Discussions, tips, and debates around improving the communications and services that security vendors provide to their customers, the security buyer.
David Spark, Founder, Spark Media Solutions and Mike Johnson, CISO, Lyft
vendors, security professionals, mike and david, mike johnson, buzzwords, mike do a great job, security podcasts, cybersecurity, sales professional, cyber security, infosec, prospecting, reps, spark, linkedin, thank you david, senior, concerns, glimpse.
Listeners of CISO-Security Vendor Relationship Podcast that love the show mention: david and mike,I cannot recommend The CISO-Security Vendor Relationship Podcast enough! This podcast is an invaluable resource for anyone in the cybersecurity field, whether you're a security professional or a salesperson. The discussions, tips, and debates are incredibly insightful and provide a wealth of knowledge on enhancing security collaboratively. David Spark, Mike Johnson, and Andy Ellis do a fantastic job of hosting the show and keeping it engaging and easy to listen to.
One of the best aspects of this podcast is the breadth of topics covered. They go beyond just technical tools and hacks, instead focusing on broader topics that everyone in the industry can understand. This is particularly helpful for cybersecurity sales reps who may not have deep technical knowledge but still need to understand the core issues and prioritize challenges. The hosts have great energy and their insights on information security are a real treat.
A minor downside of this podcast is that it may not be as appealing to those who are looking for more technical-focused content. While they touch on technical topics, the focus is more on broader discussions around cybersecurity challenges and collaboration between CISOs and vendors. However, for those interested in these areas, this podcast is an absolute must-listen.
In conclusion, The CISO-Security Vendor Relationship Podcast is an exceptional show that provides valuable insights for both security professionals and salespeople in the industry. It covers a wide range of topics in an approachable way, helping listeners understand what's important for security leaders and how to effectively engage with them. I highly recommend this podcast to anyone looking to enhance their knowledge of cybersecurity and improve their success in the field.
All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Tim Jacobs, vp, CISO, Commonwealth Care Alliance. In this episode: Starting from zero Prepare for decisive decisions Working back from unacceptable Discovering inefficiencies A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
All links and images for this episode can be found on CISO Series. I host this week's episode, David Spark (@dspark), producer of CISO Series and Jesse Whaley, CISO, Amtrak. Joining them is their guest Vaughn Hazen, CISO, CN. In this episode: The classics endure The rules of the rail "Prove It. With data." It's all just software A huge thanks to our sponsor, Doppel Doppel is the first social engineering defense platform built to dismantle deception at the source. It uses AI and infrastructure correlation to detect, link, and disrupt impersonation campaigns before they spread - protecting brands, executives, and employees while turning every threat into action that strengthens defenses across a shared intelligence network. Learn more at https://www.doppel.com/platform
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is our sponsored guest, Saket Modi, co-founder and CEO, SAFE Security. In this episode: Elevating AI to table stakes Security for the real world Using dynamic models for TPRM The agentic AI augmentation Huge thanks to our sponsor, SAFE Security SAFE (#1 platform to unify the management of all cyber risks) has reinvented cyber risk management with Agentic AI. We help CISOs, TPRM, and GRC leaders become strategic business partners by automating the understanding, prioritization and management of cyber risk—accelerating AI adoption and digital transformation.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series, and Andy Ellis, partner of YL Ventures. Their sponsored guest is Jadee Hanson, CISO of Vanta. In this episode: Find a partner to work with Fixing the root of burnout The limitations of human vigilance Balancing openness and control Thanks to our sponsor, Vanta. Automate, centralize, & scale your GRC program with Vanta Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining us is Charles Blauner, formerly of Team8 (at time of recording) and now operating partner, Crosspoint Capital. In this episode: Expanding collective defense Getting talent to the municipal level A mature reporting structure A pill for that cyberailment Huge thanks to our sponsor, Material Security Material Security is purpose-built to protect the entire cloud workspace – email, data, and accounts. With deep integration and powerful automations, Material prevents and detects a wider range of threats, responds to active attacks faster, and secures data and accounts even after a breach. See Material in action today!
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series, and Andy Ellis, partner, YL Ventures. Joining us is Mandy Huth, svp, CISO, Ultra Clean Technology. In this episode: Start with good defaults Building talent bridges Don't forget the humans Differentiating with privacy Automate, centralize, & scale your GRC program with Vanta Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, partner, YL Ventures. Joining us is Mike D'Arezzo, executive director of infosec and GRC, Wellstar Health Systems. In this episode: The shift left myth Reconsidering CISO evaluations The power of “how” Building bridges Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, partner, YL Ventures. Joining us is our sponsored guest Nathan Hunstad, director, security at Vanta. In this episode: Thinking like AI Building off a solid foundation Start with ownership Following the leader Big thanks to our sponsor, Vanta Automate, centralize, & scale your GRC program with Vanta. Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Christina Shannon, CIO, KIK Consumer Products. Joining them is Jim Bowie, CISO, Tampa General Hospital. In this episode: A journey, not a destination The difference between pressure and stress Fighting commodity deepfakes Getting leadership on the same page HUGE thanks to our sponsors, Proofpoint, Cofense, & KnowBe4 With an integrated suite of cloud-based cybersecurity and compliance solutions, Proofpoint helps organizations around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Discover cutting-edge security insights and industry trends from leading experts at Proofpoint Power Series—a monthly virtual event designed to empower the security community. Learn more at proofpoint.com Powered by 35 million trained employee reporters, the exclusive Cofense® PhishMe® Email Security Awareness Training with Risk Validation and Phishing Threat Detection and Response Platforms combine robust training with advanced tools for phishing identification and remediation. Together, our solutions empower organizations to identify, combat, and eliminate phishing threats in real-time. Learn more at cofense.com KnowBe4's PhishER Plus is a lightweight SOAR platform that streamlines threat response for high-volume, potentially malicious emails reported by users. It automatically prioritizes messages, helping InfoSec and Security Operations teams quickly address the most critical threats, reducing inbox clutter and enhancing overall security efficiency. Learn more at knowbe4.com
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Trina Ford, CISO, iHeartMedia. Joining us is our sponsored guest Rob Allen, chief product officer, ThreatLocker. This episode was recorded in front of a live audience at Zero Trust World in Orlando, Florida. In this episode: Severity versus impact Breaking the anti-pattern Take the first step to zero trust What are your demands? ThreatLocker® is a Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally. With easy onboarding, management, and 24/7/365 support, ThreatLocker makes default deny a reality for businesses. Only allow what you need in your environment and block everything else, including ransomware!
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, partner, YL Ventures. Joining us is Edward Contreras, senior evp and CISO, Frost Bank. In this episode: A gradual language shift Don't reflexively rise and grind Lean into focus Gauging the unmeasurable Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Mike Wilkes, former CISO, Major League Soccer. In this episode: Are we misusing vCISOs? Cybersecurity is out to sea Planning for your exit Building up your quantum reflexes Thanks to our podcast sponsor, Tines Build, run, and monitor your most important workflows with Tines. Tines' smart, secure workflow platform empowers your whole team regardless of their coding abilities, environment complexities, or tech stack. From low code, no code to natural language, anyone can get up and running in minutes – not days or weeks. Learn more at https://tines.com/cisoseries
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Adam Holland, former CISO, the Wendy's Company, now CISO of Ascension Healthcare. In this episode: The long road to influence The effort to build a bridge Living within limits Motivation for security awareness Thanks to our podcast sponsor, Vanta! Say goodbye to spreadsheets and screenshots. Vanta automates evidence collection needed for audits with over 350 integrations—giving you continuous visibility into your compliance status. And with cross-mapped controls across over 35 frameworks, you'll streamline compliance— and never duplicate your efforts.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Shaun Marion, vp, CSO, Xcel Energy. In this episode: Setting policy The hard thing about soft skills Never let a good crisis go to waste Avoiding the tarpit Thanks to our podcast sponsor, Noma Security! Secure your entire Data & AI Lifecycle—from development to production and classic data engineering to GenAI. Noma's full-lifecycle platform delivers seamless protection against risks like misconfigured data pipelines, malicious models, and adversarial AI attacks, empowering AppSec teams with complete visibility, security, and compliance—without disrupting data and AI teams' workflows.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is our sponsored guest, Danny Jenkins, CEO, ThreatLocker. In this episode: A zero-day upgrade Don't let a pentest go bad Improving user training Cybersecurity is made for people Thanks to our podcast sponsor, ThreatLocker! ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Steve Zalewski. Joining us is our sponsored guest, Matt Muller, field CISO, Tines. In this episode: Seeking the early AI adopters Taking the SOC back to basics Changing our automation expectations Communicate risk Thanks to our podcast sponsor, Tines! Build, run, and monitor your most important workflows with Tines. Tines' smart, secure workflow platform empowers your whole team regardless of their coding abilities, environment complexities, or tech stack. From low code, no code to natural language, anyone can get up and running in minutes – not days or weeks. Learn more at Tines.com.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Deneen DeFiore, Vice President & Chief Information Security Officer, United Airlines. In this episode: Minding the gap Copilot overreliance Opening up the field Navigating the SMB cyber insurance conundrum Thanks to our podcast sponsor, Vanta! Say goodbye to spreadsheets and screenshots Vanta automates evidence collection needed for audits with over 350 integrations—giving you continuous visibility into your compliance status. And with cross-mapped controls across over 35 frameworks, you'll streamline compliance— and never duplicate your efforts.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Rinki Sethi, vp and CISO, BILL. Joining us is our sponsored guest, Lamont Orange, CISO, Cyera. This episode was recorded in front of a live audience at Cyera's first DataSec conference (November 2024) in Dallas. Thanks to Adam Holland, CISO, Wendy's, Farray Rahman of Vibrant Emotional Health and 988 Lifeline, and Biji John of USAA for our questions in the episode. In this episode: Shifting from traditional recovery Do you know where your data is? The science of tradeoffs How do you measure security culture? Thanks to our podcast sponsor, Cyera! Cyera's data security platform discovers your data attack surface, protects sensitive data, governs data access, monitors critical data events, and quickly responds to data risks. Cyera's agentless design allows us to deploy within minutes across any environment and provide a 95% precision rate through our AI-powered classification engine. Learn more at Cyera.io
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is George Finney, CISO, The University of Texas System and author of Project Zero Trust. In this episode: Aligning on privacy Bringing Zero Trust to OT Restores and resilience Focus on what you can control Thanks to our podcast sponsor, Vanta! Say goodbye to spreadsheets and screenshots. Vanta automates evidence collection needed for audits with over 350 integrations—giving you continuous visibility into your compliance status. And with cross-mapped controls across over 35 frameworks, you'll streamline compliance— and never duplicate your efforts.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Steve Zalewski. Joining us is our guest, Brett Perry, CISO, Dot Foods. In this episode: A new MDR policy Staying on top of the technical debt cycle Beating retention struggles In the gully of SOAR Thanks to our podcast sponsor, Tines! Build, run, and monitor your most important workflows with Tines. Tines' smart, secure workflow platform empowers your whole team regardless of their coding abilities, environment complexities, or tech stack. From low code, no code to natural language, anyone can get up and running in minutes – not days or weeks. Learn more at Tines.com.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Yabing Wang, VP and CISO, Justworks. In this episode: Building a path to action Cracking the EOL conundrum The burning platform question Uncertainty is our only constant Thanks to our podcast sponsor, Entro! Reclaim control of your non-human identities with Entro Security! Our platform securely manages non-human identities and secrets throughout their lifecycle. Detect and prevent unusual activity before it becomes a threat. Trust Entro to safeguard your non-human identities in today's complex digital ecosystem.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest Daniel Daraban, senior director of product management, Bitdefender. In this episode: Practice makes perfect Shaming doesn't help anyone Cybersecurity is a flat circle Building the bridge Thanks to our podcast sponsor, Bitdefender! Enterprise-grade cybersecurity without complexity. Backed by extensive research from hundreds of experts in Bitdefender Labs and consistently top-rated in independent tests, Bitdefender GravityZone platform provides multi-layered prevention, protection, detection, and response capabilities, including managed security services. Learn more at Bitdefender.com.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest, Itzik Alvas, co-founder and CEO, Entro. In this episode: What to expect when you're offboarding The threats are coming from inside the organization The risk of stale identities Working backward to risk Thanks to our podcast sponsor, Entro! Reclaim control of your non-human identities with Entro Security! Our platform securely manages non-human identities and secrets throughout their lifecycle. Detect and prevent unusual activity before it becomes a threat. Trust Entro to safeguard your non-human identities in today's complex digital ecosystem.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest Jeremy Epling, chief product officer, Vanta. In this episode: What is the future of cybersecurity? Designing the outcomes we want The promise and peril of AI Is open-source open to more threats? Thanks to our podcast sponsor, Vanta! Say goodbye to spreadsheets and screenshots. Vanta automates evidence collection needed for audits with over 350 integrations—giving you continuous visibility into your compliance status. And with cross-mapped controls across 30 frameworks, you'll streamline compliance— and never duplicate your efforts. Learn more at Vanta.com.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Gary Hayslip, CISO, Softbank Investment Advisors. Joining us is Keith McCartney, VP, Security and IT, DNAnexus. In this episode: Closing the Credibility Gap Clarifying the Role of Security Engineering Building Resilience at Scale AI Frameworks and Cybersecurity Thanks to our podcast sponsor, Entro! Reclaim control of your non-human identities with Entro Security! Our platform securely manages non-human identities and secrets throughout their lifecycle. Detect and prevent unusual activity before it becomes a threat. Trust Entro to safeguard your non-human identities in today's complex digital ecosystem.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Jimmy Benoit, vp, cybersecurity, PBS. In this episode: Starting early on security awareness The limits of gamification Technically qualified Understanding your risk tolerance Thanks to our podcast sponsor, Bitdefender! Enterprise-grade cybersecurity without complexity. Backed by extensive research from hundreds of experts in Bitdefender Labs and consistently top-rated in independent tests, Bitdefender GravityZone platform provides multi-layered prevention, protection, detection, and response capabilities, including managed security services.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Amy-Steagall-Hess, CISO, Stanford University. Joining us is Michael Tran Duff, CISO, data privacy officer, Harvard University. In this episode: Turning a mirror on zero trust Is AI coming for our jobs? Responding to skepticism about CISOs A CISO at the crossroads Thanks to our podcast sponsor, Vorlon Security and Wiz! Vorlon helps organizations take back control of their data by providing continuous visibility of sensitive data shared via API across third-party applications. Know what data goes where, when, and how between third-party apps with external threat intelligence. Reduce the complexity of investigating and responding to third-party security incidents with Vorlon. Wiz transforms cloud security for customers – including 40% of the Fortune 100 – by enabling a new operating model. Wiz CNAPP empowers security and development teams to build fast and securely by providing visibility into their cloud environments. With Wiz, organizations can prioritize risk and stay agile.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is our sponsored guest Jadee Hanson, CISO, Vanta. In this episode: Embracing BYOAI The changing government contractor landscape Creating better security outcomes Automating supply chain security Thanks to our podcast sponsor, Vanta! Say goodbye to spreadsheets and screenshots. Vanta automates evidence collection needed for audits with over 350 integrations—giving you continuous visibility into your compliance status. And with cross-mapped controls across 30 frameworks, you'll streamline compliance— and never duplicate your efforts.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Jason Shockey, CISO, Cenlar FSB. In this episode: Ground the SOC in communication Training and mentoring talent Nailing a first security hire A case for optimism Thanks to our podcast sponsor, Bitdefender! Enterprise-grade cybersecurity without complexity. Backed by extensive research from hundreds of experts in Bitdefender Labs and consistently top-rated in independent tests, Bitdefender GravityZone platform provides multi-layered prevention, protection, detection, and response capabilities, including managed security services.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Sasha Pereira, CISO, WASH. Joining us is Cyrus Tibbs, CISO, PennyMac. This episode was recorded live at ISSA-LA. In this episode: Building the foundation for data minimization No-code needs to be no problem Seeking alignment in a SOC career MFA is not a cybersecurity panacea Thanks to our podcast sponsor, Nudge Security! Get a full inventory of all SaaS accounts ever created by anyone in your org, in minutes, along with automated workflows to scale SaaS security and governance. No agents, browser plug-ins or network changes required. Start today with a free 14-day trial.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Jerich Beason, CISO, WM. Joining us is Teresa Tonthat, vp, associate CIO, Texas Children's Hospital. This episode was recorded live at HOU.SEC.CON. In this episode: Connecting with the business Keep the users in mind Ground security in reality Teach, don't shame Thanks to our podcast sponsor, Vorlon Security! Vorlon helps organizations take back control of their data by providing continuous visibility of sensitive data shared via API across third-party applications. Know what data goes where, when, and how between third-party apps with external threat intelligence. Reduce the complexity of investigating and responding to third-party security incidents with Vorlon.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Eduardo Ortiz, vp, global head of cybersecurity, Techtronic Industries. Joining us is Adam Fletcher, CSO, Blackstone. In this episode: Keeping our eyes on new risks The hiring disconnect Mental health in incident response Moving on from CrowdStrike Thanks to our podcast sponsors, Fortra, Quadrant Information Security, and Savvy Security! Fortra's Data Protection solutions protect sensitive data while keeping users productive. Our interlocking data loss prevention (DLP), data classification, and secure collaboration tools can be SaaS deployed or on-premises, and we offer managed services to extend your team and reduce risk. Visit www.fortra.com/solutions/data-security/data-protection for more information. Quadrant Security is bad news for bad dudes. Quadrant's XDR solution combines the best people, processes, and technology — managing your security so you can manage business operations. For a limited time, our analysts will provide your organization a free dark web report, detailing the data leaving you vulnerable. Learn more: quadrantsec.com/darkweb. Despite significant investments in SSO, MFA, IGA, and PAM, organizations still face significant challenges in securing identities, particularly with SaaS apps. Savvy Security augments these tools with full app and identity visibility to discover and remediate shadow and shared accounts, misconfigured authentication, and weak, reused, or compromised credentials. Visit savvy.security/ciso-series to learn more.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Steve Person, CISO, Cambia Health. In this episode: The changing CISO landscape Rethinking the cybersecurity talent shortage Sharpening your CISO skills Do CISOs need to go back to school? Thanks to our podcast sponsor, Vanta! Whether you're starting or scaling your security program, Vanta helps you automate compliance across SOC 2, ISO 27001, and more. Streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies use Vanta to manage risk and prove security.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is Stephen Harrison, CISO, MGM Resorts International. In this episode: Understanding the AI attack surface Low code, low security? Chief information storytelling officer Finding the right partners Thanks to our podcast sponsor, Vectra AI! Vectra AI is the only extended detection and response (XDR) with AI-driven Attack Signal Intelligence. Vectra AI's attack signal intelligence platform uses AI to find attacks on networks, identities, clouds and GenAI tools. Learn more at vectra.ai/showme.
All links and images for this episode can be found on CISO Series. This week's episode was recorded in front of a live audience in Seattle as part of the National Cybersecurity Alliance's event Convene. Recording is hosted by me, David Spark (@dspark), producer of CISO Series and Nicole Ford, SVP and CISO, Nordstrom. Joining us is guest, Varsha Agrawal, head of information security, Prosper Marketplace. In this episode: Who guards the AI guardrails? What should security awareness training look like? The authentication point of failure Uncommon sense Thanks to our podcast sponsors, KnowBe4, Proofpoint, and Vanta! KnowBe4's PhishER Plus is a lightweight SOAR platform that streamlines threat response for high-volume, potentially malicious emails reported by users. It automatically prioritizes messages, helping InfoSec and Security Operations teams quickly address the most critical threats, reducing inbox clutter and enhancing overall security efficiency. Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations' greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber-attacks. Whether you're starting or scaling your security program, Vanta helps you automate compliance across SOC 2, ISO 27001, and more. Streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies use Vanta to manage risk and prove security.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is Kush Sharma, Director Municipal Modernization & Partnerships, Municipal Information Systems Association, Ontario (MISA Ontario). In this episode: Your first security hire Moving beyond the basics with critical infrastructure Untangling the Gordian Knot of municipal cybersecurity Starting from square one Thanks to our podcast sponsor, Material Security! Material Security is a multi-layered email threat detection & response toolkit designed to stop attacks and reduce the threat surface across all of Microsoft 365 and Google Workspace. Learn more at material.security.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is Bethany De Lude, CISO, the Carlyle Group. In this episode: CISOs as storytellers Grinding a CISO's gears An evolving role Earning trust with vendors Thanks to our podcast sponsor, Scrut Automation! Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Our best-in-class features like process automation, AI, and 75+ native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit www.scrut.io to learn more or schedule a demo.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is Ty Sbano, CISO, Vercel. In this episode: Perception is the reality for insider threats Coaching rather than shaming Working to make DevOps redundant Fixing a strained relationship Thanks to our podcast sponsor, Backslash! Backslash Security is your modern AppSec solution, focusing on what truly matters—real risks. Gain clear visibility into your applications and fix only the code and open-source software that's actually in use, making your AppSec smarter and more efficient. Learn more at https://www.backslash.security/.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is Fredrick Lee (Flee), CISO, Reddit. In this episode: The case for the technical CISO Making Recall safe for business The aches and pains of cybersecurity hiring Leveling up municipal cybersecurity Thanks to our podcast sponsor, ThreatLocker! ThreatLocker® is a global leader in Zero Trust endpoint security offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is Justin Somaini, partner, YL Ventures. In this episode: The startup balancing act Giving back is its own reward When to pen test Getting ahead with generative AI policy Thanks to our podcast sponsor, Vanta! Whether you're starting or scaling your security program, Vanta helps you automate compliance across SOC 2, ISO 27001, and more. Streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies use Vanta to manage risk and prove security.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is Patti Titus, CISO, Booking Holdings. In this episode: Defense vs. Resilience Communication is on par with mitigation Preparing like its post-quantum The challenges and opportunities of diversity Thanks to our podcast sponsor, Cyera! Cyera's AI-powered data security platform gives companies visibility over their sensitive data, context over the risk it represents, and actionable, prioritized remediation guidance. As a cloud-native, agentless platform, Cyera provides holistic data security coverage across SaaS, PaaS, IaaS and on-premise environments. Visit www.cyera.io to learn more.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Steve Zalewski. Joining us is our sponsored guest, Amir Khayat, CEO and co-founder, Vorlon Security. In this episode: The evolving challenges of incident response Repetition isn't always the mother of automation Third-party APIs, first-party risk You know what they say when you assume something Thanks to our podcast sponsor, Vorlon Security! Vorlon helps organizations take back control of their data by providing continuous visibility of sensitive data shared via API across third-party applications. Know what data goes where, when, and how between third-party apps with external threat intelligence. Reduce the complexity of investigating and responding to third-party security incidents with Vorlon.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest, Danny Jenkins, CEO, ThreatLocker. In this episode: The limits of zero-trust Pentesting for SMBs An ounce of prevention is worth a pound of response The cream of the security crop Thanks to our podcast sponsor, ThreatLocker! ThreatLocker® is a global leader in Zero Trust endpoint security offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our sponsored guest, Abhishek Agrawal, CEO and co-founder, Material Security. In this episode: What does defense in depth look like in the cloud? Collaborating on insider risk Email is a vector and a target Understand risk during an IPO Thanks to our podcast sponsor, Material Security! Material Security is a multi-layered email threat detection & response toolkit designed to stop attacks and reduce the threat surface across all of Microsoft 365 and Google Workspace. Learn more at material.security.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is Jana Moore, CISO, Belron. In this episode: SEC disclosure rules require cyber readiness Breaking up the “boys club” Building a threat intelligence ecosystem Blending InfoSec communities and careers Thanks to our podcast sponsor, Vanta! Whether you're starting or scaling your security program, Vanta helps you automate compliance across SOC 2, ISO 27001, and more. Streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies use Vanta to manage risk and prove security.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest, Jason Clark, chief strategy officer, Cyera. In this episode: Does AI require new security measures? Meeting the new SEC requirements Empowerment through data security Upskilling with Gen AI? Thanks to our podcast sponsor, Cyera! Cyera's AI-powered data security platform gives companies visibility over their sensitive data, context over the risk it represents, and actionable, prioritized remediation guidance. As a cloud-native, agentless platform, Cyera provides holistic data security coverage across SaaS, PaaS, IaaS and On-premise environments. Visit www.cyera.io to learn more.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our guest and winner of Season 2 of Capture the CISO, Russell Spitler, CEO and co-founder, Nudge Security. In this episode: The Gordian knot of EDR Can we keep up with patching? Making AI practical Standardization or granularity? Thanks to our podcast sponsor, ThreatLocker! ThreatLocker® is a global leader in Zero Trust endpoint security offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest, Allan Alford, CISO, Eclypsium. In this episode: Evolving public-private partnerships New technology, but not a new challenge Securing the hidden layers of the supply chain Balancing usability and control Thanks to our podcast sponsor, Eclypsium Eclypsium is helping enterprises and government agencies mitigate risks to their infrastructure from complex technology supply chains. Our cloud-based and on-premises platform provides digital supply chain security for software, firmware and hardware in enterprise infrastructure. Get started today at eclypsium.com/spark.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our guest, Ryan Bachman, evp and global CISO, GM Financial. In this episode: A changing of the executive guard? Playing nice with cyber insurance What does leadership want out of a CISO? Who does a CISO call first? Thanks to our podcast sponsor, Vanta Whether you're starting or scaling your security program, Vanta helps you automate compliance across SOC 2, ISO 27001, and more. Streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies use Vanta to manage risk and prove security.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is my guest, Aamir Niazi, executive director and CISO, SMBC Capital Markets. In this episode: Communicating security accomplishments Spotting red flags in an interview What does offensive security look like today? Where Gen AI is fitting into cybersecurity Thanks to our podcast sponsor, Cyera Cyera's AI-powered data security platform gives companies visibility over their sensitive data, context over the risk it represents, and actionable, prioritized remediation guidance. As a cloud-native, agentless platform, Cyera provides holistic data security coverage across SaaS, PaaS, IaaS and On-premise environments. Visit www.cyera.io to learn more.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is Steve Zalewski, co-host, Defense in Depth. Recorded live at BSidesSF. In this episode: Are companies taking the air out of the open source balloon? What's broken about cybersecurity hiring? Do we need minimum requirements for cybersecurity knowledge in sales? Thanks to our podcast sponsors, Devo, Eclypsium & NetSPI Devo replaces traditional SIEMs with a real-time security data platform. Devo's integrated platform serves as the foundation of your security operations and includes data-powered SIEM, SOAR, and UEBA. AI and intelligent automation help your SOC work faster and smarter so you can make the right decisions in real-time. Eclypsium is helping enterprises and government agencies mitigate risks to their infrastructure from complex technology supply chains. Our cloud-based and on-premises platform provides digital supply chain security for software, firmware and hardware in enterprise infrastructure. Get started today at eclypsium.com/spark. NetSPI ASM continuously scans your external perimeter to identify, inventory, and reduce risk to both known and unknown assets. It blends scanning methodology with our consultants' human intelligence to identify previously undiscovered data sources and vulnerabilities so you can remediate what matters most.