Podcasts about ciso

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Bil Harmer, security advisor, Craft Ventures. Joining them is James Bruce, business security services director, WPP. In this episode: Turning visibility into actionable intelligence Pure visibility still provides an essential security foundation Finding strategic value The risk of gaps in identity management Huge thanks to our sponsor, ThreatLocker Human error remains one of the top cybersecurity threats. Just one wrong click can open the door to ransomware or data loss. With ThreatLocker, unauthorized apps, scripts, and devices are blocked before they can ever run. See how ThreatLocker can help you gain more control over your environment.  Threatlocker.com/CISO  

In this issue of the Future of Cyber newsletter, Sean Martin digs into a topic that's quietly reshaping how software gets built—and how it breaks: the rise of AI-powered coding tools like ChatGPT, Claude, and GitHub Copilot.These tools promise speed, efficiency, and reduced boilerplate—but what are the hidden trade-offs? What happens when the tools go offline, or when the systems built through them are so abstracted that even the engineers maintaining them don't fully understand what they're working with?Drawing from conversations across the cybersecurity, legal, and developer communities—including a recent legal tech conference where law firms are empowering attorneys to “vibe code” internal tools—this article doesn't take a hard stance. Instead, it raises urgent questions:Are we creating shadow logic no one can trace?Do developers still understand the systems they're shipping?What happens when incident response teams face AI-generated code with no documentation?Are AI-generated systems introducing silent fragility into critical infrastructure?The piece also highlights insights from a recent podcast conversation with security architect Izar Tarandach, who compares AI coding to junior development: fast and functional, but in need of serious oversight. He warns that organizations rushing to automate development may be building brittle systems on shaky foundations, especially when security practices are assumed rather than applied.This is not a fear-driven screed or a rejection of AI. Rather, it's a call to assess new dependencies, rethink development accountability, and start building contingency plans before outages, hallucinations, or misconfigurations force the issue.If you're a CISO, developer, architect, risk manager—or anyone involved in software delivery or security—this article is designed to make you pause, think, and ideally, respond.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining them is Daniel Liber, CISO, Monday.com. In this episode: AI security's blind spot problem Vendors don't understand the assignment Marketing budgets overshadow actual innovation Accuracy versus effectiveness Huge thanks to our sponsor, Material Security Built specifically for Google Workspace, Material is a detection and response platform that protects Gmail, Google Drive, and accounts by proactively eliminating security gaps, stopping misconfigurations, and preventing shadow IT before they turn into costly problems. See Material in action today - https://material.security/providers/google-workspace?utm_source=third-party&utm_medium=website&utm_campaign=20251007-cisoseries

Regulation is a double-edged sword. While it helps create structure, establish accountability, and set standards, it also creates unnecessary hurdles, slower response times, and overly rigid systems. With every administration, policy goals and subsequently regulatory stances change, which can have major impacts on business operations. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Ben Yelin, from the University of Maryland Center for Cyber Health and Hazard Strategies, to discuss the current state of regulation. Throughout the conversation, Ben and Kim discuss how the current administration views regulations and the future role of the federal government. Want more CISO Perspectives? Check out a companion ⁠⁠⁠blog post⁠⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. Learn more about your ad choices. Visit megaphone.fm/adchoices

⬥GUEST⬥Pieter VanIperen, CISO and CIO of AlphaSense | On Linkedin: https://www.linkedin.com/in/pietervaniperen/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Real-World Principles for Real-World Security: A Conversation with Pieter VanIperenPieter VanIperen, the Chief Information Security and Technology Officer at AlphaSense, joins Sean Martin for a no-nonsense conversation that strips away the noise around cybersecurity leadership. With experience spanning media, fintech, healthcare, and SaaS—including roles at Salesforce, Disney, Fox, and Clear—Pieter brings a rare clarity to what actually works in building and running a security program that serves the business.He shares why being “comfortable being uncomfortable” is an essential trait for today's security leaders—not just reacting to incidents, but thriving in ambiguity. That distinction matters, especially when every new technology trend, vendor pitch, or policy update introduces more complexity than clarity. Pieter encourages CISOs to lead by knowing when to go deep and when to zoom out, especially in areas like compliance, AI, and IT operations where leadership must translate risks into outcomes the business cares about.One of the strongest points he makes is around threat intelligence: it must be contextual. “Generic threat intel is an oxymoron,” he argues, pointing out how the volume of tools and alerts often distracts from actual risks. Instead, Pieter advocates for simplifying based on principles like ownership, real impact, and operational context. If a tool hasn't been turned on for two months and no one noticed, he says, “do you even need it?”The episode also offers frank insight into vendor relationships. Pieter calls out the harm in trying to “tell a CISO what problems they have” rather than listening. He explains why true partnerships are based on trust, humility, and a long-term commitment—not transactional sales quotas. “If you disappear when I need you most, you're not part of the solution,” he says.For CISOs and vendors alike, this episode is packed with perspective you can't Google. Tune in to challenge your assumptions—and maybe your entire security stack.⬥SPONSORS⬥ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

From Compliance to Confidence: How to Evolve Cybersecurity Beyond the Checklist Healthcare cybersecurity stands at an inflection point. Traditional compliance frameworks are proving inadequate in the face of sophisticated threats targeting patient data, clinical operations, and connected medical devices. Robert Eikel, CISO at P-n-T Data Corp., brings unique expertise from government service, financial services, and pediatric healthcare to discuss how leading organizations are evolving beyond checklist security. We'll explore the new frontlines of healthcare cyber defense—identity, integrity, and interoperability—while examining how emerging technologies like AI and quantum computing are reshaping the threat landscape. • Moving from periodic compliance to continuous confidence through identity-centric, integrity-focused defense strategies • Protecting clinical workflows and patient safety while maintaining secure interoperability across healthcare ecosystems • Preparing cybersecurity programs for AI-powered threats, quantum risks, and next-generation healthcare technologies • Transforming cybersecurity governance from IT overhead to strategic business enabler Find all of our network podcasts on your favorite podcast platforms and be sure to subscribe and like us. Learn more at www.healthcarenowradio.com/listen/

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Dan Walsh, CISO, Datavant. Joining them is their sponsored guest, Ash Hunt, vp, strategy, EMEA, Cyera. In this episode: The access creep challenge Bridging intent and execution Looking for integrity Racing against exponential complexity Huge thanks to our sponsor, Cyera     AI is moving fast - can your security keep up? Join the leaders shaping the future of data and AI security at DataSecAI Conference 2025, hosted by Cyera, Nov 12–13 in Dallas. Register now at https://www.cyera.com/?utm_source=cisoseries        

Most security professionals know what a CISO does. But what about a BISO? And why are Fortune 500 companies increasingly creating this executive role?In this episode of The New CISO Podcast, host Steve Moore sits down with Evan Ferree, Staff Vice President and Business Information Security Officer at a Fortune 50 company, to decode one of cybersecurity's most misunderstood leadership positions.What You'll Learn:Understanding the BISO Role:What a Business Information Security Officer actually does (and how it differs from a Deputy CISO)When organizations need a BISO - the size, industry, and complexity indicatorsWhy the BISO serves as a "force multiplier" for the security organizationHow to measure and defend BISO value during organizational changeThe Career Journey:Evan's unconventional path from IT infrastructure to executive security leadershipHow a major cybersecurity breach became his "MBA in cybersecurity" in six monthsWhy volunteering for uncomfortable work during crisis creates career opportunitiesThe progression from vulnerability analyst to SOC leadership to Staff VPThe 90% Influence Principle:Why the BISO role is about influence, not authorityHow to navigate multiple business units with different security needsMastering the "why" behind security initiatives for non-technical audiencesBuilding relationships and organizational awareness over timeExecutive Skills That Matter:The "log lines" storytelling framework from Deloitte CISO AcademyDeveloping executive presence through failure and self-awarenessWhen to end a meeting and start over (and why that's okay)Speaking plain English vs. technical jargon with business leadersPractical Career Advice:Transitioning from tactical security operations to strategic leadership rolesWhy getting uncomfortable is essential for growthBuilding business acumen alongside technical expertiseWhy Evan's best security hires came from outside cybersecurityKey Insight: "You are 90% an influencer in this role. Unlike tactical security work where authority and urgency create credibility, the BISO must master explaining why security matters to the business - in terms the business understands."Whether you're a security professional planning your path to executive leadership, a CISO considering adding a BISO function, or a business leader trying to understand how security enables business outcomes, this episode delivers actionable insights from someone who's lived the journey.Guest: Evan Ferree, Staff Vice President & Business Information Security Officer at a Fortune 50 company, with 11 years of progressive security leadership experience spanning Security Operations, threat management, vulnerability management, and business information security.Hosted by: Steve Moore | Produced in partnership with: Exabeam

In this episode of Life of a CISO, Dr. Eric Cole sits down with Brett Miller, a Marine Corps veteran, former Hollywood creative, and now a leader at Galileo, a cutting-edge satellite communications company. Together, they explore the critical role of secure communications in cybersecurity, disaster response, and everyday life. Brett shares his fascinating journey from running encrypted radio systems in the military to building an app that seamlessly bridges satellite, cellular, and AI-powered emergency planning—all designed to provide redundancy, reliability, and privacy when traditional networks fail. The conversation dives into why cell networks are increasingly unreliable, the future of wearable and embedded devices, and why CISOs must rethink their organization's communications strategies before a crisis strikes. They also tackle pressing topics like TikTok, foreign data collection, and why adversaries are targeting telecom networks over banks—making this a must-listen for cybersecurity leaders, executives, and anyone interested in the future of secure connectivity.  

Our guest this episode of The Member Engagement Show is Brian Scott, President and CISO of 501CISO, who talks about the increasing prevalence of cybercrime targeting nonprofits and associations. We discuss the industrialization of cybercrime, the unique vulnerabilities of smaller organizations, and the importance of cybersecurity education and training. Topics covered include: Why cybercrime is worse than it's ever been. The global industrialization of cybercrime. How AI is helping cybercriminals be more effective. Why nonprofits and associations are becoming a bigger target. Are Managed Service Providers (MSPs) always reliable protection? Tips for hiring and using MSPs. The impact of being the target of cybercrime. Key things associations should do to protect their security and data. The '501 CISO Big Six' essential protections to implement. Why cybersecurity is not just an “IT problem.”   Some Helpful Links: Episode on AI use and data privacy with guest Amanda DeLuke. Explore more resources from Brian Scott & 501CISO: cleartoneconsulting.com/publications/

In this episode, Automox CISO Jason Kikta strips away the noise and focuses on the three core pillars of secure IT operations: asset inventory, patch management, and identity and access management (IAM).Jason shares firsthand stories from U.S. Cyber Command and explains why getting the basics right isn't optional — it's essential. Whether you're building a modern security program or tightening existing controls, this episode delivers clear guidance on where to focus and why.

How does a CISO react to a live deepfake? In this eye-opening conversation with Alan Alford, CISO at NTT Global Data Centers, we kick off with a live deepfake demonstration that showcases the capabilities and limitations of this emerging technology.The demonstration serves as a springboard into a crucial discussion about the genuine threat deepfakes pose to organizations. While video deepfakes capture headlines, Alan reveals why audio deepfakes currently present the more dangerous and immediate risk vector for businesses. From CEO impersonation for fraudulent wire transfers to political misinformation campaigns, these technologies are already being weaponized in ways many security teams haven't prepared for.Our conversation takes an unexpected turn as Alan challenges one of cybersecurity's most persistent myths: that humans represent the "weakest link" in security. Instead, he champions the workforce as our strongest allies, sharing how simple recognition programs created security champions throughout his organization. His approach connects workplace security to employees' personal lives, dramatically increasing engagement and effectiveness.Alan offers a masterclass in balancing innovation with security, explaining how his organization approaches AI adoption through mandatory training programs and a top-down commitment from leadership. His race car analogy perfectly captures this balance: good security controls are like high-performance brakes that don't just slow you down—they enable you to take corners faster.For security leaders feeling overwhelmed by AI, Alan provides practical starting points that any organization can implement today. From experimenting with AI for personal hobbies to creating automated security reports through carefully crafted prompts, these small steps can build confidence and competence before tackling larger initiatives.Whether you're concerned about deepfake threats, searching for more effective security awareness approaches, or looking to safely implement AI in your organization, this conversation delivers actionable insights from a CISO who's successfully navigating these challenges daily. Listen now to transform how you think about humans, technology, and security in our rapidly evolving digital landscape.

Send us a textOn this week of Serious Privacy, Paul Breitbarth, Ralph O'Brien of Reinbo Consulting, and Dr. K Royal speak with Paul Iagnocco, Head of Customer Enablement at our sponsor TrustArc. Apart from catching up, the team speaks with our guest about the development and maintenance of data protection compliance programs, especially in this time where AI is becoming more and more important. Links:Linkedin AI training settingsSRB v EDPS on pseudonymous data (C-413/23) If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Sure, some days you hate your job. But how do you know when an IT position has gone from being run-of-the-mill annoying to truly toxic? And what do you do about it? Johna Johnson and John Burke are joined by Sandy Miller, a pseudonym for a CIO at a major global company who talks about... Read more »

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Pavi Ramamurthy, global CISO and CIO, Blackhawk Network. In this episode: We can't promise safe, but we can promise ready Are we accidentally building security nightmares? Being held accountable for things you had no say in The safe space problem in vendor evaluation Huge thanks to our sponsor, Adaptive Security Sponsored by Adaptive Security — the first cybersecurity company backed by OpenAI. Adaptive helps security leaders defend against AI-powered social engineering threats like deepfakes, vishing, and GenAI phishing with advanced phishing simulations and next-generation security awareness training. Adaptive's new AI Content Creator enables teams to instantly convert threat intelligence and compliance updates into interactive, multilingual training — no instructional design required. Trusted by Fortune 500s and backed by Andreessen Horowitz and the OpenAI. Learn more at http://www.adaptivesecurity.com

Identity theft affects millions of people every year — but do you really know how it works, or how to protect yourself? This week, we're joined by Eva Velasquez, CEO of the Identity Theft Resource Center, who shares the latest trends in identity crime and what steps you can take if it ever happens to you.

Sure, some days you hate your job. But how do you know when an IT position has gone from being run-of-the-mill annoying to truly toxic? And what do you do about it? Johna Johnson and John Burke are joined by Sandy Miller, a pseudonym for a CIO at a major global company who talks about... Read more »

Certification exams increasingly reflect the IT OT convergence, acknowledging that many protections apply across both domains requiring holistic security approaches rather than siloed solutions. John France, CISO at ISC2, explains that as threats grow more complex, certifications, continuous learning, and diverse skills are essential to building a resilient global workforce.

In this episode of the Automox CISO IT Podcast, host Jason Kikta, CISO at Automox, explores how CISOs can advocate for automation maturity across IT and security teams. Jason breaks down why automation is critical for:Reducing human error and noise in detectionAccelerating response speed during mass exploitation eventsFreeing up security teams to focus on high-value tasksDriving consistency and precision across IT operationsFrom worms of the early internet to today's rapid weaponization of exploits like Log4j, Jason shares lessons from the field and why automation is no longer optional for security leaders. Whether you're focused on patching, configuration, or incident response, this episode shows how automation maturity improves resilience, efficiency, and your ability to outpace attackers.This episode originally aired February 16, 2024

Higher education institutions are increasingly at risk from cyberattacks that threaten enrollment, accreditation, financial aid compliance, and reputation. In this episode of the Changing Higher Ed® podcast, Dr. Drumm McNaughton speaks with Brian Kelly, Chief Information Security Officer at Community Health Networks of Connecticut and former higher education CISO, about why cybersecurity must be treated as an enterprise risk—not just an IT issue. This conversation is especially relevant for presidents, trustees, and senior leaders who need to understand how cyber risk intersects with governance, strategic planning, crisis management, and accreditation readiness. Topics Covered: Why higher education is a prime target for cyberattacks How ransomware and data breaches disrupt core institutional functions The governance responsibilities of boards in overseeing cybersecurity Cyber implications for strategic planning and reputation management Why accreditation and compliance can be undermined by cyber breaches Protecting research and intellectual property from cyber threats Building a campus culture of shared cybersecurity responsibility The leadership succession gap in higher ed cybersecurity Core practices every institution should adopt during Cybersecurity Awareness Month Real-World Examples Discussed: United Healthcare and Social Security data compromises PowerSchool breach exposing minors to identity theft Target and Home Depot breaches as case studies in reputational damage F-35 design theft highlighting the value of intellectual property Scam examples including PayPal fraud, fake purchase confirmations, and LinkedIn phishing Leadership succession in action: Cathy Hubbs' retirement and Harry Hoffman's appointment Three Key Takeaways for Higher Ed Leadership: Plan for resilience, not just prevention—institutions must continue to operate during and after cyber incidents. Make cybersecurity a shared responsibility—leaders must ensure accountability across the campus community. Include cyber in board oversight—cyber risk is part of governance, enterprise risk management, and accreditation readiness. Read the transcript or extended show summary: https://changinghighered.com/cybersecurity-risk-management-in-higher-education/ #HigherEdCybersecurity #BoardGovernance #HigherEducationPodcast

In this episode of The Virtual CISO Moment, Greg Schaffer welcomes Brad Mathis, Senior Information Security Consultant at Keller Schroeder, for a wide-ranging discussion that spans four decades in technology and cybersecurity.From his early days repairing computers and catching his first virus, to leading security teams and serving as a virtual CISO, Brad shares a wealth of real-world experience and insights.Key highlights include:Lessons from building networks in the pre-Windows 95 eraThe importance of risk ownership, even with a vCISOWhat makes a good (and bad) security cultureHow to decompress in a high-stress industryThe role of mentorship and knowledge transfer in long-term successWhether you're new to the field or a seasoned security leader, this episode offers perspective, wisdom, and practical takeaways.

Send us a textOn this episode of Serious Privacy, Paul Breitbarth brings us news from the Global Privacy Assembly held in Korea and Dr. K Royal has fun with privacy trivia! Ralph O'Brien is out this week. Open offer to all fans... if you answered all the questions correctly, send oneof us your address and we will send you a sticker for playing Trivacy! If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

When we talk about AI at cybersecurity conferences these days, one term is impossible to ignore: agentic AI. But behind the excitement around AI-driven productivity and autonomous workflows lies an unresolved—and increasingly urgent—security issue: identity.In this episode, Sean Martin and Marco Ciappelli speak with Cristin Flynn Goodwin, keynote speaker at SecTor 2025, about the intersection of AI agents, identity management, and legal risk. Drawing from decades at the center of major security incidents—most recently as the head cybersecurity lawyer at Microsoft—Cristin frames today's AI hype within a longstanding identity crisis that organizations still haven't solved.Why It Matters NowAgentic AI changes the game. AI agents can act independently, replicate themselves, and disappear in seconds. That's great for automation—but terrifying for risk teams. Cristin flags the pressing need to identify and authenticate these ephemeral agents. Should they be digitally signed? Should there be a new standard body managing agent identities? Right now, we don't know.Meanwhile, attackers are already adapting. AI tools are being used to create flawless phishing emails, spoofed banking agents, and convincing digital personas. Add that to the fact that many consumers and companies still haven't implemented strong MFA, and the risk multiplier becomes clear.The Legal ViewFrom a legal standpoint, Cristin emphasizes how regulations like New York's DFS Cybersecurity Regulation are putting pressure on CISOs to tighten IAM controls. But what about individuals? “It's an unfair fight,” she says—no consumer can outpace a nation-state attacker armed with AI tooling.This keynote preview also calls attention to shadow AI agents: tools employees may create outside the control of IT or security. As Cristin warns, they could become “offensive digital insiders”—another dimension of the insider threat amplified by AI.Looking AheadThis is a must-listen episode for CISOs, security architects, policymakers, and anyone thinking about AI safety and digital trust. From the potential need for real-time, verifiable agent credentials to the looming collision of agentic AI with quantum computing, this conversation kicks off SecTor 2025 with urgency and clarity.Catch the full episode now, and don't miss Cristin's keynote on October 1.___________Guest:Cristin Flynn Goodwin, Senior Consultant, Good Harbor Security Risk Management | On LinkedIn: https://www.linkedin.com/in/cristin-flynn-goodwin-24359b4/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcweb___________ResourcesKeynote: Agentic AI and Identity: The Biggest Problem We're Not Solving: https://www.blackhat.com/sector/2025/briefings/schedule/#keynote-agentic-ai-and-identity-the-biggest-problem-were-not-solving-49591Learn more and catch more stories from our SecTor 2025 coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/sector-cybersecurity-conference-toronto-2025New York Department of Financial Services Cybersecurity Regulation: https://www.dfs.ny.gov/industry_guidance/cybersecurityGood Harbor Security Risk Management (Richard Clarke's firm): https://www.goodharbor.net/Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to share an Event Briefing as part of our event coverage? Learn More

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by David Spark with guests Brett Conlon, CISO, American Century Investments, and TC Niedzialkowski, Head of Security & IT, OpenDoor Thanks to our show sponsor, Conveyor Still stuck in security review chaos week after week? You're not the only one. But with Conveyor, teams finally get to a place of Questionnaire Zen. Our AI auto-fills answers across any format of questionnaire, even portals, and an enterprise-ready trust center keeps documents and policies ready for instant sharing. No more manual copy-pasting. No more last-minute scrambles. Just calm, clear security reviews that keep deals moving. Find your Zen with Conveyor at www.conveyor.com. All links and the video of this episode can be found on CISO Series.com

All links and images can be found on CISO Series. Check out this post by David Mundy of Tuskira for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is Jason Taule, CISO, Luminis Health. In this episode: ROI challenges  Venture capital saturation Risk aversion and organizational politics A GTM transformation Huge thanks to our sponsor, Doppel Doppel is the first social engineering defense platform built to dismantle deception at the source. It uses AI and infrastructure correlation to detect, link, and disrupt impersonation campaigns before they spread - protecting brands, executives, and employees while turning every threat into action that strengthens defenses across a shared intelligence network. Learn more at https://www.doppel.com/platform

If I were starting my cybersecurity career from scratch in 2025, this is exactly what I'd do. No fluff, no unnecessary certs, and no wasted time. Too many professionals are burning out chasing certs or bootcamps without real clarity. In this episode, I share my complete 6-step cybersecurity roadmap, the one I'd follow if I had to start all over again.Whether you're transitioning into cybersecurity or trying to accelerate your growth, this roadmap is built on real-world experience, not outdated advice. I went from a non-hacking tech role to becoming a CISO in just four years and today, I help professionals do the same.Looking to become an influential and effective security leader? Don't know where to start or how to go about it? Follow Monica Verma (LinkedIn) and Monica Talks Cyber (Youtube) for more content on cybersecurity, technology, leadership and innovation, and 10x your career. Subscribe to The Monica Talks Cyber newsletter at https://www.monicatalkscyber.com.

Modern digital supply chains are increasingly complex and vulnerable. In this episode of Security Matters, host David Puner is joined by Retsef Levi, professor of operations management at the MIT Sloan School of Management, to explore how organizations can “sense the signals” of hidden risks lurking within their software supply chains, from open source dependencies to third-party integrations and AI-driven automation.Professor Levi, a leading expert in cyber resilience and complex systems, explains why traditional prevention isn't enough and how attackers exploit unseen pathways to infiltrate even the most secure enterprises. The conversation covers the critical need for transparency, continuous monitoring, and rapid detection and recovery in an era where software is built from countless unknown components.Key topics include:How to sense early warning signs of supply chain attacksThe role of AI and automation in both risk and defenseBest practices for mapping and securing your digital ecosystemWhy resilience—not just prevention—must be at the core of your security strategyWhether you're a CISO, IT leader or security practitioner, this episode will help you rethink your approach to digital supply chain risk and prepare your organization for what's next.Subscribe to Security Matters for expert insights on identity security, cyber resilience and the evolving threat landscape.

In this episode of Life of a CISO, Dr. Eric Cole interviews Azunna Anyanwu, a fractional CIO, discussing his career journey, the importance of soft skills in cybersecurity leadership, and the challenges of managing budgets and risk. They delve into the complexities of ransomware, the evolving roles of CIOs and CISOs, and the impact of AI on the cybersecurity workforce. Azunna shares valuable insights on training employees to recognize threats and the necessity of establishing a risk tolerance with the board. He emphasizes the importance of continuous learning and setting goals for aspiring cybersecurity professionals.

Learn how to balance AI innovation with risk management in this episode of AWS Executive Insights, featuring Adam Marré, CISO at Arctic Wolf. Drawing from his unique background spanning everything from the US Army, to video game design at Disney Interactive, to FBI cybercrime investigations, Marré shares his perspective on building next-generation security operations and navigating AI security controls in today's threat landscape. He offers advice for translating security risk into business language, managing third-party risk, and implementing AI-powered security operations without replacing human judgment. Marré also discusses the value of building more diverse security teams through programs like Tech-Moms. This conversation is essential listening for security leaders navigating the intersection of AI innovation, talent development, and enterprise risk management.

In cybersecurity, identity has become the primary attack vector. We explore identity in CXOTalk 892, with the CEO of RSA Security, Rohit Ghai, who explains how stolen credentials, social engineering, and AI-enabled impersonation break defenses. And what boards, CISOs, and executives must do now.What you'll learn:-- Why credential theft remains the #1 initial access vector and what “phishing resistant” MFA actually requires-- How attackers bypass MFA via help desk social engineering and voice impersonation, and how to stop it-- Managing identity across the joiner–mover–leaver lifecycle to close high-risk gaps-- The “assume breach” mindset: zero trust, least privilege, and blast radius reduction-- The CISO's evolving mandate: business vs. technology, board communication, and risk quantification-- AI in cyber: sword, shield, and attack surface, and the changing economics of attack vs. defense-- Ransomware beyond backups: data theft, response playbooks, and legal/PR readinessWho should watch:Board members, CEOs, CISOs, CIOs, and security leaders who seek clear actions to improve resilience without slowing the business.

As CISO of Avanade—a joint venture between Accenture and Microsoft—Bob Bruns is in a unique position. He has firsthand insight into Microsoft's security roadmap from both implementation and innovation perspectives. In this episode, Bob shares his thinking on key security topics with Accenture CISO Kris Burkhardt. Listen to a CISO-to-CISO discussion about the Microsoft security ecosystem, the power of platforms, AI in security, and actions organizations can take to improve their security posture. 

In this week's episode, we talk about our experiences with SharePoint and Project. Now that Project Online is going away, as well as SharePoint 2013-style Workflows, we discuss the options for moving to more modern capabilities, and why these are still very valid tools. (00:00) - Intro and catching up.(03:58) - Show content starts.Show links- Project Online is retiring- SharePoint 2013 Workflow retirement- SharePoint 2013 Workflow Assessment Tool- SharePoint Workflow ManagerFeedback- Give us feedback!

The Secret Service dismantles an illegal network. Jaguar Land Rover (JLR) extends the shutdown production plants. The EU probes tech giants over online scams. Iranian APT Nimbus Manticore expands operations in Europe. North Korean Kimsuky deploys a shortcut-based espionage campaign. Github and Ruby Central roll out supply-chain security upgrades. Lastpass warns of macOS ClickFix campaign using fake GitHub repos. AT&T's CISO warns hackers mimic Salt Typhoon's unconventional tactics. CISO Perspectives host Kim Jones previews the upcoming season. An attorney pays $10K for AI hallucinations. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest CISO Perspectives host Kim Jones previews the upcoming season, sharing what's ahead for listeners. From leadership challenges to the evolving role of the CISO, Kim highlights the conversations and insights you can expect this season.You can check out the season opener here. Selected Reading Cache of Devices Capable of Crashing Cell Network Is Found Near U.N. (The New York Times) Secret Service Disrupts Threat Network Near UN General Assembly (YouTube) JLR extends shutdown – again – as toll on workers laid bare (The Register) The EU is scrutinizing how Apple, Google, and Microsoft tackle online scams (The Verge) Nimbus Manticore Deploys New Malware Targeting Europe (Check Point Research) Kimsuky attack disguised as sex offender notice information (Logpresso) GitHub tightens npm security with mandatory 2FA, access tokens (Bleeping Computer) NPM package caught using QR Code to fetch cookie-stealing malware (Bleeping Computer) LastPass: Fake password managers infect Mac users with malware (Bleeping Computer) Telecom exec: Salt Typhoon inspiring other hackers to use unconventional techniques (CyberScoop) Attorney Slapped With Hefty Fine for Citing 21 Fake, AI-Generated Cases (PCMag) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Regulation is a double-edged sword. While it helps create structure, establish accountability, and set standards, it also creates unnecessary hurdles, slower response times, and overly rigid systems. With every administration, policy goals and subsequently regulatory stances change, which can have major impacts on business operations. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Ben Yelin, from the University of Maryland Center for Cyber Health and Hazard Strategies, to discuss the current state of regulation. Throughout the conversation, Ben and Kim discuss how the current administration views regulations and the future role of the federal government. Learn more about your ad choices. Visit megaphone.fm/adchoices

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Erwin Lopez, CISO, SLAC National Accelerator Laboratory. In this episode: The AI experimentation phase isn't optional When selling security becomes the hardest part of the job Threat actors aren't hacking in anymore We build, we bond, and we can't bear to let go Huge thanks to our sponsor, ThreatLocker Human error remains one of the top cybersecurity threats. Just one wrong click can open the door to ransomware or data loss. With ThreatLocker, unauthorized apps, scripts, and devices are blocked before they can ever run. See how ThreatLocker can help you gain more control over your environment. Learn more at Threatlocker.com/CISO  

What makes a truly effective security leader in today's complex threat landscape? In this enlightening conversation with Andy Ellis, former CISO of Akamai Technologies and author of "1% Leadership," we explore how the role of the security executive has transformed from a technical specialist to a strategic business enabler.Andy shares his remarkable journey from Air Force information warfare specialist to becoming Akamai's first security hire, where he spent 20 years building a multi-billion dollar security business within the infrastructure company. His unique perspective challenges conventional thinking about security leadership, organizational structure, and how security teams should communicate risk to the broader business."Your job as a security professional is really to enable the business to make wiser risk choices," Andy explains, reframing the security function away from being the department of "no" to becoming a trusted advisor that helps organizations understand and navigate risks effectively. Using colorful analogies about crocodiles in the boardroom, he illustrates why security leaders should focus on making relevant risks believable rather than raising alarms about threats that don't align with business priorities.We dive deep into the evolution of the CISO role, discussing why the traditional reporting structures may be outdated and how smaller companies are blending security leadership with IT functions as traditional infrastructure moves to SaaS. Andy challenges security professionals to understand why controls exist rather than just implementing them, asking three critical questions: "What is the real reason you do this? Could we stop? What should we do differently?"Whether you're an aspiring security leader or a seasoned CISO, this conversation offers valuable insights on leadership, communication, and how to deliver real security value in an increasingly complex digital landscape. Listen now to learn how small, incremental improvements in your leadership approach can transform your security program's effectiveness and business impact.

Getting full value from AI requires a huge technology transformation. How can leaders navigate AI transformation without losing their teams and their digital assets along the way? Let's find out with our guest Jenny Moshea, former CIO for Sellen Construction. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.   LinkedIn profile -- https://www.linkedin.com/in/jmoshea/   Free Guide -- https://getjennergy.com/   Website -- https://www.kinetiqshift.com/

Craig Ford is the Director and Cofounder of Cyber Unicorns. He is the author of three different book series with a total of seven books, as well as a freelance cybersecurity journalist with works in magazines such as Women in Security, Cyber Australia, and Cyber Today, among others. In this episode, Ford joins host David Braue to discuss his role as a fractional CISO, as well as his work at Cyber Unicorns, published books, and more. • For more on cybersecurity, visit us at https://cybersecurityventures.com

John Carse, CISO at SquareX, joins the Stats on Stats podcast for a dynamic conversation on the evolving landscape of cybersecurity. With a career that began in the '80s and spans global leadership roles at Dyson, Rakuten, and JP Morgan Chase, John shares stories from his early hacking days to his current mission at SquareX—redefining browser security in a SaaS-first world.Guest Connect:LinkedIn: https://www.linkedin.com/in/johncarse/https://sqrx.com/Stats on Stats ResourcesCode & Culture: https://www.statsonstats.io/flipbooks     | https://www.codeculturecollective.io   Merch: https://www.statsonstats.io/shop    LinkTree: https://linktr.ee/statsonstatspodcast    Stats on Stats Partners & AffiliatesHacker HaltedWebsite: https://hackerhalted.com/ Use Discount Code: "HHSOS" for 50% offAntisyphon TrainingWebsite: https://www.antisyphontraining.com    MAD20 TrainingWebsite: https://mad20.io    Discount Code: STATSONSTATS15Ellington Cyber Academy: https://kenneth-ellington.mykajabi.com    Discount Code: STATSONSTATSKevtech AcademyWebsite: https://www.kevtechitsupport.com    Dream Chaser's Coffee Website: https://dreamchaserscoffee.com    Discount code: STATSONSTATSPodcasts We LikeCode & CultureYouTube: https://www.youtube.com/@CodeCultureCollectivePodcast DEM Tech FolksWebsite: https://linktr.ee/developeverymind    IntrusionsInDepthWebsite: https://www.intrusionsindepth.com  -----------------------------------------------------Episode was shot and edited at BlueBox Studio Tampahttps://blueboxdigital.com/bluebox-studio/

LimaCharlie CEO, Max Lamothe-Brassard welcome Cliff Janzen, CISO and VP of Security Services at Arctiq, for a special "Security Potpourri" session!What's on the menu?SOC operations and optimizationSecurity automation strategiesPenetration testing insightsAll through Cliff's expert lens and real-world experience. Join us for an insightful discussion on the current security landscape!Cliff is an experienced Vice President of Security with a demonstrated history of working in the computer and network security industry. Skilled in Security Architecture, Governance, Incident Management, Ethical Hacking, and Intrusion Detection. Currently working as CISO and VP of Security Services at Arctiq.

John Fiedler, SVP of Engineering and CISO at Ironclad, joins the show to unpack the real challenges of technology leadership. From managing nonstop context switching to measuring success when you're no longer shipping code, John shares hard-earned lessons on how leaders can protect their time, set priorities, and thrive in the chaos. Whether you're moving from IC to manager or scaling as an executive, this conversation offers a candid look at what it truly takes to lead.Key Takeaways• Success in leadership isn't about features shipped—it's about execution, people, and culture.• Context switching is constant, but leaders can design their calendars to minimize the chaos.• Organizational size reshapes the challenge: startups reward speed, enterprises demand process.• Protecting your time isn't optional—leaders who don't own their calendars quickly burn out.• The leap from IC to manager requires starting fresh and mastering a new craft.Timestamped Highlights02:13 The hidden tax of context switching06:53 How John measures success as a leader without code10:45 What really slows executives down inside organizations15:51 How John protects his calendar and finds focus time24:47 The lessons every first-time manager needs to hearA Line That Sticks“If you don't control your calendar, your calendar will control you.”Call to ActionIf this episode resonated, share it with a fellow leader navigating the chaos. Subscribe to The Tech Trek on Apple Podcasts and Spotify for more candid conversations about scaling, leadership, and the future of technology.

Send us a textOn this week of Serious Privacy, Ralph O'Brien of Reinbo Consulting and Dr. K Royal (Paul Breitbarth is travelling) discuss current events in privacy, data protection, and cyber law. Fascinating episode with all the hot stories which seem to follow a theme - adequacy and child online safety, plus some enforcements. Coverage includes the decision on the European Court's decision on the Latombe suit challenging the adequacy of the EU-US thingie, Brazil, Tazania, Argentina, Austrailia, China, ChatGPT, and so much more! If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guests Jack Kufahl, CISO, Michigan Medicine, and Nick Espinosa, host, The Deep Dive Radio Show Thanks to our show sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust Center puts your security posture in one secure, customer-facing portal, giving buyers instant visibility into your company's continuous controls, certifications, and policies. With AI-powered Questionnaire Assistance, blast through inbound security questionnaires in minutes instead of days, automate cross functional workflows, and eliminate friction. That means less manual work, and faster deal cycles. Win with Trust. Learn more at SafeBase.io. All links and the video of this episode can be found on CISO Series.com

In this episode of Life of a CISO, Dr. Eric Cole sits down with communication strategist and tech-human behavior expert Dr. Jill Schiefelbein. Together, they explore the critical intersection of cybersecurity, leadership, and communication—diving into why technical solutions alone aren't enough without clear messaging to executives, employees, and end users. From making the case for two-factor authentication to understanding how AI is transforming daily workflows, Dr. Jill shares powerful insights on bridging the gap between technical experts and business leaders. Whether you're a CISO, aspiring leader, or simply curious about the future of cybersecurity and AI, this episode offers practical advice to level up both your technical and communication game.

In the leadership and communications segment, Lack of board access: The No. 1 factor for CISO dissatisfaction, Pressure on CISOs to stay silent about security incidents growing, The Secret to Building a High-Performing Team, and more! Jackie McGuire sits down with Chuck Randolph, SVP of Strategic Intelligence & Security at 360 Privacy, for a gripping conversation about the evolution of executive protection in the digital age. With over 30 years of experience, Chuck shares how targeted violence has shifted from physical threats to online ideation—and why it now starts with a click. From PII abuse to unregulated data brokers, generative AI manipulation, and real-world convergence of cyber and physical risks—this is a must-watch for CISOs, CSOs, CEOs, and anyone navigating modern threat landscapes. Hear real-world examples, including shocking stories of doxxing, AI-fueled radicalization, and the hidden dangers of digital exhaust. Whether you're in cyber, physical security, or executive leadership, this interview lays out the urgent need for converged risk strategies, narrative control, and a new approach to duty of care in a remote-first world. Learn what every security leader needs to do now to protect key personnel, prevent exploitation, and build a unified, proactive risk posture. This segment is sponsored by 360 Privacy. Learn how to integrate privacy and protective intelligence to get ahead of the next threat vector at https://securityweekly.com/360privacybh! In this exclusive Black Hat 2025 interview, CyberRisk TV host Matt Alderman sits down with Tom Pore, AVP of Sales Engineering at Pentera, to dive into the rapidly evolving world of AI-driven cyberattacks. What's happening? Attackers are already using AI and LLMs to launch thousands of attacks per second—targeting modern web apps, exploiting PII, and bypassing traditional testing methods. Tom explains how automated AI payload generation, context-aware red teaming, and language/system-aware attack modeling are reshaping the security landscape. The twist? Pentera flips the script by empowering security teams to think like an attacker—using continuous, AI-powered penetration testing to uncover hidden risks before threat actors do. This includes finding hardcoded credentials, leveraging leaked identities, and pivoting across systems just like real adversaries. To learn more about Pentera's proactive Ransomware testing please visit: https://securityweekly.com/penterabh Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-413

This season on CISO Perspectives—your host, Kim Jones is digging into the issues shaping the future of cybersecurity leadership. From the regulations every CISO needs to understand, to the unexpected places privacy risks are emerging, to the new ways fraud and identity are colliding—these conversations will sharpen your strategies and strengthen your defenses. Industry leaders join the discussion to share their insights, challenges, and hard-earned lessons. Together, we'll connect the dots across regulation, privacy, fraud, leadership, and talent—helping you build a stronger, more resilient cybersecurity ecosystem. This is CISO Perspectives. Real conversations. Real strategies. Real impact. Learn more about your ad choices. Visit megaphone.fm/adchoices

I've spent years talking about endpoint security, yet printers rarely enter the conversation. Today, that blind spot takes center stage. I'm joined by Jim LaRoe, CEO of Symphion, to unpack why printers now represent one of the most exposed corners of the enterprise and what can be done about it. Jim's team protects fleets that range from a few hundred devices to tens of thousands, and the picture he paints is stark. In many organizations, printers make up 20 to 30 percent of endpoints, and almost all of them are left in a factory default state. That means open ports, default passwords, and little to no monitoring. Pair that with the sensitive data printers receive, process, and store, plus the privileged connections they hold to email and file servers, and you start to see why attackers love them. We trace Symphion's path from a configuration management roots story in 1999 to a pivot in 2015 when a major printer manufacturer invited the company behind the curtain. What they found was a parallel universe to mainstream IT. Brand silos, disparate operating systems, and a culture that treated printers as cost items rather than connected computers. Add in the human factor, where technicians reset devices to factory defaults after service as second nature, and you have a recipe for recurring vulnerabilities that never make it into a SOC dashboard. Jim explains how Symphion's Print Fleet Cybersecurity as a Service tackles this mess with cross-brand software, professional operations, and proven processes delivered for a simple per-device price. The model is designed to remove operational burden from IT teams. Automated daily monitoring detects drift, same-day remediation resets hardened controls, and comprehensive reporting supports regulatory needs in sectors like healthcare where compliance is non-negotiable. The goal is steady cyber hygiene for printers that mirrors what enterprises already expect for servers and PCs, without cobbling together multiple vendor tools, licenses, and extra headcount to operate them. We also talk about the hidden costs of DIY printer security. Licensing multiple management platforms for different brands, training staff who already have full plates, and outages caused by misconfigurations all add up. Jim shares real-world perspectives from organizations that tried to patch together a solution before calling in help. The pattern is familiar. Costs creep. Vulnerabilities reappear. Incidents push the topic onto the CISO's agenda. Symphion's pitch is straightforward. Treat print fleets like any other class of critical infrastructure in the enterprise, and measure outcomes in risk reduction, time saved, and fewer surprises. If you are commuting while listening and now hearing alarm bells, you are not alone. Think about the printers scattered across your offices and clinics. Consider the data that passes through them every day. Then picture an attacker who finds default credentials in minutes and uses a printer to move across your network.  Tune in for a fast, practical look at a risk hiding in plain sight, and learn how Symphion's Print Fleet Cybersecurity as a Service can help you close a gap that attackers know too well. ********* Visit the Sponsor of Tech Talks Network: Land your first job  in tech in 6 months as a Software QA Engineering Bootcamp with Careerist https://crst.co/OGCLA  

Network-as-a-Service (NaaS) promises enterprises the ability to set up and configure connectivity and network security with a couple of clicks. But for NaaS to truly transform enterprise networking, one thing has been missing: standards. Enter Mplify (formerly the Metropolitan Ethernet Forum), a non-profit focused on standardizing NaaS service definitions. Mplify’s CTO, Pascal Menezes, joins Johna... Read more »

What does cyberwarfare really look like behind the headlines? This week, Roo sits down with Hayley Benedict, a cyber intelligence analyst at RANE, to explore the evolving world of digital conflict. From hacktivists to disinformation specialists, Hayley shares how nation states, criminals, and ideologically driven groups are blurring lines — and why data theft, disruption, and doubt remain the weapons of choice.

Please enjoy this encore of Career Notes. Advisory CISO at Cisco, Helen Patton, shares that a combination of dumb luck, hard work and serendipity that got her to where she is today. Growing up in the country in Australia, Helen notes that computers were not really a thing. She happened into technology after moving to the US, as she was the only person in her office under 40. Of course she would be comfortable with computers and able to handle a database conversion, right? That launched her into a career that spanned supporting small nonprofits, working at one of the biggest banks on Wall Street while leading a global team, being the CISO of a major university, and now Advisory CISO at Cisco. Helen recently wrote a book, "Navigating the Cybersecurity Career Path," to help others know when it's time to move on from one role to another role as part of desire to give back to the community. We thank Helen for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices