we need is a move away from implicit trust to explicit trust, or identity that can be verified. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Yaron Levi (@0xL3v1), CISO, Dolby. Thanks to our podcast sponsor, Optiv Need a guide on your Zero Trust journey? Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide" shares the following takeaways: - The key elements of Zero Trust - How to visualize your Zero Trust journey and place it in the proper context - Integrated technologies to drive adaptive processes and a mature security model Learn more at www.optiv.com/zerotrust. In this episode: We ask cyber professionals, where is the 'trust' in zero-trust? What and who should we be trusting? How should we refer to zero trust since you can't run any kind of operation where you trust no one and nothing?

All links and images for this episode can be found on CISO Series Cyber professionals, who is responsible on your team for investigating new solutions? Check out this post and this post for the discussion that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Nick Ryan, director of enterprise technology security and risk, Baker Tilly. Thanks to our podcast sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com. In this episode: We ask cyber professionals, who is responsible on their team for investigating new solutions? If it's a collaborative effort, how is that handled? What are CISOs looking for in a solution? And we discuss using existing solutions before purchasing and implementing more solutions.

All links and images for this episode can be found on CISO Series In the cyber industry we pat each other on the back and give each other awards, all while the statistics for breaches appear to be worsening, Are we celebrating growing failure? Does the cyber industry suck? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Fredrick Lee (AKA "Flee") (@fredrickl), Flee, CSO, Gusto. Thanks to our podcast sponsor, Cymulate The Ultimate Guide to Security Posture Validation: Learn how to effectively measure and reduce risk through continuous validation of your enterprise's security posture. Download the playbook here. In this episode: We ask if our very own industry, ourselves, are the ones to blame for our constant woes? Where do we stand in accepting fault and responsibility for the industry's continued problems? Are the companies to blame for not taking IT seriously within their organizations? Are industry awards just fluff for patting each other on the back?