Podcasts about ciso

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Steve Zalewski. Joining them is Tammy Klotz, CISO, Trinseo. In this episode: Accountability without authority Kill your hacklore Voice is no longer enough Studies that tell us what we already know Huge thanks to our sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.

How can you help your loved ones navigate and securely adopt AI tools ? Will Gardner, CEO of Childnet joins the show for a vital conversation about helping families use AI safely. We talk about Childnet's latest research and the practical ways you can become a digital role model and start better AI conversations at home.

Link to episode page This week's Department of Know is hosted by Sarah Lane with guests Jon Collins, Field CTO, GigaOm, and Adam Palmer, CISO, First Hawaiian Bank Thanks to our show sponsor, Conveyor Ever dream of giving customers instant answers to their security questions without ever filling out another questionnaire? Meet Conveyor's new Trust Center Agent. The Agent lives in your Conveyor Trust Center and answers every customer question, surfaces documents and even completes full questionnaires instantly so customers can finish their review and be on their way. Top tech companies like Atlassian, Zapier, and more are using Conveyor to automate away tedious work. Learn more at www. conveyor.com. All links and the video of this episode can be found on CISO Series.com    

Tim Crawford and Isaac Sacolick, both former Chief Information Officers and world-class CIO advisors, join Michael Krigsman on CXOTalk episode 909 to break down why enterprise AI strategies are failing, what separates transformational CIOs from those who are drowning, and why earning your seat at the table matters more than ever in 2026.You'll discover:✅ Why Tim says both AI strategy AND IT execution are failing, and what CIOs are focused on instead of outcomes✅ The "three-legged race" framework: how CIO behavior, IT culture, and external perception must align for strategic credibility✅ Why most CIOs have only a "layperson's understanding" of their own business, and how that kills AI value✅ Tim's two swim lanes of AI success: invisible integration or robust training (there is no middle ground)✅ Why Isaac says AI is "reshaping" business but not yet "transforming" it, and the product management shift that changes everything✅ How to evaluate agentic AI: the human-in-the-loop vs. human-out-of-the-loop decision framework and why cybersecurity proves you can't wait✅ The shadow AI paradox: why the best CIOs encourage it (with guardrails) instead of shutting it down✅ The three skills every IT professional needs now: business acumen, critical thinking, and data literacy⏱️ TIMESTAMPS0:00 Cold open: "If you think you should have a seat at the table, you've failed"0:35 Why both AI strategy and IT execution are failing2:08 The productivity measurement problem with AI2:45 What CEOs and boards want from CIOs in 20264:28 Why CIOs don't truly understand their business6:54 Why organizations are stuck in AI pilot mode9:04 Tim's 2 swim lanes: invisible AI vs. training-wrapped AI11:23 Audience Q&A: Inside-out thinking vs. outside-in thinking14:34 The 3-legged race: earning your seat at the table17:09 Moving from AI efficiency to true business transformation20:03 The shift from project-oriented to product-oriented IT20:31 AI governance, CISO alignment, and data sensitivity27:15 Agentic AI: fully autonomous vs. human-in-the-loop34:46 Agentic AI strategy and the value equation (opportunity minus cost)38:46 Shadow AI: innovation source or security threat?43:00 Governance as culture, not a bolt-on46:00 The AI skills gap: business acumen, critical thinking, data skills, and curiosity49:46 Are survival-mode CIOs sabotaging their careers?52:15 What CIO greatness looks like in 2026

Join us as Marian explains what AI governance means for vSphere administrators and why it matters now. Marian walks through practical governance frameworks that vSphere admins need to understand, from IEEE 7000 series standards to mapping governance controls onto infrastructure you already manage. You'll learn what your CISO will ask for, how to respond using your existing VMware stack, and why governance isn't about slowing innovation� it's about enabling it safely. This episode covers real-world scenarios from data lineage and model transparency to integrating governance tools with existing infrastructure, and addresses the gap between compliance requirements and practical implementation for virtualized environments. Timestamps 0:00 Welcome & Introduction 5:16 Marian's Background in Tech & Governance 6:37 What is Governance? 12:45 IEEE 7000 Series Standards Overview 18:22 AI Governance for vSphere Admins 24:16 Data Lineage & Model Transparency 30:41 Risk Assessment Frameworks 36:52 Practical Implementation Strategies 42:18 Integration with Existing Tools 47:35 Common Governance Challenges 51:12 Vendor Landscape Discussion 54:27 Missing Innovation in the Space 58:09 Wrap-up & Resources How to find Marian: https://www.linkedin.com/in/mariannewsome/ Links from the show: https://ethicaltechmatters.com/

In this episode of The CISO Brief, the Cyber Daily team outlines how Anthropic's latest update to Claude caused major stock market drops, real estate scams and their impacts, and how a new tool in Australia means cyber insurance can be processed in five minutes. Hosts Liam Garman and Daniel Croft discuss the impact of Anthropic's Claude Cowork plugins and how they have led to doubt in traditional software-as-a-service options. The two then cover real estate scams, what they look like, how to identify one and how to prevent them from taking your money. Finally, the two talk about Zurich Australia's new AI tool that can process cyber insurance applications in under five minutes. Enjoy the show, The Cyber Daily team

Cybersecurity Maturity Model Certification (CMMC) compliance is essential in the space industry. We explore space supply chain cybersecurity with Frank Chimenti, Director of Programs at Beyond Gravity, and Regan Edens, CISO at DTC Global. You can connect with Frank and Regan on LinkedIn, and learn more about CMMC compliance for space here. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

All links and images can be found on CISO Series. Check out this post by Dr. Chase Cunningham, CSO at Demo-Force, for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Brett Conlon, CISO, American Century Investments. In this episode: The experience paradox Who benefits from the narrative Kitchen sink job postings The aggregation problem Huge thanks to our sponsor, Scanner All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data lakes, 10x cheaper than SIEMs. Loved by analysts. Built for AI agents. Learn more at scanner.dev  

Podcast: Industrial Cybersecurity InsiderEpisode: Former NSA now Founder & CTO Breaks Cybersecurity Down: Satellites to ManufacturingPub date: 2026-02-10Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDino sits down with Dick Wilkinson, CTO and co-founder of Proof Labs, to explore the intersection of space technology and industrial cybersecurity.Dick shares his 20-year journey in the U.S. Army with the National Security Agency, transitioning from signals intelligence to becoming a CISO for critical infrastructure organizations, including New Mexico's Supreme Court and the Albuquerque water authority.The conversation dives deep into the challenges of securing satellite systems with onboard intrusion detection and the persistent gap between IT and OT security teams. We also explore why the "castle wall" perimeter security model is dangerously outdated.Dick reveals how AI is lowering the barrier to entry for both attackers and defenders, and discusses the real-world applications of satellite communications in oil and gas operations.He also introduces a revolutionary physical layer-one air gap device called Goldilock Secure, which could transform how we protect remote industrial assets.This episode is essential listening for CISOs, CTOs, and security leaders looking to understand emerging threats in space-based infrastructure and practical solutions for securing distributed industrial environments.Chapters:(00:00:00) - Dick's Journey: From NSA to Space Cybersecurity(00:04:32) - What is Proof Labs and Why Space Security Matters(00:08:15) - Satellites as OT Assets: Oil, Gas, and Critical Infrastructure(00:12:47) - How Onboard Intrusion Detection Works in Spacecraft(00:16:23) - The Castle Wall Problem: Moving Beyond Perimeter Security(00:19:41) - IT vs OT: Bridging the Gap in Manufacturing Cybersecurity(00:24:18) - AI's Impact: Lowering the Barrier for Attackers and Defenders(00:27:35) - The Visibility Challenge: Why Most Plants Don't Know Their Assets(00:30:12) - Goldilock Firebreak: A Physical Air Gap Device That Changes Everything(00:35:20) - Real-World Applications for Remote Industrial Asset ProtectionLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Dick Wilkinson on LinkedInProof Labs WebsiteIndustrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Synopsis Dans l'épisode 0x286, Patrick, Vanessa et Francis animent un épisode spécial avec CyberDéfense AI. Au coeur de la discussion, un sujet qui revient partout sur le terrain, la confiance. Quand une nouvelle solution promet beaucoup mais casse au mauvais moment, le risque retombe sur les responsables sécurité, et c'est ce réflexe de prudence qu'on décortique. On parle de ce qui fait vraiment avancer une décision, preuves concrètes, validation terrain, attentes en démo, et ce qui distingue une startup crédible d'un simple discours. L'épisode touche aussi à la réalité de l'écosystème québécois, au contexte Canada versus États-Unis, et à la façon dont l'urgence, vulnérabilités, incidents, pression business, influence l'adoption. Une conversation utile si tu veux comprendre comment se bâtit la crédibilité en cyber, et ce que les équipes sécurité cherchent, vraiment, avant de dire oui. Invités Michel Bourque Mickael Nadeau Crew Patrick Mathieu Vanessa Henri Francis Coats Shamelessplug Join Hackfest/La French Connection Discord #La-French-Connection Join Hackfest us on Masodon POLAR - Québec - 29 Octobre 2026 Hackfest - Québec - 29-30-31 Octobre 2026 Crédits Montage audio par Hackfest Communication Music par Kazuki – Four Day Weekend - Psychedelic Generation Locaux virtuels par Streamyard

Send a textWelcome to the newest episode of the Serious Privacy podcast, where hosts Paul Breitbarth, Ralph O'Brien, and Dr. K Royal connect with Josh Schwartz of Phaselaw to discuss the increasing use of data subject access rights (DSARs) as a weapon. The resources required to handle such requests can be quite extensive. How do companies keep up? Maybe Josh has some insight. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Greg Crowley is the CISO at eSentire. In this episode, he joins host Charlie Osborne to discuss the concerning jump in account compromise in 2025, how best to stop identity attacks, and more. eSentire is the Authority in Managed Detection and Response. eSentire's mission is to hunt, investigate and stop cyber threats before they become business disrupting events. To learn more about our sponsor, visit https://esentire.com

Please enjoy this encore of CISO Perspectives. In the season finale of CISOP, Kim Jones is joined by N2K's own Ethan Cook to reflect on the conversations that shaped this season. Together, they revisit standout moments from Kim's interviews, unpacking their significance and getting Ethan's fresh perspective on the cybersecurity workforce challenge—as someone viewing the industry from the outside. Since the mid-season reflection, Kim has explored a wide range of workforce issues, including skills mapping, talent identification, and the evolving strategies needed to close cybersecurity's talent gap. Survey: We want to hear your perspectives on this season, fill out our audience survey before August 31st. Learn more about your ad choices. Visit megaphone.fm/adchoices

The recent U.S. Executive Order 14365, Ensuring a National Policy Framework for Artificial Intelligence, is the administration's latest attempt to prevent the enforcement of most of the AI laws passed in individual US states. Because it is only an executive order (EO), it cannot directly nullify, supersede, forestall, or put a pause on state-level laws.... Read more »

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining them is Russ Ayres, CISO, Principal Financial Group. In this episode: Metrics that matter Tool babysitting problem Automating the brokenness Stay connected intentionally Huge thanks to our sponsor, Strike48 Strike48 is the Agentic Log Intelligence Platform that actually puts AI agents to work, combining full log visibility with AI agents that investigate, detect, and respond 24/7. With pre-built agent clusters for security and a no-code agentic workflow builder, it's easy to get started. Learn more at strike48.com/security.  

None of Your Goddamn BusinessJohn Morgan Salomon said something during our conversation that I haven't stopped thinking about. We were discussing encryption, privacy laws, the usual terrain — and he cut through all of it with five words: "It's none of your goddamn business."Not elegant. Not diplomatic. But exactly right.John has spent 30 years in information security. He's Swiss, lives in Spain, advises governments and startups, and uses his real name on social media despite spending his career thinking about privacy. When someone like that tells you he's worried, you should probably pay attention.The immediate concern is something called "Chat Control" — a proposed EU law that would mandate access to encrypted communications on your phone. It's failed twice. It's now in its third iteration. The Danish Information Commissioner is pushing it. Germany and Poland are resisting. The European Parliament is next.The justification is familiar: child abuse materials, terrorism, drug trafficking. These are the straw man arguments that appear every time someone wants to break encryption. And John walked me through the pattern: tragedy strikes, laws pass in the emotional fervor, and those laws never go away. The Patriot Act. RIPA in the UK. The Clipper Chip the FBI tried to push in the 1990s. Same playbook, different decade.Here's the rhetorical trap: "Do you support terrorism? Do you support child abuse?" There's only one acceptable answer. And once you give it, you've already conceded the frame. You're now arguing about implementation rather than principle.But the principle matters. John calls it the panopticon — the Victorian-era prison design where all cells face inward toward a central guard tower. No walls. Total visibility. The transparent citizen. If you can see what everyone is doing, you can spot evil early. That's the theory.The reality is different. Once you build the infrastructure to monitor everyone, the question becomes: who decides what "evil" looks like? Child pornographers, sure. Terrorists, obviously. But what about LGBTQ individuals in countries where their existence is criminalized? John told me about visiting Chile in 2006, where his gay neighbor could only hold his partner's hand inside a hidden bar. That was a democracy. It was also a place where being yourself was punishable by prison.The targets expand. They always do. Catholics in 1960s America. Migrants today. Anyone who thinks differently from whoever holds power at any given moment. These laws don't just catch criminals — they set precedents. And precedents outlive the people who set them.John made another point that landed hard: the privacy we've already lost probably isn't coming back. Supermarket loyalty cards. Surveillance cameras. Social media profiles. Cookie consent dialogs we click through without reading. That version of privacy is dead. But there's another kind — the kind that prevents all that ambient data from being weaponized against you as an individual. The kind that stops your encrypted messages from becoming evidence of thought crimes. That privacy still exists. For now.Technology won't save us. John was clear about that. Neither will it destroy us. Technology is just an element in a much larger equation that includes human nature, greed, apathy, and the willingness of citizens to actually engage. He sent emails to 40 Spanish members of European Parliament about Chat Control. One responded.That's the real problem. Not the law. Not the technology. The apathy.Republic comes from "res publica" — the thing of the people. Benjamin Franklin supposedly said it best: "A republic, if you can keep it." Keeping it requires attention. Requires understanding what's at stake. Requires saying, when necessary: this is none of your goddamn business.Stay curious. Stay Human. Subscribe to the podcast. And if you have thoughts, drop them in the comments — I actually read them.Marco CiappelliSubscribe to the Redefining Society and Technology podcast. Stay curious. Stay human.> https://www.linkedin.com/newsletters/7079849705156870144/Marco Ciappelli: https://www.marcociappelli.com/John Salomon Experienced, international information security leader. vCISO, board & startup advisor, strategist.https://www.linkedin.com/in/johnsalomon/  Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Show NotesMost organizations treat cybersecurity as a technology problem. They invest in layers of defense, run phishing tests, and deploy identity and access management tools. Yet headlines about breaches keep coming. Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at the MIT Sloan School of Management, argues that the real opportunity lies not in more technology but in changing how people across the organization think about and value cybersecurity.In this episode of the Human-Centered Cybersecurity Series, co-hosted by Julie Haney, Computer Scientist and Lead of the Human-Centered Cybersecurity Program at the National Institute of Standards and Technology (NIST), Dr. Keri Pearlson introduces her framework for cybersecurity culture built around values, attitudes, and beliefs. Rather than simply training employees on what to do, the focus shifts to shaping why they do it. When people genuinely believe cybersecurity matters, they take action without waiting for mandates or programs to tell them how.Dr. Pearlson shares vivid examples from her research: a CISO who hired a marketing professional to run the cybersecurity culture program, a CEO who opens every all-hands meeting with a five-minute cybersecurity story, and organizations that use creative rewards like chocolate chip cookies and digital badges to reinforce positive behaviors. She also outlines a five-stage maturity model for cybersecurity culture, from ad hoc efforts all the way to a dynamic culture that self-regulates as new threats like AI-driven vulnerabilities emerge.The conversation also tackles the relationship between organizational culture and cybersecurity culture, the role of group-level accountability, and why consequences matter just as much as rewards. Dr. Pearlson makes the case that cybersecurity should move from being viewed as an infrastructure play to a strategic advantage, one that can attract customers, reduce costs, and build competitive differentiation.For any leader looking to move the needle on security culture, this episode offers a research-backed roadmap and practical steps that anyone can take starting tomorrow.HostSean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/Guest(s)Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at MIT Sloan School of Management | On LinkedIn: https://www.linkedin.com/in/kpearlson/Julie Haney (Co-Host), Computer Scientist and Lead, Human-Centered Cybersecurity Program at National Institute of Standards and Technology (NIST) | On LinkedIn: https://www.linkedin.com/in/julie-haney-037449119/ResourcesLearn more about Dr. Keri Pearlson's research: https://mitsloan.mit.edu/faculty/directory/keri-pearlsonLearn more about the NIST Human-Centered Cybersecurity Program: https://csrc.nist.gov/projects/human-centered-cybersecurityCybersecurity at MIT Sloan (CAMS): https://cams.mit.edu/The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcastRedefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqKeywordsdr. keri pearlson, julie haney, mit sloan, nist, sean martin, cybersecurity culture, security culture, values attitudes beliefs, cyber resilience, human-centered cybersecurity, security awareness, phishing, cybersecurity maturity model, security behavior, cybersecurity strategy, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What if the real risk isn't adopting AI agents, but refusing to? James Nettesheim, CISO & Head of Enterprise Technology at Block, argues that principled risk-taking beats playing it safe. James shares Block's journey co-designing the Model Context Protocol with Anthropic and building Goose, their open-source general-purpose agent that enables anyone in the company to write security detections using natural language.James also explores Block's Binary Intelligent Triage system achieving 99.9% accuracy, their data safety levels framework, and practical strategies for balancing autonomous AI capabilities with human oversight. James offers candid insights about implementing AI security principles, the evolution from tool experts to domain experts, and why open source remains fundamental to Block's mission of economic empowerment and technological innovation. Topics discussed:Co-designing of MCP with Anthropic and developing of Goose as an open-source general-purpose AI agentImplementing prompt injection defenses and adversarial AI concepts to harden Goose against malicious instructions and attacksRolling out AI responsibly through data safety levels modeled after CDC bio-contamination protocols for sensitive data handlingDemocratizing detection engineering by enabling anyone at Block to write detections using natural languageAchieving 40% of new detections created with AI assistance through recipes, playbooks, and automated tuning capabilitiesBuilding Binary Intelligent Triage system that analyzes historical alerts and investigations to achieve 99.9% automated triage accuracyBalancing autonomous AI capabilities with human oversight, requiring PR reviews and maintaining accountability for agent-generated codeTransitioning from tool expertise to domain expertise as the future skill set needed for detection and response professionalsBlock's commitment to open source development driven by economic empowerment mission and desire to build accessible financial tools Listen to more episodes: Apple Spotify YouTubeWebsite

The recent U.S. Executive Order 14365, Ensuring a National Policy Framework for Artificial Intelligence, is the administration's latest attempt to prevent the enforcement of most of the AI laws passed in individual US states. Because it is only an executive order (EO), it cannot directly nullify, supersede, forestall, or put a pause on state-level laws.... Read more »

Can cyber risk actually be measured in dollars? How do you know if your risk data vendor is any good? And is cyber insurance really worth the investment? Let's find out with our guest Scott Stransky, who leads the Cyber Risk Intelligence Center at Marsh and was named 2023 Cyber Risk Industry Person of the Year. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.  LinkedIn profile -- https://www.linkedin.com/in/scott-stransky-92659095/ Top 12 Report -- https://www.marsh.com/en/services/cyber-risk/insights/cybersecurity-signals.html                          Marsh Cyber Risk Intelligence Center -- https://www.corporate.marsh.com/solutions/cyber-resilience/cyber-risk-intelligence-center.html  

Show NotesMost organizations treat cybersecurity as a technology problem. They invest in layers of defense, run phishing tests, and deploy identity and access management tools. Yet headlines about breaches keep coming. Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at the MIT Sloan School of Management, argues that the real opportunity lies not in more technology but in changing how people across the organization think about and value cybersecurity.In this episode of the Human-Centered Cybersecurity Series, co-hosted by Julie Haney, Computer Scientist and Lead of the Human-Centered Cybersecurity Program at the National Institute of Standards and Technology (NIST), Dr. Keri Pearlson introduces her framework for cybersecurity culture built around values, attitudes, and beliefs. Rather than simply training employees on what to do, the focus shifts to shaping why they do it. When people genuinely believe cybersecurity matters, they take action without waiting for mandates or programs to tell them how.Dr. Pearlson shares vivid examples from her research: a CISO who hired a marketing professional to run the cybersecurity culture program, a CEO who opens every all-hands meeting with a five-minute cybersecurity story, and organizations that use creative rewards like chocolate chip cookies and digital badges to reinforce positive behaviors. She also outlines a five-stage maturity model for cybersecurity culture, from ad hoc efforts all the way to a dynamic culture that self-regulates as new threats like AI-driven vulnerabilities emerge.The conversation also tackles the relationship between organizational culture and cybersecurity culture, the role of group-level accountability, and why consequences matter just as much as rewards. Dr. Pearlson makes the case that cybersecurity should move from being viewed as an infrastructure play to a strategic advantage, one that can attract customers, reduce costs, and build competitive differentiation.For any leader looking to move the needle on security culture, this episode offers a research-backed roadmap and practical steps that anyone can take starting tomorrow.HostSean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/Guest(s)Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at MIT Sloan School of Management | On LinkedIn: https://www.linkedin.com/in/kpearlson/Julie Haney (Co-Host), Computer Scientist and Lead, Human-Centered Cybersecurity Program at National Institute of Standards and Technology (NIST) | On LinkedIn: https://www.linkedin.com/in/julie-haney-037449119/ResourcesLearn more about Dr. Keri Pearlson's research: https://mitsloan.mit.edu/faculty/directory/keri-pearlsonLearn more about the NIST Human-Centered Cybersecurity Program: https://csrc.nist.gov/projects/human-centered-cybersecurityCybersecurity at MIT Sloan (CAMS): https://cams.mit.edu/The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcastRedefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqKeywordsdr. keri pearlson, julie haney, mit sloan, nist, sean martin, cybersecurity culture, security culture, values attitudes beliefs, cyber resilience, human-centered cybersecurity, security awareness, phishing, cybersecurity maturity model, security behavior, cybersecurity strategy, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Nick Ryan, former CISO, and Chris Ray, Field CTO, GigaOm Thanks to our show sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at  ztw.com. All links and the video of this episode can be found on CISO Series.com      

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is their sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: Getting permissions right The fundamentals that still fail Know what you have Simple controls, outsized impact Huge thanks to our sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.

As 2026 begins, security leaders are facing growing uncertainty across technology, economics, and global risk. In this episode of Life of a CISO, Dr. Eric Cole challenges the fear-driven narrative around artificial intelligence and explains why CISOs must take the lead in guiding AI adoption, not reacting to it. Dr. Cole breaks down why AI is not here to replace people, but to eliminate repetitive, low-value work so humans can focus on creativity, judgment, and leadership. He explains the danger of allowing AI to make decisions without emotional and human context, and why unmanaged AI tools are quietly creating massive data leaks and financial losses inside organizations. This episode outlines how CISOs should responsibly manage AI as an enterprise application, just like any other critical technology, and how to clearly present AI risk, cost savings, and solutions to the board in language executives understand. Dr. Cole also shares a practical framework for aligning security budgets, roadmaps, and business risk so CISOs can drive real impact and earn trust at the executive level. If you are navigating AI, boardroom expectations, or the evolving role of the CISO, this episode delivers clear guidance on how to lead with simplicity, accountability, and solutions.

Marko Horvat has been a public accountant, Controller, head of FP&A and CFO, as well as VP in Gartner's research and advisory practice, specializing in topics most relevant to CFOs and finance transformation. In this episode he talks:  Interplay IT and CISO and organizational politics (“if it runs on electricity, it's ours”) CFO skillsets gap Real change in CFO's Office with AI (audit pattern recognition to forecasting) Last mile transformation in finance  Mindset, skillset, toolset transformation  Treating forecast as in perpetual beta  The power of the subtotal function  Recommended books: There's Got to Be a Better Way: How to Deliver Results and Get Rid of the Stuff That Gets in the Way of Real Work Superforecasting: The Art and Science of Prediction

Greg van der Gaast, cybersecurity leader and founder of Sequoia Consulting, shares why modern security keeps failing — and it's not because attackers are getting smarter. Drawing from his path from teenage hacker to government witness to CISO, Greg reveals how weak IT foundations, broken processes, and poor data habits create the conditions for most breaches. He explains why security must be treated as a quality discipline, how unstructured data quietly multiplies risk, and how AI can finally help uncover the root causes that organizations often overlook.

Send us a textWelcome to the Serious Privacy podcast, where Paul Breitbarth, Dr. K Royal, and Ralph O'Brien meet with Tom Kemp of the California Privacy Protection Agency. We talk about the new DROP system, priorities, history, and coordination with other agencies and lawmakers. Tom was previously on Serious Privacy, before his CPPA days. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Please enjoy this encore of CISO Perspectives. In this mid-season episode, Kim takes a step back to reflect on the journey so far—revisiting key conversations, standout moments, and recurring themes that have shaped the season. During the episode, Kim sits down with N2K's own Ethan Cook to connect the dots across episodes, uncovering deeper patterns and takeaways. Whether you're catching up or tuning in weekly, this episode offers a thoughtful recap and fresh perspective on where we've been—and what's still to come. Learn more about your ad choices. Visit megaphone.fm/adchoices

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series, and Andy Ellis, principal of Duha. Joining them is Janet Heins, CISO, ChenMed. In this episode: Inbound gets ignored Independence under constraint Methodology means nothing Lives over logins Huge thanks to our sponsor, Guardsquare Guardsquare delivers mobile app security without compromise, providing advanced protections for both Android and iOS apps. From app security testing to code hardening to real-time visibility into the threat landscape, Guardsquare solutions provide enhanced mobile application security from early in the development process through publication. Learn more about how to protect your app at Guardsquare.com.

It's a brand new season of Random but Memorable — and we're kicking things off with practical security for the people you care about most.

Rob Suárez, Vice President and Chief Information Security Officer at CareFirst BlueCross BlueShield joins Ann on this week's episode of Afternoon Cyber Tea. In the conversation, Rob shares how his career path and personal philosophy have shaped a mission-driven approach to cybersecurity that places patient trust, safety, and privacy at the center of every decision. He discusses the unique challenges of securing a deeply interconnected healthcare ecosystem, the critical role of culture and cyber literacy across organizations, and why transparency and resilience are essential during incidents. The episode also explores secure-by-design principles, the ethical use of AI in healthcare, and how the CISO role is evolving toward a broader focus on trust, collaboration, and human impact.     Resources:  View Rob Suárez on LinkedIn    View Ann Johnson on LinkedIn     Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast   The BlueHat Podcast    Uncovering Hidden Risks            Discover and follow other Microsoft podcasts at microsoft.com/podcasts       Afternoon Cyber Tea with Ann Johnson is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.  

A CMO Confidential Interview with James Shira, Principal, Global and US CIO and Global CISO at PwC. James details how @PwC is running an "AI marketplace" within the company which features a number of models, his focus on scale, security, and user experience, and the case for approaching AI with a "humility" mindset. Key topics include: how the CISO (Chief Information Security Officer) balances rapid enablement and security needs; why CMO's should have a working knowledge of the technology roadmap; and tips for aligning with your CIO. Tune in to hear how to "go rogue" if you must and a story about socks. Sponsored by Scrunch AI: learn more here → https://www.scrunchai.com/cmoGlobal CIO & CISO James Shira joins Mike to decode what your CIO wishes you knew—AI adoption, security trade-offs, model “marketplaces,” and how CMOs should really partner with IT. Concrete guidance on prioritization, tech stack decisions, legacy constraints, and when “going rogue” is justified. Practical, senior-level playbook for winning with AI without lighting money—or trust—on fire. **Chapters**00:00 – Welcome & setup: “What your CIO wants to tell you, but won't” 01:15 – The AI era: pace, complexity, stakeholder pressure 03:24 – Humility first: why being late to AI isn't OK 04:09 – Designing for scale, security, and real user adoption at PwC 06:00 – Building a model “marketplace” (40+ models) & minimum bars 07:27 – Guardrails: encryption, data governance, and safe experimentation 09:32 – Adoption reality: super-users, skeptics, and moving the middle 11:00 – What “leading” looks like: C-suite prioritization & high-value use cases 13:00 – CISO shift: from gatekeeper to enabler; managing Kobayashi-Maru choices 16:59 – How marketers help: anticipate CIO/CISO problems, simplify choices 19:00 – MarTech the smart way: align to architecture, reduce sprawl, bring options 22:00 – No IT dance partner? Work with COO/CFO; standardize and choose fit over “sexy” 24:33 – Legacy estates: outsource vs. “AI-ify” retained work; show ROI math 26:29 – When to go rogue—and how not to get fired doing it 31:00 – Free advice to agencies: do the work, bring substance, not spam 32:00 – Closing & funniest story (Zurich board-meeting socks) CMO Confidential,Mike Linton,James Shira,PwC,CIO,CISO,AI,GenAI,AI adoption,AI governance,cybersecurity,enterprise IT,MarTech,marketing technology,tech stack,cloud strategy,data governance,model marketplace,digital transformation,change management,prioritization,COO,CFO,CapEx,legacy modernization,outsourcing,automation,meeting summaries,audit,experimentation,go rogue,executive leadership,marketing strategy,enterprise software,boardroom,CMO tipsSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Most organizations rely on outdated penetration tests that check boxes, but miss real threats already inside their networks. Host Ivo Wiens, Field CTO for Cybersecurity, sits down with Mikhail Falkovich, former CISO turned security leader at Microsoft, to unpack why perimeter defenses fail and why zero trust is a mindset, not a buzzword. They explore insider threats, the limits of traditional pen testing and why continuous red and purple teaming — and AI-aware defences — are essential for real cyber resilience. To learn more, visit cdw.ca Hosted by Simplecast, an AdsWizz company. See https://pcm.adswizz.com for information about our collection and use of personal data for advertising.

Segment 1: Interview with Warwick Webb From Initial Entry to Resilience: Understanding Modern Attack Flows Modern cyberattacks don't unfold as isolated alerts--they move as coordinated attack flows that exploit gaps between tools, teams, and time. In this episode, Warwick Webb, Vice President of Managed Detection and Response at SentinelOne, breaks down how today's breaches often begin invisibly, progress undetected through siloed security stacks, and accelerate faster than human response alone can handle. He'll discuss how unified platforms, machine-speed detection powered by global threat intelligence, and expert-led response change the equation--turning fragmented signals into clear attack narratives. The conversation concludes with how organizations can move beyond incident response to build resilience, readiness, and continuous improvement through post-attack analysis. Listeners will leave with a clearer understanding of how attacks actually unfold in the real world—and what it takes to move from reactive alert handling to true attack-flow-driven defense. Segment Resources: Wayfinder MDR Solution Brief 451 MDR Report Managed Defense Redefined Blog This segment is sponsored by SentinelOne. Visit https://securityweekly.com/sentinelone to learn more about them! Segments 2 and 3: The Weekly News In this week's enterprise security news, we've got funding free tools! the CISO's craft agentic browsers tech companies are building cyber units? giving AI agents access to your entire life lots of dumpster fires in the industry today Cisco killed Kenna the state of AI in the SOC homemade EMP guns! don't try this at home All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-444

Segment 1: Interview with Warwick Webb From Initial Entry to Resilience: Understanding Modern Attack Flows Modern cyberattacks don't unfold as isolated alerts--they move as coordinated attack flows that exploit gaps between tools, teams, and time. In this episode, Warwick Webb, Vice President of Managed Detection and Response at SentinelOne, breaks down how today's breaches often begin invisibly, progress undetected through siloed security stacks, and accelerate faster than human response alone can handle. He'll discuss how unified platforms, machine-speed detection powered by global threat intelligence, and expert-led response change the equation--turning fragmented signals into clear attack narratives. The conversation concludes with how organizations can move beyond incident response to build resilience, readiness, and continuous improvement through post-attack analysis. Listeners will leave with a clearer understanding of how attacks actually unfold in the real world—and what it takes to move from reactive alert handling to true attack-flow-driven defense. Segment Resources: Wayfinder MDR Solution Brief 451 MDR Report Managed Defense Redefined Blog This segment is sponsored by SentinelOne. Visit https://securityweekly.com/sentinelone to learn more about them! Segments 2 and 3: The Weekly News In this week's enterprise security news, we've got funding free tools! the CISO's craft agentic browsers tech companies are building cyber units? giving AI agents access to your entire life lots of dumpster fires in the industry today Cisco killed Kenna the state of AI in the SOC homemade EMP guns! don't try this at home All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-444

Tim Brown is the CISO at SolarWinds. In this episode, he joins host Paul John Spaulding and Bobby Ford, Chief Strategy & Experience Officer at Doppel, to discuss today's threat landscape and what organizations can do to protect themselves in light of new threats such as deepfakes and artificial intelligence. This episode of CISO Confidential is brought to you by Doppel. Learn more about our sponsor at https://doppel.com.

Segment 1: Interview with Warwick Webb From Initial Entry to Resilience: Understanding Modern Attack Flows Modern cyberattacks don't unfold as isolated alerts--they move as coordinated attack flows that exploit gaps between tools, teams, and time. In this episode, Warwick Webb, Vice President of Managed Detection and Response at SentinelOne, breaks down how today's breaches often begin invisibly, progress undetected through siloed security stacks, and accelerate faster than human response alone can handle. He'll discuss how unified platforms, machine-speed detection powered by global threat intelligence, and expert-led response change the equation--turning fragmented signals into clear attack narratives. The conversation concludes with how organizations can move beyond incident response to build resilience, readiness, and continuous improvement through post-attack analysis. Listeners will leave with a clearer understanding of how attacks actually unfold in the real world—and what it takes to move from reactive alert handling to true attack-flow-driven defense. Segment Resources: Wayfinder MDR Solution Brief 451 MDR Report Managed Defense Redefined Blog This segment is sponsored by SentinelOne. Visit https://securityweekly.com/sentinelone to learn more about them! Segments 2 and 3: The Weekly News In this week's enterprise security news, we've got funding free tools! the CISO's craft agentic browsers tech companies are building cyber units? giving AI agents access to your entire life lots of dumpster fires in the industry today Cisco killed Kenna the state of AI in the SOC homemade EMP guns! don't try this at home All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-444

Segment 1: Interview with Warwick Webb From Initial Entry to Resilience: Understanding Modern Attack Flows Modern cyberattacks don't unfold as isolated alerts--they move as coordinated attack flows that exploit gaps between tools, teams, and time. In this episode, Warwick Webb, Vice President of Managed Detection and Response at SentinelOne, breaks down how today's breaches often begin invisibly, progress undetected through siloed security stacks, and accelerate faster than human response alone can handle. He'll discuss how unified platforms, machine-speed detection powered by global threat intelligence, and expert-led response change the equation--turning fragmented signals into clear attack narratives. The conversation concludes with how organizations can move beyond incident response to build resilience, readiness, and continuous improvement through post-attack analysis. Listeners will leave with a clearer understanding of how attacks actually unfold in the real world—and what it takes to move from reactive alert handling to true attack-flow-driven defense. Segment Resources: Wayfinder MDR Solution Brief 451 MDR Report Managed Defense Redefined Blog This segment is sponsored by SentinelOne. Visit https://securityweekly.com/sentinelone to learn more about them! Segments 2 and 3: The Weekly News In this week's enterprise security news, we've got funding free tools! the CISO's craft agentic browsers tech companies are building cyber units? giving AI agents access to your entire life lots of dumpster fires in the industry today Cisco killed Kenna the state of AI in the SOC homemade EMP guns! don't try this at home All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-444

Kevin Carlson is a rare blend of technologist, strategist, and coach who bridges the gap between executive vision and operational execution. Drawing from his experience as a CTO, CISO, and Executive Coach, he aligns technological frameworks, security protocols, and leadership development strategies, enabling leaders to enhance both their organizational infrastructure and their personal effectiveness. Listen NOW to discover, The AI Leadership Gap That Nobody Talks About

All links and images can be found on CISO Series. Check out this post by Patrick Garrity of VulnCheck for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is Tom Doughty, CISO, Generate:Biomedicines. In this episode:  The 3Ms of product clarity Buzzwords work because buyers aren't experts Investor pressures distort messaging Threading the needle Huge thanks to our sponsor, Alteryx Alteryx is a leading AI and data analytics company that powers actionable insights that help organizations drive smarter, faster decisions. Alteryx One helps security, risk, and operations leaders cut hours of manual work to minutes, generate trusted insights at scale, and turn raw data into action faster than ever. Learn more at www.alteryx.com.

In this episode of The New CISO, host Steve Moore speaks with Manuel "Manu" Ressel, CISO at SAUTER Group, about his unconventional journey from classroom teacher to cybersecurity leader—and why the "Four Cs" of modern education provide a powerful framework for building effective security programs. Drawing from years as both a teacher and school principal in Germany, Manu introduces Critical Thinking, Communication, Collaboration, and Creativity as essential leadership skills that fundamentally challenge how the industry approaches awareness training and incident response.After growing frustrated with Germany's outdated education system that prioritized memorization over critical thinking, Manu left his position as principal and reinvented himself as a digital transformation consultant. Working with schools and mid-sized companies to adopt cloud technologies, he eventually landed the CISO role at SAUTER, an international building automation company with 4,000 employees across multiple countries.The conversation tackles security's most persistent failure: awareness training that doesn't work. Manu reveals that 37% of security incidents in Germany could be prevented if users made better decisions, yet most organizations rely on boring click-through programs. He advocates for scenario-based, role-specific training—an approach now mandated by Europe's NIS 2 regulation—that treats people as the biggest opportunity in cybersecurity rather than the weakest link.One of the episode's most practical frameworks is Manu's Observation-Description-Interpretation method for analyzing security incidents. He explains how humans naturally jump from observation directly to interpretation, skipping the crucial middle step of accurately describing what actually happened. This leads to finger-pointing, misdiagnosis, and hasty decisions. By training security analysts to pause and describe incidents factually first, teams make better decisions and build trust with the business.Manu challenges the punitive approach many organizations take toward security failures, particularly companies that fire employees for repeatedly clicking phishing simulations. He champions building positive fault cultures where employees feel safe reporting mistakes. His three crisis questions—Is anyone dying? Major financial impact? Will someone be hurt?—provide a simple framework for staying calm and deciding when immediate action is necessary versus taking time to think strategically.Key Topics Discussed:Why the "Four Cs" (Critical Thinking, Communication, Collaboration, Creativity) define effective security leadershipThe Observation-Description-Interpretation framework for incident analysis without biasTransforming ineffective awareness training into engaging, scenario-based programsBuilding positive security cultures where employees report issues without fearNIS 2's mandate for role-specific cybersecurity training across organizational levelsWhy Germany and European mid-market companies lag in cloud adoptionThree critical crisis questions: Is anyone dying? Financial impact? Risk of harm?Why punitive phishing training destroys trust and cultural engagementApplying teacher skills to security leadership and de-escalation...

Send us a textWe are back! Welcome to season 7 of the Serious Privacy podcast, with dr. K Royal, Ralph O'Brien and Paul Breitbarth. Also this season, we will keep you up to date of developments in the data protection and privacy community, artificial intelligence and some cybersecurity. And of course we'll bring you interviews with great guests! If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

In episode 172 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Chirag Arora, Cyber Security Executive Advisor and CISO at Dorf Nelson & Zauderer LLP. Together, they discuss how Chirag draws upon his experience as a CISO and his community work as a CIS Critical Security Controls® (CIS Controls®) Ambassador to help other CISOs with their cybersecurity programs.Here are some highlights from our episode:00:51. Introduction to Chirag and the early years of his work as a CIS Controls Ambassador06:03. The value of measurement and psychology when discussing assessments with CISOs09:00. Chirag's work on a CISO certification and vision for aligning it to the CIS Controls12:31. How open sharing of wisdom between CISOs makes the world more secure20:57. The importance of storytelling for CISOs, CIS Controls Ambassadors, and other leaders24:29. Chirag's use of law school to take his understanding of reasonableness up a level28:13. Regular opportunities for CIS Controls Ambassadors to discuss universal issues31:08. The heightened importance of nonprofit organizations bringing people togetherResourcesCIS Critical Security Controls®Episode 160: Championing SME Security with the CIS ControlsEpisode 168: Institutionalizing Good Cybersecurity IdeasReasonable Cybersecurity GuideSimplify Security Management with CIS SecureSuite PlatformCISO Certification by GlobalCISO Leadership Foundation™If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Are there some things that can come off your strategic planning radar for IT and cybersecurity in 2026? If you ask AI, you'll get some surprising answers. Johna and John take a critical look at this AI-generated list to see which ones may or may not be “solved enough” to fall off the strategic planning... Read more »

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Johann Balaguer, Global CISO, Hard Rock Hotels and Casinos. In this episode: Understanding the why Own your digital self Invest beyond tenure Prepare for dependencies Thanks to Louis Zhichao Zhang, AIA Australia for contributing this week's "What's Worse?!" scenario. Huge thanks to our sponsor, Guardsquare Guardsquare delivers mobile app security without compromise, providing advanced protections for both Android and iOS apps. From app security testing to code hardening to real-time visibility into the threat landscape, Guardsquare solutions provide enhanced mobile application security from early in the development process through publication. Learn more about how to protect your app at Guardsquare.com.

Are there some things that can come off your strategic planning radar for IT and cybersecurity in 2026? If you ask AI, you'll get some surprising answers. Johna and John take a critical look at this AI-generated list to see which ones may or may not be “solved enough” to fall off the strategic planning... Read more »

Why do IT organizations cling to ancient technology like Windows 2003, creating dangerous technical debt they don't even recognize? And how do they get out of this trap? Let's find out with our guest Anton Chuvakin, who advises the biggest customers of Google's Cloud services. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.   LinkedIn profile -- https://www.linkedin.com/in/chuvakin/   Podcast -- https://cloud.withgoogle.com/cloudsecurity/podcast/

Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Krista Arndt, associate CISO, St. Luke's University Health Network, and Jason Shockey, CISO, Cenlar FSB Thanks to our show sponsor, Conveyor Ever dream of giving customers instant answers to their security questions without ever filling out another questionnaire? Meet Conveyor's new Trust Center Agent. The Agent lives in your Conveyor Trust Center and answers every customer question, surfaces documents and even completes full questionnaires instantly so customers can finish their review and be on their way. Top tech companies like Atlassian, Zapier, and more are using Conveyor to automate away tedious work. Learn more at conveyor.com. All links and the video of this episode can be found on CISO Series.com

Show Notes: Jason Baumgarten is a partner at Spencer Stuart where he is also the global head and CEO of board practice. He assists businesses in all sectors to identify and evaluate CEOs who motivate senior leadership teams to reach their full potential. Additionally, he assists boards with CEO succession planning, director recruitment, and identifying future leaders.  How to Join a For-profit Board Jason talks about the range of roles on a board and the specific roles a board might be looking to fill. He explains that the specificity of board roles varies based on the scale and maturity of the organization, using a real example of a board search he is currently involved in. Jason discusses how sophisticated boards often have specific requirements for board members, such as industry experience, geographic expertise, and specific skill sets. Identifying and Defining Board Roles When asked about the various categories of board roles, such as finance, data analytics, and HR, Jason explains that the most common request is for recently or actively retired CEOs, followed by CFOs with specific finance experience. He  highlights the importance of understanding the nature and type of business the company is in, such as regulated industries, capital-light businesses, or capital-heavy businesses. Board Member Etiquette Jason outlines the main drivers for wanting to be on a board: prestige and the desire to be helpful. He explains the concept of "noses in, fingers out" in governance, emphasizing the importance of board members being helpful but not overly involved. He also discusses the range of compensation for board members, from stipends to significant annual fees, and advises against depending on board compensation as a primary source of income.  He stresses the importance of being willing to fire oneself from a board to provide objective advice to the CEO. The Reality of Joining a Board for Management Consultants Jason advises not to limit aspirations and suggests using a simple litmus test: "if the company wouldn't hire you as a top executive, they probably won't consider you for a board role." He explains the importance of nonprofit boards, both fundraising and operating boards, and how they can provide valuable experience and networking opportunities. Jason discusses the potential for board roles in small private companies, large private companies, and public companies, emphasizing the importance of regional connections and unique experiences. The Role of Executive Search Firms in Board Recruitment Jason explains that search firms are often involved in board searches for public or pre-IPO companies and large private equity firms. He advises building relationships with search firms and being responsive and helpful when they reach out for market intelligence or advisory work. Jason also shares the importance of having a network of firms that work in your industry or location and how advisory work can lead to board opportunities. How Boards Vet Prospective Members The conversation turns to the process of being vetted and evaluated for a board role, including interviews, background checks, and social media history. Jason explains that some  boards generally recruit with a lighter touch than other roles, but private equity and regulated boards may conduct more thorough diligence. He advises candidates to ask about the board's process, including the last board member hired and the steps involved in the recruitment process. He also emphasizes the importance of meeting all board members and ensuring a good fit in terms of personality and interests. The Commitment Reality of Being on the Board Jason talks about the typical time commitment for board members, including meetings, committee calls, and ad hoc time with the CEO. He explains the importance of understanding the size of board decks and the amount of preparation required for each meeting. Jason also advises candidates to be patient and persistent, as the process of getting on a board can take years and is often unpredictable. Identifying Risks to Board Members When asked about the risks involved in accepting a board position and the importance of D&O insurance, Jason recommends consulting with a D&O insurance broker to understand the market and ensure appropriate coverage. He advises candidates to be aware of any litigation or regulatory risks associated with the board and to seek legal advice if necessary. Jason also emphasizes the importance of understanding the board's D&O policy and ensuring that board members are covered appropriately. Final Thoughts and Advice Jason reiterates the importance of understanding the time commitment and potential disruptions that can arise. He advises candidates to be patient and persistent, as the process of getting on a board can take years. Jason shares a story about a former CISO who became a sought-after board member, illustrating the unpredictability of the process and the importance of perseverance. Timestamps: 02:18: Types of Board Roles and Common Requests 05:29: Benefits of Being on a Board  08:08: Levels of Boards and Aspirations  15:24: Search Firms and Board Recruitment Processes  32:38: The Board Recruitment Process 39:41: Time Commitment and Potential Disruptions  42:50: Risk and Insurance Considerations  47:16: Final Thoughts and Advice  Links: Website: getscalar.ai   This episode on Umbrex: https://umbrex.com/unleashed/episode-632-jason-baumgarten-how-to-position-yourself-for-board-roles/ Unleashed is produced by Umbrex, which has a mission of connecting independent management consultants with one another, creating opportunities for members to meet, build relationships, and share lessons learned. Learn more at www.umbrex.com. *AI generated timestamps and show notes.  

Please enjoy this encore of Career Notes. Deepen Desai, Global Chief Information Security Officer at Zscaler, shares his story as a doctor that treats computer viruses. He describes how he got into the security field and his work with Zscaler. He says what it's like learning and growing in this field and shares great advice for people who are up and coming in the field. Deepen describes working with an incredible team and how much joy it brings him to see his team learning and growing beyond their roles working with him. He says he want's to be remembered as a mentor among his colleagues. He says "I still remember my first team that I built, 15 years ago. Most of those guys are leading key technologies at many of the major security vendors, and some of them are still with me." We thank Deepen for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices