Podcasts about ciso

Please enjoy this encore of CISO Perspectives. In this mid-season episode, Kim takes a step back to reflect on the journey so far—revisiting key conversations, standout moments, and recurring themes that have shaped the season. During the episode, Kim sits down with N2K's own Ethan Cook to connect the dots across episodes, uncovering deeper patterns and takeaways. Whether you're catching up or tuning in weekly, this episode offers a thoughtful recap and fresh perspective on where we've been—and what's still to come. Learn more about your ad choices. Visit megaphone.fm/adchoices

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series, and Andy Ellis, principal of Duha. Joining them is Janet Heins, CISO, ChenMed. In this episode: Inbound gets ignored Independence under constraint Methodology means nothing Lives over logins Huge thanks to our sponsor, Guardsquare Guardsquare delivers mobile app security without compromise, providing advanced protections for both Android and iOS apps. From app security testing to code hardening to real-time visibility into the threat landscape, Guardsquare solutions provide enhanced mobile application security from early in the development process through publication. Learn more about how to protect your app at Guardsquare.com.

It's a brand new season of Random but Memorable — and we're kicking things off with practical security for the people you care about most.

Rob Suárez, Vice President and Chief Information Security Officer at CareFirst BlueCross BlueShield joins Ann on this week's episode of Afternoon Cyber Tea. In the conversation, Rob shares how his career path and personal philosophy have shaped a mission-driven approach to cybersecurity that places patient trust, safety, and privacy at the center of every decision. He discusses the unique challenges of securing a deeply interconnected healthcare ecosystem, the critical role of culture and cyber literacy across organizations, and why transparency and resilience are essential during incidents. The episode also explores secure-by-design principles, the ethical use of AI in healthcare, and how the CISO role is evolving toward a broader focus on trust, collaboration, and human impact.     Resources:  View Rob Suárez on LinkedIn    View Ann Johnson on LinkedIn     Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast   The BlueHat Podcast    Uncovering Hidden Risks            Discover and follow other Microsoft podcasts at microsoft.com/podcasts       Afternoon Cyber Tea with Ann Johnson is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.  

Segment 1: Interview with Warwick Webb From Initial Entry to Resilience: Understanding Modern Attack Flows Modern cyberattacks don't unfold as isolated alerts--they move as coordinated attack flows that exploit gaps between tools, teams, and time. In this episode, Warwick Webb, Vice President of Managed Detection and Response at SentinelOne, breaks down how today's breaches often begin invisibly, progress undetected through siloed security stacks, and accelerate faster than human response alone can handle. He'll discuss how unified platforms, machine-speed detection powered by global threat intelligence, and expert-led response change the equation--turning fragmented signals into clear attack narratives. The conversation concludes with how organizations can move beyond incident response to build resilience, readiness, and continuous improvement through post-attack analysis. Listeners will leave with a clearer understanding of how attacks actually unfold in the real world—and what it takes to move from reactive alert handling to true attack-flow-driven defense. Segment Resources: Wayfinder MDR Solution Brief 451 MDR Report Managed Defense Redefined Blog This segment is sponsored by SentinelOne. Visit https://securityweekly.com/sentinelone to learn more about them! Segments 2 and 3: The Weekly News In this week's enterprise security news, we've got funding free tools! the CISO's craft agentic browsers tech companies are building cyber units? giving AI agents access to your entire life lots of dumpster fires in the industry today Cisco killed Kenna the state of AI in the SOC homemade EMP guns! don't try this at home All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-444

Kevin Carlson is a rare blend of technologist, strategist, and coach who bridges the gap between executive vision and operational execution. Drawing from his experience as a CTO, CISO, and Executive Coach, he aligns technological frameworks, security protocols, and leadership development strategies, enabling leaders to enhance both their organizational infrastructure and their personal effectiveness. Listen NOW to discover, The AI Leadership Gap That Nobody Talks About

All links and images can be found on CISO Series. Check out this post by Patrick Garrity of VulnCheck for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is Tom Doughty, CISO, Generate:Biomedicines. In this episode:  The 3Ms of product clarity Buzzwords work because buyers aren't experts Investor pressures distort messaging Threading the needle Huge thanks to our sponsor, Alteryx Alteryx is a leading AI and data analytics company that powers actionable insights that help organizations drive smarter, faster decisions. Alteryx One helps security, risk, and operations leaders cut hours of manual work to minutes, generate trusted insights at scale, and turn raw data into action faster than ever. Learn more at www.alteryx.com.

In this episode of The New CISO, host Steve Moore speaks with Manuel "Manu" Ressel, CISO at SAUTER Group, about his unconventional journey from classroom teacher to cybersecurity leader—and why the "Four Cs" of modern education provide a powerful framework for building effective security programs. Drawing from years as both a teacher and school principal in Germany, Manu introduces Critical Thinking, Communication, Collaboration, and Creativity as essential leadership skills that fundamentally challenge how the industry approaches awareness training and incident response.After growing frustrated with Germany's outdated education system that prioritized memorization over critical thinking, Manu left his position as principal and reinvented himself as a digital transformation consultant. Working with schools and mid-sized companies to adopt cloud technologies, he eventually landed the CISO role at SAUTER, an international building automation company with 4,000 employees across multiple countries.The conversation tackles security's most persistent failure: awareness training that doesn't work. Manu reveals that 37% of security incidents in Germany could be prevented if users made better decisions, yet most organizations rely on boring click-through programs. He advocates for scenario-based, role-specific training—an approach now mandated by Europe's NIS 2 regulation—that treats people as the biggest opportunity in cybersecurity rather than the weakest link.One of the episode's most practical frameworks is Manu's Observation-Description-Interpretation method for analyzing security incidents. He explains how humans naturally jump from observation directly to interpretation, skipping the crucial middle step of accurately describing what actually happened. This leads to finger-pointing, misdiagnosis, and hasty decisions. By training security analysts to pause and describe incidents factually first, teams make better decisions and build trust with the business.Manu challenges the punitive approach many organizations take toward security failures, particularly companies that fire employees for repeatedly clicking phishing simulations. He champions building positive fault cultures where employees feel safe reporting mistakes. His three crisis questions—Is anyone dying? Major financial impact? Will someone be hurt?—provide a simple framework for staying calm and deciding when immediate action is necessary versus taking time to think strategically.Key Topics Discussed:Why the "Four Cs" (Critical Thinking, Communication, Collaboration, Creativity) define effective security leadershipThe Observation-Description-Interpretation framework for incident analysis without biasTransforming ineffective awareness training into engaging, scenario-based programsBuilding positive security cultures where employees report issues without fearNIS 2's mandate for role-specific cybersecurity training across organizational levelsWhy Germany and European mid-market companies lag in cloud adoptionThree critical crisis questions: Is anyone dying? Financial impact? Risk of harm?Why punitive phishing training destroys trust and cultural engagementApplying teacher skills to security leadership and de-escalation...

Send us a textWe are back! Welcome to season 7 of the Serious Privacy podcast, with dr. K Royal, Ralph O'Brien and Paul Breitbarth. Also this season, we will keep you up to date of developments in the data protection and privacy community, artificial intelligence and some cybersecurity. And of course we'll bring you interviews with great guests! If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

In episode 172 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Chirag Arora, Cyber Security Executive Advisor and CISO at Dorf Nelson & Zauderer LLP. Together, they discuss how Chirag draws upon his experience as a CISO and his community work as a CIS Critical Security Controls® (CIS Controls®) Ambassador to help other CISOs with their cybersecurity programs.Here are some highlights from our episode:00:51. Introduction to Chirag and the early years of his work as a CIS Controls Ambassador06:03. The value of measurement and psychology when discussing assessments with CISOs09:00. Chirag's work on a CISO certification and vision for aligning it to the CIS Controls12:31. How open sharing of wisdom between CISOs makes the world more secure20:57. The importance of storytelling for CISOs, CIS Controls Ambassadors, and other leaders24:29. Chirag's use of law school to take his understanding of reasonableness up a level28:13. Regular opportunities for CIS Controls Ambassadors to discuss universal issues31:08. The heightened importance of nonprofit organizations bringing people togetherResourcesCIS Critical Security Controls®Episode 160: Championing SME Security with the CIS ControlsEpisode 168: Institutionalizing Good Cybersecurity IdeasReasonable Cybersecurity GuideSimplify Security Management with CIS SecureSuite PlatformCISO Certification by GlobalCISO Leadership Foundation™If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Are there some things that can come off your strategic planning radar for IT and cybersecurity in 2026? If you ask AI, you'll get some surprising answers. Johna and John take a critical look at this AI-generated list to see which ones may or may not be “solved enough” to fall off the strategic planning... Read more »

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Johann Balaguer, Global CISO, Hard Rock Hotels and Casinos. In this episode: Understanding the why Own your digital self Invest beyond tenure Prepare for dependencies Thanks to Louis Zhichao Zhang, AIA Australia for contributing this week's "What's Worse?!" scenario. Huge thanks to our sponsor, Guardsquare Guardsquare delivers mobile app security without compromise, providing advanced protections for both Android and iOS apps. From app security testing to code hardening to real-time visibility into the threat landscape, Guardsquare solutions provide enhanced mobile application security from early in the development process through publication. Learn more about how to protect your app at Guardsquare.com.

Are there some things that can come off your strategic planning radar for IT and cybersecurity in 2026? If you ask AI, you'll get some surprising answers. Johna and John take a critical look at this AI-generated list to see which ones may or may not be “solved enough” to fall off the strategic planning... Read more »

Why do IT organizations cling to ancient technology like Windows 2003, creating dangerous technical debt they don't even recognize? And how do they get out of this trap? Let's find out with our guest Anton Chuvakin, who advises the biggest customers of Google's Cloud services. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.   LinkedIn profile -- https://www.linkedin.com/in/chuvakin/   Podcast -- https://cloud.withgoogle.com/cloudsecurity/podcast/

Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Krista Arndt, associate CISO, St. Luke's University Health Network, and Jason Shockey, CISO, Cenlar FSB Thanks to our show sponsor, Conveyor Ever dream of giving customers instant answers to their security questions without ever filling out another questionnaire? Meet Conveyor's new Trust Center Agent. The Agent lives in your Conveyor Trust Center and answers every customer question, surfaces documents and even completes full questionnaires instantly so customers can finish their review and be on their way. Top tech companies like Atlassian, Zapier, and more are using Conveyor to automate away tedious work. Learn more at conveyor.com. All links and the video of this episode can be found on CISO Series.com

Show Notes: Jason Baumgarten is a partner at Spencer Stuart where he is also the global head and CEO of board practice. He assists businesses in all sectors to identify and evaluate CEOs who motivate senior leadership teams to reach their full potential. Additionally, he assists boards with CEO succession planning, director recruitment, and identifying future leaders.  How to Join a For-profit Board Jason talks about the range of roles on a board and the specific roles a board might be looking to fill. He explains that the specificity of board roles varies based on the scale and maturity of the organization, using a real example of a board search he is currently involved in. Jason discusses how sophisticated boards often have specific requirements for board members, such as industry experience, geographic expertise, and specific skill sets. Identifying and Defining Board Roles When asked about the various categories of board roles, such as finance, data analytics, and HR, Jason explains that the most common request is for recently or actively retired CEOs, followed by CFOs with specific finance experience. He  highlights the importance of understanding the nature and type of business the company is in, such as regulated industries, capital-light businesses, or capital-heavy businesses. Board Member Etiquette Jason outlines the main drivers for wanting to be on a board: prestige and the desire to be helpful. He explains the concept of "noses in, fingers out" in governance, emphasizing the importance of board members being helpful but not overly involved. He also discusses the range of compensation for board members, from stipends to significant annual fees, and advises against depending on board compensation as a primary source of income.  He stresses the importance of being willing to fire oneself from a board to provide objective advice to the CEO. The Reality of Joining a Board for Management Consultants Jason advises not to limit aspirations and suggests using a simple litmus test: "if the company wouldn't hire you as a top executive, they probably won't consider you for a board role." He explains the importance of nonprofit boards, both fundraising and operating boards, and how they can provide valuable experience and networking opportunities. Jason discusses the potential for board roles in small private companies, large private companies, and public companies, emphasizing the importance of regional connections and unique experiences. The Role of Executive Search Firms in Board Recruitment Jason explains that search firms are often involved in board searches for public or pre-IPO companies and large private equity firms. He advises building relationships with search firms and being responsive and helpful when they reach out for market intelligence or advisory work. Jason also shares the importance of having a network of firms that work in your industry or location and how advisory work can lead to board opportunities. How Boards Vet Prospective Members The conversation turns to the process of being vetted and evaluated for a board role, including interviews, background checks, and social media history. Jason explains that some  boards generally recruit with a lighter touch than other roles, but private equity and regulated boards may conduct more thorough diligence. He advises candidates to ask about the board's process, including the last board member hired and the steps involved in the recruitment process. He also emphasizes the importance of meeting all board members and ensuring a good fit in terms of personality and interests. The Commitment Reality of Being on the Board Jason talks about the typical time commitment for board members, including meetings, committee calls, and ad hoc time with the CEO. He explains the importance of understanding the size of board decks and the amount of preparation required for each meeting. Jason also advises candidates to be patient and persistent, as the process of getting on a board can take years and is often unpredictable. Identifying Risks to Board Members When asked about the risks involved in accepting a board position and the importance of D&O insurance, Jason recommends consulting with a D&O insurance broker to understand the market and ensure appropriate coverage. He advises candidates to be aware of any litigation or regulatory risks associated with the board and to seek legal advice if necessary. Jason also emphasizes the importance of understanding the board's D&O policy and ensuring that board members are covered appropriately. Final Thoughts and Advice Jason reiterates the importance of understanding the time commitment and potential disruptions that can arise. He advises candidates to be patient and persistent, as the process of getting on a board can take years. Jason shares a story about a former CISO who became a sought-after board member, illustrating the unpredictability of the process and the importance of perseverance. Timestamps: 02:18: Types of Board Roles and Common Requests 05:29: Benefits of Being on a Board  08:08: Levels of Boards and Aspirations  15:24: Search Firms and Board Recruitment Processes  32:38: The Board Recruitment Process 39:41: Time Commitment and Potential Disruptions  42:50: Risk and Insurance Considerations  47:16: Final Thoughts and Advice  Links: Website: getscalar.ai   This episode on Umbrex: https://umbrex.com/unleashed/episode-632-jason-baumgarten-how-to-position-yourself-for-board-roles/ Unleashed is produced by Umbrex, which has a mission of connecting independent management consultants with one another, creating opportunities for members to meet, build relationships, and share lessons learned. Learn more at www.umbrex.com. *AI generated timestamps and show notes.  

You'd think the folks steering the cybersecurity ship would be the last ones to punch holes in the hull—but nope, even the pros trip over their own policies. In this episode, we dive headfirst into a cautionary tale where a CISO (yes, the security guy) admits to becoming the insider threat he warns others about. From skipping his own software vetting procedures to triggering network alarms like it's the 4th of July, this story is equal parts cringe and crucial. Strap in as we explore how even the most iron-clad experts are still deliciously human. More info at HelpMeWithHIPAA.com/544

The most dangerous attack surface isn't your infrastructure, it's desire under pressure. When people are emotional, impulsive, and hoping for connection, security controls don't fail… judgment does. Ron sits down with George Al-Koura, CISO at Ruby Life, to talk about securing some of the most psychologically sensitive data on the internet, and why dating data can carry more real-world risk than financial data. From the fallout of the Tea dating-safety app breaches to impulse-driven human behavior, sexual science, and intel-driven security, this conversation cuts straight to the uncomfortable truth: protecting users means understanding how people actually behave when emotion overrides logic. Impactful Moments 00:00 - Introduction 01:45 - Tea app breach reality-check 04:26 - Why George chose Ruby Life 09:10 - Dating data hits harder 11:52 - Competitors refuse threat sharing 16:15- AI boosts social engineering 18:47 - Horny brains create risk 19:49 - Sexual science meets security 21:20 - AI avatars dating first 33:13 - Trust is earned in layers Links Connect with our guest on LinkedIn: https://www.linkedin.com/in/george-y-al-koura/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/    

Ransomware isn't a technical problem—it's a leadership test. In this episode of Life of a CISO, Dr. Eric Cole welcomes back bestselling author and cybersecurity leader Zachary Lewis to break down the real-world realities of responding to a ransomware attack. Drawing from firsthand experience, they discuss why executive relationships, preparation, and credibility matter more than tools, how CISOs survive high-pressure incidents, and what separates leaders who thrive after a breach from those who don't. If you're a CISO, security leader, or aspiring executive, this episode offers practical insight into what ransomware response really looks like when everything is on the line.  

In this three-part series our guests reprise their panel discussion at the Executive Women's Forum DSG Global conference titled "You Be The Judge," during which they explored scenarios involving harms potentially caused by Agentic AI.In Episode 1 they discuss an Agentic AI mammography triage system designed to flag positives for a radiologist, auto-send “all clear” letters for negatives, and operate with minimal human oversight. They answer this difficult question: When the machine gets it wrong, who is accountable? Developers, hospitals, clinicians, and/or data providers? What role do contracts, warnings, and intended-use labels play in establishing liability? What safeguards would balance speed and safety? Random audits? Documentation? Will a new standard of care develop for machine decision-making? I take the back seat in this series as the panelists moderate the discussion. They are:Galina Datskovsky, PhD, CRM, FAIBoard of Directors, FIT and OpenAxesInformation Governance and AI expertMarina KaganovichAMERS Financial Services Executive Trust LeadOffice of the CISO, Google Cloud Hon. Lisa WalshFlorida Circuit Judge11th Judicial Circuit, Miami-Dade CountySpecial thanks to Kathryn M. Rattigan, Partner, Data Privacy + Cybersecurity with Robinson+Cole for bringing this team to the Emerging Litigation Podcast. If you work in health tech, compliance, or hospital operations -- or you advise these professionals -- this conversation offers a clear-eyed guide to deploying autonomous agents responsibly—without sleepwalking into preventable harm. If you like what you hear, watch for Episodes 2 and 3. ______________________________________ Thanks for listening! If you like what you hear please give us a rating. You'd be amazed at how much that helps. If you have questions for Tom or would like to participate, you can reach him at Editor@LitigationConferences.com. Ask him about creating this kind of content for your firm -- podcasts, webinars, blogs, articles, papers, and more. Tom on LinkedIn Emerging Litigation Podcast on LinkedIn Emerging Litigation Podcast on the HB Litigation site

What happens when cyber risk leaders stop speaking in acronyms and start telling stories? In this episode, host Jason Bradwell sits down with Jeffrey Wheatman, SVP of Cyber Risk Strategy at Black Kite and longtime cybersecurity evangelist, to talk about how to lead with problems, not products. From decades advising CISOs at Gartner to launching the panel show Third Party, Jeff shares what he's learned about building trust, breaking down "terminal uniqueness," and why vendors need to collaborate on educating the market instead of competing. If you care about cutting through noise in a saturated market, this conversation is packed with insights you can actually use. Jason and Jeff dive into why so many cybersecurity vendors fall into the trap of "terminal uniqueness" believing they're so different that they can't learn from anyone else. Jeff explains why this mindset kills effective marketing and how leading with the problem, not your product features, is the only way to break through. They explore why CISOs won't talk to sales teams (hint: it's not personal, it's about trust) and why the cybersecurity industry desperately needs more collaboration. Jeff makes a compelling case that we're at war with ransomware networks, yet vendors refuse to talk to each other about how to educate buyers. The conversation shifts to buyer awareness stages and where most marketing completely misses the mark. Jeff shares his framework for thinking about audiences beyond just problem-aware buyers, and why "hallway therapy" at conferences builds more trust than any keynote ever will. Jason asks Jeff how he'd spend $100K to build an audience (not a campaign), and Jeff's answer revolves around creating spaces for real conversation, which is exactly what led him to launch Third Party, a panel show tackling cybersecurity topics with both strategic and tactical depth. They wrap with Jeff's shoutouts to creators doing cyber content right and key takeaways for B2B marketers trying to build trust in technical markets. Whether you're a security vendor struggling to differentiate, a CISO trying to communicate risk to the board, or a B2B marketer in any technical space, Jeff's insights on problem-first storytelling and building genuine community will transform how you think about reaching your audience. This isn't about more content, it's about better conversations. Subscribe to catch every episode. Leave a review to help others discover the show. Share with security professionals or B2B marketers trying to break through technical noise. Follow B2B Better on LinkedIn for weekly insights. 00:00 - Introduction: Cutting through cyber noise 01:30 - Jeff's journey from Gartner to Black Kite 04:00 - Terminal uniqueness: the "we're different" trap 07:00 - Lead with problems, not product features 09:30 - Why CISOs avoid sales conversations 13:00 - We're at war: Why vendors need to collaborate 17:30 - Buyer awareness stages marketers miss 20:00 - Why competitors won't talk (and should) 24:00 - Hallway therapy beats keynotes 27:00 - The $100K audience-building question 30:00 - Launching Third Party panel show 35:00 - Strategic + tactical content together 38:00 - Cybersecurity creators doing it right 42:00 - Key takeaways for B2B marketers Connect with Jason Bradwell on LinkedIn Connect with Jeffrey Wheatman on LinkedIn Visit Black Kite podcast/resource hub Visit InfoSec World's official site Explore B2B Better website and the Pipe Dream podcast

In episode 171 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Soledad Antelada Toledano, Security Advisor, Office of the CISO, Google Cloud at Google. Together, they discuss securing critical national infrastructure (CNI) in U.S. State, Local, Tribal, and Territorial (SLTT) government organizations through artificial intelligence (AI) adoption.Here are some highlights from our episode:00:50. Introduction to Soledad02:48. How the convergence of informational technology (IT) and operational technology (OT) has created bigger attack surfaces04:10. The proliferation of threat actors targeting critical infrastructure sectors07:24. The challenge of legacy systems for U.S. SLTT owners of CNI08:13. Alert fatigue, limited visibility, and other challenges facing OT networks13:22. The value of automated cyber threat intelligence (CTI)24:46. Building strategic AI implementation around human in the loop (HITL)33:17. U.S. SLTTs' use of the cloud to test and build trust for securing CNIResourcesThe Changing Landscape of Security Operations and Its Impact on Critical InfrastructureCybersecurity for Critical InfrastructureEpisode 139: Community Building for the Cyber-UnderservedEpisode 119: Multidimensional Threat Defense at Large EventsLeveraging Generative Artificial Intelligence for Tabletop Exercise DevelopmentThe Evolving Role of Generative Artificial Intelligence in the Cyber Threat LandscapeEpisode 148: How MDR Helps Shine a Light on Zero-Day AttacksVulnerability Management Policy Template for CIS Control 7CIS Critical Security Controls v8.1 Industrial Control Systems (ICS) GuideIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining them is Sara Madden, CISO, Convera. In this episode: Hold developers accountable Credibility through candor Be strategic with AI deployment Resources don't guarantee security Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

David Gee, a veteran CISO, CIO, board advisor, and author, joins Ann Johnson, CVP of Cybersecurity, Microsoft, on this week's episode of Afternoon Cyber Tea. Drawing on decades of experience and insights from his books, Gee explores the gap between theory and reality for security leaders, the role of imposter syndrome in professional growth, and why embracing discomfort is essential to effective leadership. The conversation examines how CISOs can balance risk management with business enablement, reset expectations with boards and executives, and build resilient, team-driven security cultures. Gee also shares perspectives on mentorship, long-term sustainability in the role, and how the CISO must evolve from a control-focused operator to a strategic influencer in an era shaped by AI, regulation, and constant change.    Resources:  View David Gee on LinkedIn  View Ann Johnson on LinkedIn     Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast   The BlueHat Podcast    Uncovering Hidden Risks           Discover and follow other Microsoft podcasts at microsoft.com/podcasts      Afternoon Cyber Tea with Ann Johnson is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

Rob Hughes — CISO at RSA and Champion of a Passwordless FutureNo Password Required Season 7:  Episode 1 - Rob HughesRob Hughes, the CISO at RSA, has more than 25 years of experience leading security and cloud infrastructure teams. In this episode, he reflects on his unconventional career path, from co-founding the original Geek.com and serving as its Chief Technologist during the early days of the internet, to leading security and systems design at Philips Home Monitoring.Jack Clabby of Carlton Fields, P.A. and Kayley Melton welcome Rob for a wide-ranging conversation on identity, leadership, and the realities of modern cybersecurity. Rob currently leads RSA's Security and Risk Office, overseeing cybersecurity, information security governance, and risk across both RSA's products and corporate environment.Rob explains his dream for a passwordless future. He unpacks why passwords remain one of the largest sources of cyber risk, how real-world incidents and password-spraying attacks have accelerated change, and why phishing-resistant technologies like passkeys may finally be reaching a tipping point.  The episode wraps with the Lifestyle Polygraph, where Rob lightens the conversation with stories about gaming with his kids, underrated horror films, and classic cars.Follow Rob on LinkedIn: https://www.linkedin.com/in/robert-hughes-816067a4/Chapters: 00:00 Introduction to No Password Required01:43 Meet Rob Hughes, CISO at RSA02:05 The Role of a CISO in a Security Company05:09 Transitioning to the CISO Role08:00 The Early Days of Geek.com12:14 Launching a Startup During the Dot Com Boom14:30 The Push for a Passwordless Future18:21 Tipping Point for Passwordless Adoption20:20 Ongoing Learning in Cybersecurity26:09 Managing Stress in High-Pressure Environments33:46 The Lifestyle Polygraph Begins34:15 Career Insights in Cybersecurity36:08 Dream Cars and Personal Preferences39:58 Underrated Horror Films41:19 Creating a Cybersecurity Monster

Please enjoy this encore of Career Notes. Deepen Desai, Global Chief Information Security Officer at Zscaler, shares his story as a doctor that treats computer viruses. He describes how he got into the security field and his work with Zscaler. He says what it's like learning and growing in this field and shares great advice for people who are up and coming in the field. Deepen describes working with an incredible team and how much joy it brings him to see his team learning and growing beyond their roles working with him. He says he want's to be remembered as a mentor among his colleagues. He says "I still remember my first team that I built, 15 years ago. Most of those guys are leading key technologies at many of the major security vendors, and some of them are still with me." We thank Deepen for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Deepen Desai, Global Chief Information Security Officer at Zscaler, shares his story as a doctor that treats computer viruses. He describes how he got into the security field and his work with Zscaler. He says what it's like learning and growing in this field and shares great advice for people who are up and coming in the field. Deepen describes working with an incredible team and how much joy it brings him to see his team learning and growing beyond their roles working with him. He says he want's to be remembered as a mentor among his colleagues. He says "I still remember my first team that I built, 15 years ago. Most of those guys are leading key technologies at many of the major security vendors, and some of them are still with me." We thank Deepen for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, James sits down with Tim Chase, Principal Technical Evangelist at Orca Security and 20-year cybersecurity veteran. He shares stories from his early days: learning from "Hacking Exposed" books at Barnes & Noble, getting caught with hacking tools an hour after installing them, and how dropping out of college after designing one trebuchet led him from functional testing to CISO roles.But Tim isn't dwelling on the past. He reveals the nation state that manipulated open source binaries because diplomatic channels failed, explains why security awareness training is fundamentally broken, and demonstrates why AI will actually favor defenders over attackers—a refreshingly optimistic take. From acronym overload to the "Negative Nelly" problem, Tim shows why cybersecurity desperately needs a positive mindset shift.

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by me, David Spark, the producer of CISO Series, and Jerich Beason, CISO, WM. Their guest is Pam Lindemoen, CSO and vp of strategy, RH-ISAC. In this episode: From loudest to most trusted Letting go of the win Listening over proving Beyond right and wrong Huge thanks to our sponsor, Alteryx Alteryx is a leading AI and data analytics company that powers actionable insights that help organizations drive smarter, faster decisions. Alteryx One helps security, risk, and operations leaders cut hours of manual work to minutes, generate trusted insights at scale, and turn raw data into action faster than ever. Learn more at www.alteryx.com.  

After leaving her role performing the duties of the chief information officer for the Department of Defense last month, Katie Arrington has taken a new position as CIO at quantum computing company IonQ. Arrington will step into the role Jan. 19, reporting to the company's COO and CFO Inder Singh, IonQ announced Wednesday. Kirsten Davies was nominated by President Donald Trump in May 2025 to be the Defense Department CIO, and it took most of the remainder of 2025 for the Senate to confirm her into the role. She was sworn in just before the Christmas holiday, at which point Arrington stepped away from her service to the Pentagon. In joining IonQ, Arrington will serve on the company's executive team. As CIO, Arrington will continue to support the U.S. military from a different vantage, leading modernization and security of IonQ's enterprise systems in support of its mission to deliver quantum capabilities to American warfighters. Before rejoining the Pentagon a year ago, then as deputy CIO for cybersecurity, Arrington had a previous stint as CISO in the Office of the Undersecretary of Defense for Acquisition and Sustainment, where she was largely responsible for the development of the Cybersecurity Maturity Model Certification (CMMC) program. Now: President Donald Trump re-nominated Sean Plankey to lead the Cybersecurity and Infrastructure Security Agency on Tuesday, after Plankey's bid for the position ended last year stuck in the Senate. It's not clear whether or how Plankey's resubmitted nomination will overcome the hurdles that left many observers convinced his chance of becoming CISA director had likely ended, but it does definitively signal that the Trump administration still wants Plankey to have the job. Plankey's nomination was included in a batch sent to the Senate announced on Tuesday. CISA spent all of 2025 under Trump without a permanent director. Trump nominated Plankey, who held a couple cybersecurity roles in the first Trump administration, to lead CISA in March. He got a Senate Homeland Security and Governmental Affairs Committee hearing in July, then won approval from that panel that same month. But Sen. Rick Scott, R-Fla., had placed a hold on Plankey's nomination over a Coast Guard contract that the Homeland Security Department had canceled in part. While he awaited confirmation, Plankey had been serving as a senior adviser to the secretary for the Coast Guard. A spokesperson for Scott did not immediately respond to a request for comment. North Carolina's GOP Senate delegation also had placed holds on DHS nominees related to disaster aid to their state. Sen. Thom Tillis, R-N.C., said last week that the holds would remain until Secretary Kristi Noem appeared before the Senate Judiciary Committee. A White House official had denied reports that Plankey's nomination was all but over last year. “President Trump has been clear that he wants all of his nominees confirmed as quickly as possible, including Sean Plankey, who will play a key role in ensuring a strong cyber defense infrastructure,” the official told CyberScoop. Asked Wednesday at the Surface Navy Association national symposium about what he was doing to convince senators to lift their holds, Plankey answered, “The administration, the White House has to say that this is a priority of us.” The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

In this episode of Life of a CISO, Dr. Eric Cole sits down with cybersecurity leader Matthew Webster to explore what it really takes to succeed in the modern CISO role. Matthew shares his journey from IT into federal and commercial cybersecurity, the lessons that shaped his leadership approach, and why technical skills alone aren't enough at the executive level. Together, they discuss the importance of communication, influence, and business alignment, how CISOs can navigate compliance and legal challenges, and why building strong relationships with executives and legal teams is critical. This conversation offers practical insights for current and aspiring CISOs on translating cyber risk into business value, earning a seat at the table, and leading with clarity in an increasingly complex security landscape.  

A ransomware attack doesn't always announce itself with flashing warnings and locked screens. Sometimes it starts with a quiet system outage, a few unavailable servers, and a sinking realization days later that the threat actors were already inside. This conversation pulls back the curtain on what really happens when an organization believes it's dealing with routine failures only to discover it's facing a full-scale cyber extortion event. My guest today is Zachary Lewis, CIO and CISO for a Midwest university, a 40 Under 40 Business Leader, and a former Nonprofit CISO of the Year. Zachary shares the inside story of a LockBit ransomware attack that unfolded while his team was still building foundational security controls, forcing real-time decisions about recovery, disclosure, negotiations, and whether paying a ransom was even an option. We talk about the shame that keeps many cyber incidents hidden, the emotional weight leaders carry during these moments, and the practical realities that don't show up in tabletop exercises from buying bitcoin to restoring systems when password managers are encrypted. It's an honest, grounded discussion about resilience, preparedness, and why sharing these stories openly may be one of the most important defenses organizations have. Show Notes: [04:05] Zachary Lewis explains why the absence of an immediate ransom note delayed suspicion of an attack. [06:00] The first technical indicators suggest something more serious is unfolding. [07:45] Discovering encrypted hypervisors and realizing recovery won't be straightforward. [09:30] Zachary outlines when data exfiltration became a real concern. [11:05] Receiving the LockBit ransomware note confirms the organization has been compromised. [12:55] The 4:30 a.m. phone call pushes leadership into full crisis mode. [14:40] Zachary reflects on managing fear, responsibility, and decision fatigue mid-incident. [16:20] Executive expectations collide with technical realities during the breach. [18:05] Why "doing most things right" still doesn't guarantee protection. [19:55] Cyber insurance begins shaping early response decisions. [21:35] Bringing in incident response teams and legal counsel under tight timelines. [23:20] Zachary describes working with the FBI and understanding jurisdictional limits. [25:10] What law enforcement can and cannot realistically provide during ransomware events. [26:50] Opening communication channels with the threat actors. [28:35] The psychological pressure behind ransomware negotiations. [30:10] Attacker-imposed timelines force rapid, high-stakes decisions. [31:55] Zachary walks through the practical challenges of acquiring cryptocurrency. [33:40] Why encrypted password managers created unexpected recovery barriers. [35:15] Determining which systems could be restored first—and which could not. [37:00] Lessons learned about backup integrity and offline recovery. [38:45] The importance of clear internal communication during uncertainty. [40:25] Balancing transparency with legal and reputational concerns. [42:10] How staff reactions differed from executive responses. [43:55] Zachary discusses the stigma that keeps many ransomware incidents quiet. [45:40] Why sharing breach stories can strengthen collective defenses. [47:20] MFA gaps and configuration issues exposed by the attack. [49:05] Why tabletop exercises fall short of real-world incidents. [50:50] Long-term security changes made after recovery. [52:30] Zachary offers advice for CISOs facing their first major incident. [54:10] What preparedness really means beyond compliance checklists. [56:00] Why resilience and recovery deserve equal priority. [58:30] Final reflections on leadership, accountability, and learning in public. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Zachary Lewis - The Homesteading CISO Zach Lewis - LinkedIn

Leaders may shy away from thinking about insider threats because it means assuming the worst about colleagues and friends. But technology executives do need to confront this problem because insider attacks are prevalent—a recent study claims that in 2024, 83% of organizations experienced at least one—and on the rise. Moreover, AI and deepfakes vastly enhance... Read more »

In this Brand Highlight, Ivan Milenkovic, Vice President, Cyber Risk Technology at Qualys, joins host Sean Martin to discuss how security leaders can break free from the whack-a-mole cycle of vulnerability management.With more than 48,000 vulnerabilities disclosed in 2025 alone and the average enterprise juggling 76 different security consoles, Milenkovic argues that the old methods of counting patches and chasing alerts are no longer sustainable. Instead, Qualys helps organizations prioritize threats based on business context through what the company calls TruRisk.Milenkovic describes a fundamental shift he sees taking place in boardroom conversations: moving from risk appetite to risk tolerance. Boards and executives now want to know what specific losses mean to the business rather than simply asking whether the organization is secure.For CISOs, this means evolving from the department of "No" to the department of "Know," where security leaders understand where problems exist, how to fix them, and what architecture supports business objectives. The key is demonstrating return on investment through resilience metrics rather than vulnerability counts.Qualys addresses this challenge through its Enterprise TruRisk Management platform, which facilitates what Milenkovic calls the Risk Operations Center. Unlike a traditional SOC that focuses on incidents that have already occurred, the ROC takes a proactive stance, helping organizations prevent threats and optimize security spending before damage occurs.This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlightGUESTIvan Milenkovic, Vice President, Cyber Risk Technology, QualysOn LinkedIn | https://www.linkedin.com/in/ivanmilenkovic/RESOURCESLearn more about Qualys | https://www.qualys.comAre you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlightKEYWORDSIvan Milenkovic, Qualys, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, Enterprise TruRisk Management, Risk Operations Center, ROC, vulnerability management, CISO, cyber risk, risk tolerance, security leadership, proactive security Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Leaders may shy away from thinking about insider threats because it means assuming the worst about colleagues and friends. But technology executives do need to confront this problem because insider attacks are prevalent—a recent study claims that in 2024, 83% of organizations experienced at least one—and on the rise. Moreover, AI and deepfakes vastly enhance... Read more »

Adam Keown is the CISO at Eastman. In this episode, he joins host Scott Schober and Kendra Cooley, Senior Director of Information Security and IT at Doppel, to discuss humans and the evolving cyber threat landscape, including what tailored, environment-specific training looks like, ideal resilience programs, and more. This episode of CISO Confidential is brought to you by Doppel. Learn more about our sponsor at https://doppel.com.

AI-driven attacks aren't coming; they're here. A Chinese state-sponsored group just ran cyber espionage operations that were 80 to 90 percent autonomous. What does this means for defenders? Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.   Here's Anthropic's report -- https://www.anthropic.com/news/disrupting-AI-espionage  

Guest: Royal Hansen, VP of Engineering at Google, former CISO of Alphabet Topics: The "God-Like Designer" Fallacy: You've argued that we need to move away from the "God-like designer" model of security—where we pre-calculate every risk like building a bridge—and towards a biological model. Can you explain why that old engineering mindset is becoming risky in today's cloud and AI environments? Resilience vs. Robustness: In your view, what is the practical difference between a robust system (like a fortress that eventually breaks) and a resilient system (like an immune system)? How does a CISO start shifting their team's focus from creating the former to nurturing the latter? Securing the Unknown: We're entering an era where AI agents will call other agents, creating pathways we never explicitly designed. If we can't predict these interactions, how can we possibly secure them? What does "emergent security" look like in practice? Primitives for Agents: You mentioned the need for new "biological primitives" for these agents—things like time-bound access or inherent throttling. Are these just new names for old concepts like Zero Trust, or is there something different about how we need to apply them to AI? The Compliance Friction: There's a massive tension between this dynamic, probabilistic reality and the static, checklist-based world of many compliance regimes. How do you, as a leader, bridge that gap? How do you convince an auditor or a board that a "probabilistic" approach doesn't just mean "we don't know for sure"?  "Safe" Failures: How can organizations get comfortable with the idea of designing for allowable failure in their subsystems, rather than striving for 100% uptime and security everywhere? Resources: Video version EP189 How Google Does Security Programs at Scale: CISO Insights BigSleep and CodeMender agents "Chasing the Rabbit" book   "How Life Works: A User's Guide to the New Biology" book

Today's guest is Matej Zachar, CIO and CISO at Kontent.ai. Founded in 2015, Kontent.ai help content-driven organizations in regulated industries like healthcare and insurance overcome complex content challenges. They do this by bringing complete control and efficiency to every aspect of content management. At the core of Kontent.ai's work is a commitment to helping clients streamline content operations, reduce risk and enable teams to deliver high-quality content at scale.Matej Zachar is a security, privacy and IT executive with a track record of leading award-winning teams. He has built numerous security, privacy and IT programs and managed the security of over 400 products and cloud services. At Kontent.ai, he owns the IT and security strategies and programs, leads both IT and Security Team, and manages risks. He is also the chair of the Security Steering Committee, a member of the Responsible AI Committee, Privacy Team and Corporate Compliance Committee.In this episode, Matej talks about:0:00 His career working at the intersection of AI and Cybersecurity2:20 Secure AI governance builds trust amid evolving regulations4:33 How AI governance reveals reliance on vendors and data risks6:14 Vendor negotiations depend on company size and bargaining power7:27 Why AI adoption and customer sentiment are key success measures8:57 Advice to stay curious, adapt to change and commit to continuous learning9:58 Risk rises with understaffing and AI-driven phishing attacks12:30 How automation effectively speeds up tedious security tasks and triageTo find out more about all the great work happening at Kontent.ai, check out the website www.kontent.ai

Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Johna Till Johnson, CEO and Founder, Nemertes (check out the Nemertes substack) and Jason Shockey, CISO, Cenlar FSB. Jason will be speaking at MBA Servicing Solution26 in Texas in late February. Details here. Thanks to our show sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com. All links and the video of this episode can be found on CISO Series.com 

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Ejona Preci, group CISO, LINDAL Group. In this episode:  Consequence, not controls The credibility gap Defining the undefined Expanding the mandate A huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

In this episode of The New CISO, host Steve Moore speaks with Alex Rice, Founder, CTO, and CISO at HackerOne, about challenging one of cybersecurity's most deeply held beliefs—that security should be the top priority. Drawing from his journey building security programs at Facebook and founding HackerOne, Alex introduces the "safety third" philosophy and explains why accepting that security is never first can actually make you more effective as a leader.Alex shares his unconventional path into cybersecurity, starting as a 14-year-old programmer in rural Florida and eventually leading product security at Facebook during its explosive growth. He reveals how Facebook ran 70+ penetration tests annually with top-tier vendors and still wasn't finding enough vulnerabilities—until they opened the doors to the hacker community and received over 300 valid findings in a single weekend. This experience became the foundation for HackerOne's bug bounty platform.The conversation tackles critical leadership challenges facing modern CISOs, including the toxic tendency toward victim blaming when breaches occur, why security teams struggle with customer-centric design, and how to avoid becoming the team everyone knows only for blocking work and sending phishing tests. Alex argues that security professionals must stop drinking their own Kool-Aid and recognize that usability and business outcomes will always take precedence over security controls.In the episode's second half, Alex addresses AI's role in security operations with refreshing pragmatism. Rather than chasing grandiose AI visions, he advocates for starting with narrow, well-defined tasks where agents can replace security toil—like automated CVSS scoring or vulnerability triage—building trust and expertise before tackling more ambitious projects. He warns against the current trend of AI tools that find more problems when security teams desperately need help fixing the mountain of issues they already know about.Alex also challenges CISOs to stop over-owning problems like asset inventory management that rightfully belong to other executives, emphasizing the importance of cross-functional collaboration over building security-owned solutions that ultimately fail. Throughout the discussion, he champions a philosophy of empathy, customer-centricity, and accepting hard truths about security's actual place in business priorities—a mindset shift that paradoxically makes security leaders far more effective.Key Topics Discussed:Why "safety third" should be every CISO's operating philosophyThe problem with victim blaming in cybersecurity incidentsBuilding customer-centric security programs that enable rather than blockLessons from scaling Facebook's security program with 70 pen tests per yearThe origin story of HackerOne and crowdsourced security testingHow to avoid becoming the security team everyone resentsPractical AI implementation: Starting with toil elimination, not transformationWhy CISOs over-own asset management and other problemsThe importance of process mapping before deploying AI agentsAligning security teams closely with AI and software...

In this episode of Life of a CISO, Dr. Eric Cole explains why intellectual property is becoming the most important cybersecurity priority for organizations as artificial intelligence accelerates innovation and imitation. As AI makes products, services, and content easier to replicate, traditional approaches to data security are no longer enough. Dr. Cole breaks down why trademarks, copyrights, patents, and trade secrets are now the true differentiators in the market and how failing to protect them directly impacts company valuation and competitiveness. Looking toward 2030 and beyond, this episode challenges outdated security models and shows how cybersecurity, AI, cloud, and IT must align around protecting intellectual property as a unified strategy. Dr. Cole shares practical guidance on identifying an organization's most valuable IP, closing gaps between legal policy and technical controls, and using AI defensively to stay ahead of competitors and emerging threats. This episode is essential listening for CISOs, executives, and board leaders focused on long term growth, security, and business value.  

A world renowned cybersecurity expert with more than 30 years of network security experience, Dr. Eric Cole – founder and CEO of Secure Anchor – helps organizations curtail the risk of cyber threats. He has worked with a variety of clients ranging from Fortune 50 companies, to top international banks, to the CIA, for which he was a professional hacker. In this episode, Dr. Cole and host Scott Schober discuss what CISOs need to know as we settle into 2026. To learn more about our sponsor, visit https://drericcole.org

Cyber threats and cyber criminals indiscriminately target the old as well as young regardless of race, creed or origin. Teens and young adults must realize that on the Internet nobody knows you're a rat. How do we keep kids and young adults safe in an era of AI-driven attacks? Tom Arnold, Adjunct Professor, Digital Evidence & Forensics, Cybersecurity Graduate Program at the University of Nevada Las Vegas, joins Business Security Weekly to discuss his new book: The Digital Detective: First Intervention. We examine how technologies like deepfakes, voice cloning, and hyper-personalized scams are being used to target younger audiences, and what parents, educators, communities, and CISOs can do to build awareness, resilience, and smart digital habits. Learn how today's highly organized operations, powered by automation and advanced AI, power the bad actors' tools, techniques, and procedures—making them more effective than ever. Understanding the past helps us prepare for the future—and protect the next generation online, including our employees. Segment Resources: https://www.idigitaldetective.com/blog https://www.idigitaldetective.com/ https://www.unlv.edu/degree/ms-cybersecurity In the leadership and communications segment, Executives say cybersecurity has outgrown the IT department, The Most Dangerous Leadership Mistake Isn't a Wrong Answer. It's a Wrong Question, Building cyber talent through competition, residency, and real-world immersion, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-429

Dive into the career journey of Zach Lewis, CISO and CIO of the University of Health Sciences and Pharmacy, as he explores the intersection of technical resilience and the "human" element of leadership. This episode serves as a tactical guide for navigating the high-stakes world of cybersecurity while staying grounded in curiosity and connection. Key Insights Include: The Power of Curiosity: Why inquisitive hiring is the secret to building high-performing, adaptable teams. Ransomware Reality Checks: Lessons from Lewis's book, Locked Up, on surviving a cyber crisis and coming out stronger. AI's Educational Shift: Understanding how emerging tech is reshaping the classroom and the future job market. Combating Burnout: Practical approaches to sustaining a long-term career in a high-pressure industry. Whether you're looking for leadership strategies in tech or a firsthand account of surviving a ransomware attack, Lewis's blueprint emphasizes that professional success is built on a foundation of authentic relationships. Listen now to discover why intellectual curiosity is the ultimate asset for the modern C-suite leader.

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Matt Southworth, CISO, Priceline. Joining us is our sponsored guest, Leslie Nielsen, CISO, Mimecast. In this episode: Automating dysfunction Leading without dominating Unglamorous wins Code without comprehension Huge thanks to our sponsor, Mimecast. Cyber threats are getting smarter every day, and threat actors aren't just targeting your technology, they're targeting your most valuable asset - your people. Mimecast helps you identify and secure risk with a unified, intelligent platform that protects across the spectrum of threats; from email and chat to file sharing. Learn more at www.mimecast.com.

Happy New Year!

A new presidential administration and changing priorities defined 2025 in government IT. In the new year, agency tech leaders are looking ahead to implement AI, executive electronic health records across systems and modernize services and software with emerging tech like AI. IT leaders from Centers for Disease Control and Prevention (CDC), and the departments of Veterans Affairs and War explored how the government is moving beyond pilot programs to integrate emerging capabilities directly into mission-critical workflows. Featured conversations include: 1:07: Kyle Cobb, Acting Deputy Director for Technology and Product, OPHDST, CDC 1:55: Dr. Neil Evans, Acting Program Executive Officer, EHRM-IO, VA 3:30: Katie Arrington, CISO, Department of War

While our team is out on winter break, please enjoy this episode of Cyber Things from our partners at Armis. Welcome to Episode 2 of Cyber Things, a special edition podcast produced in partnership by Armis and N2K CyberWire in an homage to Stranger Things. Host ⁠Rebecca Cradick⁠, VP of Global Communications at ⁠Armis⁠, is joined by ⁠Curtis Simpson⁠, CISO at Armis, to dive deep into the rise of the “Hive Mind”: the collective, connected threat ecosystem where attackers share tools, data, and tactics across the dark web, evolving faster than ever through AI-powered reconnaissance and automation. This is essential listening for anyone seeking to better understand how today's adversaries no longer operate alone, but as a distributed learning network that observes, adapts, and strikes with speed and precision. Tune in now to learn how organizations can think upside down, harness AI, and build defenses that move at the speed of today's threats - before the shadows reach your network. Learn more about your ad choices. Visit megaphone.fm/adchoices