Defense in Depth

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Howard Holton, COO, Gigaom. Joining us is our sponsored guest, Rob Allen, chief product officer at ThreatLocker. In this episode:  Reinforcing zero trust Focus on effectiveness Understanding zero trust limitations What's next Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is Jay Jay Davey, vp of cyber security operations, Planet.  In this episode: Aligning incentives The realities of the job Delivering ROI Holistic cybersecurity Thanks to our sponsor, Backslash Security Backslash offers a new approach to application security by creating a digital twin of your application, modeled into an AI-enabled App Graph. It categorizes security findings by business process, filters “triggerable” vulnerabilities, and simulates the security impact of updates. Backslash dramatically improves AppSec efficiency, eliminating legacy SAST and SCA frustration. Learn more at www.backslash.security.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Eric Gold, chief evangelist, BackSlash. In this episode: Start with the culture Moving AppSec to a higher level A strategy for security Maturing the basics Thanks to our sponsor, Backslash Security Backslash offers a new approach to application security by creating a digital twin of your application, modeled into an AI-enabled App Graph. It categorizes security findings by business process, filters “triggerable” vulnerabilities, and simulates the security impact of updates. Backslash dramatically improves AppSec efficiency, eliminating legacy SAST and SCA frustration.  

All links and images for this episode can be found on CISO Series. Check out this post from Jerich Beason, CISO at WM, for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Dan Walsh, CISO, Datavant. Joining us is Rinki Sethi, vp and CISO, BILL. In this episode: You need a solid foundation A lot depends on the role Underappreciated skills Structures and frameworks Huge thanks to our sponsor, Recorded Future Every day, security teams face an impossible challenge: sorting through millions of threats, each potentially critical. But somewhere in that noise are the signals you can't afford to miss. Recorded Future's gives you the power to outpace AI-driven threats through intelligence tuned specifically to your needs, enabling you to act with precision. Their advanced AI detects patterns human eyes might miss, while their experts provide context that machines alone cannot. Visit recordedfuture.com to learn more about securing what matters to your business.

All links and images for this episode can be found on CISO Series. Check out this post from Caleb Sima of WhiteRabbit for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Alex Hutton, CISO, Atlantic Union Bank. In this episode: The race to differentiate  Don't blame Gartner Simplifying is complicated Seeking connection Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.  

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Jason Elrod, CISO, MultiCare Health System. Joining us is our sponsored guest, Nick Muy, CISO, Scrut Automation. In this episode: Supercharging teams Shifting to proactive A unique opportunity A human in the legal loop HUGE thanks to our sponsor, Scrut Automation Scrut Automation empowers compliance and risk teams of all sizes to build enterprise-grade security programs effortlessly. With powerful automation, AI-driven efficiencies, and seamless integrations, Scrut eliminates compliance debt and enables proactive risk management—helping your business stay secure as it scales. Visit www.scrut.io to learn more or schedule a demo.

All links and images for this episode can be found on CISO Series. Check out this post by Tallis Jordan of the U.S. Army Cyber Command for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is Montez Fitzpatrick, CISO, Navvis. In this episode: Start with foundations Learning to learn Don't get hustled Building a pipeline HUGE thanks to our sponsor, Scrut Automation Scrut Automation empowers compliance and risk teams of all sizes to build enterprise-grade security programs effortlessly. With powerful automation, AI-driven efficiencies, and seamless integrations, Scrut eliminates compliance debt and enables proactive risk management—helping your business stay secure as it scales. Visit www.scrut.io to learn more or schedule a demo.

All links and images for this episode can be found on CISO Series. Check out this post from Yaron Levi for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining us is Yaron Levi, CISO, Dolby. In this episode: A knowledge deficit Talk is cheap What's the difference? Answer the preliminaries HUGE thanks to our sponsor, Scrut Automation Scrut Automation empowers compliance and risk teams of all sizes to build enterprise-grade security programs effortlessly. With powerful automation, AI-driven efficiencies, and seamless integrations, Scrut eliminates compliance debt and enables proactive risk management—helping your business stay secure as it scales. Visit www.scrut.io to learn more or schedule a demo.

All links and images for this episode can be found on CISO Series. Check out this post by Rachel Bicknell of Dell Technologies quoting Mic Merritt of Merritt Collective for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Jimmy Sanders, president, ISSA International. Joining them is Ngozi Eze, CISO, Levi Strauss.   In this episode: Stop the unicorn hunt Job post inflation Structural misalignment We've got to do better Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Howard Holton, CTO, GigaOm. Joining us is Francis Odum, founder, Software Analyst Cybersecurity Research. In this episode: Rebalancing the SOC The case for consolidation It comes down to data Concentric cycles Thanks to our podcast sponsor, Palo Alto Networks Cortex Cloud, the next generation of Prisma Cloud, merges best-in-class CDR with industry-leading CNAPP for real-time cloud security. Harness the power of AI and automation to prioritize risks with runtime context, enable remediation at scale, and stop attacks as they occur. Bring together your cloud and SOC on the unified Cortex platform to transform end-to-end operations. Experience the future of real-time cloud security at https://www.paloaltonetworks.com/cortex/cloud.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Lee Parrish, CISO, Newell Brands. Joining us is David Tyburski, vp of information security and CISO, Wynn Resorts. In this episode: CISOs need to stick around Culture forward CISOs need support This isn't always about budget  Thanks to our podcast sponsor, Palo Alto Networks! Cortex Cloud, the next generation of Prisma Cloud, merges best-in-class CDR with industry-leading CNAPP for real-time cloud security. Harness the power of AI and automation to prioritize risks with runtime context, enable remediation at scale, and stop attacks as they occur. Bring together your cloud and SOC on the unified Cortex platform to transform end-to-end operations. Experience the future of real-time cloud security at https://www.paloaltonetworks.com/cortex/cloud.  

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Elad Koren, vp, product management, Cortex Cloud, Palo Alto Networks. In this episode: Context drives the decision A full-spectrum understanding Think practical The long play Thanks to our podcast sponsor, Palo Alto Networks Cortex Cloud, the next generation of Prisma Cloud, merges best-in-class CDR with industry-leading CNAPP for real-time cloud security. Harness the power of AI and automation to prioritize risks with runtime context, enable remediation at scale, and stop attacks as they occur. Bring together your cloud and SOC on the unified Cortex platform to transform end-to-end operations. Experience the future of real-time cloud security at https://www.paloaltonetworks.com/cortex/cloud.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and DJ Schleen, former distinguished security architect, Yahoo. Joining us is our sponsored guest Heath Renfrow, co-founder, Fenix24. In this episode: Get creative Shift the focus of backups Failing the test Moving beyond false hope Thanks to our podcast sponsor, Fenix24 You've invested in cybersecurity, but can your business recover when it counts? The Securitas Summa program from the Conversant Group combines resistance, managed protection, and rapid recovery to minimize downtime and restore operations faster than anyone else. Resilience isn't optional. Click to see how it works.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Andrew Wilder, CISO, Vetcor. In this episode: It comes down to growth Maintenance mode is anything but simple An asymmetric arrangement Integrating with the business  Thanks to our podcast sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us Sneha Parmar, information security officer, Lufthansa Group Digital Hangar. In this episode: Build the foundation Building at scale Excelling at boring Knowing what you've got is half the battle Thanks to our podcast sponsor, Fenix24 You've invested in cybersecurity, but can your business recover when it counts? The Securitas Summa program from the Conversant Group combines resistance, managed protection, and rapid recovery to minimize downtime and restore operations faster than anyone else. Resilience isn't optional. Click to see how it works.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining us is Gaurav Kapil, CISO, Bread Financial. In this episode: It helps to have a vision The benefit of planning It's never too early to start Don't make rash decisions Thanks to our podcast sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images for this episode can be found on CISO Series. Check out this post by Marc Ashworth, CISO at First Bank for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Shawn Bowen, vp, deputy CISO - Gaming, Microsoft. Joining us is Ken Athanasiou, CISO, VF Corporation. In this episode: Frustration is a two-way street Sales is data driven Give customers the tools they need Start a conversation Thanks to our podcast sponsor, Noma Security Secure your entire Data & AI Lifecycle—from development to production and classic data engineering to GenAI. Noma's full-lifecycle platform delivers seamless protection against risks like misconfigured data pipelines, malicious models, and adversarial AI attacks, empowering AppSec teams with complete visibility, security, and compliance—without disrupting data and AI teams' workflows.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: The promise and perils of LLMs A boon for defenders Raising the bar Muddying the waters Thanks to our podcast sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Ross Young, CISO-in-residence, Team8, and Jeroen Schipper, CISO, Gemeente Den Haag. In this episode: Creating authority Don't reinvent the wheel Accountable for quality Make the distinction clear Thanks to our podcast sponsor, Fenix24 You've invested in cybersecurity, but can your business recover when it counts? The Securitas Summa program from the Conversant Group combines resistance, managed protection, and rapid recovery to minimize downtime and restore operations faster than anyone else. Resilience isn't optional. Click to see how it works.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode  co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Itai Tevet, CEO, Intezer. In this episode: Build for what you can handle Rethinking alerts Building trust into your system Seeing the bigger picture Thanks to our podcast sponsor, Intezer Intezer's AI-driven solution automates alert triage and investigations, cutting through the noise to highlight serious threats. By integrating with your security tools, it escalates only 4% of alerts for fast remediation, helping SOC teams focus on what matters. Learn more at intezer.com today!

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining us is Yaron Levi, CISO, Dolby. In this episode: You can't manage what you don't know you have Vulnerability management doesn't have an endpoint This is about tradeoffs A unique approach Thanks to our podcast sponsor, Intezer Intezer's AI-driven solution automates alert triage and investigations, cutting through the noise to highlight serious threats. By integrating with your security tools, it escalates only 4% of alerts for fast remediation, helping SOC teams focus on what matters. Learn more at intezer.com today!

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Dan Walsh, CISO, Paxos. Joining us is Sharon Milz, CISO, Time. In this episode: A vicious cycle Not all training is created equal Don't forget the human factor We can still define success Thanks to our podcast sponsor, Intezer Intezer's AI-driven solution automates alert triage and investigations, cutting through the noise to highlight serious threats. By integrating with your security tools, it escalates only 4% of alerts for fast remediation, helping SOC teams focus on what matters. Learn more at intezer.com today!

All links and images for this episode can be found on CISO Series. Check out these posts for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Ross Haleliuk, author, Venture in Security. Be sure to check out Ross's podcast, Inside the Network, and his book Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup. In this episode: A market response to industry failure Is this a business or a feature? The economics of startups Practicality over novelty Thanks to our podcast sponsor, Nudge Security Manage SaaS security and governance at scale with Nudge Security. Discover all SaaS accounts ever created by anyone in your org on Day One, including genAI tools. Surface identity security risks and resolve them with automated playbooks. Start your free 14-day trial today.

All links and images for this episode can be found on CISO Series. Check out these posts for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is Allan Cockriel, group CISO, Shell. In this episode: Striking a balance  Will we see a talent exodus? Playing by the same rules This is an organizational responsibility Thanks to our podcast sponsor, SpyCloud Cybercrime doesn't take breaks. Protect your organization from ransomware, account takeover, and online fraud with SpyCloud. SpyCloud recaptures stolen identity data from breaches, infostealer malware, and phishing attacks that put your business at risk. Teams use SpyCloud's advanced analytics and powerful automation to stay ahead of attackers. Visit spycloud.com for your free risk report and start disrupting cybercrime today.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest Karthik Krishnan, founder and CEO, Concentric AI. In this episode: Meet the new risk, same as the old risk Understanding where your risks are coming from Identifying best practices Know what you're getting into Thanks to our podcast sponsor, Concentric AI Concentric AI's DSPM solution automates data security, protecting sensitive data in real-time. Our AI-driven solution identifies, classifies, and secures on-premises and cloud data to reduce risk across your enterprise. Seamlessly integrated with tools like Microsoft Copilot, Concentric AI empowers your team to innovate securely and maintain compliance all while eliminating manual data protection tasks. Ready to put RegEx and trainable classifiers in the rear view mirror? Contact Concentric AI today! 

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Damon Fleury, chief product officer, SpyCloud. In this episode: A holistic view Adding sophistication to identity Your employees can help Cracking the code Thanks to our podcast sponsor, SpyCloud Cybercrime doesn't take breaks. Protect your organization from ransomware, account takeover, and online fraud with SpyCloud. SpyCloud recaptures stolen identity data from breaches, infostealer malware, and phishing attacks that put your business at risk. Teams use SpyCloud's advanced analytics and powerful automation to stay ahead of attackers. Visit spycloud.com for your free risk report and start disrupting cybercrime today.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Joe Lewis, CISO, CDC. In this episode: Don't underestimate the quality of life benefits We're still learning What is the case for return-to-office? Moving past gimmicks Thanks to our podcast sponsor, SpyCloud Cybercrime doesn't take breaks. Protect your organization from ransomware, account takeover, and online fraud with SpyCloud. SpyCloud recaptures stolen identity data from breaches, infostealer malware, and phishing attacks that put your business at risk. Teams use SpyCloud's advanced analytics and powerful automation to stay ahead of attackers. Visit spycloud.com for your free risk report and start disrupting cybercrime today.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Shawn Bowen, VP and deputy CISO - Gaming, Microsoft. Joining us is Adam Fletcher, CSO, Blackstone. In this episode: Neglected tools drain resources Who's to blame? Technology is the last step Buying tools to solve business problems Thanks to our podcast sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Shawn Bowen, VP, Deputy CISO - Gaming, Microsoft. Joining us is Patty Ryan, senior director, CISO, QuidelOrtho. In this episode: Recognizing humanity Death by a thousand meetings What are we looking for? Find your value Thanks to our podcast sponsor, GitGuardian GitGuardian is a Code Security Platform that caters to the needs of the DevOps generation. It provides a wide range of code security solutions, including Secrets Detection, Infra as Code Security, and Honeytoken, all in one place. A leader in the market of secrets detection and remediation, its solutions are already used by hundreds of thousands of developers in all industries. Try now gitguardian.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Davi Ottenheimer, vp, trust and digital ethics, Inrupt. Sir Tim Berners-Lee co-founded Inrupt to provide enterprise-grade software and services for the Solid Protocol. You can find their open positions here. In this episode: LLMs lack integrity controls A valid criticism Doubts in self-policing AI New tech, familiar problems  Thanks to our podcast sponsor, Concentric AI Concentric AI's DSPM solution automates data security, protecting sensitive data in real-time. Our AI-driven solution identifies, classifies, and secures on-premises and cloud data to reduce risk across your enterprise. Seamlessly integrated with tools like Microsoft Copilot, Concentric AI empowers your team to innovate securely and maintain compliance all while eliminating manual data protection tasks. Ready to put RegEx and trainable classifiers in the rear view mirror? Contact Concentric AI today!

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Dennis Pickett, vp, CISO, Westat. In this episode: Not all education requires tests Understand your users Building reflexes An ounce of prevention Thanks to our podcast sponsor, Concentric AI Concentric AI's DSPM solution automates data security, protecting sensitive data in real-time. Our AI-driven solution identifies, classifies, and secures on-premises and cloud data to reduce risk across your enterprise. Seamlessly integrated with tools like Microsoft Copilot, Concentric AI empowers your team to innovate securely and maintain compliance all while eliminating manual data protection tasks.  Ready to put RegEx and trainable classifiers in the rear view mirror? Contact Concentric AI today!

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Russell Spitler, CEO and co-founder, Nudge Security. In this episode: Defining responsibilities Understanding the problem A different role for security Focus on the data Thanks to our podcast sponsor, Nudge Security Get a full inventory of all SaaS accounts ever created by anyone in your org, in minutes, along with automated workflows to scale SaaS security and governance. No agents, browser plug-ins or network changes required. Start today with a free 14-day trial.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our guest, Adam Arellano, vp, enterprise cybersecurity, PayPal. In this episode: Accounting for mindset The importance of ethics A matter of incentives Understanding what is teachable Thanks to our podcast sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Nick Muy, CISO, Scrut Automation. In this episode: Segment and test Focus on you Embrace the risk lifecycle Not all vendors are the same Thanks to our podcast sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Our best-in-class features like process automation, AI, and 75+ native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit www.scrut.io to learn more or schedule a demo.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Sherron Burgess, CISO, BCD Travel. In this episode: Disingenuous claims rub everyone the wrong way.  Don't put the CISO behind the 8-ball The sales hustle They didn't understand the assignment Thanks to our podcast sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Our best-in-class features like process automation, AI, and 75+ native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit www.scrut.io to learn more or schedule a demo.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and John Underwood, vp, information security, Big 5 Sporting Goods. Joining us is our guest, Mike Lockhart, CISO, EagleView. In this episode: Marketing versus strategy A distinction without a difference? Terminology follows function Security convergence  Thanks to our podcast sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Our best-in-class features like process automation, AI, and 75+ native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit www.scrut.io to learn more or schedule a demo.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is our sponsored guest Rob Allen, chief product officer, ThreatLocker. In this episode: Can you retrofit zero trust? The business case for deny by default Seizing an opportunity Zero trust doesn't stand alone Thanks to our podcast sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Bil Harmer, operating partner and CISO, Craft Ventures. In this episode: A time and a place for Field CISOs This isn't a new role Consulting the Field CISO Words mean things Thanks to our podcast sponsor, Cyera Cyera's AI-powered data security platform gives companies visibility over their sensitive data, context over the risk it represents, and actionable, prioritized remediation guidance.
 As a cloud-native, agentless platform, Cyera provides holistic data security coverage across SaaS, PaaS, IaaS and On-premise environments. Visit www.cyera.io to learn more.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Jim Bowie, CISO, Tampa General Hospital. In this episode: The goal is to connect to the business The hard truth about soft skills Balancing risk Looking beyond communication Thanks to our podcast sponsor, SeeMetrics SeeMetrics automates cybersecurity metrics programs, continuously measuring and helping prioritize risks based on context. SeeMetrics unifies siloed data from your security stack and offers hundreds of ready-to-use metrics. Once connected with SeeMetrics, security teams reduce risk, minimize exposure and optimize performance while eliminating tedious repetitive manual work. Ready to automate your security programs? start connecting your environment at seemetrics.co

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Christina Shannon, CIO, KIK Consumer Products. Joining us is Andrew Cannata, CISO, Primo Water. In this episode: The lure of an IPO is debatable Does an IPO make you a target or just more vulnerable? M&A changes your context Ambiguity creates risk Thanks to our podcast sponsor, Cyera Cyera's AI-powered data security platform gives companies visibility over their sensitive data, context over the risk it represents, and actionable, prioritized remediation guidance.
 As a cloud-native, agentless platform, Cyera provides holistic data security coverage across SaaS, PaaS, IaaS and On-premise environments. Visit www.cyera.io to learn more.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Shirley Salzman, CEO and co-founder, SeeMetrics. In this episode: Finding the purpose in metrics Using metrics to answer business questions Speaking to your audience Communication is a two-way street Thanks to our podcast sponsor, SeeMetrics SeeMetrics automates cybersecurity metrics programs, continuously measuring and helping prioritize risks based on context. SeeMetrics unifies siloed data from your security stack and offers hundreds of ready-to-use metrics. Once connected with SeeMetrics, security teams reduce risk, minimize exposure and optimize performance while eliminating tedious repetitive manual work. Ready to automate your security programs? start connecting your environment at seemetrics.co.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is our sponsored guest, Adam Bateman, CEO, Push Security. The SaaS attacks matrix community resource mentioned by Adam in the episode can be found here. Editorial note: Geoff Belknap is an advisor to Push Security. In this episode: Where are we going wrong Finding the missing pieces  Protecting an expanding border It starts with understanding risk Thanks to our podcast sponsor, Push Security Prevent, detect and respond to identity attacks using Push Security's browser agent. Enable Push's out-of-the-box controls or integrate Push with your SIEM, XDR and SOAR. Block phishing attacks, detect session hijacking and stop SSO passwords being exposed. Find out what else the Push browser agent can do at pushsecurity.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Lamont Orange, CISO, Cyera. In this episode: The data security check has come due Putting data security at the heart of defense in depth  Automation is key You need to know what you're protecting Thanks to our podcast sponsor, Cyera Cyera's AI-powered data security platform gives companies visibility over their sensitive data, context over the risk it represents, and actionable, prioritized remediation guidance.
 As a cloud-native, agentless platform, Cyera provides holistic data security coverage across SaaS, PaaS, IaaS and On-premise environments. Visit www.cyera.io to learn more.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Christina Shannon, CIO, KIK Consumer Products. Joining us is our guest, Tomer Gershoni, CSO, Zoominfo. In this episode: Moving beyond technology The art of a CISO CISOs always operate in context Elevating the CISO conversation Thanks to our podcast sponsor, SeeMetrics SeeMetrics automates cybersecurity metrics programs, continuously measuring and helping prioritize risks based on context. SeeMetrics unifies siloed data from your security stack and offers hundreds of ready-to-use metrics. Once connected with SeeMetrics, security teams reduce risk, minimize exposure and optimize performance while eliminating tedious repetitive manual work. Ready to automate your security programs? start connecting your environment at seemetrics.co

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Yaron Levi, CISO, Dolby. Joining us is our guest, Neil Watkins, svp technology and cybersecurity services, i3 Verticals. In this episode: Visibility doesn't matter without context Not all visibility is created equal Don't forget to bring people into the loop Remediation doesn't scale with more visibility Thanks to our podcast sponsor, GitGuardian GitGuardian is a Code Security Platform that caters to the needs of the DevOps generation. It provides a wide range of code security solutions, including Secrets Detection, Infra as Code Security, and Honeytoken, all in one place. A leader in the market of secrets detection and remediation, its solutions are already used by hundreds of thousands of developers in all industries. Try now gitguardian.com

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Sasha Pereira, vp of infrastructure and CISO, WASH. In this episode: Is working the help desk a great place to get entry level cyber security skills? So why is it so often overlooked or even looked down upon?  What kind of experience do you need? What is the ideal path to break into the cybersecurity industry? Thanks to our podcast sponsor, Push Security! Prevent, detect and respond to identity attacks using Push Security's browser agent. Enable Push's out-of-the-box controls or integrate Push with your SIEM, XDR and SOAR. Block phishing attacks, detect session hijacking and stop SSO passwords being exposed. Find out what else the Push browser agent can do at pushsecurity.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our guest, Russ Ayers, svp of cyber & deputy CISO, Equifax. In this episode: Are we  seeing AI and LLM rapidly push into what was science fiction into production? What happens as our ability to generate realistic sound, video, and images opens the obvious door for indistinguishable fakes from the real thing?  How do we keep up as security professionals? What are the security implications for this tech hitting the consumer market? Thanks to our podcast sponsor, Sonrai Security A one-click solution that removes excessive permissions and unused services, quarantines unused identities, and restricts specific regions within the cloud. Later, maintain this level of security by automatically enforcing policies as new accounts, roles, permissions, and services are added to your environment. Start a free trial today! sonrai.co/ciso

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Vivek Ramachandran, founder, SquareX. In this episode: Are secure web gateways still an effective tool in the enterprise? As the browser has changed a lot in the last decade, are Secure Web Gateways - SWGs still keeping up?  Why is this a problem? Does anyone have a better solution? Thanks to our podcast sponsor, SquareX SquareX helps organizations detect, mitigate and threat-hunt web attacks happening against their users in real-time, including but not limited to malicious sites, files, scripts, and networks. Find out more at sqrx.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest Richard Stiennon, chief research analyst, IT-Harvest. In this episode: In this episode: Why do so many vendors claim to offer zero-trust solutions? Is that framework even applicable to some product categories?  Do your eyes roll when you hear "zero trust solution"? What do most people think it is, and what's the reality? Thanks to our podcast sponsor, SquareX SquareX helps organizations detect, mitigate and threat-hunt web attacks happening against their users in real-time, including but not limited to malicious sites, files, scripts, and networks. Find out more at sqrx.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our sponsored guest, Sandy Bird, co-founder and CTO, Sonrai Security. In this episode: Why does scaling least privilege in the cloud remain challenging? Is throwing more people at the problem feasible?  How are you managing it? What aspects haven't been considered? Thanks to our podcast sponsor, Sonrai Security A one-click solution that removes excessive permissions and unused services, quarantines unused identities, and restricts specific regions within the cloud. Later, maintain this level of security by automatically enforcing policies as new accounts, roles, permissions, and services are added to your environment. Start a free trial today! sonrai.co/ciso

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Emily Heath, general partner, Cyberstarts. In this episode: How do CISOs feel about sales pitches? Do they have legitimate complaints? When do these legitimate complaints cross the line to sounding entitled? Do CISOs need to show a little more empathy to sales? Thanks to our podcast sponsor, SquareX SquareX helps organizations detect, mitigate and threat-hunt web attacks happening against their users in real-time, including but not limited to malicious sites, files, scripts, and networks. Find out more at sqrx.com.