The New CISO

In this episode of The New CISO, host Steve Moore speaks with Keith Price, Chief Security Officer at National Highways, about the evolving responsibilities of modern security leaders and the critical role of convergence between cyber, physical, and people security.Keith shares real-world stories from his work protecting England's strategic road network—used by over four million people daily—and explains why understanding both legacy infrastructure and cutting-edge technology is essential for building a resilient security strategy. From managing insider threats and recovering stolen radar equipment to championing mental health and developing junior talent, Keith offers a holistic approach to leadership in critical infrastructure.Key Topics Covered:How converging physical, cyber, and personnel security leads to stronger protectionReal-life insider threat examples—and how sensors helped prevent major damageThe challenge of managing decades-old asset tracking systems across regionsWhy availability and integrity of data now outweigh confidentiality in certain sectorsHow Keith's team detected stolen highway radar for sale on eBayThe importance of empathetic leadership and supporting mental health in security teamsHow "Cyber Coffee" sessions create safe spaces for vulnerability and connectionUpskilling IT staff into cybersecurity roles through “pay-it-forward” learningThe case for offering security-as-a-service to small but critical supply chain partnersKeith's insights reveal why successful security leadership requires more than just technical knowledge—it demands communication, humility, and a deep understanding of human behavior. This conversation is a must-listen for any security professional working to bridge silos and lead with impact.

In this episode of The New CISO, host Steve Moore speaks with Ben, Director of Group Security and Architecture at Bilfinger, about the role of self-awareness, confidence, and communication in effective cybersecurity leadership.Ben shares his unconventional path to becoming a CISO, how he applies the “done is better than perfect” philosophy, and why embracing vulnerability, curiosity, and creativity is key to building strong teams. From baking sourdough to producing his own podcast, Ben highlights how personal passions can shape professional growth.Key Topics Covered:Why done is better than perfect can be a strength—not a flaw—in cybersecurityThe surprising connection between baking sourdough and fostering security cultureHow Ben's podcast, Infosec Theater, educates non-technical audiences using humor and storytellingThe creative interview question he uses to gauge mindset: “If cybersecurity were an animal, what would it be?”Why hiring for attitude and resilience beats hiring for experience aloneHow podcasting sharpened his ability to listen, simplify, and leadBen also emphasizes the importance of recognizing your own strengths and surrounding yourself with people who balance them out. His perspective offers actionable takeaways for CISOs and security professionals seeking to grow into thoughtful, human-centered leaders.

In this episode of The New CISO, host Steve Moore talks with Nithin Reddy, Global VP of Cybersecurity at Dayforce, about how his dual roles in cybersecurity leadership and education shape his approach to building stronger, smarter teams.Nithin reveals how teaching cybersecurity not only amplifies his impact but also sharpens his communication and leadership skills. From protecting millions of users' data to mentoring students and influencing curriculum design, he shares why simplifying complex ideas is the key to inspiring both executives and future security professionals.The conversation explores:The link between teaching and leadership growthHow to manage stress in high-stakes security operations—and tell the difference between “good” and “bad” stressDayforce's in-house employee risk scoring model and the power of just-in-time access controlsThe impact of generative AI on phishing threats and how awareness training must evolveA real-life story of using a fake $200 gift card to teach conference-goers a lesson on social engineeringWhether you're leading a SOC or standing at the front of a classroom, this episode is a masterclass in turning knowledge into influence—and purpose into performance.

In this episode of The New CISO, host Steve Moore speaks with Rich Durost, Chief Information Security Officer at Froedtert ThedaCare Health, about his journey from West Point cadet to cybersecurity leader—and what slicing cake has to do with building effective security programs.Drawing from 23 years in the military and over 15 years in cybersecurity, Rich shares how discipline, preparation, and teamwork—skills first sharpened during plebe year dessert duty—translate directly into the responsibilities of a CISO. He reflects on the shift from tactical to strategic thinking, the value of mentoring deputies, and why authentic leadership and relationship-building are vital in today's remote work environment.Rich also explores the unique challenges of healthcare cybersecurity, the importance of aligning with clinical goals, and how CISOs can move from being the "department of no" to strategic business enablers by simply asking “how” instead of “no.”Whether you're a rising security professional or a seasoned executive, you'll gain practical leadership takeaways—and maybe a new appreciation for cake.

In this episode of The New CISO, host Steve Moore sits down with Michael Mendelsohn, CISO at Majesco, to discuss his journey in cybersecurity—from his early days as a software developer to leading security for a major insurance software company.Michael shares insights into the evolving role of a CISO, the intersection of security and technology, and how curiosity and problem-solving have shaped his career. He dives into his experience building Arcus, an early security tool designed for software inventory and patch management, and how grassroots security engineering played a pivotal role in his professional growth.Other key topics include:✅ The changing landscape of cybersecurity leadership✅ The balance between open-source tools and enterprise security solutions✅ AI's impact on security automation and risk management✅ How security leaders can work effectively with legal teams✅ The importance of curiosity, adaptability, and mentorship in a security careerWhether you're a seasoned security professional or an aspiring CISO, this episode offers valuable insights into the challenges and opportunities of leading security in today's rapidly evolving digital landscape.

In this episode of The New CISO, host Steve Moore sits down with Yannick Herrebaut, Cyber Resilience Manager at the Port of Antwerp-Bruges, to explore his unconventional journey from intern to security leader. Yannick shares how his early passion for technology, sparked by gaming and building his own PCs, laid the foundation for his career in cybersecurity.They discuss the importance of strong internship programs, the transition from network engineering to security leadership, and the key lessons learned when stepping into a CISO role for the first time. Yannick also reflects on the challenges of building a security program from scratch and the critical skills needed to lead a growing security team.Key topics include:How internships can shape future cybersecurity leadersThe transition from network engineering to security leadershipThe importance of business alignment in cybersecurityLessons learned in managing a growing security teamAdvice for aspiring CISOs on stepping into leadership roles00:00 - Introduction & Meet Yannick Herrebaut02:30 - From Gaming to Cybersecurity: A Passion for Technology06:30 - Internship at the Port of Antwerp: A Career Launchpad10:00 - The Value of Cybersecurity Internships & Mentorship17:00 - From Network Admin to CISO: A Big Career Leap27:00 - Building a Security Program from Scratch35:00 - Lessons in Leadership & Team Growth45:30 - What It Means to Be a New CISOLinks: LinkedIn

In this insightful episode of The New CISO, host Steve Moore reconnects with Azzam Zahir to explore his career evolution, from cybersecurity leadership to his recent role as a vertical CIO at General Motors. Azzam shares candid reflections on his conscious decision to leave his 12-year tenure, embracing change, and navigating personal growth in leadership roles.Dive into Azzam's inspiring journey as he discusses:Overcoming Career Burnout: How to recognize signs of exhaustion and take proactive steps toward rejuvenation.Navigating Career Pivots: The importance of calculated risks and stepping beyond the traditional boundaries of cybersecurity.Building Trust Through Relationships: Insights on fostering trust and credibility within organizations to facilitate career growth.Maintaining Mental Health: Practical tips on incorporating wellness into demanding careers, from mental health check-ins to daily habits for balance.The Gartner Hype Cycle of Careers: Azzam's unique perspective on managing career highs and lows and knowing when to make a change.This episode is a must-listen for IT and security professionals considering career transitions, aspiring leaders seeking inspiration, or anyone looking to balance professional growth with personal well-being. Tune in to gain actionable advice and deep reflections from a leader who's successfully embraced transformation.0:00 Introduction and Guest Overview1:43 Announcing a Career Change5:54 Transitioning from Cybersecurity to CIO13:03 The Emotional Impact of Cybersecurity Careers22:36 Prioritizing Health and Wellness30:10 The Power of Non-Traditional Thinking35:34 The Gartner Hype Cycle of Careers41:55 Advice for Career TransitionsLinks: LinkedIn

In this insightful episode of The New CISO, host Steve Moore sits down with Sanju Misra, Chief Information Security Officer (CISO) at Alnylam Pharmaceuticals, to explore the pivotal moments that have shaped her impressive career in cybersecurity leadership. Sanju shares her strategies for navigating career transitions, the importance of aligning with a company's mission, and how to identify the right time to move on from a role.Listeners will gain valuable insights into:How Sanju built her career by embracing challenging projects and maintaining authentic professional relationships.The decision-making processes behind her moves from GE to Praxair, and eventually to Alnylam Pharmaceuticals.The evolution of her leadership style from a technical expert to a business risk executive.Why aligning with a company's culture and mission is crucial for long-term success.Tips for aspiring CISOs on taking initiative, growing their networks, and articulating risk in business terms.Sanju's reflections on imposter syndrome, professional growth, and the rewards of working in a patient-focused organization offer both inspiration and practical advice for leaders at every stage of their careers. Tune in to hear her story and discover actionable strategies for thriving as a modern CISO.0:00 - Introduction and Show Overview1:10 - Sanju Misra's Career Path: From GE to Praxair4:00 - Building Security Programs and Leadership Growth6:30 - Navigating Mergers and the Role of Culture10:00 - Transitioning from Technologist to Business Risk Leader15:50 - Career Advice for Aspiring CISOs22:00 - Key Takeaways: Communication and Leadership EvolutionLinks: LinkedIn

In this episode of The New CISO, host Steve Moore is joined by Sanju Misra, CISO and IT Risk Leader at Alnylam Pharmaceuticals. Sanju shares her journey from a college side hustle on a typewriter to becoming a security leader in the pharmaceutical industry. Along the way, she reflects on the importance of taking risks, embracing roles outside of your comfort zone, and the power of transferable skills.Listen to Steve and Sanju discuss career transitions, building diverse teams, and why not checking every box on a job description might be the best career move:00:00 - Meet Sanju06:15 - The Start of a Tech Journey18:30 - Taking the Leap27:00 - Advice for Job Seekers39:45 - Hiring from Within51:15 - Networking and Career GrowthLinks: LinkedIn

Episode summary:In this episode of The New CISO, host Steve Moore welcomes Ryan Shaw, Director of Information Security at Bond Brand Loyalty. Ryan shares his unique journey from working in kitchens and warehousing to becoming a leader in cybersecurity. He reflects on the importance of career change, battling imposter syndrome, and the challenges candidates face in a tough job market where companies often hunt for "unicorn" candidates.Listen to Steve and Ryan discuss the transition into IT security, why hiring practices need to evolve, and the importance of mentorship for both personal and professional growth:00:00 - Ryan Shaw's Journey: From Warehousing to InfoSec Leadership03:00 - Career Pivot: Entering Technology06:00 - Overcoming Imposter Syndrome in IT09:00 - The Importance of Mentorship and Support13:00 - Navigating the Challenges of Job Hunting17:00 - Advice for Better Hiring Practices in Security20:00 - Building Visibility and Breaking Into InfoSec24:00 - What It Means to Be a Security LeaderLinks: LinkedIn

Summary:In this episode of The New CISO, host Steve Moore speaks with Nicola Sotira, Head of CERT at Poste Italiane, about his journey from technical expert to business leader, all while following his dreams. Nicola shares the importance of mentorship, the value of building strong teams, and how he applied a Viking mentality to overcome challenges in his career. Listen in as Nicola reflects on leaving a prestigious role in Italy to embrace new opportunities abroad and what aspiring leaders can learn from his story. Whether you're thinking about making a career change or simply looking for advice on leadership, Nicola's insights will inspire you to take action and move toward your dreams.Listen to Steve and Nicola discuss:00:00 -Nicola Sotira's Career Journey and Mentorship03:37 - Balancing Business and Technical Roles06:40 - Adapting to Technological Disruption08:47 - Taking Risks: Moving to Sweden at Age 4015:12 - Leadership Lessons from Peter: The Viking Mentality18:17 - Hiring and Building a Strong IT Security Team23:23 - Making Work Fun and Following Your Passion28:52 - Advice for Aspiring CISOs: Follow Your DreamsLinks: LinkedIn

Episode Summary: In this episode of The New CISO, host Steve Moore is joined by Nicola Sotira, head of CERT at Poste Italiane. Nicola shares his journey from working on cryptographic devices in the pre-internet era to leading security teams today. His early work with assembly language, hardware security, and cryptanalysis offered unique challenges, but it also taught him the value of persistence, creativity, and mentorship. Steve and Nicola discuss the evolving role of hardware in cybersecurity and the importance of securing the supply chain. Listen in to hear about the lessons Nicola learned from breaking hardware before it was sold and how they continue to inform his approach to security today.Listen to Steve and Nicola discuss the importance of hardware security, debugging code, and supply chain risks:00:00 - Nicola Sotira: Career in Cryptography04:46 - The Realities of Debugging Without Modern Tools07:58 - Key Lessons from Early Hardware Security Work12:43 - The Importance of Hardware in Cybersecurity16:26 - Supply Chain Security Risks and Real-World Examples23:00 - Criminal Collaboration and Emerging Cyber ThreatsLinks: LinkedIn

In this episode of The New CISO, host Steve Moore sits down with Larry Pfeifer, CEO and President of Metrics That Matter, for a deep dive into the evolving role of the CISO and the increasing importance of cybersecurity insurance. Larry offers valuable insights drawn from his unconventional career in cybersecurity, sharing advice for CISOs and entrepreneurs alike. From the need for CISOs to shift from awareness providers to business decision-makers, to the surprising connection between cybersecurity and insurance, this episode is packed with thought-provoking discussions.Listen to Steve and Larry explore the intersection of risk, metrics, and cybersecurity decision-making, and how customer service strategies from the Ritz-Carlton are being applied to improve client relations in cybersecurity.00:00 - Introduction: Board Level Metrics in Cybersecurity01:02 - Larry Pfeifer's Journey in Cybersecurity01:56 - Cybersecurity's Future: Insurance and Risk03:56 - The Challenges of Cybersecurity Insurance08:04 - Key Lessons for CISOs and Risk Management12:00 - Client Management Post-Breach17:30 - Optimizing Cybersecurity Investments21:05 - Entrepreneurship: Realities and AdviceLinks:Larry Pfeifer on LinkedIn

In this episode of The New CISO, host Steve is joined by Larry Pfeifer, CEO and President of Metrics That Matter. Although Larry is not a CISO, he has worked in many adjacent fields, including the US military, university IT research, sales engineering, and more. As a result of his vast experience, Larry has a unique lens on cybersecurity. Listen to the episode to learn more about Larry's fascinating career journey, what salespeople and IT professionals have in common, and why he decided to start his own business.Listen to Steve and Larry discuss what makes working in IT at a university invaluable and when to talk about the vendor selection process:Meet Larry (1:39)As a CEO and entrepreneur, Larry does many different things in his daily life. His professional origins started in his high school Apple IIe classes, and later, he worked with new computer technology in the military. Overall, Larry compares his career journey to Forest Gump, acknowledging the exciting and extensive path he's taken.After Service (6:39)Larry details his next moves after completing his military service. He helped run an educational network at a university, which led to him being interviewed on Leonard Nimoy's technology show.Although there was no position like “CISO” at the time, Larry also led a checkpoint on Salaraboxes, among other cyber-related projects.Sound Advice (11:30)Steve presses Larry on whether it is worthwhile for students to work in education networks at a university. Larry believes that if you have the opportunity, you should take advantage of it. After all, it's high-paying, flexible, and allows you to do real, hands-on work.Becoming an Entrepreneur (15:04)Larry shares how he broke into sales engineering and started working for the Philadelphia Stock Exchange, among other places. He went from a career in IT research to sales engineering to becoming a salesman, adding another layer to his professional skills. He also stresses the importance of discussing vendors and helping his peers determine what they like about their services, what they don't like, and their costs. This interest led him to become the CEO of his own information-sharing business.Building a Brand (26:27)Reflecting on the beginning of his entrepreneurial journey, Larry shares how he worked with potential clients and narrowed in on his focus.Now, Larry is the CEO of a business that serves as a cyber-security platform. To do this job well, he understands the industry thoroughly.The Right Metrics (33:32)Through Metrics That Matters, Larry aims to simplify the cyber-security process by providing information that reports on a business's weak points and what they could do better.Larry's company fills in the technology gaps of CISOs, though he also knows there is no silver bullet to perfect cyber security. You must understand your environment and what your environment needs to secure your business properly.Links:LinkedIn

In this episode of The New CISO, Steve is again joined by guest Grant Lockwood, Comedian, DJ, and the Chief Information Security Officer at Virtus Health. Today, Grant returns to explain how his approach to effective communication has evolved since becoming a security leader. Listen to the episode to learn the difference between safety and security, how stand-up comedy gave Grant an efficient framework for his CISO role, and the importance of having balance outside of work through hobbies.Listen to Steve and Grant discuss how to maintain confidence in work and life and how to optimize your message to make the best first impression: Comedy and Cyber Security (1:34)Steve asks Grant why stand-up comedy has made him a better CISO. To Grant, stand-up helped him learn how to operate in a degraded state, which he finds comparable to dealing with cyber programs.Like when a joke bombs, sometimes the most protected security programs can get hacked. Grant shares why these two mediums are similar and how both have given him the confidence to succeed in challenging situations.Comfort and Confidence (4:12)Grant shares how he determines his stand-up set lists and how to use that to get the audience on his side. He finds these lessons to also help in the workplace and understands the confidence that this framework provides.Studying Delivery (6:45)Grant reflects on the resources he's utilized to become a better comedian, including listening to comedy podcasts. Ultimately, Grant expresses the importance of being economical with words—whether at work or on stage—to become an effective communicator.Good Advice (9:22)Steve presses Grant on what advice he would give his younger self, especially reflecting on his journey from an admin role to where he is now. Grant advises listeners to stay curious and teachable since there is much to learn.He also reveals why people should be well-rounded, T-shaped individuals and how hobbies can provide transferable skills.Getting There (12:31)Reflecting on his career, Grant explains what he meant when he said, “The thing that got you there isn't what will keep you there.” He clarifies how his measures of success have changed as he's learned more about how running a business works.Learning From Community (27:12)As both a comedian and a CISO, Grant explores how the security community could learn from the stand-up comedy community. Both communities are very supportive, but comedy is entirely audience-dependent. Therefore, comedy can teach security professionals to have better communication by “knowing your audience.”The New CISO (19:09)To Grant, being a new CISO means being adaptable, learning both the business and security side, and improving those around you.Links mentioned:LinkedInComedy Podcasts/Resources:Dissecting the FrogThe Comedian's Comedian Podcast

In this episode of The New CISO, Steve is joined by guest Grant Lockwood, Chief Information Security Officer at Virtus Health.After starting his career in an administrative position, Grant found himself getting bored. After being urged by his wife, Grant turned things around and is now a DJ, comedian, and, of course, a successful CISO. Listen to the episode to learn more about Grant's impressive career journey, how to make your content compelling, and the transferable skills from performing comedy.Listen to Steve and Grant discuss how hobbies can make you a better security leader and the importance of adapting to your surroundings:Meet Grant (1:33)Before becoming a CISO, Grant was a health sector chief information officer for a health department. Although his current role is very different, he can see the similarities between the two positions.Before these two roles, Grant had spent years in an administrative position. Not sure what he wanted to do, his wife encouraged him to take up some hobbies, leading him to become a more well-rounded security professional.Being a DJ (7:18)Grant explains what people don't know about being a DJ. He understands that what makes him a strong DJ is that he's good at computers, demonstrating the similarities between cyber security and music.Besides being a stress relief, Grant feels that being a DJ helps him with timing and being present, which he applies to his CISO role.The Funny CISO (11:40)Becoming a stand-up comedian has proven to be a transferable skill set for Grant. He reflects on how comedy helped him with his presentation skills and the ability to compel an audience. Truth to Power (18:55)Steve presses Grant on whether doing comedy has improved his ability to deliver truth to power. Grant understands how stand-up has expanded this skill set because he learned to hold others' attention.Grant also shares his feelings on the “lizard brain” and how this influences how we interact with others. Comedy taps into people's lizard brains because it's an involuntary reaction that can bond us.Being Adaptable (23:18)Grant explains how stand-up forces you to adapt to your environment and use it to your advantage. This mentality also applies to presentations because you can shift gears based on your audience's reaction.When you can adjust your performance to the mood of others, you can hold their attention long enough to communicate your ideas effectively.A Better Training (27:12)If Grant could advise a security training leader, he would suggest they ask themselves, “Would this be entertaining to my mom?” Teaching potential CISOs how to make their work captivating to a wider net will make them better security leaders overall.Links mentioned:LinkedIn

In this episode of The New CISO, host Steve is joined by returning guest Sándor Incze, CISO at CM.com.In part two of his interview, Sándor shares his strategies for boosting team productivity. As a long-time security leader, Sándor understands how to get the best out of his team. Listen to the episode to learn more about the difference between nervousness and excitement, the benefits of his CM model, and how running a cyber security staff is like soccer.Listen to Steve and Sándor discuss how software development is like an F1 race and how to make a candidate confident during an interview:In the Interview (1:33)Sándor and Steve discuss high-stakes, stressful job interviews and how they can make candidates nervous. Although some security professionals are proud to make someone fumble during the interview process, Sándor and Steve share how to bring out the best version of someone to see if they are the right fit.CM Squared (8:56)Sándor shares the CM (or CM Squared) Model, a document he uses when auditing different companies' security systems to find their faults. With this model, Sándor can simplify technologies for business leaders and enhance their protections.Like an F1 Race (15:30)Like F1 racing, Sándor believes software development is a team effort. To help emphasize this metaphor, Sándor explains how different members of security teams mirror the roles of a racing crew.Team Strategies (19:49)When Sándor evaluates his role as a leader, he thinks of his staff as a soccer team. His team needs to score “goals,” and as their “coach,” it is his job to guide them.He also shares his motto, “Do something you like, do something you're good at, and contribute.”The New CISO (27:12)To Sándor, being a new CISO means “keep it simple.” Making things too complicated does not stop cyber crimes. However, learning to talk to each other does.Links:LinkedIn

In this episode of The New CISO, host Steve is joined by guest Sándor Incze, CISO at CM.com.Today, Sándor shares his untraditional path to a dual career in the Infosec and law enforcement industries. Through diligence, initiative, and automation, Sándor has been able to balance both of his life's passions. Listen to the episode to learn more about Sándor's extensive professional journey, the benefits of automation, and how personal interactions can shape your perspective on a crisis.Listen to Steve and Sándor discuss what a police officer and a CISO have in common and when it's appropriate to be “lazy”:Meet Sándor (1:33)Sándor has been passionate about tech since he was eleven years old. After tinkering around with an old computer at school, he became his school's first administrator.He credits this experience as his professional origin story.An Opportunity With Law Enforcement (6:21)Sándor shares that he has been interested in law enforcement professionally since his youth. Although this path didn't initially work out, he was able to eventually combine his two passions into the dual career he has today.Young and Successful (12:40)By eighteen years old, Sándor was already establishing a successful career and saw the financial benefits alongside that. Amusingly, he would buy a new motorcycle every six months, an impressive luxury for his youthful age.A Man In a Suit (14:03)After finishing his computer science degree, Sándor tried to move into a law enforcement career. This attempt didn't work out as intended, so Sándor had to go to a job wearing a suit rather than a preferred police officer's uniform.The Benefits of Laziness (16:18)Sándor jokingly admits he is lazy because of his love for automating repetitive tasks. However, this method has proven effective, revealing much about Sándor's perspective on work.Lessons For the Listener (19:13)After his third opportunity, Sándor successfully transitioned into a law enforcement role. He initially started as a volunteer, but he was able to use his automation skills to gain respect, leading him to become a police officer finally.Life In the Academy (24:50)Sándor reveals the age at which he joined the police academy and what being a security leader and officer have in common. A deep understanding of people and an accurate perspective on life are crucial mindsets to carry into both fields.

In this episode of The New CISO, host Steve is joined again by guest Ash Hunt, Global CISO at Apex Group Ltd.Today, Ash shares how he transitioned from his career as a jazz musician into the vastly different world of cyber security. He also reveals his tips as a leader and a decision-maker. Listen to the episode to learn more about Ash's unique professional journey, how security leaders inhibit their candidate search, and the secrets behind an empowered staff.Listen to Steve and Ash discuss the power of delegation and how to determine the best time to find a new role:Ash's Return (1:39)Ash returns to the podcast to share how he achieved his cyber security start. Initially touring as a jazz musician in London, Ash acknowledges how his past has helped him with his current career.Fresh Challenges (10:13)Ash explains when to seek new challenges to avoid professional stagnation. He believes that when a company gets more out of him than he is out of that company, it is time to move on. This mentality has helped him decide when to leave an opportunity for a fresh one.Being Creative (17:21)Steve and Ash discuss the impact that they can have on others early in their careers. Ash tries to expose his interns to the industry as much as possible because there are so many exciting things to do in tech.He believes leaders should be more creative when judging and developing talent. For Ash, creative compromise, persuasion, stakeholder management, and communication are skills that he considers when evaluating potential candidates. Ownership and Delegation (22:01)While discussing the importance of enabling your staff, Ash asserts what makes an effective leader. Allowing your team to own their work and delegating tasks creates an empowered and productive company culture. Evaluating Loss (26:37)Steve presses Ash on how he handles approaching inefficiencies at work, such as issues with AI, to the executive team. Ash's answer is to follow the money and expose what people think is true, but it turns out to be the opposite.Loss is rarely tracked, but pinpointing those causes can benefit your organization.The Cost of a Breach (33:19)Staying on the topic of loss, Steve and Ash reflect on the vast cost of a data breach and inefficient client management. Although Ash acknowledges that technology will be able to solve these issues over time, there is no harm in prioritizing clear data reports now.New CISO (38:01)To Ash, being a new CISO means converging cyber with technology. Ultimately, it is about working smarter, not harder, as a team.Links:Linkedin

In this episode of The New CISO, Steve is joined by guest Ash Hunt, Global CISO at Apex Group Ltd.Today, Steve and Ash dive into the action of M&A (mergers and acquisitions) and how to conduct it well. As a CISO at one of the world's largest administrators, Ash shares his valuable insight on loss, risk, and revenue generation in a constantly changing IT environment. Tune in to learn more about what causes loss during a merger, why decision management and risk management are one and the same, and the cultural changes in the security industry. Listen to Steve and Ash discuss how to quantify loss and what jaywalking and cyber security have in common.Meet Ash (1:34)Ash shares that he is proud to work for a fast-moving organization that has expanded worldwide. This growth has led to an exciting time from a technology and cybersecurity perspective.Successful M&A (5:16)Steve presses Ash on how to conduct M&A successfully. What hurts a business during an acquisition is when there are breaks in infrastructure that get overlooked.Luckily for Ash, he has a strong team that prioritizes infrastructure integration to avoid loss and increase revenue.Things in Common (12:25)Ash reveals what jaywalking and risk have in common. For example, everyone in London jaywalks, but like in cyber security, there is a degree of risk. Risk Management (15:10)According to Ash, risk management is decision management. Decision science is a critical part of Ash's approach to security.Psychological barriers in the workplace halt optimal investment decisions that can generate revenue.Adding Value (25:36)Ash acknowledges that his most significant contribution toward his company is successfully integrating their infrastructure into one operating platform. He knows it will rationalize his tool stacks and clean up his budget, amongst other benefits.He has seen other companies experience operation inefficiency, access control failure, and inadvertent data disclosure, which he actively prevents.Changing the Operation Process (30:48)Steve and Ash marvel at the operational changes that need to be done in security. For example, many people still default to email versus a more secure portal for data exchange.In order to mitigate risk, cultural changes need to be made to operational processes. Links:LinkedIn

In this episode of The New CISO, host Steve is joined again by guest Ron Banks, CISO at Toyota Financial Services.In part two of his interview series, Ron shares his career advice for new cyber leaders. Listen to the episode to learn more about Ron's take on China's strategies, the importance of being inquisitive, and why we must be calm under chaos.Listen to Steve and Ron discuss key attributes CISOs look for in a young manager and the importance of communication and leadership:Where We Left Off (1:43)Piggy-backing from the last episode's conversation, Ron explains the current state of our security concerning China and how they've recently gone dark. According to Ron, China has been playing 3D chess for a while and has found tangible ways to disrupt American life.A Shoutout To Ron (10:19)Steve gives a shoutout to Ron's book, highlighting the state of American security and its relationship with China. Academic with numerous footnotes, Ron's work provides readers with meaningful context related to cyber security.Valuable Advice (12:20)Ron reflects on the advice he wishes he could have given his younger self. He asserts that there is a path to cyber if you gain a technical foundation. He also shares how you need to be creative and curious to thrive in this industry.Evaluating Young Leaders (15:16)Steve presses Ron on how he evaluates young leaders in the security field. For the young manager, you must have the technical chops in addition to the personality.Managers need leadership and communication skills to inspire their teams. And, of course, practice makes perfect.Calm Communication (21:50)Ron and Steve discuss why leaders should practice calm communication. Leaders must put their teams at ease when there is chaos.New CISO (28:00)To Ron, being a new CISO means also being a business leader. Bridging the gap between the worlds is becoming more and more necessary as the world progresses.Links:Linkedin

In this episode of The New CISO, host Steve is joined by guest Ron Banks, CISO at Toyota Financial Services.In part one of his two-part interview, Ron shares how he transitioned from a fighter pilot to a cybersecurity leader. He also digs into what is required for a joint government, private industry, cyber offensive response. Listen to the episode to learn more about Ron's years as a combat veteran, how the government can improve security strategies, and the necessity of political will.Listen to Steve and Ron discuss the importance of public-private partnerships and the challenges of posing consequences on adversaries:Meet Ron (1:35)Steve introduces guest Ron Banks, a CISO, author, veteran, and academic. Ron details his duties as a fighter pilot and how he transitioned to education and then cyber security.What He Misses Most (5:17)Ron shares that what he misses most about his fighter pilot days is the rush from flying. However, he found the transition into cyber security simple because he gets to evaluate offensive and defensive security strategies reminiscent of his time serving.Possible Friction (8:10)Steve presses Ron on whether there is friction between cyber teams, their capabilities, and the grounds they are trying to defend on the private side.Ron explains that the virtual defense of the United States contains over 200 government organizations, each controlling a different lane. The cyber camp mainly covers the DOD, which comes with problems. On the Private Side (12:07)When discussing the lack of consequences for bad actors, Ron shares the great strides the FBI has made to improve their relationships with law enforcement in other countries. Despite these efforts, the behavior of cyber criminals has not changed enough, demonstrating that there is more our government can do.Things to Work On (17:54)Ron shares some advice for new security leaders working within the government. He suggests focusing on public/private partnerships because sharing information is critical.How Breach's Occur (21:54)Ron discusses his tips for dealing with a breach and why they occur. There is a strategy where they can impose consequences on cyber criminals, which his team has accomplished by focusing on counter-terrorism.Ultimately, no more money needs to be invested, the relationships are built, and the technology is there, but there has to be the political will to defeat threat actors effectively.Advice to Lobby (29:01)Steve presses Ron on what it would take to lobby the government and get the necessary resources. Since the capability is there, Ron reaffirms that change is in the president's control.Links:Linkedin

In this episode of The New CISO, host Steve is joined by guest Mani Masood, Head of Information Security and Applied AI at a prominent healthcare MSP.Also a professor and family man, Mani's various life experiences shaped his impressive decades-long career. Today, he shares his insight on balancing education with experience and embracing AI as a security leader. Listen to the episode to learn more about Mani's career and education journey, the importance of having real-world skills, and what inspired Mani to write a book.Listen to Steve and Mani discuss how to adapt to new technology advancements and if InfoSec professionals should champion AI:Meet Mani (1:35)Steve introduces guest Mani Masood, who has worked in the security industry for two decades. First, Mani started in IT before transitioning into Information Security. Now, AI has quickly become a significant component of his role.Mani shares a story when a college professor saw his nervousness before an exam and suggested he get a job. His professor assured him that getting real-world experience would be extremely valuable.Real World Expertise (6:49)Mani reflects on how getting a degree is not the be-all-end-all of getting a job. Often, employers want to know what you're capable of, which comes from having tangible skills applicable to your field.He also explains to Steve why it took him six years to finish his education instead of four: because he was gaining real-world experience.Times Have Changed (18:18)Steve asks Mani about his perspective on the famous quote, “For those who can't do, teach.” As technology has changed, Mani shares that nowadays, what you can do is more important than doing things right or following the status quo. The Time For AI (24:28)Like the tech boom, the AI era allows professionals to adjust to new advancements. Mani reveals that they have been trying to use artificial intelligence to solve InfoSec problems for some time, and this will become increasingly more possible as the tech matures. Defending The Tech (28:49)Mani discusses why security leaders should support AI and champion the technology within their organizations. Since InfoSec professionals have been working with AI for years, they should inspire others to believe there is a way to interact safely with this tech.Mani's Recommendations (32:18)Steve presses Mani on his recommendations for security leaders when supporting artificial intelligence. Mani suggests that these leaders become comfortable with the tech themselves.Every InfoSec tool now has some AI faction, so security leaders should learn as much as possible about its benefits before championing it. Ultimately, CISOs must do their homework to ease their organization's worries and create the necessary safeguards.Writing A Book (41:32)Mani shares why he is writing a book and what drives this project. He was first inspired to do so by a conversation with his wife. He initially sought to write a guide for his children, which led him to write a guide for other professionals.The New CISO (48:23)To Mani, being a new CISO means dealing with a new crossroads with technology. Whether you've been in the business for a long time or are new to the role, you must adjust quickly, pivot, and learn with your team.

In this episode of The New CISO, Steve is joined by returning guest Dr. Adrian Mayers, VP and CISO at Premera Blue Cross.As a veteran CISO, Dr. Adrian reveals his stress management and career tips. He also shares his thoughts on AI and its effect on the current threat landscape. Tune in to this week's episode to learn more about determining your next career move, giving yourself grace, and why we shouldn't vilify artificial intelligence.Listen to Steve and Dr. Adrian discuss evolving technology and approaching the research part of the job:Welcome Back, Dr. Adrian (1:32)Dr. Adrian reintroduces himself and his current CISO role to the audience. Steve also reveals why Dr. Adrian is a pleasure to have as a guest and his appreciation for the spark he brings to the conversation.Cutting CISOs Slack (5:40)Dr. Adrian unpacks why CISOs deserve grace as the role evolves and the stresses change. Detecting threat actors is a lot of responsibility, which creates tremendous pressure and leads to burnout.You can do better in your role long-term by understanding your limits and providing accurate expectations for the role.Working Together (12:33)Nowadays, taking criminal entities down requires foreign governments and the FBI to work together. Dr. Adrian shares his thoughts on this dynamic and how it takes a village to cover the defensive and offensive bases needed in the digital space.The Right Research (19:28)Steve presses Dr. Adrian on how he conducts research related to the job. Dr. Adrian has taken MIT classes and uses many online resources to obtain information. There are many sources to pull from, but you must use common sense to determine your gaps on various security topics, including AI. The Benefits of AI (25:02)Dr. Adrian discusses the benefits of artificial intelligence and how it is a technology that will open up the possibilities of what cybersecurity professionals can do. Although people fear this new tech will replace jobs, it fits the natural order of human progress.What Comes Next? (28:10)Steve and Dr. Adrian contemplate the off-ramps of what can come after being a CISO. To move up, you must understand the industry's business side or have enough knowledge to transition into teaching. Sponsorship is another aspect that CISOs can gain to determine their next career move. Ultimately, Dr. Adrian would like to redefine the work environment to support CISOs on their professional journey.Keeping Your Eyes Open (36:56)Steve asks Dr. Adrian how he knows when a CISO should seek new opportunities. How does he manage that internally?Dr. Adrian believes people should be self-aware enough to understand if they want to move on based on interest or if they want a new professional environment. It is an individual decision.Do CISOs Need Sports Agents? (45:46)Steve presses Dr. Adrian on his quote about how CISOs need sports agents. Dr. Adrian means by that quote that security professionals, like many others, need management to guide them and help them find new opportunities.Links mentioned:LinkedIn

In this episode of The New CISO, guest Chris Fredrick, Deputy CISO at Baxter International, returns for the final part of his interview series with host Steve.In parts one and two, Chris shared his background and the lessons he's learned during a breach. Today, Chris joins host Steve to discuss maintaining a productive outlook while looking for a new position. Listen to the episode to learn more about the lessons you can learn at every role, the importance of perception, and job-hunting challenges.Listen to Steve and Chris discuss the best time to leave a position post-breach and how to stay positive in the face of rejection:A New Job (1:40)After working on the SOC with Steve, Chris felt ready for a new challenge. He then saw a role that scared him, making him believe that that was the right position. This decision set him down his CISO path.However, this new position was temporary because when he threw his hat in the ring for the permanent role, it didn't work out. Ultimately, this rejection caused Chris to reflect on his career journey.Doing Things Differently (6:03)Steve asks Chris if he would have done things differently in his interview, knowing what he knows now. Chris would make the same decisions, especially since his time there had many challenges. Even though that role didn't pan out, Chris learned a lot during this time. He built confidence in his presentation skills and had the opportunity to meet more established CISOs. By networking with other CISOs, Chris realized he truly belonged in the security world.The Value of Stoicism (10:05)Chris advises on how to handle job rejection. He refers to Stoicism, which states we cannot control the outcome but can control our perception.When bad things happen, we can perceive it as a positive that will set us on the right path.Looking For Work (15:35)Despite Chris' impressive career history, it took him months to find his next role. After evaluating his many interviews, Chris recommends that security recruiters learn more about the field to better choose candidates. Chris and Steve then discuss the other lessons Chris learned during the job-hunting process, including what questions interviewers should or shouldn't ask. Referring to Stoicism again, Chris also recommends structuring a routine around job hunting, including doing a positive hobby you enjoy.The New CISO (28:32)To Chris, being a new CISO means understanding that we are tasked with the impossible. Therefore, it's essential to build an environment where people never feel like they are being asked to do the impossible for the ungrateful.Links:Linkedin

In this episode of The New CISO, guest Chris Fredrick, Deputy CISO at Baxter International, returns for the second part of his interview series with host Steve.In part one, Chris shared his background and the beginning of his professional journey. Today, Chris joins host Steve to discuss a pivotal moment in their careers: a significant breach. Listen to the episode to learn more about how Chris transitioned into a managerial role and stepped up during a crisis.Listen to Steve and Chris discuss who managers really work for and the mark of a great leader:Welcome Back, Chris (1:52)Steve and Chris discuss where they left off in the last episode when they left their security team for a new opportunity.Focusing on insider threats, Chris shares his daily work for this specific role. During this time, Chris focused less on operations and built a program instead. He also researched what would be in an insider program.Vulnerability Management (4:10)Chris reflects on the lessons he learned while doing vulnerability management that made him the leader he is today. Chris believes this time taught him how to tell a good story and have clear metrics to back himself up.Network Security (9:28)After working in vulnerability management, Chris moved into network security with Steve and created a Soc. Chris initially came in as an individual contributor until he became a team lead before eventually becoming the manager.When he was a manager, Chris realized his role now was to worry about his team and less about himself. It was a profound moment for Chris when he discovered this truth.The Breach Itself (15:14)Chris shares what lessons he learned from a significant security breach. Chris and his team noticed for a while that there were warning signs of the breach but were initially ignored.However, when the event happened, they could take what they knew and move forward. Because Chris had working partnerships with other teams, he was able to get the help they needed, showcasing the importance of building your relationships before a crisis.Client Management (20:48)Steve presses Chris on what he remembers regarding the client management side of this time. Chris recalls dealing with many calls from clients who were understandably concerned. Many of these calls became heated, but one client assured Chris he understood what he was going through. As a result, Chris tries to be empathetic with others since they could be having a bad day, which could affect their behavior.Pride In Their Team (28:25)Steve reflects on how working with this incredible team was one of the best memories of his career. He has immense pride in this group, which Chris shares.Chris loved building something from nothing and seeing the great things their colleagues have done since. Forming a great team requires a healthy culture that brings people together.Stepping Up (31:38)After Steve left, Chris had to step up into a higher leadership role. This change became a pivotal moment in Chris's career, coinciding with the birth of his first child.Links:Linkedin

In this episode of The New CISO, Steve is kicking off the first part of a three-part series with guest Chris Frederick, Deputy CISO at Baxter International.Chris began his career as a technician and met Steve on a small security team managing a large network. Now, Chris joins today to share key lessons from his early career and set the stage for the next upcoming episodes. Listen to the episode to learn more about Steve and Chris' time working together, the process of changing companies, and learning to be a better leader.Listen to Steve and Chris discuss how to deliver the news you're leaving a company and how managers should accept said news:Meet Chris (1:46)Chris has worked in IT security for over twenty years and knew since college that this area of the industry was his passion. Since starting a leadership role, he has found his new calling: becoming the best leader he can be.Infosec Memory Lane (5:04)Chris shares the memories of his time working with Steve on their small infosec security team. Chris remembers feeling overwhelmed initially but learned to handle the scope of his many responsibilities. Steve and Chris reminisce about the positives of this experience and the challenges. The best part was the camaraderie they felt as a team.Lessons Learned (9:43)Steve presses Chris on the lessons he learned during their time on the infosec team. This experience taught Chris the importance of curiosity and building credibility.Another valuable lesson was learning to have respectful conversations when colleagues disagree.Changing Companies (18:23)While working together, Steve and Chris had the opportunity to change companies after their CISO left. Chris walks through what occurred and the communication lessons it taught him. He wishes he had done some things differently since multiple people leaving put his manager in a tough spot, but he also learned valuable leadership skills.Links:Linkedin

In this episode of The New CISO, Steve is joined by guest Scott Moser, CISO at the Sabre Corporation.After twenty-five years, Scott retired from the Air Force to try his hand at the private sector. Now, Scott is transforming the CISO role from technical expert to business executive. Listen to the episode to learn more about Scott's professional journey, being a customer-focused security professional, and what he learned from the Sabre interview process.Listen to Steve and Scott discuss contributing to the success of your organization and the importance of transparency:Meet Scott (1:44)Scott explains that Sabre is a software often used by hotels and airlines since the sixties. As a result, data protection is of the utmost importance to Scott in his CISO role.Scott then explores his career journey, where he started in the Air Force and eventually retired as a Colonel. During this time, he did cybersecurity-related work, which led him to the career he has today.Broad Experience (9:33)Scott shares how he had the opportunity to lead and mentor many people during his time in the Air Force, including police officers, firefighters, and more. He believes this time gave him the broad experience to communicate with business leaders. Now, he also meets with his customers, where he can easily explain the value that Sabre software can provide them, showing the value of a customer-focused CISO.The Importance of Trust (16:05)As CISOs, it's essential to represent your company to customers and business leaders alike successfully. To do that, Scott recommends building trust, which requires significant transparency.A culture of trust will help your team through challenging times, so you should prioritize this when times are good.Effective Prep (24:40)Scott mentors his team by giving effective feedback and assessing his employee's strengths. He works with his team to perfect their skill sets, including public speaking since that is a crucial part of business leadership.As long as people are doing the right thing, they shouldn't be afraid to make mistakes, learn, and grow because it strengthens the company in the long run. Ultimately, we must transform ourselves to be what our organization needs.Scott's Presentation (28:55)Steve asks Scott about his popular CISO leadership presentation. Scott reveals that this presentation is a passion project of his because he wants to be more than just a technical expert but a business leader.Scott had to evaluate his strengths and weaknesses to become the CISO he wanted to be, which informed his presentation.An Aha Moment (33:44)For Scott, his interview process at Sabre informed his perspective on becoming a business leader. When board members interviewed him, he understood what they wanted from their CISO.Board members want security professionals who think about improving the business, not just the technical side of the job.One Last Thing (41:46)Steve presses Scott on the last piece of advice he wishes to share. Scott tells the audience always to take advantage of a good crisis because it is the smartest time to get your organization to make a necessary change.The New CISO (44:42)To Scott, being a new CISO means being a business executive leader focused on the customer and financial success of the company.Links:Linkedin

In this episode of The New CISO, Steve is joined by guest Mike Melo, CISO and VP of IT Shared Services with LifeLabs.After switching his studies from human viruses to computer viruses, Mike dedicated his career to technology and the people who use it. Today, he shares his methodologies for post-breach cyber-security transformations and leading remote teams. Listen to the episode to learn more about Mike's career journey, the importance of the customer mindset, and the three tenets of his Zelda-inspired CISO Triforce.Listen to Steve and Mike discuss how to build human connections in a remote environment:Meet Mike (1:40)Mike has worked at LifeLabs for over five years and balances two positions.Although Mike faces many challenges, he has created synergy between the two teams.Getting His Start (4:02)When Mike was a teenager, he originally wanted to be a musician. Instead, he went into computer studies and studied human viruses. At the end of the day, he realized he didn't want to be in a lab and instead wanted to explore his love for cybersecurity.The Customer Mindset (7:02)Mike recommends new security professionals go and see how businesses work. Learning the customer mindset early in your career will have great benefits later because you will understand what users need.Ultimately, security professionals must better interact with their customers and understand how humans behave daily. You must find ways to show up to the business and show you are here, especially in remote work environments. Socializing And Remote Work (16:42)Mike feels we've lost social currency with remote work because people are social beings. However, there are pros and cons to being in remote environments. As a leader, Mike developed a team charter to ensure better communication and created opportunities for positive socialization.Going Back In Time (27:28)Steve presses Mike on his time in university when he also worked as a security analyst. A double major as well, Mike had to balance a lot while he learned.However, Mike wouldn't change anything because it allowed him to push his capabilities in the classroom and set him apart from his peers.Modern Learning (31:08)As a mentor, Mike recommends new professionals talk to many people. When you put yourself out there, you'll find that people are receptive to teaching you about their experiences.Being Successful During a Breach (35:02)Steve asks Mike about his presentation on “Being Successful During a Breach.” From that presentation, Mike discusses his CISO Triforce, which he based on Zelda.You must have a wish list, an effective execution strategy, and assurance with your stakeholders. When you have those three pieces, you will be prepared to get through a breach.The Coaching Experience (44:46)Mike has found that mentoring has always come easy to him. He has always been passionate about it since he tutored other students in his youth and has found helping others incredibly fulfilling.The New CISO (49:43)To Mike, being a CISO means being agile and having a customer mindset. It's essential to improve yourself constantly as a security professional and leader.Quote: “Just because you get a bucket of money doesn't mean that solves your problems. And one of the biggest challenges of the post-breach world is the actual transformation. You got this, okay, you get this money, you have this wishlist. Cool, now you have to find, hire onboard, ramp up, transition, ramp down, and then sustain, right? Those are such complicated stages in the whole process, and you have to start giving some of that...

In this episode of The New CISO, Steve is joined by guest Dan Creed, CISO at Allegiant.Dan first discovered his love for computers as a teenager. He has since then channeled his skills into a career in security leadership, where he balances his technical expertise with business acumen and storytelling. Today, he shares his thoughts on supply chain risk and the SEC's new changes to cyber security guidelines. Listen to the episode to learn more about the importance of coding, coping with stress, and his critiques of the SEC.Listen to Steve and Dan discuss how reporting protects shareholders and the new stakes for CISOs :Meet Dan (1:30)Today's guest, Dan Creed, is the CISO for Allegiant, a travel company.Dan discovered how to take over his school's television channel in high school, which stemmed from his friend getting dumped. Dan and his friend used the cable TV channel to post some unflattering messages about his friend's ex.Although Dan was rightfully punished at the time, he was allowed to take over the school's computer lab, and his career journey began.Maintaining Excitement (7:02)Dan maintains his excitement for technology by keeping up with all the changes in the industry, like changes in coding. If you love learning and learn fast, you will have a rewarding and lasting career in cyber security.An Important Role (13:23)Steve presses Dan on the importance of Absec. Dan reveals that Absec is related to code and that the most essential security aspect is code.If you are in a customer-facing role, you need to be able to install software on other people's machines and make sure their vulnerabilities are shielded.Coping Mechanisms (16:45)Dan copes with workplace and personal stress by understanding that humans are imperfect and make mistakes. There's risk in everything we do, so keeping a balanced perspective is critical when mitigating potential cybersecurity issues. Ultimately, the stress in the security industry is building as the stakes grow, so finding ways to cope is necessary.SOAR Review (19:27)Steve asks Dan about his opinion on the automation software SOAR. He thinks it has its place, but finding people who can automate themselves is better. People need to use the right tool for the job.Building a Response Playbook (21:58)Dan shares the first thing to automate when building a response playbook for the first time. First things first, make sure you can monitor strange behavior. Starting there allows you to work on the more complex procedures.His Driving Force (26:16)Dan reflects on his reasons for finishing his degree later in life. He wanted to learn how to “speak business,” in addition to his computer skills, which drove him to complete his undergraduate degree and MBA.Choosing One (31:02)Steve presses Dan on which one to choose if you could only pick one: storytelling or culture. Dan says it depends on the person and what they are good at.If you look at what's more important, it would be building work culture first and seeing how your team reacts to phishing and annual security training.What is Material? (33:23)Dan and Steve discuss how reports influence the stakeholders and what they invest in. Dan is critical of how the SEC changed the cyber security guidelines, partly because they are poorly organized and confusing.There are good things, but more context is needed to determine materiality. These guidelines also do not factor in how to deal with third-party risk and supply-chain issues. Reporting Issues (41:23)The SEC has intended to help shareholders with these guidelines so that they can protect the share

In this episode of The New CISO, Steve is joined by returning guests Michael Meis, Associate CISO at The University of Kansas Health System, and Mark Weatherford, the Chief Strategy Officer at The National Cybersecurity Center.For the 100th episode, Mark and Michael are back to share their thoughts on decision-making, mentorship, learning, and leadership, amongst other topics essential to the security industry. Tune into today's episode to learn more about the career opportunities Mark and Michael didn't take, how to measure your journey and the importance of an effective team.Listen to Steve, Michael, and Mark discuss managing stress while diving head-first into challenging situations and how to maximize the growth of junior team members:Welcome Back (1:32)Jumping in, Steve presses returning guests Mark and Michael on the most interesting career opportunities they didn't take. While in the navy, Mark received a call transferring him to Virginia for a promotion. Although he did not want to go, this transfer was great for him.For Michael, when he was in the army, he turned down a promotion multiple times. He decided early on in his career that the military would not be his long-term career.Sound Career Advice (13:04)Determining when you feel fulfilled professionally allows you to make better career choices. Although our goals evolve, it's important to reevaluate our priorities at different life stages.From a leadership perspective, it's valuable to not think of yourself as the most intelligent person in the room but instead surround yourself with people who can fill in the gaps in your skillset. Leaders need their junior-level colleagues to succeed, and giving these employees real responsibilities allows them to transition into more significant roles.Best Mentorship Books (21:30)Mark and Michael share the books they would recommend to new and future leaders. These books are worthwhile resources that help prepare CISOs to take on higher-level work when it is presented.New To The Job (28:02)Mark and Michael explore what new CISOs should assess when new to running their teams. It's essential to determine if you have good people who have lacked effective mentorship or if your organization lacks talent. Ultimately, you must ensure you have the right employees to succeed.Ultimately, you need to see if people add value or not in a crisis.Owning A Crisis (35:40)Steve presses Mark and Michael on their leadership perspective in a crisis. Mark reflects on an experience involving the government, where one of his employees took ownership of their security breach. Mark is still in touch with this colleague today and credits his help resolving a high-level issue.Michael reflects on a junior analyst who quickly worked his way up because he had a can-do attitude. The best career advice is to take work off of other's plates because the people you help will never forget.Staying Grounded (40:46)To close, Steve asks Mark and Michael a more individualized question. What helps them stay grounded during stressful times in the field?For Mark, he admits he's not great at taking a step back from work. He is passionate about the business and understands a 9-5 clock would not work for most security professionals. He can manage his stress, but he knows he lacks life balance. Though to relax, he keeps honey bees.Michael encourages everyone to eliminate the preconceived notion that this path is like other jobs. Security professionals are all-in on their work and must decide what balance means to them. For Michael, he does meditation to center himself and regulate the physical manifestations of stress.Links mentioned:

In this episode of The New CISO, Steve is joined by guest Maria Sexton, Chief Information Officer at the University Medical Center of Southern Nevada.Before starting her security career, Maria worked as a self-described secretary, seeking a better financial future for her family. Now, with her dream job, she shares how to become a strong communicator and leader. Tune into today's episode to learn more about Maria's passion for the healthcare industry, her strong people skills, and why you shouldn't fake it until you make it.Listen to Steve and Maria discuss being confident in your strengths while understanding your weaknesses and what first-graders and board members have in common:Meet Maria (1:36)Maria reflects on why her current role is her dream job. With a diverse background, Mara found that healthcare customers were the people she wanted to serve.She didn't plan on landing in healthcare, but she resonates with the mission of the field, which is why she feels she has her dream job. She recommends that everyone find an industry that aligns with them.Getting Her Start (6:00)Before starting her IT path, Maria worked as a secretary, a term not often used today. During this time, Maria went through personal family issues and needed to evaluate her financial future for herself and her children.Always interested in computers, Maria talked to the IT department at her company and asked how to get involved. Their advice led Maria to get a certificate, thus beginning the rewarding career she has today. It was scary initially, but Maria allowed herself to try and fail to succeed.Successful Communication (13:39)Steve presses Maria on whether she always had the clarity and confidence she showcases today.Maria understood she would never be an engineer, but her strengths lay in being diligent and taking notes. Therefore, she was excellent at communicating technology to people without a technology background, giving her a robust career skill set. Empathy, communication, and public speaking abilities made her the leader she is today.Explaining to a First Grader (16:33)Maria shares her experience talking to her granddaughter's first-grade class about her job. She found these kids incredibly bright and showed a firm understanding of technology and computers.Learning how to communicate technology ideas to an audience without experience is critical. Standing Out (23:45)When evaluating a resume, Maria likes to see if they have motivation. Nowadays, more people than ever are interested in security. So, it's essential to evaluate if the people coming in are serious.Maria is looking to hire a self-starter who takes advantage of the resources available to work in security. She also admires when applicants understand their strengths and weaknesses and where they can be best utilized.Confidence In Communication (27:22)Maria could always communicate effectively. As the child of Italian immigrants, Maria was responsible for speaking on behalf of her parents and helping them navigate the US.Her childhood also gave her empathy and the ability to read non-verbal cues, which has been helpful throughout her career. Learning to communicate with those around you is critical, no matter your role.Don't Fake It Until You Make It (39:51)In terms of security, you really can't fake it because the consequences could be dire. But outside of security, Maria has never liked the phrase “fake it until you make it.”This saying irks Maria because she thinks it is terrible advice. If you don't know something, you should learn it. If you need a mentor, find one. You should want to get whatever you don't have because...

In this episode of The New CISO, Steve is joined by guest Frank Vesce, CISO for Allvue Systems.Beginning his life in a Brooklyn orphanage, Frank is now a cyber security leader, government advisor, youth mentor, and community advocate. Today, he joins Steve to discuss the technical and human side of cyber security. Tune into today's episode to learn more about Frank's professional journey, his approach to interviewing, and his motivation to mentor.Listen to Steve and Frank discuss the power of communication and the four types of complaints that can affect your organization:Meet Frank (1:36)Host Steve Moore introduces our guest today, Frank Vesce, who has over twenty years of experience, including global leadership positions.Frank first became intrigued by cybersecurity through the Matthew Broderick film War Games. During a coding class at university, Frank became even more interested in this field after reading the book The Cuckoo's Egg. First Gig (4:23)Frank's first security position was at Goldman Sachs. Before, Frank worked in IT and technology, but in 2010, Frank transitioned from infrastructure to security risk, and things moved forward from there.The Interview (5:16)Frank shares his unique approach to interviewing. He would call the interviewee by the wrong name to understand their personality. The best response would be when someone would politely and quickly correct him, how people answered demonstrated if they would fit on the team.Being Human (12:59)When people come to work and complain, it typically has nothing to do with their employer. They may have something going on in their personal lives, so it's essential to get to the root of the problem before making assumptions.Frank then shares the different kinds of complainers in the workplace and how to work around them to strengthen your team.The US Coastguard (19:24)Steve presses Frank on his experience with the US Coastguard.Frank gained this opportunity from a few colleagues who asked Frank to join. The coastguard wanted someone from the financial sector to do tabletop exercises, and Frank was the right fit. Ultimately, these exercises helped inform public policy.Working in government also taught him the importance of communication chains and how to determine which phrases and words can or cannot be shared. Steve and Frank discuss managing your words effectively when security is essential.Bad Advice (29:51)Frank tries to learn from his mistakes and turn them into positives. However, he has one example of bad advice.He shares a story where his boss took him to coffee to yell at him for a mistake. However, Frank told his boss he wasn't coached on that aspect of his job. Frank lacked advice during this circumstance. Different Philosophies (36:21)To Frank, teams need to be transparent with boards today as boards get savvier. Especially if there is a breach, you don't want to lose your reputation with your firm.Learning how to translate what's on the technology side to the business side is critical. Everything boils down to communication.What's In A Word? (39:21)When Frank returned to Goldman Sachs, he was tasked with creating a change management system.During this project, Frank had an issue with a colleague over the word “re-engineer.” The colleague felt more comfortable with the word “enhance.” When new to a firm, using the right words to gather the most support is critical.Origin Story (43:50)Steve presses Frank about his life in an orphanage. Frank spent some time there but was later adopted by a caring family. This motivated Frank to give back, and now Frank works with the...

In this episode of The New CISO, Steve is joined by guest Brad Sexton, Chief Information Officer, and Information Security Officer at Terrible's.After having issues with a Dot Matrix printer, Brad was inspired to transition from a career in education to IT. Through conflict, change, and self-reflection, Brad has become the effective leader he is today. Tune into today's episode to learn more about Brad's career journey, the consequences of “ego,” and how to leave a job gracefully.Listen to Steve and Brad discuss how leaders can walk the fine line between confidence and arrogance and the right motives for becoming a leader:Meet Brad (1:44)Host Steve Moore introduces our guest today, Brad Sexton, who started working at Terrible's in Las Vegas last April.Brad shares that before becoming a CISO, he worked at a boys and girls type club where they all shared one printer. Wanting to be able to print from different areas of the office, Brad took on the task of updating the printer to fit his office's needs. Brad has been in IT ever since.Next Steps (5:09)Brad reveals the next steps of his career transition. His boss at the education center asked Brad for IT-related help. Brad was then moved into the IT department and used this moment to finish his education.During this time, Brad could see tech from a bigger picture and eventually was designing a forklift upgrade for the theater. He started working with routers and did more and more. By the time Brad settled in Vegas, he could use his experience to manage teams successfully.Checking The Ego (11:13)Steve presses Brad on the lessons he learned from his first IT job. Brad believes that his ego got in the way of his ability to do his job. After many years, Brad finally understood what he could have done differently. Thankfully, his boss knew he had potential and was willing to have a difficult conversation that resonated with him later.The Clues (16:30)Brad explores the clues of a person with an ego problem. In addition, Brad explains that leaders should always create a safe space for their employees to communicate with them.Everyone has strengths and weaknesses, and it's helpful when leaders can help their employees identify theirs. Ultimately, there is a “fine line between confidence and arrogance,” and leaders must have the confidence to articulate challenging feedback.The Right Motives (25:54)Steve presses Brad on what his motives were for becoming a leader. Brad reflects that he wanted a sphere of influence and recognized that he could make more of a difference in a higher position.Brad suggests always knowing your “why” before approaching leadership roles.The Wrong Fit (29:53)Brad worked in government and realized two things. He was in the wrong place, and they didn't want them there either. Knowing there was tension from the beginning made Brad's time in this role very challenging.Brad learned later that this company did not want anyone in that position, but he was the most qualified. Now, Brad understands the importance of finding the right fit for a role and considers that when interviewing future colleagues.Mutual Contact (34:58)Brad and Steve discuss a mutual connection named David, who is an individual who helped Brad move into the casino gaming space. Brad appreciates that David took a chance on him and is still in touch.Relationships are critical as you advance in your career because no one knows everything.Leaving Gracefully (40:04)Brad shares his tips on leaving a job gracefully. He suggests managing the emotion that you let someone down. Having an open communication line with your boss and feeling comfortable articulating your...

In this episode of The New CISO, Steve is joined by guest Andrew Wilder, Adjunct Professor at Washington University in St. Louis and a multi-time CISO.After eighteen years, Andrew left a job he loved to transition into global security. Now, he gives back to the cybersecurity community by sharing his insight as a professor and mentor. Tune into today's episode to learn more about his IT journey, expanding your network, and company red flags.Listen to Steve and Andrew discuss his five-step mentorship plan and essential interview guidelines for CISOs:Meet Andrew (1:38)Host Steve Moore introduces our guest today, Andrew Wilder, who has worked in cyber security for twenty years.Andrew got his start in cybersecurity by working at a paper company, where he worked in marketing, sales, inventory, customer service, and more. One day the owner came to him, wanting to change their computer systems. Being the youngest in the office, Andrew was given the project, beginning his IT journey.Eighteen Years (6:23)Andrew reveals why he stayed at Nestle for eighteen years. Andrew loved the people and culture and even met his wife on the job.Steve presses Andrew on why he didn't stay longer, and Andrew reveals that he progressed as far as he could go. Wanting to move forward in his career, Andrew felt inclined to make the jump.A Difficult Move (8:12)Andrew shares how challenging it was to leave Nestle. Although his co-workers were shocked, Andrew knew going was right for him.If you're in a similar situation, you may always find something to regret, but no situation is perfect. Ultimately, you have to do what's best for you.Care About Your Career (11:50)When contemplating a career transition, Andrew recommends finding a mentor. Of course, no one will care for your career for you. You will make time for something and seek the necessary resources if you care about it.The Five-Step Plan (13:59)Andrew shares his five-step plan for changing careers, which includes creating a development plan with your mentor and filling in the gaps in your desired skill set.In addition, Andrew shares a helpful tip he received from Nestle, which is that 70% of your learning should be learning by doing. 20% of learning is through relationships, while 10% should be through a course or learning program.Getting In The Room (20:00)Steve presses Andrew on what steps CISOs should take to get in the room. Andrew recommends ensuring people know who you are and your expertise.If people don't know you, you'll never be able to prove yourself. That is the value of expanding your network.What To Ask (24:47)If you're offered a board-type position, it's essential to learn about the company culture and the CEO and review any incident reports that allow you to bring your expertise to the position.Interview Questions (28:24)Enterprise risk management is an excellent framework to focus on during an interview. Asking questions based on prior risks will reveal much about an organization, including red flags.Andrew also reveals other red flags to look for in an interview. If companies don't show change or progress with security, the work culture will be less desirable for a CISO. The worst cyberculture you could join is one where they won't admit when they've experienced a breach.Business Continuity Planning (37:20)Business continuity planning is ignored a lot in cybersecurity because it is business driven. In Andrew's opinion, cybersecurity should be separate.Andrew and Steve discuss other business dynamics and what should or shouldn't be the responsibility of the CISO.Why Teaching (41:43)Steve presses...

In this episode of The New CISO, Steve is joined by guest Suid Adeyanju, CEO and Co-Founder of RiverSafe Ltd.Although his parents dreamed of Suid becoming a lawyer or a doctor, Suid had a passion for technology. Although his path was challenging, Suid shares how he successfully transitioned from a security engineer to an entrepreneur. Tune into this week's episode to learn more about Suid's early career journey, the mindset differences between engineering and business leadership, and the catalyst for starting his business.Listen to Steve and Suid discuss navigating the corporate ladder and how security professionals can become business leaders:Meet Suid (1:39)Host Steve Moore introduces our guest today, Suid Adeyanju, a security professional and entrepreneur. At RiverSafe Ltd., Suid's team specializes in cyber security, data operations, and demo. Since childhood, Suid wanted to work in technology. Recently, he found his old yearbook from Nigeria and saw that he wanted to be a computer engineer even then. Even though that goal was unusual then, it demonstrates that Suid always wanted to be in technology.At University (6:24)While at university, Suid initially went for computer science and mathematics. After studying accounting for two years, his professor steered him toward business information systems. As much as Suid loves computers, understanding how organizations deliver their services was a better fit. Think About Impact (10:26)Steve and Suid discuss how security leaders need to consider how their security work impacts the business. If leaders focus on making the business secure, they need to work with the business and understand the risks associated with the work.The Transition (13:40)Suid reflects on his transition from engineer to entrepreneur. As an engineer, Suid saw things in black and white. To run his business, he needed a different mindset because there is a difference between working with people versus computers.Workplace Challenges (20:03)Steve presses Suid on his time at Reuters. After two years of contracting, Suid saw that he was stuck in his role while his teammates gained more responsibility. Initially, Suid believed he needed to work harder and gain his master's in information security. Now, he understands that this mindset is common with ethnic minorities and reflects on the challenges he's faced. Valuing Yourself (28:55)Suid realized that this particular work environment did not value the additional education he had gained or the extra work he put in. Without another job lined up, Suid decided to quit.Suid could take this risk because he had made good financial decisions, which gave him enough savings to rely on. Suid also had the proper professional skill set, preparing him to take a chance. Starting A Business (34:24)Suid reveals that this time led him to start his own business. Although it's challenging to transition from engineer to entrepreneur, Suid knew his team was talented and could show value to their customers.The Big Break (38:14)Suid's company got their big break when a senior manager at a major corruption chose to work with them. This manager took a chance on them with a significant project, which set Suid up for future momentum.Sound Advice (43:43)For the listeners who feel that the corporate world is not for them, Suid shares his advice. First, take a course that teaches how to set up a business. Secondly, find a mentor who can share with you valuable insight.The New Security Leader (47:21)To Suid, a new leader focuses on people. One must have empathy and...

In this episode of The New CISO, Steve is joined by guest Jeff Schilling, Global CISO for Teleperformance.Jeff returns to discuss a pressing issue for CISOs: Insider threats. With credentialed attacks on the rise, Jeff shares his take on the “flattening” of this evolving threat. Tune into today's episode to learn more about the ABCs of bad actors, how Covid has contributed to the problem and complex recruiting scams.Listen to Steve and Jeff discuss which strategies are being employed to comprise employees' credentials:The Return Of Jeff (1:42)Host Steve Moore introduces our returning guest today, Jeff Schilling of Teleperformance.Steve reveals this is Jeff's third time on the podcast. Unlike other episodes, where guests discuss their career journeys, Jeff is here to share necessary research regarding insider threats.The Problem (4:24)Jeff explores the fundamental issue of insider threats. He reveals the different levels of the skill pyramid that threat actors can be evaluated at. The “A” actors become insiders to exploit specific targets, which should be considered when creating a security system.The Flattening (12:46)Steve presses Jeff on what he means by “flattening techniques” that have led to our current state of attacks. Jeff explains how malware software and targeted phishing scams have been used to access their mark, an issue exasperated by remote work.Adversaries and Targets (19:54)Jeff explains how to communicate threat issues across departments, especially when there are language barriers. The biggest challenge is making messaging as simple as possible.Depending on the job functions of others, there are different responses and success results. This is why Jeff's team focuses on training and additional monitoring and security control.More Tactics (23:28)There are many strategies that threat actors use to breach one's security. Bad actors target companies through social media, such as Linkedin.Threat actors also learn about their target countries and reach out to them through more region-specific platforms. Jeff then asserted that insider threats must be part of every CISO's security plan. Preventative Steps (31:42)Jeff assures us that there are things we can do to detect threats and explains those actions. Identifying the machine where phishing emails come from and implementing new technologies is key.The Near Future (35:50)With the evolving functions of AI, it may be easier for threat actors to be more convincing in their scams. Their messaging is getting more believable, which is why Jeff believes they are taking advantage of new technologies, despite there being safeguards.However, Jeff is not convinced that certain aspects of AI, like voice mimicking, will get more sophisticated. The New CISO (39:42)To Jeff, being a new CISO is constantly learning and having your finger on the pulse. If you think you know everything, it is likely you do not.Links mentioned:LinkedInQuote:“I used to say multifactor authentication at the edge was a big barrier for the threat actor to get over. That's no longer, I can't say that anymore. It's more like a small fence. And now, you got to look at how do you manage your privileges and how do you conduct IT operations inside of your wire, and how would a threat do it if they were an insider? And then what controls do you have to be able to detect that activity because they're going to be using IT tools, and they're going to look like they're coming in with a legitimate account.”

In this episode of The New CISO, Steve is joined by guest Chris Nolke, multi-time CISO, and founder of Skycrane.Chris had decades of cybersecurity experience before starting his own company. As a neurodivergent leader and life-long learner, Chris navigates the workplace with self-reflection and candor. Tune into today's episode to learn more about Chris' professional journey, his human approach to leadership, and his definition of happiness.Listen to Steve and Chris discuss the values that drive career decisions and how vulnerability can serve or harm you in the workplace:Meet Chris (1:41)Host Steve Moore introduces our guest today, Chris Nolke, the founder of Skycrane.Chris first started his cybersecurity journey while studying electrical engineering in college. From there, he got a job as an engineer, which eventually led him to his current path. As a life-longer learner, Chris followed the most interesting path to him: cyber security.Defining The Interesting Path (8:36)Chris wishes he had done a “values” exercise earlier in his career to determine his professional wants. He advises other people joining the workforce to consider a process where they discover what they believe in.When you understand your values, you can make more straightforward choices toward your career.Evaluating Jobs (10:59)Chris admits that every job he's taken has been different than he initially believed. In those circumstances, it's essential to determine your desire to stay in that position or pivot.Personal Characteristics (14:40)Steve presses Chris on what three bullet points his colleagues would list for him. Chris states that vulnerability, being a conversationalist, and expertise have become his brand in the workplace, which has made him successful.Going Further By Saying Less (25:16)Chris shares that many people who practice impulsive communication use that as a means of connection. Reflecting on this, Chris acknowledges the difference between impact and attention.After trial and error, Chris learned he would go further in his career if he said less.Sound Advice (30:31)For leaders, Chris shares that neurodiversity is a superpower. If you can harness the pattern-recognizing skills of neurodivergent employees, you can build an incredible security team.To understand how to use this superpower, Chris recommends leaders have mindful conversations with their employees. People need to learn what they're good at to get ahead.The Subject of Happiness (40:06)As a CISO, Chris is fascinated by the construct of happiness and what comes with it. Happiness is made up of joy but also contentment. Balancing between the two is the key to understanding and taking advantage of this construct.Chris recommends that every CISO creates a “happiness” process to avoid burnout, though burnout led Chris to start his own business.The New CISO (49:10)To Chris, being a new CISO is about creating a system of business relevance. You can improve your job when you understand the business's daily needs.Links mentioned:LinkedIn

In this episode of The New CISO, Steve is joined by guest Peter Frochtenicht, National Manager for Security and Compliance and CISO at NEC Australia.A technician by nature, Peter has decades of experience across multiple countries. Today, he joins the podcast to discuss the complexities of AI and the benefits of time-saving tools. Tune into today's episode to learn more about Peter's technical journey, the most common security threats, and his advice for new CISOs.Listen to Steve and Peter discuss why automation is a critical component of security tools and how the threat landscape has changed globally:Meet Peter (1:36)Host Steve Moore introduces our guest today, Peter Frochtenicht, who has worked at NEC for nine years.Before NEC, Peter started his career as a systems engineer twenty years ago. Peter has worked in Africa and Australia and has worked his way up through different organizations.Catching Up (5:21)Ten years ago, the CISO role in Australia would be rare. Steve presses Peter as to why.Since the Australian population is smaller than the states with fewer big-name organizations, it took Australia longer to catch up in the security industry.Australia's Biggest Threats (9:37)From a defense perspective, Australia is doing much business with the states, especially with submarines. From a threat perspective, they border China and some of the eastern countries, which makes a security threat from those countries more imminent.Increased Attacks (13:17)The most typical security attack that Peter witnesses is phishing, which affects organizations and citizens. According to Peter, it is human nature to be curious about and click on an email link. For outside threats, financial benefits and access to information are to be gained.AI has also advanced quickly, which can contribute to increased threats since you can mimic someone's voice. Organizations should be prepared to use AI for good but also be prepared for when there are more insidious reasons for using this new technology.The Benefits of AI (18:05)Steve presses Peter on what defense benefits he predicts will come from AI.Peter shares the automation tools his team uses that help reduce his analysts' headcount and save time. Chat GPT may help you personally, but Peter believes in partnering with known vendors that can help limit human error.What To Look For (21:11)Peter shares what CISOs should or should not look for when choosing AI tools. Analytic tools are standard and can save much time and effort. As a result, organizations can save money and trust that there will be an increase in accuracy.If tools can help CISOs detect abnormalities with less effort, that would be of service. Of course, abnormal actions may not be malicious but could be a mistake by a well-meaning person. Investing In Employees (28:32)Peter believes in training his people to bring the best out of them. People don't always have the right skills at the right time, but you build a strong team when you invest in your employees and their relationship with your vendors. Adding Skillsets (31:05)Steve asks Peter what skillsets he had to add, besides technical abilities, to perform his role. Peter discusses his career journey, including his transition into leadership.Peter had to gain a governance mindset and consider policies and when to update said policies. It's challenging to ask for money to pursue your endeavors, but if you have a budget, you must spend it.Sound Advice (38:56)Looking up back at his career, Peter wouldn't change much. But Peter recommends getting training and certifications to keep yourself up to date. You...

In this episode of The New CISO, Steve is joined by guest Michael Meis, Associate CISO of the University of Kansas Health System.Beginning his career in the U.S. Army Signal Corp, Michael eventually transitioned into government consulting and the private sector. Today, he shares his philosophies on leadership and ownership in the cybersecurity field. Listen to the episode to learn more about his extensive technology background, the importance of inter-department friendships, and how he helps fellow service members make their professional transitions.Listen to Steve and Adam discuss how to navigate bureaucracy and adapt to corporate environments:Meet Michael (1:41)Host Steve Moore introduces our guest today, Michael Meis. Michael has been in IT and security for fifteen years and healthcare for two years. Michael met Steve a year ago during a security conference, leading to their connecting around the industry and their philosophies on leadership.Michael also reflects on his role in the military, which began with him working with radios and evolved into performing general technology support.Getting His Start (6:09)Michael was always interested in computers but initially never saw it as a career. He decided to join the military instead. However, his military recruiter encouraged him to take a tech-related job, and his security journey began. This first army signal corps job was less computer-heavy than expected, but Michael still learned a lot.Dealing With Corporate Politics (9:07)For ten years, Michael worked as a government consultant. This experience taught Michael to navigate complex bureaucratic dynamics to get past red tape.Michael highlights the importance of having solid relationships in different departments to get things done. You can determine which workplace rules to bend when you understand how things are and how your organization operates. Finding a Path (14:01)Michael expands on the importance of relationships in a corporate setting. You can leverage those relationships when needed to promote your department's agendas.The more you understand your organization's rules and politics, the less friction you will face, and the more you can build a trusted security culture. Government Challenges (22:44)Steve presses Michael on his quote, “Governance is important, but alone won't solve all of your problems.”Anyone who has worked in government understands that there are always challenges within its IT environments. Since the government has total control over its IT, Michael learned early on that more than governance is needed to perfect these systems. Collaboration is needed between parties.Excuses, Excuses (28:13)Michael shares the security community's common excuses that tend to irk him. Budget professionals can be challenging to work with from a leadership perspective. He also gets frustrated when people use a lack of training as a reason not to try something. Michael values training, but he understands that sometimes you have to take action before that formal training comes.Behavioral Norms (33:50)Michael explores the behavioral norms that came out of his military service.Learning how to function in a corporate environment is essential for people to know when leaving the military. The benefits of this experience were the rigor and structure, which can provide direction in life. On the flip side, it can be challenging to transition from that structure because you can grow dependent on it.Helping Others (39:07)As a leader, Michael tries to help other service members remove their need for a manual when making corporate transitions. That way, they can learn to embrace their...

In this episode of The New CISO, Steve is joined by guest Adam Currie, CSO at HCL Software.Adam started his career 27 years ago, working the night shift as a main frame operator before working his way up in the security world. Today, he shares how he builds trust within his team, company, and himself. Listen to the episode to learn more about his expansive career journey, when to encourage your team, and dealing with imposter syndrome.Listen to Steve and Adam discuss the right time to challenge yourself and when leaders should foster an environment where it is safe to fail:Meet Adam (1:38)Host Steve Moore introduces our guest today, Adam Currie.Adam was first the head of security operations and architecture at HCL before transitioning into the CSO role. When Adam joined HCL, he brought his breadth of technical knowledge and understanding of how their user base consumed their tools. In this business, it's essential to understand how these programs are used while ensuring they are secure, a mentality that helped Adam move into the CSO position.The Main Framer (4:41)Steve asks Adam about his experience on the main frame.When Adam was a student, he worked as a tape librarian. This after-school job led to him taking classes and learning about mainframe operations and basic coding language. Desktop Support (8:26)Adam believes that having a desktop support background benefits security professionals because it provides an understanding of how end users operate. Communicating with this community with empathy adds significant value to any security team.Unexpected Steps: CISO to Soc to CISO (12:38)Adam did end-user support work at Bloomberg before moving into backend enterprise applications. Then he was asked to run Bloomberg's tier one and tier two service desks, a type of work Adam did not plan on returning to. However, this opportunity offered Adam his first management role, and he credits this position as getting him to where he is today.Building Trust With Your Team (20:05)Upon reflecting on his job journey at Bloomberg, Adam shares why people seek new opportunities.When people leave positions or accept roles, it is for job growth. Most people want to consider how a job will help their families and goals before making a career transition. Adam would rather help his team explore their options than subdue it–though no one wants to lose valuable employees. He wants his team to trust him enough to be honest with him about when they want to make a change.A Challenge (25:21)For Adam, it is always a struggle to stay out of the weeds of the tech side of the business. He gravitates toward technology but understands that that is different from his role now. For leaders, it is more important to nurture an environment where employees are safe to fail because that is how people learn and grow. You shouldn't be reckless, but being inactive is more risky.Owning Failure (29:02)Steve presses Adam on how far he will go to own his team's failures. Adam thinks it is his job to communicate with senior management and shield his team from scrutiny.No matter what, we must be honest about what we can do to improve and have productive, unemotional conversations.Building a Brand (36:13)Building a brand comes with trial and error but is critical to success. Often this comes with changing the perception that security is a necessary evil. Demonstrating that security is a value-add partnership that leaders actively want to engage in is essential.Putting Yourself Out There (47:54)Though Adam is not a fan of public speaking, he believes in pushing himself past his comfort zone. Although...

In this episode of The New CISO, Steve is joined by guest Mike Kelley, CISO of the E.W. Scripps Company.Mike worked as an auditor before eventually jumping into cyber security. Reflecting on his past, Mike shares how balancing ambition with transparency is critical to success. Listen to the episode to learn more about Mike's auditing experience, falling into cyber security, and his advice for CISOs when interviewing.Listen to Steve and Mike discuss how leaders should assist their team with career development and why “fake it until you make it” makes for bad career advice:Meet Mike (1:44)Host Steve Moore introduces our guest today, Mike Kelley.Mike shares his role in the enterprise and consumer-based security field and how his duties differ from those in an internal security environment. Although he would say that consumer-based security is not clearly defined, his goal is to keep all things related to the consumer secure, in addition to the typical CISO goals.His Start (3:36)Before working at E.W. Scripps, Mike worked at KPMG, one of the big four firms. There, Mike performed external audits but also did some compliance consulting as well.Although no one wanted an auditor there, especially to answer his questions, Mike had to work on building a rapport with people in difficult situations. Through this role, Mike was exposed to numerous companies, allowing him to learn constantly. He may not have wanted to start in audits if he could do it all again, but this experience prepared him for his cyber security career.Adapting With Transparency (9:02)Mike has become comfortable with being uncomfortable and transparent when he doesn't know something. When he got his CISO job, he told HR that this position was new to him and that he had a lot to learn. Being confident enough to say “I don't know” is Mike's mental motto because he knows he can adapt to new challenges. Ultimately anything is learnable as long as you push yourself, a mentality he encourages in his team.The Burn the Boats Method (17:42)After reflecting on his career decisions, including telling a company to fire him if he didn't succeed as a director, Steve presses Mike on how he would react to someone sharing this approach.If one of Mike's employees wanted to try a position out and see what happens, Mike would like to ease them into that role. He would let them transition through responsibilities first before changing that person's title. Ultimately, trying and failing is okay, but Mike wants his team to fail soft versus hard.Falling Into Cyber Security (21:42)After looking for cyber security jobs for three years, Mike eased into this field through a position in compliance. Working side-by-side with security professionals, Mike was able to dip his toes.After lunch with his manager, he was offered the CISO role, and Mike immediately said yes. Mike admitted he didn't know what he was doing but was encouraged to take this job.Rolling With It (25:01)Steve asks Mike if he ever wishes he said no when offered the CISO job. Mike knew this was the field he wanted to pursue, and he felt comfortable being transparent about his experience.Interview Questions (31:18)If you are a new CISO wanting to ask good questions in an interview, Mike suggests asking the purpose of that role at that company. Another helpful question concerns the company's approach to trying new things and handling challenges.The Definition of Success (34:13)When evaluating a company during an interview, it's essential to find out what that company's definition of success is. Mike defines success as being aligned with the business that employs you and being seen beyond the...

In this episode of The New CISO, Steve is joined by Martin Fisher, CISO at Northside Hospital.An information security veteran, Martin has worked in the commercial aviation, finance, and healthcare industries and was an award-winning podcast host. Today, he shares how to build a unified team and his approach to managing mental health. Listen to the episode to learn more about the value of hobbies, defining company culture, and being an empowering leader.Listen to Steve and Martin discusses the importance of shared team culture and how CISOs can balance the stress of the job:Meet Martin (1:50)Host Steve Moore introduces our guest today, Martin Fisher. Over his decades-long tech career, Martin has worked in several industries. His podcast, Southern Fried Security Podcast, lasted ten years and was an incredible learning experience. While a podcast host, Martin discovered that he used too much jargon for non-security listeners, encouraging him to expand to a larger audience.Other Hobbies (5:52)Martin considers himself an original nerd, playing Dungeons and Dragons as a kid and an adult. A fan of role-playing tabletop games, Martin has backed many Kickstarters and has a great gaming community within his group of friends.Mental Healthcare (8:22)A CISO for a hospital, Martin stresses that mental healthcare is healthcare. Martin believes in what his non-profit-based workplace stands for, which is why he has chosen this role.The Bad Day Factor (10:27)Martin manages his mental health by setting boundaries. People need to separate their work and personal life because it's essential to have time to decompress. In the IT and security fields, there is a high percentage of neurodivergent employees who may need additional support in dealing with stress. Leaders must have employee assistance programs to help their staff with mental healthcare safely.Being Authentic (16:50)To build lasting relationships, you have to be your authentic self. When Martin looks for people to promote within his team, he looks for genuine individuals. Growing the Team (18:33)When Martin started his current position, he and the company culture aligned.Starting as the original security employee, Martin has been able to grow his team. His company understands that security is an investment and helps protect its patients, which has led to its success. Martin hires employees with their personalities in mind and how they fit the company culture.Patient Safety (22:53)Confidentiality is paramount to uphold in the medical security field. Since they are a patient-safety-first organization, Martin ensures he hires employees who understand that mentality.Defining Work Culture (28:25)Northside lists its company culture on job listings to attract the right candidates, which includes kindness. Since Martin focuses on patient safety and quality care with his CISO work, he hires people who match those ideals.When you have this approach to hiring, you can create a positive feedback loop while forming a strong team.Culture Over Security? (33:35)Steve presses Martin on what's more important: culture or preventing security issues?For Martin, security is still, of course, the focus. People are human and make mistakes, but they've never had a problem they couldn't control. Bad Advice (38:43)The worst career advice Martin ever received was to work for a hedge fund. This environment was not a good fit for Martin, further emphasizing his point on authenticity's value.Military Experience (39:56)Martin explores how he has applied his military service...

In this episode of The New CISO, Steve is joined by guest Jeff Farinich, SVP of Technology Services and CISO at New American Funding.First starting his career as a general contractor, Jeff now prides himself on solving security problems. Today, Jeff shares how he makes career decisions and manages his organization's risks. Listen to the episode to learn more about Jeff's extensive career journey, his development relationship with vendors, and how CISOs take on a great deal of personal risk.Listen to Steve and Jeff discuss the right time to leave a company and the personal and monetary cost of a breach:Meet Jeff (1:45)Host Steve Moore introduces our guest today, Jeff Farinich.In his early twenties, Jeff studied accounting but realized it wasn't for him. He then became a general contractor, but by his mid-twenties, he was still determining what he wanted to do. He soon took a course that kickstarted his IT career, putting him on the path to becoming a CISO.Adjusting To The Job (4:20)When Jeff started his first IT job, he was excited by the change of direction. However, Jeff realized he always dabbled in tech because even at his first accounting job, he helped manage PCs.Multiple Paths (6:28)Jeff reflects on his job at a large property management company and his position as an MS manager at a small movie studio.He soon began his path into security management and leadership. Through the movie studio, he also went to the premiere of a Jean-Claude Van Damme movie.Advice To His Younger Self (10:45)If Jeff could give his younger self advice, he would suggest getting as much tech experience as possible on the VAR side. He also would have stayed in Silicon Valley longer, possibly having an even more explosive career.A MacGyver Type (15:38)Steve presses Jeff on whether he would ever consider stepping away from the technical side of security to get on the strategy/VAR side.Jeff is very open but also likes to fix things. He refers to himself as a MacGyver type “born with a screwdriver in hand.”A Development Relationship (19:30)Jeff enjoys having a development partnership with partners by trying new, untested tech at a low cost.This type of relationship allows both parties to win and allows Jeff to be creative and drive innovation for that vendor.Evaluating Vendors (22:13)There are fewer IT vendors than security vendors, so there have been fewer decisions for Jeff to make. Evaluating vendors to work with is a process and can leave room for great, collaborative relationships.A Small Step (27:35)Before jumping into vendor development, Jeff recommends understanding the industry and being knowledgeable about the vendor space you're interested in. If you are someone who doesn't always want to contact your VAR but doesn't know where to start, it's essential to begin by learning and choosing carefully.Moving Up and Out (32:59)Steve presses Jeff on clarifying his belief that “the best way to move up is to move out.”Jeff is far from a job hopper, but if you wait to the point where you are desperate to leave your company, you probably should have left sooner. If you are not fixing the problems you want to repair, or there are a lot of risks, it's valid to seek new opportunities.Managing Liability (34:51)CISOs always need to evaluate how much risk they are taking on. Whether you are an officer or director, you should realize that liability can reach you. Jeff has pushed for ways for CISOs not to be personally liable for breaches.Individual Risk...

In this episode of The New CISO, Steve is joined by guest Laura Louthan, Founder & vCISO at Angel Cybersecurity.Originally from Britain, Laura moved to Los Angeles to explore new opportunities before transitioning into IT. Eventually starting her own business, Laura shares her self-sufficient approach to cyber security. Listen to the episode to learn more about Laura's unconventional career journey, why it's more efficient when you understand your abilities, and how she handles being a contracted CISO.Listen to Steve and Laura discuss embracing challenges but avoiding struggle and tackling likeability when applying for jobs:Meet Laura (1:45)Host Steve Moore introduces our guest today, Laura Louthan.CISO and only employee at Angel Cybersecurity, Laura, had an eclectic past before settling into the security field. She worked as a scuba instructor, can-can dancer, and temp before getting her first IT job. She feels she was fortunate to break into IT when she did.London and LA (5:04)Laura explains why London and Los Angeles didn't suit her well. She had a job in London that she didn't enjoy, but her brother worked in Los Angeles in the film industry. When she got to LA, she realized that the movie business was not for her, bringing her to her Club Med job. When something didn't sit right with her, she left and is grateful that she used her twenties to explore. She advises people looking for work to try temping because you just need to meet someone to get your foot in the door.Learning On The Job (9:47)While working in IT at Equifax, Laura had to teach herself how to do things. She figured out how to get answers and become self-sufficient, which is a valuable skill.She knows how to get things done but also understands her skillset. She believes that it is more efficient to be truthful about your abilities.Challenges, Not Struggles (14:09)Laura admits that while she likes a challenge, she does not want to struggle. For example, she understands that privacy and security are different, although overlap exists. If her clients asked her to fulfill their privacy needs, she believes that would be inefficient since that is not her area of expertise. She would be happy to refer that client to a privacy professional instead.The Privacy Question (16:24)Steve asks Laura if there is a greater need for privacy help. Laura believes this is external pressure for CISOs, and that privacy pressure comes after security.Laura thinks privacy is exciting and intellectual but recognizes it as a different CISO mindset. She is very comfortable with her specialty in security.Her Time At Sephora (22:48)At Sephora, Laura was the head of Information Security. After working in the credit industry, she found the retail space to be a fascinating change.Although Laura is not the archetypal security type, she found her personality and gender made her a good fit for this female-focused company. The Likeability Index (27:41)Steve and Laura discuss how “likeability” is typically higher in women, which can hurt them during negotiations because women tend to want to be liked.Women also tend to apply for jobs they are overqualified for. Laura advises women to apply for jobs they think are reaches for themselves instead, which is what men do. We should all hope for a job that challenges us.In The Interview (31:22)Laura and Steve explore different questions candidates should ask or consider during the interview process.For Laura, she asks what technology the potential client uses, their industry, and other questions that clarify if she's the right fit. Before taking a client on, you want to ensure...

In this episode of The New CISO, Steve is joined by guest Rupa Parameswaran. At the time Rupa joined the show, she was Head of Security at Amplitude. Now, she's transitioned to a new role as VP of Security & IT at Handshake.Growing up, Rupa was initially given a choice: to marry or become a doctor or engineer. With the support of her family, Rupa pursued her passions as a leader in the cyber security world. Listen to the episode to learn more about Rupa's advice to the listeners, her first product development opportunity, and why every CISO needs to understand the power of influence.Listen to Steve and Rupa discuss the importance of having allies across the security business and how to build a culture of mindfulness in your organization:Meet Rupa (1:40)Host Steve Moore introduces our guest today, Rupa Parameswaran.With decades of experience and a deep-rooted technical background, Rupa has seen how security has evolved over the years and why CISOs need to grow with these new procedural changes. As the head of security at Amplitude, Rupa ensures that the product and employees are secure in both privacy and culture.Engineering Background (4:00)Before starting her career in cyber security, Rupa first studied engineering. Growing up in India, she felt she had a choice between getting married or going down an engineering or medical path.Rupa determined that becoming a doctor was not for her and became interested in computer engineering. In university, she worked on an AI project, leading her to move to the United States and the security industry.A Clear Path (7:08)Pre-Amazon, Rupa and her colleagues were trying to create a marketplace for books with AI security technology. After this incredible experience, it was clear to Rupa what her career should involve.Having Support (9:04)Rupa shares that India has been a typically male-dominated society, which is changing slowly. Many more parents are interested in helping their daughters pursue careers and become self-sufficient versus getting married.Rupa's mother fought for independence, which she wanted for her children. Grateful for the support, Rupa was able to pursue her passions.Rupa's Advice (13:50)Whether someone is a woman or just someone determining what they want to do, Rupa recommends that everyone find their passion. If you discover something that excites you, seek mentors or people you can trust to discuss your interests.You will be on a good path if you can build a support group. It may be a slow process, but it is a critical one. With mindfulness, you can build credibility with your work, and nothing can stop you.Post University (17:09)After university, Rupa was at a crossroads. Should she go into academia or not? As she determined this, she got an opportunity to be a software engineer with a new company.Interested in the GDPR security product they were building, Rupa was able to be a developer on the project. Believing in the company's vision, Rupa was excited to get immediate security industry exposure across different team initiatives. Having Influence (25:19)Rupa reflects on what she learned from the GDPR project. She became skilled at building ally support groups and influencing security development without having to manage people directly.This unique opportunity gave her essential leadership skills and the ability to spread security mindfulness throughout the company. Her Definition (28:48)Steve presses Rupa on her definition of “security mindfulness.” To Rupa, this phrase demonstrates a willingness to include security in every initiative you pursue. If you build out a unique group of security-minded...

In this episode of The New CISO, Steve is joined by returning guest Mark Weatherford, CSO and SVP of Regulated Industries at AlertEnterprise.In last week's episode, Mark shared how he set the foundation for his incredible career, from his start in the Navy to his time working for Governor Arnold Schwarzenegger. Today, Mark delves into his lasting legacy in the cyber security field. Listen to part two of this episode to learn more about being the plus one at security meetings, Mark's mentorship perspective, and putting in the work to succeed.Listen to Steve and Mark discuss what it means to be coachable and the importance of experience:The White House Basement (1:33)Host Steve Moore presses his guest Mark Weatherford on a meeting he attended in the White House basement.Mark was initially instructed to use this meeting as a learning experience to see how things worked. Unexpectedly, John, the National Security Advisor, asked Mark his thoughts on an issue, and Mark answered on the spot. Strong Leadership (6:44)John asking Mark a security question showed strong leadership because it allowed Mark, who was new to the team, to be included.When you're the CISO in charge, you should bring a team lead or a middle manager to meetings, so they can learn and provide input. This type of experience will allow them to build skills and develop confidence, which they will need as they climb the cyber security ladder. Mentorship Advice (10:29)Mark advises the younger leader to always look for opportunities to mentor people. Generally, Marks tries to be available to those who ask him to chat about leadership and security. On the other side, younger people need to be willing to ask for help.The Mentorship Exchange (16:10)Steve asks Mark what people should expect from mentorship lunches. Is it just lunch or something more pressing?Mark explains how in his case, he was friends with his mentor, so they mostly just enjoyed meals together. However, his mentor would ask him questions about work to see how he could help. Of course, different dynamics operate differently, but the main thing mentees should consider about themselves is, “am I coachable?”Steering The Mentee (19:47)Mark and Steve discuss how to guide mentees away from vanity. Nowadays, new security professionals may focus too much on the job title than becoming a leader. Mark then further explains what it means to be coachable: a willingness to take in the tough feedback to improve.In the Meeting (21:24)When Mark meets with potential mentees, he'll give them a homework lesson and ask them what their goals are. He will also ask them what efforts they've made to achieve their goals.With so many CISO opportunities out there, people are getting jobs without putting in the hard work, though having experience is essential.The New CISO (24:08)To Mark, being a new CISO is a wide-open field. One must understand the job's responsibilities and be creative with their resources. Ultimately, being a new CISO is having the experience that validates your position in the role.Links mentioned:LinkedIn

In this episode of The New CISO, Steve is joined by guest Mark Weatherford, CISO and Head of Regulated Industries at AlertEnterprise.After many years in CISO roles, Mark eventually found himself in the White House. Reflecting on his incredible career journey, Marks evaluates the opportunities that led him to success. Listen to part one of this episode to learn more about Mark's navy experience, the importance of delegating in leadership, and how to become the guy who always gets the call.Listen to Steve and Mark discuss when to put the fear aside and embrace the possibility of failure and the willingness to take on new opportunities:Meet Mark (1:51)Host Steve Moore introduces our guest today, Mark Weatherford. The current Chief Security Officer at AlertEnterprise, specializing in IT and OT security.Before starting his cyber security career, Mark wanted to build dams and roads in the navy. Instead, the navy had other ideas and picked Mark to be placed in the advanced electronics program, leading him to the CISO industry. Measuring Your Day (7:21)Mark measures his work day by the goals his team achieved or when a project is done. Although it's a different set of standards than when you see a road or other construction projects completed before you, cyber security work can also be assessed.Life After The Navy (9:08)By the time Mark started his job at Raytheon, the Navy had a contract to complete a security project with them. Already determining when he would leave the Navy, Raytheon called him about a position that fit his skillset: building a security operations center from the ground up.Relying On Your Team (14:14)Steve presses Mark on what he learned from managing the start of the security operations center. Mark gathered that no one can do everything and that it's essential to have a core group of leaders to rely on.Good leadership comes from delegating authority to people without micro-managing, empowering them to excel at their jobs.Working With Fear (22:07)“That's all part of learning. Things are going to break now and then,” Marks explains when expanding on his leadership philosophy.Reflecting on his own experience with gaining new skills, Mark's advice to anyone is that mistakes happen when you're learning. We may be uncomfortable when things are unfamiliar, but as long as we're not doing anything malicious, we can figure things out.What Happens Next (24:14)One day Mark received a call from his boss about a project with the Federal Government in Colorado. A year later, Mark got another call from his next job, leading him to a cabinet position.Through his impressive work experience, Mark was considered for exciting political opportunities impacting our country.That's Politics (28:53)Mark discovered pretty quickly in politics that people aren't always truthful. Unfortunately, he understands that this is the industry's nature, and that is how things are. As a result, it's natural to become wary and not take everything you hear at face value, although Mark still gives people the benefit of the doubt.Working With The Legislature (31:13)Mark's work in government allowed him to influence policy as well. Mark learned about the trade-offs in politics during this experience and why opposition can create barriers to security policy. Becoming The Terminator's CISO (34:58)After leaving Colorado, Mark was called for the opportunity to work for Governor Arnold Schwarzenegger in California. Mark recognizes that the secret to his success derives from being prepared for new positions when they arise. Mark never directly worked with Governor Schwarzenegger, but...

In this episode of The New CISO, Steve is joined by guest Sandy Dunn, Lead Consultant, and Founder at Quark IQ.After spending years in healthcare, Sandy pivoted into a start-up before being laid off. Now embarking on the next stage of her career, Sandy shares the valuable lessons she's learned and how she embraces life's challenges. Listen to the episode to learn more about Sandy's strengths as a CISO, the correlation between motherhood and leadership, and how to navigate the start-up industry.Listen to Steve and Sandy discuss the benefits of failure and maintaining an authentic mentor/mentee relationship:Meet Sandy (1:43)Host Steve Moore introduces our guest today, Sandy Dunn. Sandy has been a CISO for eight years at both a healthcare company and a startup.As she tackles her newest endeavor as the lead Consultant at Quark IQ, Sandy acknowledges that her strengths in the cyber security world are her persistence and passion for creating well-functioning systems. Although she may not think of herself as the most brilliant person in the room, her determination has been an asset everywhere she goes.Nothing To Prove (4:26)Sandy recognizes the leadership benefits of not needing to prove her brilliance. Since she doesn't mind admitting when she doesn't understand something, others can gain clarity, and she can identify unknown issues. She asks the questions others are afraid to ask for the benefit of her team.Although others may feel subject to imposter syndrome, Sandy reminds listeners that everyone has a vital role in the room.Having a Softer Side (10:46)As an executive who is also a mother, Sandy can use that nurturing skill set to motivate and manage her team. Sandy has become a stronger leader by putting her employees' needs first, much like her children.Managing In The Moment (13:46)Steve presses Sandy on how she deals with team members prone to tantrums. Similar to her approach with her children and horses, Sandy's first instinct is to understand her employees, how they think, and what upsets them. Like what drove her to cyber security, Sandy loves puzzles, including what puzzles her about people.In general, Sandy believes diversity in views and backgrounds is highly beneficial to a department because different perspectives bring different skills and abilities to the table.Potential Red Flags (20:09)Sandy is consistently asked to be a mentor, which she is grateful to do. However, she feels a person lacks curiosity if they ask her questions answerable through a quick google search.If someone fails to take the initiative to learn themselves, a job in cyber security would not be a good match for them.Resume Review (21:38)During a cyber security career day, Sandy reviewed resumes and determined who she felt were great candidates.Sandy, also an adjunct professor, found this experience rewarding because she had the chance to talk with and guide individuals on their CISO journeys. The Mentee/Mentor Relationship (25:21)Steve and Sandy discuss the mentor and mentee relationship.Sandy doesn't love those terms because it's too official for the nature of the dynamic: relationship-building. Instead of asking someone you admire to be their mentee, ask them what they are working on and how you can help, and a mutually collaborative relationship can form.Taking A Chance (30:31)Steve presses Sandy on her move from an established company to a start-up.Sandy recognized that she was no longer growing as a CISO at her healthcare job, so she jumped into a start-up business. Although she put too much trust into this company before they earned it, she did feel like it was a risk worth...

In this episode of The New CISO, Steve is joined by returning guest Steve Magowan, VP of Cyber Security at Blackberry.Steve returns to dig into the reality of data science and AI and ML in cyber security. Breaking through the buzzwords, Steve understands the current state of technology and how it's used to protect revenue today. Listen to the episode to learn more about communicating expectations, using risk management to generate funding and the current landscape of security threats.Listen to Steve and Steve discuss educating executives and how utilizing data science in your security program can reduce friction and translate risk:Welcome Back, Steve (1:45)Host Steve Moore reintroduces our guest today, Steve Magowan. As a reminder, Steve manages everything security-related for Blackberry, from corporate security development to spearheading IoT initiatives.When asked to define AI, Steve Magowan explains that what AI means to the security world today is machine learning, both unsupervised and supervised, to prevent risk. In general, AI is still being widely researched and is often a buzzword thrown around, but full-on AI remains theoretical.Turning AI Into Action (6:22)Steve asks Steve Magowan how he handles the AI suggestion from executives, who may need more clarification on how this tech is used. Steve Magowan recognizes that he is a business enabler whose job is not only to protect data but to protect revenue. He would need to keep his company's resources in mind when discussing AI and determine if this type of tech is necessary for the goals ahead.Protector of Revenue (11:30)Steve Magowan has the unique position of protecting revenue for his company, an uncommon skill set for CISOs. Steve uses ML technology to map business activities and relate that to security. Having that ability allows him to communicate with executives in business terms to ensure their funds remain safe.Clear Lines (15:34)Although Steve has this authority, he believes CISOs should refrain from reporting to a CFO or CIO because their mandates conflict. Although executives wish to simplify their correspondence by going to a CIO for a one-stop shop, conflating their roles with a CISO would downplay both positions and render them less effective. Understanding Risk Management (19:10)Steve Magowan always tells leaders that risk management is the language in which security leaders gain money because you can turn security problems into dollars and cents. Pulling data allows you to understand and pitch how to receive resources based on the security issues faced.Ultimately, Steve's job is not to separate operations and business. His role is not to achieve technical outcomes but business outcomes using technical outcomes. Walking Through Detection Triggers (27:22)Steve asks Steve Magowan why the detection of bad things has shifted from signatures to "normal vs. abnormal."Steve Magowan explains how the landscape has changed and that cybercriminals now have more money to commit crimes and have the same education as security professionals. With cyber criminals getting more clever, ML is the only way to detect patterns that don't make sense, though even that is getting challenging.Staying Resilient (32:42)When facing sophisticated threats, you must ensure that you have data backups that cannot be breached and limit the scope of the hacker's blast radius for any hit. There will always be threats, but you must do your best to remain resilient. The Bias Problem (34:58)Steve Magowan outlines the risks of building your own ML program, such as personal biases that can skew the results of your data. The biggest lesson is that data...

In this episode of The New CISO, Steve is joined by Jackie Mattingly of Owensboro Health.With a passion for technology since childhood, Jackie first began her career in IT. Today, she shares how an experience with a malicious insider transitioned her into a career in information security. Listen to the episode to learn more about Jackie's career journey, navigating company acquisitions, and protecting patients' data.Listen to Steve and Jackie discuss the unique challenges of working as a healthcare CISO and handling security breaches:Meet Jackie (1:51)Host Steve Moore introduces our guest today, Jackie Mattingly. Jackie is the CISO for Owensboro Health, a three-hospital system in Kentucky serving eighteen counties and two states.Jackie knew she wanted to work in technology since she was a little girl, first sparked by the game Oregon Trail. Getting her degree in computer programming, Jackie reflects on how she gained the work experience needed to have the career she wanted.News Days (7:04)Steve asks Jackie about her time working at a local news publication and if she has met anyone interesting while there. Jackie shares that she mainly worked alone at night, loading the news articles to the website.The Radiology Center (8:41)Jackie's next move into information technology was at a radiology imaging center, whose owner understood the importance of keeping up with technology. In one of the first radiology centers with an MRI machine, Jackie reflects on connecting the other radiology systems to that machine and what you should consider when working with a new device.Transitioning Through Acquisitions (13:18)When Owensboro Health acquired the radiology center, Jackie's lifestyle changed. Now at a much larger organization with never-ending hours, Jackie had to meet the challenges of serving a 24-hour operation. Preventing Burnout (17:17)To prevent her staff from burnout, Jackie rotated calls and cross-trained each person so no matter what, people could take on each other's roles during their on-call shift.Jackie would also be available to dive into on-call sessions because she likes to help and get into the weeds of technology. Leveraging The Team (20:30)Jackie has tested new technology for her companies throughout her career. Now managing the information technology for a hospital, Jackie recognized the difficulty of getting advanced technology for a larger company.While it is understandable that the hospital focuses more on patient care than tech, Jackie shares how she and her staff were leveraged to get the hospital's systems up to par.Updating The Voice Network (25:43)Steve presses Jackie on her role in upgrading the hospital's voice network. With so many providers' offices and clinics to service, Jackie did have to hire a consulting company to help with the project.Although Jackie does not have a project management certificate, she does believe that training is valuable.Phasing Into Information Security (29:32)One day the FBI showed up at the hospital to state that an employee was stealing patients' identities through their systems. Still, in her IT management role, Jackie was less information security-minded at the time.Jackie was brought on to navigate this investigation and fell in love with the security world, leading to the next phase of her career. During this time, Jackie learned that she couldn't quit obsessing over this breach and had the drive to solve security problems.Becoming The CISO (34:22)In 2013, Jackie moved from being the IT leader to officially the security leader. She then started auditing access to patients' charts and...