Podcasts about Chief information security officer

In Podcast Folge #128 sprechen Julius und Marcel dieses Mal mit Janine Rauch, Head of Corporate Security und Chief Information Security Officer bei der Schnellecke Group. Gemeinsam beleuchten die drei die zentrale Frage, wie das global agierende Unternehmen Schnellecke seine Resilienz stärkt und sich gegen Bedrohungen zukunftssicher aufstellt.

Registration is now open for the Law Society's latest free online course exploring the fast-evolving world of social media, artificial intelligence (AI) and the law, with over 2,200 participants already signed up. Open to anyone with an interest in tech and legal innovation – and its real-world impact – the new on-demand course starts on Tuesday 9 June 2026. This year's course will provide participants with an insight into the rapidly developing impact and intersection of Social Media, AI and the Law, offering an overview of recent advancements, delving into issues surrounding liability, regulation, privacy and data protection, social media bans, cybercrime, and ecommerce. It will also explore the considerable impact on our work environment and daily lives including digital manipulation and surveillance. President of the Law Society, Rosemarie Loftus, said: "The Law Society is proud to deliver this year's course on Social Media, AI and the Law. As AI continues to evolve at an unprecedented pace, understanding its impact and how this intersects with social media use, society, business, and the legal world is no longer optional. "Delivered by expert speakers with engaging content, this course will help participants become more informed about liability, risk, regulation, and the implications of using AI in our modern online world. "Whether you are already working in the legal sector, retired or in education, this course is open to anyone, anywhere. All participants will learn how to navigate social media and AI both ethically and responsibly, which will be of benefit to you and wider society." Expert speakers, lawyers, public figures and academics will review the current state of play, demystify concerns, discuss the potential impact in the coming years, and much more. The course will be addressed by guest speakers, including: Niamh Hodnett, Online Safety Commissioner, Coimisiún na Meán Aisling Kelly, Head of Cybercrime Division at the Council of Europe Prof. Terry Flew, Professor of Digital Communication & Culture, The University of Sydney; Co-Director of the Centre for AI, Trust and Governance Owen Bennett, International digital policy expert; former Head of Online Safety Ofcom Nicola Byrne, Founder, RiskEye; Executive Chair, SaferSocial Paul Delahunty, Chief Information Security Officer, Stryve Dr. Lollie Mancey, Anthropologist, Futurist and Innovation Advocate Philip Andrews, SC, Andrews Law Carlo Salizzo, Partner, Dentons Kieran Kelly, Partner, Flynn O'Driscoll Shane English BL Clare Daly, Legal Advisor, Tusla Hazel McDwyer, Partner, Mason Hayes and Curran Maureen Daly, Partner and Head of Intellectual property, data protection and AI department, Reddy Charlton LLP Simon McGarr, Solicitor, McGarr Solicitors Public legal education Each year, the Law Society brings free legal education to members of the public through its Massive Open Online Course. Since 2014, the annual five-week courses have attracted over 41,200 participants from 119 countries with a record-breaking 7,064 participants signed up last year. This year's Social Media, AI and the Law course features online recorded and streamed presentations, together with interactive discussion forums and quizzes that allow participants to engage directly with expert presenters. The course is on-demand making it easy for participants to catch up at any stage with new course content released every Tuesday. For more information and to register, visit: https://mooc2026.lawsociety.ie/ The Law Society of Ireland has representative, regulatory and educational functions in respect of the solicitors' profession. It delivers high-quality legal education and training, encourages and supports the highest professional standards, and places significant emphasis on civic engagement, supporting local community initiatives and driving diversity and inclusion within the profession. Law Society website: www.lawsociety.ie See more breaking stories here. Irish Tech News are Ireland's No. 1 Onl...

Cindy Heiner, Chief Information Security Officer at Aiden Technologies, brings more than two decades of security leadership to this candid conversation about career pivots, people-first leadership, and the evolving role of AI in security operations. What began as a near-exit from IT (she was seriously considering opening a coffee shop and bookstore in rural Oklahoma) turned into a defining career in cybersecurity after a colleague recruited her to build one of the earliest application security teams in 2003.   In this episode, Cindy shares how CliftonStrengths coaching helped her grow as both a leader and an introvert navigating a male-dominated field, why building the right team matters more than filling roles, and how she approaches AI and automation in security with enthusiasm balanced by a firm belief in human oversight. She also speaks directly to women considering a career in security, challenging the gatekeeping mindset and encouraging candidates not to let job descriptions scare them off.

Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 87: Backup, Control Gaps, and the Real Cost of Agentic AI ActionsPub date: 2026-05-27Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationAn AI agent wiped out an entire company's data in just 9 seconds — no hacker, no ransomware involved. Todd Thorsen, Chief Information Security Officer at CrashPlan, explains how a misconfigured AI agent operating without safeguards may have caused the incident — and asks a troubling question: could your organization be next? The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

An AI agent wiped out an entire company's data in just 9 seconds — no hacker, no ransomware involved. Todd Thorsen, Chief Information Security Officer at CrashPlan, explains how a misconfigured AI agent operating without safeguards may have caused the incident — and asks a troubling question: could your organization be next?

How do you move fast in the public sector without compromising security or compliance? In this episode, Ian Pham, Chief Information Security Officer, Victorian Managed Insurance Authority explores how organisations can embed cyber risk thinking into digital services and emerging tech from day one — enabling innovation that's both bold and secure. Ian also discuss why the real transformation happens when delivery, risk, and security teams start speaking the same language, working together to remove friction and make safer innovation possible. Ian Pham, Chief Information Security Officer, Victorian Managed Insurance Authority For more great insights head to www.PublicSectorNetwork.co  

AI is moving faster than most companies can keep up with.The question is… is your business protected?

In this episode, Chris McDowell, Chief Information Security Officer at Actabl, and Justin Call, Chief Legal Officer at Actabl, unpack the growing AI risk that many hotel leaders still underestimate. They explain how people across hospitality are already uploading confidential guest and operational data into public AI tools like ChatGPT and Claude, why privacy and compliance rules still apply once that data enters an LLM, and why AI adoption needs to be treated as a business risk decision, not just a productivity upgrade.Chris and Justin also break down what strong AI governance actually looks like inside a hotel organization, how technical guardrails matter more than policy documents alone, and why the quality and normalization of your data will determine whether AI delivers meaningful value at scale. The conversation also explores how hotel leaders should evaluate technology partners handling sensitive data, and why trust, security, and accountability are becoming core parts of the guest experience itself.Also see: Why Our Approach to Hotel Data Earned a Patent and Prepares Hotels for AI - Clark Brayton, Joseph McGroarty & Pritesh Patel, ActablActabl's patent announcementHotelData.com A few more resources:If you're new to Hospitality Daily, start here. You can send me a message here with questions, comments, or guest suggestionsIf you want to get my summary and actionable insights from each episode delivered to your inbox each day, subscribe here for free.Follow Hospitality Daily and join the conversation on YouTube, LinkedIn, and Instagram.If you want to advertise on Hospitality Daily, here are the ways we can work together.If you found this episode interesting or helpful, send it to someone on your team so you can turn the ideas into action and benefit your business and the people you serve!Music for this show is produced by Clay Bassford of Bespoke Sound: Music Identity Design for Hospitality Brands

Thwarting AI-enabled ransomware-as-a-service attacksIdentifying security gaps whilst focusing on speed of detection and containment of novel vulnerabilitiesBuilding and leading organisational resilience to defend against advanced extortion campaignsThom Langford, Host, teissTalkhttps://www.linkedin.com/in/thomlangford/Tiago Rosado, Chief Information Security Officer, Asitehttps://www.linkedin.com/in/tiagorosado/Tom Ellis-Aziz, Chief Executive Officer, FendOpshttps://www.linkedin.com/in/tomasellis-aziz/Mike Gillespie, CEO & Founder, Advent IMhttps://www.linkedin.com/in/adventimmikegillespie/Fred Streefland, Global CISO, Check Point Softwarehttps://www.linkedin.com/in/fredstreefland/

Für Podcast Folge #126 sind Julius und Marcel nach Münster gereist und waren dort zu Gast beim Unternehmen FIEGE, das 1873 gegründet wurde und heute zu den größten europäischen Logistikdienstleistern zählt. Mit dabei ist der gebürtige Münsteraner und CISO bei FIEGE, Lukas Bocke. Im Gespräch mit Lukas geht es um zentrale Bestandteile moderner Unternehmensstrategien. Besonders in dynamischen Branchen wie der Logistik wird deutlich, dass Sicherheit nicht erst im Nachhinein eine Rolle spielen darf, sondern von Anfang an mitgedacht werden muss, um einen Wettbewerbsvorteil darstellen zu können. Julius, Marcel und Lukas sprechen darüber, warum Security by Design so entscheidend ist, welche besondere Bedeutung Verfügbarkeit in der Logistik hat und wie Unternehmen trotz komplexer Anforderungen resilient und handlungsfähig bleiben können.

In this episode of UC Today, host Kristian McCann sits down with Bill Dunnion, Chief Information Security Officer at Mitel, to unpack one of the most persistent challenges in enterprise security: getting cybersecurity onto the C-suite agenda before disaster strikes.In this candid conversation, Mitel's CISO Bill Dunnion explains why security still struggles to compete with revenue targets at the executive level, and what needs to change.Rather than framing cybersecurity as a technical issue, Dunnion argues the case for repositioning it as a core business enabler—one that directly impacts revenue, competitiveness, and customer trust. Whether you're a business leader trying to understand your true exposure or a security professional struggling to make risk resonate at board level, this discussion offers practical, real-world insight you can apply immediately. Key topics include:

Building the Future of AI and Security with David Cross Join me in this illuminating conversation with David Cross, Chief Information Security Officer at Atlassian, as we explore the rapid evolution of AI, its implications for cybersecurity, and leadership lessons for navigating technological change. In this episode: David Cross shares his journey from Navy electronic warfare to leading security for major tech platforms like Azure and Atlassian Insights into how AI is transforming both security and enterprise operations The importance of foundational knowledge versus superficial understanding of AI models Challenges and opportunities posed by autonomous agents and ephemeral AI transactions Strategies for staying ahead of technological waves and fostering continuous learning The role of identity, access management, and observability in the age of autonomous AI agents Practical advice for CISOs and tech leaders to equip their teams for AI-driven change I hope you enjoye it!!!

AI adoption is moving faster than most security strategies can keep up, and many teams are still treating it like a contained tool instead of a shared risk.On this minisode of Ctrl + Alt + AI, host Dimitri Sirota brings together key insights from past conversations with Trevor Hughes, President of the IAPP; Heather Ceylan, SVP & Chief Information Security Officer at Box; and Aqsa Taylor, Chief Security Evangelist at Exaforce, to break down what leaders are consistently getting wrong about AI risk. Drawing from discussions with security and data experts, Dimitri connects the dots across identity, access, and data exposure to show how AI is quietly expanding the attack surface.This short-form episode focuses on the patterns emerging across organizations, from unseen AI usage to gaps in data control, and what that means for security teams trying to respond in real time.In this episode, you'll learn:Why AI adoption is happening without centralized visibilityHow data exposure increases once it enters AI systemsWhy traditional security timelines no longer match AI-driven riskThings to listen for: (00:00) Why AI risk is often underestimated (00:45) AI adoption without visibility across teams (01:30) The shift from tools to shared risk (02:20) How AI expands access to sensitive data (03:40) Why response time is now a critical gap (05:10) Patterns across recent security conversations (06:30) Data control before AI ingestion (08:00) What security leaders need to rethinkListen to the full episodes here:How AI Risks Are Changing Privacy and What Security Leaders Must Do About It feat. Trevor HughesWhy Agent Identity Is Now a Security Priority feat. Heather CeylanWhy AI Breaks Traditional Security Playbooks feat. Aqsa Taylor

Today's guest is Karl Kilmurray, Chief Information Security Officer at Dublin Bus. Founded in 1987, Dublin Bus is Ireland's largest public transport provider, delivering bus services across the Greater Dublin Area. Carrying over 140 million passengers annually, Dublin Bus' services include high-frequency city routes, commuter services and night services, supporting the social, economic and environmental needs of Dublin through safe, reliable and increasingly sustainable transport.Karl leads the cyber security programme and team at Dublin Bus, overseeing governance, risk management and compliance across the enterprise security function, as well as the cyber security budget and key initiatives. Prior to Dublin Bus, Karl worked at IBM as a cyber security engineer and cyber compliance manager. He also worked with Ekco, where he delivered CISO-as-a-Service support to state and semi-state organisations, and conducted NIS-D assessments for essential services and critical infrastructure providers.In the episode, Karl talks about:0:00 His journey from programming to cybersecurity, ethical hacking, compliance and consulting4:03 Seeing that public sector has fewer resources vs private sector with more oversight5:21 How NIS2 expands cybersecurity rules, enforcement and team growth6:50 Dublin Bus' advanced cybersecurity with a growing team facing new threats8:25 An insight into his role from team building, operations, training and future threats10:54 A look at Dublin Bus upgrading GPS, Wi-Fi, CCTV, electric and connected systems14:19 How team building enables managing daily tasks and learning simultaneously15:52 How AI introduces cybersecurity risks, requiring balance of innovation and security18:11 Seeing the CISO role evolving, demanding, with team growth and specialisationTo find out more about all the great work happening at Dublin Bus, check out the website www.dublinbus.ie

Please enjoy this encore of Career Notes. Jaya Baloo, a Chief Information Security Officer from Avast sits down to share her story, sharing how she got into the technology field at a younger age with being introduced to computers and games on her PS 24. She started off going to college for political science and after not knowing what to do after that, she got her first start in cybersecurity. After falling in love with cybersecurity she kept moving up the ranks in different organizations before finding herself at Avast. She shares that at Avast she leans on her team quite a bit and you should never be afraid to bounce ideas off of your teammates. She says "The best ideas come from like bouncing ideas off of each other, sharing within the group and then if I can't figure it out myself, that's why I hire these amazing individuals it's to help me figure it out." We thank Jaya for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Jaya Baloo, a Chief Information Security Officer from Avast sits down to share her story, sharing how she got into the technology field at a younger age with being introduced to computers and games on her PS 24. She started off going to college for political science and after not knowing what to do after that, she got her first start in cybersecurity. After falling in love with cybersecurity she kept moving up the ranks in different organizations before finding herself at Avast. She shares that at Avast she leans on her team quite a bit and you should never be afraid to bounce ideas off of your teammates. She says "The best ideas come from like bouncing ideas off of each other, sharing within the group and then if I can't figure it out myself, that's why I hire these amazing individuals it's to help me figure it out." We thank Jaya for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Speed is becoming a defining advantage in cybersecurity. In this episode, Phyllis Schneck, VP and CISO at Northrop Grumman, joins Dr. Hugh Thompson to explore how high-performance computing is reshaping cyber defense. From accelerating real-time threat detection and response to amplifying the impact of AI and automation, they discuss how increased compute power is transforming both attackers and defenders. The conversation also highlights the importance of building secure foundations, avoiding common pitfalls, and enabling organizations to move at speed without increasing risk. Guest: Dr. Phyllis Schneck, Vice President & Chief Information Security Officer, Northrop Grumman

What happens when your AI agents start making decisions faster than your security team can even see them? In this episode, I sit down with Sunil Agrawal, Chief Information Security Officer at Glean, to unpack a shift already underway in enterprises. With predictions that 40 percent of enterprise applications will include autonomous AI agents by the end of 2026, we are moving from human-led workflows to machine-to-machine interactions at a scale most organizations are not fully prepared for. Sunil brings a rare perspective, blending more than 25 years of cybersecurity experience with an inventor's mindset shaped by over 40 patents. What stood out to me in our conversation is how quickly the traditional security model is becoming outdated. As he explained, "autonomous agents break those assumptions because they operate across tools, varying permissions and data sources with alarming speed and autonomy." This creates what he calls the "autonomy gap," in which the CIO's drive for speed collides with the CISO's need for visibility and control. We explore how that tension is playing out in real organizations today, and why so many are already falling behind. Nearly half of businesses still lack the AI-specific controls needed to prevent untraceable incidents, and the risks are not always what you might expect. Sunil argues that the first major rogue-agent incident is unlikely to be a malicious attack. Instead, it will come from confusion: a well-intentioned system taking the wrong action in the wrong context, with consequences that ripple across the business. The conversation then turns practical. Sunil breaks down his AWARE framework, a structured way to introduce real-time guardrails that evaluate intent, context, and risk before an agent takes action. Rather than relying on static policies, this approach focuses on continuous runtime enforcement, where systems are constantly assessed based on behavior rather than assumptions.   What I found particularly valuable is how this moves beyond theory into something leaders can act on today. From starting with tightly scoped use cases to investing in full observability, this episode offers a clear roadmap for balancing innovation with accountability. As Sunil put it, organizations that succeed will not be the ones that move fastest, but the ones that prove trust at scale.   So how do you embrace the productivity gains of autonomous AI without opening the door to invisible risk, and are your current security models ready for a world where the "user" is no longer human? Useful Links Connect with Sunil Agrawal on LinkedIn Learn more about Glean Follow Glean on LinkedIn Visit the Tech Talks Network Sponsor NordLayer Browser

So you want to be a CISO? Do you know what that role entails? It depends on a number of factors, including industry, country location, technical vs. business, and more. Each position is more different than you think. Joanna Chen, Chief Information Security Officer at Dashlane, joins Business Security Weekly to discuss why not all CISO gigs are created equal. As a "technical" CISO in a foreign country, Joanna realized that not all of her peers came from a technical background, like herself. It's a broad world and the CISO role varies a lot. Joanna will discuss how to understand the various CISO roles and discuss the skills that are makers and breakers. Managing Cyber Risk as Financially Motivated Attacks Grow The ransomware and eCrime landscape continue to evolve at a rapid pace. ESET's global research team has been closely following ransomware gang disruptions and their use of EDR Killers to disable cybersecurity tools. In this interview, Tony Anscombe will take a look into recent research, and explore how the industry and businesses are responding to combat financial risk and mitigate threats. This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them! Attack Surface Just Got a Copilot AI adoption is accelerating faster than most organizations can secure it — and the consequences are showing up in email inboxes, collaboration platforms, and the shadow tools employees use every day. According to Mimecast's State of Human Risk 2026, 80% of organizations are concerned about sensitive data exposure through generative AI tools, yet 60% still lack strategies to address AI-driven threats. The result is a growing gap between the security investments organizations are making and the protection they're actually getting. In this conversation, Rob Juncker will explore why human behavior has become the defining variable in enterprise cybersecurity, how shadow AI is creating new data exposure and insider risk vectors, and what it takes for security architectures to adapt in real time — without slowing down the business. This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecastrsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-443

So you want to be a CISO? Do you know what that role entails? It depends on a number of factors, including industry, country location, technical vs. business, and more. Each position is more different than you think. Joanna Chen, Chief Information Security Officer at Dashlane, joins Business Security Weekly to discuss why not all CISO gigs are created equal. As a "technical" CISO in a foreign country, Joanna realized that not all of her peers came from a technical background, like herself. It's a broad world and the CISO role varies a lot. Joanna will discuss how to understand the various CISO roles and discuss the skills that are makers and breakers. Managing Cyber Risk as Financially Motivated Attacks Grow The ransomware and eCrime landscape continue to evolve at a rapid pace. ESET's global research team has been closely following ransomware gang disruptions and their use of EDR Killers to disable cybersecurity tools. In this interview, Tony Anscombe will take a look into recent research, and explore how the industry and businesses are responding to combat financial risk and mitigate threats. This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them! Attack Surface Just Got a Copilot AI adoption is accelerating faster than most organizations can secure it — and the consequences are showing up in email inboxes, collaboration platforms, and the shadow tools employees use every day. According to Mimecast's State of Human Risk 2026, 80% of organizations are concerned about sensitive data exposure through generative AI tools, yet 60% still lack strategies to address AI-driven threats. The result is a growing gap between the security investments organizations are making and the protection they're actually getting. In this conversation, Rob Juncker will explore why human behavior has become the defining variable in enterprise cybersecurity, how shadow AI is creating new data exposure and insider risk vectors, and what it takes for security architectures to adapt in real time — without slowing down the business. This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecastrsac to learn more about them! Show Notes: https://securityweekly.com/bsw-443

So you want to be a CISO? Do you know what that role entails? It depends on a number of factors, including industry, country location, technical vs. business, and more. Each position is more different than you think. Joanna Chen, Chief Information Security Officer at Dashlane, joins Business Security Weekly to discuss why not all CISO gigs are created equal. As a "technical" CISO in a foreign country, Joanna realized that not all of her peers came from a technical background, like herself. It's a broad world and the CISO role varies a lot. Joanna will discuss how to understand the various CISO roles and discuss the skills that are makers and breakers. Managing Cyber Risk as Financially Motivated Attacks Grow The ransomware and eCrime landscape continue to evolve at a rapid pace. ESET's global research team has been closely following ransomware gang disruptions and their use of EDR Killers to disable cybersecurity tools. In this interview, Tony Anscombe will take a look into recent research, and explore how the industry and businesses are responding to combat financial risk and mitigate threats. This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them! Attack Surface Just Got a Copilot AI adoption is accelerating faster than most organizations can secure it — and the consequences are showing up in email inboxes, collaboration platforms, and the shadow tools employees use every day. According to Mimecast's State of Human Risk 2026, 80% of organizations are concerned about sensitive data exposure through generative AI tools, yet 60% still lack strategies to address AI-driven threats. The result is a growing gap between the security investments organizations are making and the protection they're actually getting. In this conversation, Rob Juncker will explore why human behavior has become the defining variable in enterprise cybersecurity, how shadow AI is creating new data exposure and insider risk vectors, and what it takes for security architectures to adapt in real time — without slowing down the business. This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecastrsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-443

Ransomware has evolved from basic digital extortion into a sophisticated, AI-powered threat that's faster,smarter, and more devastating than ever before. In this session, we'll explore how threat actors are weaponizing artificial intelligence to supercharge their operations—from automated reconnaissance and hyper-realistic phishing to malware that adapts in real-time to evade detection. We'll also examine how AI-driven ransomware exploits supply chain vulnerabilities to create cascading disruptions across entire industries.More importantly, we'll discuss practical strategies for fighting back: leveraging AI-powered behavior alanalytics and autonomous response tools, implementing zero-trust architecture,and building true organizational resilience through tested backup and recovery procedures. Whether you're in security operations, incident response, or infrastructure protection, this session will equip you with actionable insights to shift from a prevention-only mindset to one focused on preparedness and rapid recovery in today's evolving threat landscape. About the speaker: Gary Hayslip is an experienced Global Security Executive with a proven track record of delivering innovative security programs that protect billion-dollar enterprises at every touchpoint. He is intensely focused on driving continuous improvement to maximize the efficiency of security programs while minimizing costs. As an insightful thought leader, he possesses strong business acumen and a commitment to organizational mission, values, and goals. He has demonstrated the ability to collaborate with all levels of an organization to champion new ideas, gain buy-in, and build consensus. Hayslip brings extensive experience in information technology, security leadership, physical security, and risk management to his role as the Senior Security Advisor | CISO in Residence for Halcyon.ai. His previous executive positions include multiple roles as Chief Information Security Officer, Chief Information Officer, Deputy Director of IT, and Chief Privacy Officer for the U.S. Navy (Active Duty), the U.S. Navy (Federal Government employee), the City of San Diego, California, Webroot Software, and SoftBank Investments (Vision Fund & Vision Fund II).Hayslip is a proven cybersecurity expert with excellent communication and public speaking skills. He is skilled at explaining complex security and risk concepts to audiences with different levels of knowledge. Hayslip has earned a reputation as a highly effective communicator, author, and keynote speaker. He co-authored the "CISO Desk Reference Guide: A Practical Guide for CISOs – Volumes 1 & 2," "The Executive Primer: An Executive's Guide to Security Programs," "Developing Your Cybersecurity Career Path," and the "The Essential Guide to Cybersecurity for SMBs." He recently coauthored andpublished "Mastering Third Party Risk," a guide aimed specifically for security practitioners to help them manage the risk exposure to organizations from vendors and supply chains. These books are among the top resources for helping CISOs improve their leadership and business skills. Hayslip currently serves as an independent director on several boards and advises various other security and technology firms. He is an active member of the cybersecurity community and belongs to professional organizations such asISC2, NACD, ISACA, and Infragard. Hayslip holds several professional certifications, including CISSP, CISA, and CRISC, and has earned a BS in Information Systems Management from the University of Maryland,University College, and an MBA from San Diego State University.

So you want to be a CISO? Do you know what that role entails? It depends on a number of factors, including industry, country location, technical vs. business, and more. Each position is more different than you think. Joanna Chen, Chief Information Security Officer at Dashlane, joins Business Security Weekly to discuss why not all CISO gigs are created equal. As a "technical" CISO in a foreign country, Joanna realized that not all of her peers came from a technical background, like herself. It's a broad world and the CISO role varies a lot. Joanna will discuss how to understand the various CISO roles and discuss the skills that are makers and breakers. Managing Cyber Risk as Financially Motivated Attacks Grow The ransomware and eCrime landscape continue to evolve at a rapid pace. ESET's global research team has been closely following ransomware gang disruptions and their use of EDR Killers to disable cybersecurity tools. In this interview, Tony Anscombe will take a look into recent research, and explore how the industry and businesses are responding to combat financial risk and mitigate threats. This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them! Attack Surface Just Got a Copilot AI adoption is accelerating faster than most organizations can secure it — and the consequences are showing up in email inboxes, collaboration platforms, and the shadow tools employees use every day. According to Mimecast's State of Human Risk 2026, 80% of organizations are concerned about sensitive data exposure through generative AI tools, yet 60% still lack strategies to address AI-driven threats. The result is a growing gap between the security investments organizations are making and the protection they're actually getting. In this conversation, Rob Juncker will explore why human behavior has become the defining variable in enterprise cybersecurity, how shadow AI is creating new data exposure and insider risk vectors, and what it takes for security architectures to adapt in real time — without slowing down the business. This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecastrsac to learn more about them! Show Notes: https://securityweekly.com/bsw-443

Episode SummaryIn this episode, Adam Mikeal, CISO at Texas A&M University, and Tim Paikoff from Axonius break down how consolidating fragmented security data into a single view changed the way A&M tracks assets, validates policy, and tells cybersecurity's ROI story to leadership — and why AI's data access model is now keeping CISOs up at night.FeaturingAdam Mikeal is Chief Information Security Officer at Texas A&M University - responsible for securing the university's full asset environment, with an unconventional path through history, classics, and computer-human interaction before landing in cybersecurity leadership.Tim Paikoff runs the SLED team at Axonius - building the State, Local, and Education practice from a two-person team to a full sales, SC, BDR, and marketing operation over four years.Timestamps(1:38) Adam's unconventional path - from history and classics to Chief Information Security Officer(4:00) The data problem - why the right question can't be answered from inside a single security tool(5:00) The spaces between - why Axonius can see what individual tools never could(7:00) Higher ed's unique exposure - student device sprawl and the identity lifecycle nightmare(10:00) Texas A&M's four core security metrics - patching, vulnerability remediation, inventory accuracy, agent health(14:00) Intel chip vulnerability response - how having data at your fingertips changes incident speed(15:00) Active directory migrations in real time - watching two lines cross on a chart(17:00) The Log4j gap - 194 instances still in production seven months after "cleanup"(22:00) AI and the new front line - why prompt injection is the threat no contract can fixListen now: YouTube x Apple x SpotifyWhenever you're ready, there are 3 ways you can connect with TechTables:1.

Today's guest is Jason Scanlon, Chief Information Security Officer & Head IT GRC at Numata Business IT. Founded in 2004, Numata is a global managed IT services provider helping small and medium-sized businesses align technology with their goals. They deliver enterprise-grade solutions, including cybersecurity, cloud services and strategic IT advisory, through a subscription model. With an international presence, Numata enables organisations to improve efficiency, reduce risk and scale effectively using smart, reliable technology.Jason is an IT Leader with over 20 years of experience across consultancy, computer services and managed services. He specialises in complex systems troubleshooting, logical problem solving and network administration. He has designed, implemented and supported network infrastructure, and has worked with multinationals and government bodies on large-scale deployments and consultancy. He later progressed to IT Manager, leading IT functions, developing strategic roadmaps and aligning technology with business goals.In the episode, Jason discusses:0:00 His career background from IT professional to service desk to CISO3:26 Why MSPs must differentiate through measurable business outcomes, not just IT support4:49 GRC is evolving, but governance gaps remain biggest organisational weakness6:43 How AI will aid cyber defence, but requires controlled adoption9:47 How AI vendor surge requires risk-based decisions and strong governance11:19 The need to focus on gradual cybersecurity maturity before pursuing ISO certification14:03 Why success as a CISO needs collaboration and strong supportTo find out more about all the great work happening at Numata Business IT, check out the website www.numata.co 

Michael Hamilton, Chief Technology Officer at PISCES International, joins us to discuss the benefits of providing real world experience to students while they protect existing public infrastructure. The resilient future of local government security rests in our ability to adapt to changing threats and adopt new technologies, including AI.Learn more at https://pisces-intl.org/30 years in Information Security as a practitioner, entrepreneur, consultant, and in executive management. Direct experience in retail, manufacturing, government, defense, academic, semiconductor, energy, law enforcement, transportation, publishing and financial sectors - from Fortune 1 to small nonprofits. Formerly: Policy Advisor to Washington State, Chief Information Security Officer for the City of Seattle, and Managing Consultant for VeriSign Global Security Consulting. Former Vice-Chair of the DHS State, Local, Tribal and Territorial Government Coordinating Council.Currently: Field CISO, Lumifi CyberSupport our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io

Summary On this episode of Chattinn Cyber, Marc is chattin' with Ben Wilcox, Chief Technology Officer and Chief Information Security Officer at ProArch. Their chat opens by focusing on high-impact, practical ways organizations can reduce cyber risk. Ben highlights identity as the top priority: his team moved to passkeys to remove passwords and lower the attack surface. He stresses that threat actors increasingly use man-in-the-middle techniques and that AI has accelerated the automation of credential-theft, which makes strengthening identity controls essential. The chat then moves to AI and data governance. Ben describes rolling out visibility tools to monitor internal AI use — what prompts users run and what data is fed into models — and pairing that with data labeling and classification. He warns organizations to restrict where AI tools are allowed and to implement compensating data controls to prevent accidental or intentional leaks of sensitive information. Ben cautions that AI and cybersecurity must be adopted in parallel, because AI will reveal existing misconfigurations and permission drift. He gives practical examples (like Copilot showing information a user shouldn't see because of incorrect permissions) to illustrate how AI surfaces weaknesses in access controls. The takeaway is that AI can be a force-multiplier but also a magnifier of existing security gaps. On leadership and tradeoffs, Ben explains how combining CTO and CSO responsibilities can be an enabler if balanced correctly. He argues for marrying a product/technology lens with a risk lens, leveraging internal expertise, and making business enablement and security complementary so organizations can move quickly while maintaining the right groundwork. Finally, Ben addresses translating cyber risk into financial terms for CFOs and boards. He recommends business impact analysis—linking key system outages (e.g., Active Directory) to production downtime costs—to quantify risk and justify security investments. He shares real incident cost ranges (low seven figures to tens of millions in some cases), underscores the role of compensating controls, and concludes with a call to monitor industry trends, assess outage and reputational costs, and prioritize risk reduction. Key Points Identity-first approach: move away from passwords (passkeys) and reduce reliance on MFA tokens that can be intercepted or automated by attackers. AI visibility and data controls: monitor internal AI usage, restrict sites/tools, and enforce labeling/classification to prevent data leakage. AI exposes existing weaknesses: adopting AI without fixing permission drift and misconfigurations surfaces risks rather than hiding them. Speed and detection advantage: AI can accelerate detection and response in SOCs—gaining even seconds can materially reduce impact. Translate risk to business terms: use business impact analysis to quantify downtime costs and build the financial case for security investments and insurance. Key Quotes “Last year we took the initiative and we moved to pass keys.” “AI has sped up that weaponization and being able to turn that around and get those tokens automatically.” “AI is going to expose the weaknesses that are inherent within your security controls that you already have in place.” “If we can get even 5 seconds faster or 10 seconds faster or 20 seconds faster, sometimes that makes a difference.” “And that’s why they should have bought cyber insurance.” About Our Guest Ben Wilcox is a seasoned technology leader with over 25 years of experience driving innovation and solving complex business challenges. Serving as both Chief Technology Officer and Chief Information Security Officer at ProArch, Ben combines a forward-looking vision with a hands-on approach to cybersecurity. He is passionate about leveraging technology to accelerate business outcomes while embedding security best practices into organizational culture and operations. Ben's strategic mindset and dedication to excellence have strengthened ProArch's resilience and helped protect clients' data and systems. Outside of work, Ben channels his relentless drive into racing as an instructor and competitor with the Northeast Audi Club, and enjoys gardening, cooking, and spending quality time with his family. As he puts it, “Security isn’t just about defending against threats—it’s about enabling trust, protecting growth, and ensuring every decision we make strengthens the foundation of the business.” Follow Our Guest LinkedIn | Website About Our Host National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan Agency. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums. Follow Our Host Website | LinkedIn

This week's episode is brought to you by Optus. Modern work happens everywhere, and businesses need to deliver seamless digital experiences without compromising security. Smart organisations are building security into the device and the connection. Giving employees frictionless access, wherever they're working, while the business gains visibility, control, and resilience. Talk to Optus today about our Managed Mobility Solutions.Hello and welcome to the iTnews PodcastOur guest on the podcast this fortnight is James Ng, the Chief Information Security Officer for Insignia Financial.Insignia Financial is perhaps better known by its component parts, which include the old IOOF, as well as the ANZ Wealth and MLC Wealth divisions that it acquired from ANZ and NAB respectively.It's spent the past three years consolidating its security estate and removing duplicated effort and inefficiency from security operations processes. James starts by taking us through the current security strategy, as well as the next one under development.

What does sharpening a knife over a case of onions have to do with incident response? For Myke Lyons, CISO at Cribl, the answer is everything. Myke trained at the Culinary Institute of America — learning speed and accuracy under the clock of a professional kitchen — before a summer IT job in Manhattan set him on an entirely different path. In this episode of The New CISO, host Steve Moore traces that journey and the surprising parallels between culinary craft and security leadership.The conversation moves through a career that evolved organically: a summer job moving refrigerator-sized printers in a Manhattan ad agency, a crash course in executive white-glove IT support, a breakthrough moment finally cracking subnetting, and a slow expansion from NOC operator to global security leader. Myke credits the kitchen — its insistence on precision and calm under fire — for instilling an operator's mindset that still defines how he leads through incidents today.Mentorship, both formal and accidental, threads through Myke's story. A curmudgeonly colleague who threatened to "replace him with a script" taught him the value of continuous improvement. A trusted mentor reframed the CISO's role with a single line about house fires and lock changes. And years in executive IT support gave Myke an early education in empathy and knowing when not to fix what wasn't asked.Myke and Steve examine a vendor incident where a product leader's dismissive response to a forensics question destroyed credibility with hundreds of customers. The lesson: saying "I don't know, but we'll find out" is not a weakness — it is the most powerful tool a leader has. The same insight applies to M&A due diligence, where reframing technical conversations as expectation-setting exercises turns adversarial interviews into collaborative ones.For Myke, the new CISO is defined by empathy and culture. Know your audience. Think like your customers. Communicate policy changes as explanations, not mandates. Find your internal advocates and invest in them before you need them. The recipe for great security leadership is less about technology than it is about people — and that lesson translates perfectly from the kitchen to the boardroom.Key Topics• Career pivots: from culinary school to IT and cybersecurity• Speed, accuracy, and craft — what kitchen discipline teaches security professionals• Building an operator's mindset and staying calm during security incidents• White-glove executive IT support and the patience, precision, and empathy it develops• Mentorship — formal and accidental — and the lessons that only land in retrospect• The dangers of filling silence with false confidence vs. the power of saying "I don't know"• Crisis communication best practices and what not to do during a vendor incident call• Managing M&A security due diligence with low-emotion, expectation-setting conversations• Building security culture through empathy, clear communication, and internal advocates• Telemetry, log management, and Cribl's role as the data engine for IT and security Guest BioMyke Lyons is the Chief Information Security Officer at Cribl, the AI platform for telemetry trusted by organizations worldwide — including half of the Fortune 100 — to manage IT and security data at any scale.He trained at the Culinary Institute of America with aspirations of becoming a food critic — until a summer IT job in Manhattan set him on an entirely different course. Myke went on to build expertise across networking, NOC operations, and log management, holding CISO positions at Snyk and Collibra before joining Cribl in 2024.Connect with Myke on LinkedIn and learn more about Cribl at cribl.io.GET A DEMO:

Flavius Plesu is the founder and CEO of OutThink, a revolutionary Human Risk Management Platform (SaaS) empowering CISOs by targeting the source of 90% of all data breaches: human behavior. In this episode, he joins host Amanda Glassner and Deneen DeFiore, Vice President and Chief Information Security Officer at United Airlines, from RSAC 2026 to discuss what goes into building a culture where people feel empowered by security. Culture Shapes Security is a Cybercrime Magazine podcast series brought to you by OutThink. To learn more about our sponsor, visit https://outthink.io.

Join Thea Mann, Chief Information Security Officer, Office of Data and Innovation, as she examines California's position at the forefront of global innovation — and at the centre of an increasingly complex cyber threat landscape. As artificial intelligence becomes a tool for both defence and attack, the conversation explores how speed, adaptability and strategic foresight will determine who stays ahead in an AI-driven security environment. Bringing together leaders from government, academia and industry, the session unpacks how California can use its innovation strength as a protective advantage — building AI-powered cyber resilience across critical sectors while embedding ethics, transparency and public trust at the core of future-ready governance. Thea Mann, Chief Information Security Officer, Office of Data and Innovation For more great insights head to www.PublicSectorNetwork.co  

In this EDUCAUSE episode, Lester Godsey from Arizona State University, Dan Kent from Cloudflare, and Matthew Leger from IDC break down why most institutions are still in the AI Wild West - and what it actually takes to govern, secure, and scale AI across a campus before agentic systems make the problem exponentially harder.FeaturingLester Godsey is Chief Information Security Officer at Arizona State University - back at ASU after 30 years, having previously served as CISO at Maricopa County where he led cybersecurity through the 2020 and 2024 elections.Matthew Leger is Senior Research Manager at IDC covering worldwide education and EdTech digital strategies - previously an academic researcher at Harvard Kennedy School and administrator at SUNY Albany, with over a decade across nearly every seat in higher education minus professor (though it's on the list). : )Dan Kent is Field CTO at Cloudflare - focused on helping public sector customers navigate emerging technologies, with 18 years working alongside higher education organizations and five kids who between them have given him more higher ed exposure than most.Timestamps(2:40) The Higher Ed AI Wild West - Matt on aimless experimentation, siloed adoption, and why coordination is the real governance problem (5:45) ASU's Create AI Platform - Lester on the walled garden approach, 50+ LLMs, and the internal ethical AI engine built before he arrived (8:00) AI in 2025 is where cloud was in 2010 - Dan on why undefined terminology is creating fear in boardrooms and legislatures (10:00) Agentic AI is the biggest security concern - Dan on why giving agency to a machine is a fundamentally different risk than generative AI (17:00) Shadow AI is just shadow IT - Lester reframes the governance problem and walks through ASU's nuanced three-tier DeepSeek response (22:00) Less than 50% have a data governance plan - Dan on what he's hearing from public sector customers on AI readiness (27:00) Declining trust in higher ed - Matt on whether the ROI skepticism is real and how AI can help institutions demonstrate value (30:40) ASU's student-led SOC - Lester on training the next generation of analysts with agentic AI and security orchestration (33:00) Final takes - AI as a security tool, tabletop exercises for AI threats, and why today's students will shape AI's ethical futureListen now: YouTube x Apple x SpotifyWhenever you're ready, there are 3 ways you can connect with TechTables:1.

What does it mean to secure the world's largest hyperscale cloud, while AI rewrites the rules of identity, threat detection, and security culture? In this episode of AWS Executive Insights: Security Series, Clarke Rodgers sits down with Amy Herzog, Chief Information Security Officer at AWS, for a candid conversation on what it takes to lead security at scale in the age of AI.Amy draws on her experience leading consumer AI products to argue that security should accelerate innovation, not hinder it. She explores how AWS is deploying AI for defense, why agentic AI demands a rethink of identity, and how the Security Guardians program embeds security culture across the entire organization.

According to Check Point Research and Reuters, cyberattacks on U.S. utilities in 2024 increased nearly 70% compared to the year before, leading to an average of 69 attacks every week. In 2025, the trend continued, in the U.S and globally. What can water utilities do to protect themselves from these digital threats?   The answer is a nuanced one, as the challenges extend beyond outdated software and ageing infrastructure. Most water utilities globally are undergoing rapid digital transformation to respond to higher demands from communities, councils and authorities. This has opened more opportunities for cyberthreats, driving more challenges for cybersecurity in Operational Technology (OT) environments. Unlike conventional Information Technology (IT) systems, OT systems directly control pumps, valves, and treatment processes. An attack on OT can have immediate, real-world consequences for water quality, safety and public health.   The OT environment at Hampton Roads Sanitation District (HRSD) is a success story as it protects one of the largest regional water and wastewater utilities in the U.S., servicing more than 20 counties and cities and 1.5 million people. Thanks to its signature program of embedded visibility, governance and consequence-driven planning, it can serve as a blueprint for water utilities globally.   Today we'll talk about how to apply this cybersecurity blueprint with Ben Stirling, Director, Cybersecurity & OT at Jacobs, and Roger Caslow, Chief Information Security Officer, Hampton Roads Sanitation District.

Identifying the causes and effects of stress and burnout within security teams Building personal resilience through mindfulness – regulating stress, strengthening focus and enhancing clarityTech tools to reduce burnout while increasing wellbeing and limiting turnover among security teamsThom Langford, Host, teissTalkhttps://www.linkedin.com/in/thomlangford/Johann van Duyn, Chief Information Security Officer, DO & COhttps://www.linkedin.com/in/johannvanduyn/Don Gibson, Chief Information Security Officerhttps://www.linkedin.com/in/don-gibson-cyber/Cavan Fabris, Partner - Head of Data & Cyber, RPChttps://www.linkedin.com/in/cavan-fabris/

Deneen DeFiore is the Vice President & Chief Information Security Officer at United Airlines. In this episode, she joins host Charlie Osborne and Bobby Ford, Bobby Ford, Chief Strategy and Experience Officer at Doppel, to discuss AI's mark on the cybersecurity world. This episode of CISO Confidential is brought to you by Doppel. Learn more about our sponsor at https://doppel.com.

Cyberwar shadows the US Israel attack on Iran. Hackers hijack Pakistani news broadcasts. President Trump orders all federal agencies to stop using AI technology from Anthropic. The Health Care Cybersecurity and Resiliency Act clears a hurdle. A new RAT streamlines double extortion attacks against Windows systems. CISA updates warnings on a zero-day targeting Ivanti Connect Secure devices. A North Korea-linked group targets air-gapped systems. Monday business breakdown. On our Afternoon Cyber Tea segment from Microsoft Security, host Ann Johnson speaks with Rob Suárez, Vice President and Chief Information Security Officer at CareFirst BlueCross BlueShield, about cybersecurity in healthcare. Tim Starks from CyberScoop has the latest goings on at CISA. Microsoft says the slop stops here.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks from CyberScoop as he is discussing ongoing challenges at CISA. If you are interested in this topic, you can learn more here. Afternoon Cyber Tea On our Afternoon Cyber Tea segment from Microsoft Security, host Ann Johnson speaks with Rob Suárez, Vice President and Chief Information Security Officer at CareFirst BlueCross BlueShield, about cybersecurity in healthcare. You can hear the full conversation here, and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app. Selected Reading US-Israel and Iran Trade Cyberattacks: Pro-West Hacks Cause Disruption as Tehran Retaliates (SecurityWeek) Western Cybersecurity Experts Brace for Iranian Reprisal (BankInfo Security) Pakistan's Top News Channels Hacked and Hijacked With Anti-Military Messages (Hackread) Anthropic confirms Claude is down in a worldwide outage (Bleeping Computer) Trump Orders Government to Stop Using Anthropic After Pentagon Standoff (New York Times) OpenAI Will Deploy AI in US Military Classified Networks (GovInfo Security) Senate Health Cyber Bill Clears Committee Hurdle (GovInfo Security) Double whammy: Steaelite RAT bundles data theft, ransomware (The Register) CISA warns that RESURGE malware can be dormant on Ivanti devices (Bleeping Computer) North Korean APT Targets Air-Gapped Systems in Recent Campaign (SecurityWeek) Astelia secures $35 million in combined seed and Series A funding. (N2K Pro Business Briefing) Microsoft gets tired of “Microslop,” bans the word on its Discord, then locks the server after backlash (Windows Latest) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Lou Eichenbaum, former Chief Information Security Officer at the U.S. Department of the Interior and current Federal CTO at ColorTokens joins the show for a deep dive into the evolving world of federal cybersecurity. We dive into firsthand insights on what it really means to balance mission enablement with effective risk management and why today's CISO must act not just as a security expert, but as an executive risk manager focused on resilience, communication, and strategic alignment. We unpack what real zero trust implementation looks like beyond the buzzword, why micro-segmentation is foundational to preventing lateral movement and building mission resilience, and how federal agencies can move beyond compliance checklists toward meaningful security outcomes. We also discuss candid perspectives on what drives cybersecurity priorities inside federal agencies and and how zero trust principles will play a critical role in protecting both IT and critical infrastructure systems in the years ahead.

We discuss Iran, Mexico and Alberta Independence. Tom Luongo is a former research chemist, amateur dairy goat farmer, libertarian, and economist whose work can be found on Zero Hedge and Newsmax Media. He hosts the Gold Goats ‘n Guns Podcast.LTC Steven Murray is a retired U.S. Army Lieutenant Colonel who served as an Information Warfare Officer and Cyber Defense Battalion Commander. With extensive experience in cyber operations and intelligence, he commanded units supporting the United States Pacific Command, U.S. Army Pacific Forces, and the National Security Agency. He was deployed to Iraq during Operation Enduring Freedom, earning a Bronze Star, and has held roles such as Chief Information Security Officer for a large medical company. Tickets to Cornerstone Forum 26': https://www.showpass.com/cornerstone26/Silver Gold Bull Links:Website: https://silvergoldbull.ca/Email: SNP@silvergoldbull.comText Grahame: (587) 441-9100Bow Valley Credit UnionBitcoin: www.bowvalleycu.com/en/personal/investing-wealth/bitcoin-gatewayEmail: welcome@BowValleycu.com Get your voice heard: Text Shaun 587-217-8500

Have you ever wondered why "compliance" still gets treated like a slow, spreadsheet-heavy chore, even though the rest of the business is moving at machine speed? In this episode of Tech Talks Daily, I sit down with Matt Hillary, Chief Information Security Officer at Drata, to talk about what actually changes when AI and automation land in the middle of governance, risk, and compliance. Matt brings a rare viewpoint because he lives this day-to-day as "customer zero," running Drata internally while also leading IT, security, GRC, and enterprise apps. We get practical fast. Matt shares how AI-assisted questionnaire workflows can turn a 120-question security assessment from a late-afternoon time sink into something you can complete with confidence in minutes, then still make it upstairs in time for dinner. He also explains how automation flips the audit dynamic by moving from random sampling to continuous, full-population checks, using APIs to validate evidence at scale, without hounding control owners unless something is actually wrong. We also talk about what security leadership really looks like when the stakes rise. Matt reflects on lessons from his time at AWS, why curiosity and adaptability matter when the "canvas" keeps changing, and how customer focus becomes the foundation of trust. That theme runs through the whole conversation, including the idea that the CISO role is steadily turning into a chief trust officer role, where integrity, transparency, and credibility under pressure matter as much as tooling. And because burnout is never far away in security, we dig into the human side too. Matt unpacks how automation can reduce cognitive load, but also warns about swapping one kind of pressure for another, especially when teams get trapped producing endless dashboards and vanity metrics instead of focusing on the few measures that actually reduce risk. To wrap things up, Matt leaves a song for the playlist, Illenium's "You're Alive," plus a book recommendation, "Lessons from the Front Lines, Insights from a Cybersecurity Career" by Asaf Karen, which he says stands out for how it treats the human side of security leadership. If you're thinking about modernizing compliance in 2026 without losing the human element, his parting principle is simple and powerful: be intentional, keep asking why, and spend your limited time on what truly matters. So where do you land on this shift toward continuous trust, do you see it becoming the default expectation for buyers and auditors, and what should leaders do now to make sure automation reduces pressure instead of quietly adding more? Share your thoughts with me, I'd love to hear how you're approaching it.

What does cybersecurity really mean for today's CPA firms? In this episode, we sit down with Luke Kiely, Chief Information Security Officer at SmartVault and Chief Security Officer at ComplyWise, to explore why cybersecurity is no longer just an IT issue, but a firm-wide responsibility.Luke breaks down how most breaches still begin with a simple email and a distracted click, why busy season increases vulnerability, and the practical safeguards firms can put in place without a massive IT budget.This episode offers clear, actionable insight into protecting client data and securing the future of your firm.Resources:Luke Kiely LinkedIn ProfileSmartVaultComplyWiseFTC Safeguards Rule OverviewIRS Publication 4557 – Safeguarding Taxpayer Data

Christopher Russell, Head of Tokenization and Chief Information Security Officer at tZERO Group, sat down with me for an interview at the Halborn Access 2026 Summit at the NYSE. We discussed how tZERO is helping TradFi institutions tokenize assets on-chain.Brought to you by

In this episode, Greg Sieg, Chief Information Security Officer at the University of Michigan Health Regional Network, shares how his team is standardizing cybersecurity frameworks across acquisitions while balancing people, process, and technology. He discusses identity governance, machine security, M&A integration, and why culture, communication, and partnership are essential to protecting healthcare organizations as care expands beyond hospital walls.

“Cybersecurity really is just another risk. I think where we complicate it sometimes is in the language we use to talk about it.” - Steve TorinoThank you for tuning in to The CUInsight Network, with your host, Robbie Young, Vice President of Strategic Growth at CUInsight. In The CUInsight Network, we take a deeper dive with the thought leaders who support the credit union community. We discuss issues and challenges facing credit unions and identify best practices to learn and grow together.My guest on today's show is Steve Torino, Chief Information Security Officer at Synergent. Steve's path to cybersecurity was not a straight line, and he didn't grow up dreaming about credit unions or information security. What stayed constant, though, was a deep curiosity about technology and how systems work, which eventually carried him from community banking to national payment processing and ultimately to Synergent.In our conversation, we spend a lot of time talking about what effective cybersecurity governance actually looks like for credit unions and why it is so important. Steve breaks down how governance starts at the board level, how expectations flow through management, and why cybersecurity should be treated like any other form of enterprise risk. We also dig into collaboration and information sharing—one of the credit union movement's biggest strengths, and Steve points to leagues and professional groups as ways that credit unions can learn from one another.As we wrap up the episode, Steve talks about the mentor that influenced his life, how he loves traveling to Dallas, recommends a cybersecurity book that every can use, and more! Enjoy my conversation with Steve Torino!Find the full show notes on cuinsight.com.Connect with Steve:Steve Torino, Chief Information Security Officer of Synergentsynergentcorp.comSteve: LinkedInSynergent: LinkedIn | Facebook | YouTubeBook mentioned: Cybersecurity for Everyone by Cathy Olieslaeger

Manish Mehta sits down with Wayman Cummings, Chief Information Security Officer at Ochsner Health, to explore what cyber-physical security convergence really looks like in practice. Wayman shares how his unconventional path into cybersecurity shaped his leadership style and his perspective on risk in high-stakes environments like healthcare. The conversation dives into insider risk, the role of AI as augmented intelligence, and why most physical threats today begin with digital reconnaissance. Wayman also challenges the idea that convergence is a myth, offering real-world examples of how teams, technology, and trust must come together to make it work. You'll learn: Why convergence fails without people and process alignment Why AI should augment human judgment, not replace it, in security operations How leaders can build credibility, break down silos, and scale security impact in high-risk environments If you're enjoying this episode, please take a moment to rate and review the show.

Rob Suárez, Vice President and Chief Information Security Officer at CareFirst BlueCross BlueShield joins Ann on this week's episode of Afternoon Cyber Tea. In the conversation, Rob shares how his career path and personal philosophy have shaped a mission-driven approach to cybersecurity that places patient trust, safety, and privacy at the center of every decision. He discusses the unique challenges of securing a deeply interconnected healthcare ecosystem, the critical role of culture and cyber literacy across organizations, and why transparency and resilience are essential during incidents. The episode also explores secure-by-design principles, the ethical use of AI in healthcare, and how the CISO role is evolving toward a broader focus on trust, collaboration, and human impact.     Resources:  View Rob Suárez on LinkedIn    View Ann Johnson on LinkedIn     Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast   The BlueHat Podcast    Uncovering Hidden Risks            Discover and follow other Microsoft podcasts at microsoft.com/podcasts       Afternoon Cyber Tea with Ann Johnson is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.  

On today's episode of Caveat, we are joined by Matt Hillary, Chief Information Security Officer at Drata, discussing how AI is reshaping the compliance landscape and what it takes to build trust at AI speed. Ben has the story of Immigration and Customs Enforcement and their extensive use of modern surveillance tools. Dave discusses the Supreme Court's taking of a case involving Facebook tracking pixels and video store rentals. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Links to today's stories: ICE Is Going on a Surveillance Shopping Spree Supreme Court to hear Facebook pixel tracking case Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Caveat Briefing⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, a weekly newsletter available exclusively to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K Pro⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ members on ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠N2K CyberWire's⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's Caveat Briefing covers the EU launching an investigation of its own into X after the platform's AI chatbot, Grok, was able to be manipulated into generating non-consensual sexualized images. Alongside the EU's investigation, X is also facing pressures from the UK, France, Indonesia, and Malaysia over this incident. Curious about the details? Head over to the Caveat Briefing for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠caveat@thecyberwire.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Chief Information Security Officer at Immuta, Michael Scott shares his story from working at a forgotten internet service provider to leading the security fight for major food chain restaurants. Michael explains how the different roles at various companies he has worked with paved his way to where he is now at Immuta. He works with a group of colleagues and he leads in a different style, describing that "It really is just a collection of a lot of, we call humble intellects" working with him. Michael attributes adversity to being a cornerstone of existence in the security community, and explains how that helps him keep up the fight. We thank Michael for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

One of the more disturbing stories of the week came out of a secret recording purportedly of a Campbell’s Soup executive. Former employee Robert Garza says he recorded his boss, Campbell’s Vice President and Chief Information Security Officer going on a tirade against the company, its products and some of its Indian Employees. Among the allegations, the man on the recording is heard saying that Campbell’s soup has bioengineered meat, saying he doesn’t wanna eat a piece of chicken that came from a 3D printer. Campbell’s Soup denies those claims and has put the exec on administrative leave while it investigates. Meantime the state of Florida is also investigating those claims and has threatened to shut down Campbell’s in its state if it finds any truth to the allegations.See omnystudio.com/listener for privacy information.

One of the more disturbing stories of the week came out of a secret recording purportedly of a Campbell’s Soup executive. Former employee Robert Garza says he recorded his boss, Campbell’s Vice President and Chief Information Security Officer going on a tirade against the company, its products and some of its Indian Employees. Among the allegations, the man on the recording is heard saying that Campbell’s soup has bioengineered meat, saying he doesn’t wanna eat a piece of chicken that came from a 3D printer. Campbell’s Soup denies those claims and has put the exec on administrative leave while it investigates. Meantime the state of Florida is also investigating those claims and has threatened to shut down Campbell’s in its state if it finds any truth to the allegations.See omnystudio.com/listener for privacy information.