POPULARITY
Categories
All images and links can be found on CISO Series. Check out this post by Gautam ‘Gotham' Sharma of AccessCyber for the discussion that is the basis of our conversation on this week's episode, co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is Krista Arndt, associate CISO, St. Luke's University Health Network. In this episode: Verify then trust Dishonesty on all sides A lack of flexibility What about integrity? Huge thanks to our sponsor, Formal Formal secures humans, AI agent's access to MCP servers, infrastructure, and data stores by monitoring and controlling data flows in real time. Using a protocol-aware reverse proxy, Formal enforces least-privilege access to sensitive data and APIs, ensuring AI behavior stays predictable and secure. Visit joinformal.com to learn more or schedule a demo.
MathWorks, Creator of MATLAB, Confirms Ransomware Attack Adidas warns of data breach after customer service provider hack Dutch Intelligence Agencies Say Russian Hackers Stole Police Data in Cyberattack Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Tim Jacobs, vp, CISO, Commonwealth Care Alliance. In this episode: Starting from zero Prepare for decisive decisions Working back from unacceptable Discovering inefficiencies A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
Malicious npm and VS Code packages stealing data Nova Scotia Power confirms ransomware attack Researchers claim ChatGPT o3 bypassed shutdown in controlled test Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
CISA warns Commvault clients of campaign targeting cloud applications Russian hacker group Killnet returns with slightly adjusted mandate Fake VPN and browser NSIS installers used to deliver Winos 4.0 malware Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Craig Taylor is a seasoned cybersecurity leader, CISSP since 2001, and co-founder of CyberHoot, a fully automated SaaS platform that teaches cyber literacy to SMBs and MSPs. As a virtual CISO for over 35 companies and founder of a growing vCISO peer group, he brings deep expertise and collaborative insight to the cybersecurity field. A gifted speaker, Rotarian, and cancer research fundraiser, Craig blends technical leadership with a passion for service and community.Master of Your Crafts is a captivating podcast featuring conversations with individuals who have dedicated themselves to mastering their craft. Whether it's a gift, talent or skill that comes naturally to them, these individuals have taken ownership and honed their abilities to perfection. Through deep conversation, we delve into their inner dialogue, actions and life circumstances offering words of wisdom to empower and guide you on a journey to becoming the master of your own craft.For more information, visit our website https://masterofyourcrafts.com and Bright Shining Light Website: https://brightshininglight.comStay connected with us:- Facebook: https://www.facebook.com/masterofyourcrafts- Instagram: https://www.instagram.com/MasterOfYourCrafts/- Spotify: https://open.spotify.com/show/1M0vp9HoK7kkP1w4ij7PJd?si=7d383a92b93b4e2c- ApplePodcast: https://podcasts.apple.com/ca/podcast/master-of-your-crafts/id1512818795- Amazon Music: https://music.amazon.ca/podcasts/b15079de-bc6a-487c-b8f8-faca73d0f685/master-of-your-crafts- Google Play: https://podcasts.google.com/feed/aHR0...
In this episode, I sit down with longtime industry leader and visionary Phil Venables to discuss the evolution of cybersecurity leadership, including Phil's own journey from CISO to Venture Capitalist. We chatted about: A recent interview Phil gave about CISOs transforming into business-critical digital risk leaders and some of the key themes and areas CISOs need to focus on the most when making that transition Some of the key attributes CISOs need to be the most effective in terms of technical, soft skills, financial acumen, and more, leaning on Phil's 30 years of experience in the field and as a multiple-time CISO Phil's transition to Venture Capital with Ballistic Ventures and what drew him to this space from being a security practitioner Some of the product areas and categories Phil is most excited about from an investment perspectiveThe double-edged sword is AI, which is used for security and needs security. Phil's past five years blogging and sharing his practical, hard-earned wisdom at www.philvenables.com, and how that has helped him organize his thinking and contribute to the community.Some specific tactics and strategies Phil finds the most valuable when it comes to maintaining deep domain expertise, but also broader strategic skillsets, and the importance of being in the right environment around the right people to learn and grow
Angela C. Williams is the SVP, Global Chief Information Security Officer at UL. In this episode, she joins host Heather Engel and Tia Hopkins, Chief Cyber Resilience Officer and Field CTO at eSentire, to discuss communicating with the board, including cyber resilience, related misconceptions, and more. Next Level CISO is a Cybercrime Magazine podcast brought to you by eSentire, the Authority in Managed Detection and Response. eSentire's mission is to hunt, investigate and stop cyber threats before they become business disrupting events. To learn more about our sponsor, visit https://esentire.com
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest George Finney, CISO, The University of Texas System – check out George's new book plus all his other achievements at his website, WellAwareSecurity. Thanks to our show sponsor, Conveyor Still spending hours maintaining a massive spreadsheet of Q&A pairs or using RFP tools to answer security questionnaires? Conveyor's AI doesn't need hand-holding and gets you accurate answers every time with limited knowledge base maintenance. It reads directly from your connected sources—documents, wikis, websites, Confluence, Google drive, and even your Conveyor trust center. You don't maintain a knowledge base. You connect to one. And our AI does the rest for you. See what real auto-fill magic looks like at www.conveyor.com All links and the video of this episode can be found on CISO Series.com
On today’s episode, we are joined by Dr. Brad Topol, Distinguished Engineer and Director of Open Source Technologies at IBM, to talk about how to scale your leadership. We explore the process of how he went from individual contributor to distinguished engineer to director and executive. We chat about how you build a career... Read more »
On today’s episode, we are joined by Dr. Brad Topol, Distinguished Engineer and Director of Open Source Technologies at IBM, to talk about how to scale your leadership. We explore the process of how he went from individual contributor to distinguished engineer to director and executive. We chat about how you build a career... Read more »
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Dennis Pickett, vp, CISO, Westat. In this episode: Stop siloing cybersecurity Leading the charge A culture of ownership Preparing for resilience A huge thanks to our sponsor, Recorded Future Every day, security teams face an impossible challenge: sorting through millions of threats, each potentially critical. But somewhere in that noise are the signals you can't afford to miss. Recorded Future's gives you the power to outpace AI-driven threats through intelligence tuned specifically to your needs, enabling you to act with precision. Their advanced AI detects patterns human eyes might miss, while their experts provide context that machines alone cannot. Visit recordedfuture.com to learn more about securing what matters to your business.
In this episode of The New CISO, host Steve Moore speaks with Ben, Director of Group Security and Architecture at Bilfinger, about the role of self-awareness, confidence, and communication in effective cybersecurity leadership.Ben shares his unconventional path to becoming a CISO, how he applies the “done is better than perfect” philosophy, and why embracing vulnerability, curiosity, and creativity is key to building strong teams. From baking sourdough to producing his own podcast, Ben highlights how personal passions can shape professional growth.Key Topics Covered:Why done is better than perfect can be a strength—not a flaw—in cybersecurityThe surprising connection between baking sourdough and fostering security cultureHow Ben's podcast, Infosec Theater, educates non-technical audiences using humor and storytellingThe creative interview question he uses to gauge mindset: “If cybersecurity were an animal, what would it be?”Why hiring for attitude and resilience beats hiring for experience aloneHow podcasting sharpened his ability to listen, simplify, and leadBen also emphasizes the importance of recognizing your own strengths and surrounding yourself with people who balance them out. His perspective offers actionable takeaways for CISOs and security professionals seeking to grow into thoughtful, human-centered leaders.
May 22, 2025: James Bowie, VP and CISO of Tampa General Hospital, and Mick Coady, CTO at Armis, join Drex for this webinar re-run. Discover how asset visibility exposes unused medical equipment, saving hundreds of thousands in unnecessary purchases. James shares how quantifying a vulnerability in the “language everyone speaks”, money, sparked immediate executive action and reduced millions in risk. The experts navigate the delicate balance between security and uninterrupted patient care, challenging the traditional view of cybersecurity as merely defensive. Reframe security from an obstacle to an operational ally and gain a fresh perspective on how modern healthcare organizations can leverage security investments to drive clinical and financial efficiency. Key Points: 05:57 Asset Management and Efficiency 20:33 Defining Resilience 25:53 The Role of Cyber Programs in IT 30:46 Risk Quantification and Decision Making 39:16 Integrating Questions 43:11 Prioritizing Security Investments X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer
Send us a textOn this week of Serious Privacy, Paul Breitbarth, and Dr. K Royal (Ralph O'Brien was traveling), we cover a wild wrap up of privacy activities, including Tom Kemp as the newly appointed head of the California Consumer Privacy Protection Agency, and a wide sweep of enforcement actions including Roku, Honda Motor Company, National Public Data, Tom Snyder, plus class actions against Insomnia and Pill Pack, and a reprimand sent to Deep Seek, IAPP's state privacy law tracker update, California is seeking public feedback on proposed regulations for the delete request and opt-out platform - the DROP system, CNIL's guidance on monitoring self-checkouts, and Meta's request for a court to invalidate the EDPB guidance (can't do it, it's not a law) and Belgium's new law plus quite a bit more. We are packed with news.Please subscribe in your favorite podcast app - sharing is caring! Powered by TrustArcSeamlessly manage your privacy program, assess risks, and stay up to date on laws across the globe.With TrustArc's Privacy Studio and Governance Suite, you can automate cookie compliance, streamline data subject rights, and centralize your privacy tasks—all while reducing compliance costs. Visit TrustArc.com/serious-privacy.If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.
In this new episode of Life of a CISO, Dr. Eric Cole opens with one of his most powerful guiding principles: “Let data drive decisions, not emotions.” Drawing from his experiences traveling and meeting with top executives, he emphasizes the importance of making decisions based on reliable data rather than emotional impulses. He challenges listeners to ask themselves whether they have enough information to make an informed choice—not perfect information, but sufficient insight to move forward. When we delay decisions out of fear or uncertainty, it's often because we lack confidence due to missing data. Dr. Cole encourages action: if you don't have enough data, go get it. He then introduces his second foundational principle: “Smart people know the right answers; brilliant people ask the right questions.” These two mantras form the core of what it means to be a world-class CISO. But Dr. Cole takes it even further, revealing that the root of most professional frustration stems from a lack of alignment—whether it's misalignment with your goals, your team, or the organization itself. He draws parallels between business alignment and physical alignment in cars or our bodies, reinforcing that clarity of purpose and alignment of actions are essential for not only being effective, but also reducing stress. Whether you're a CISO or not, these lessons apply to every area of life.
In the leadership and communications section, Why Every CISO Should Be Gunning For A Seat At The Board Table, The Innovation We Need is Strategic, Not Technical , The Best Leaders Ask the Right Questions, and more! This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrarsac to learn more about them! Fortra is successfully reducing the unauthorized use of Cobalt Strike among cybercriminals through partnerships with Microsoft, Operation MORPHEUS, and the Pall Mall Process, among others. Since 2023 specifically, Fortra's collaborations have resulted in an 80% drop in Cobalt Strike misuse in the wild. Additionally, the time between detecting cracked copies and mitigation has been reduced to less than one week in the United States and less than two weeks worldwide. Segment Resources: https://www.cobaltstrike.com/blog/update-stopping-cybercriminals-from-abusing-cobalt-strike This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelbluersac to learn more about them! Uncover how organizations are building business confidence through cyber resilience, how alignment of cybersecurity and business goals impacts business, how collaboration creates a proactive culture, and how emerging attacks are evolving. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-396
In the leadership and communications section, Why Every CISO Should Be Gunning For A Seat At The Board Table, The Innovation We Need is Strategic, Not Technical , The Best Leaders Ask the Right Questions, and more! This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrarsac to learn more about them! Fortra is successfully reducing the unauthorized use of Cobalt Strike among cybercriminals through partnerships with Microsoft, Operation MORPHEUS, and the Pall Mall Process, among others. Since 2023 specifically, Fortra's collaborations have resulted in an 80% drop in Cobalt Strike misuse in the wild. Additionally, the time between detecting cracked copies and mitigation has been reduced to less than one week in the United States and less than two weeks worldwide. Segment Resources: https://www.cobaltstrike.com/blog/update-stopping-cybercriminals-from-abusing-cobalt-strike This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelbluersac to learn more about them! Uncover how organizations are building business confidence through cyber resilience, how alignment of cybersecurity and business goals impacts business, how collaboration creates a proactive culture, and how emerging attacks are evolving. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-396
How far ahead should you plan, and what things belong in your strategic plan? Conventional wisdom holds that a 3-year planning horizon is “about right”–but in a period of rapid technical and geopolitical change (such as we're arguably in right now) does that go too far out, particularly when agile methodologies recommend shorter action plans... Read more »
All links and images for this episode can be found on CISO Series. I host this week's episode, David Spark (@dspark), producer of CISO Series and Jesse Whaley, CISO, Amtrak. Joining them is their guest Vaughn Hazen, CISO, CN. In this episode: The classics endure The rules of the rail "Prove It. With data." It's all just software A huge thanks to our sponsor, Doppel Doppel is the first social engineering defense platform built to dismantle deception at the source. It uses AI and infrastructure correlation to detect, link, and disrupt impersonation campaigns before they spread - protecting brands, executives, and employees while turning every threat into action that strengthens defenses across a shared intelligence network. Learn more at https://www.doppel.com/platform
AI has taken us into uncharted territory.
How far ahead should you plan, and what things belong in your strategic plan? Conventional wisdom holds that a 3-year planning horizon is “about right”–but in a period of rapid technical and geopolitical change (such as we're arguably in right now) does that go too far out, particularly when agile methodologies recommend shorter action plans... Read more »
From 2023 to 2024, ransomware has seen a 67 percent jump, with an average payment of $2 million and another $2.7 million in recovery costs for most companies that are hit by an attack. Fortunately, there are multiple steps businesses can take to lower the risk of being a victim. In this episode, Adam Keown, global CISO at Eastman, joins host Heather Engel to discuss the value of email filtering for organizations across the globe. • For more on cybersecurity, visit us at https://cybersecurityventures.com
Is the so-called "Insider Threat" a big deal? If so, how could you use a honeypot to catch them? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. If you want to know more about honeypots, check out Kip's newest LinkedIn Learning course: “Active Defense: The New Frontier in Cybersecurity” -- https://www.linkedin.com/learning/active-defense-the-new-frontier-in-cybersecurity/
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Travis Howerton, Co-founder and CEO of RegScale. Travis began his security career with roles at government and regulated organizations, including the National Nuclear Security Administration and Oak Ridge National Laboratory, before being inspired by inefficiencies in compliance processes to co-found RegScale. As CEO of RegScale, he oversees their Continuous Controls Monitoring platform, which enables rapid GRC outcomes for organizations like Wiz, Keybank, and the US Department of Energy. In this episode: [02:15] How an interest in computer science led Travis to pursue a career in security [03:20] Working in “the Major Leagues of cyber” at the National Nuclear Security Administration [06:20] Moving fast in highly-regulated environments [07:10] Securing the world's fastest supercomputer at Oak Ridge National Laboratory [10:30] Supporting digital transformation at enormous scale at Bechtel Corp [15:15] How outdated compliance processes inspired Travis to co-found RegScale [18:15] How RegScale acquired its first high-profile clients through "hustle and luck" [19:20] The challenges of building the first version of RegScale [21:15] Taking the pain out of compliance [23:20] The biggest GRC roadblocks teams are facing right now [25:10] Practical advice for moving the needle on your automation program [27:33] Eliminating redundancy and inefficiency in federal compliance programs [32:30] What's next for RegScale [33:45] The best applications of AI (and which decisions should "never" be made AI) [35:45] Navigating regulatory uncertainty when it affects your whole business model [38:40] What SecOps and compliance teams might look like in the future [40:20] What the best compliance teams do to build rapport with security, IT and other business functions [43:30] Why AI adoption is a risk-based conversation every organization should be having with their CISO [46:00] Connect with Travis Where to find Travis Howerton: LinkedIn RegScale Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: The CISO Society 2025 State of Continuous Control Monitoring Report
Segment 1: Fastly Interview In this week's interview segment, we talk to Marshall Erwin about the state of cybersecurity, particularly when it comes to third party risk management, and whether we're ready for the next big SolarWinds or Crowdstrike incident. These big incidents have inspired executive orders, the Secure by Design initiative, and even a memo from JPMorgan Chase's CISO. We will discuss where Marshall feels like we should be pushing harder, where we've made some progress, and what to do about incentives. How do you convince a software supplier or service provider to prioritize security over features? This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them! Segment 2: Weekly Enterprise News In this week's enterprise security news, Agents replacing analysis is highly misunderstood only one funding round Orca acquires Opus to automate remediation OneDrive is updating to make BYOD worse? Companies are starting to regret replacing workers with AI Is venture capital hanging on by a thread (made of AI)? Potential disruption in the traditional vuln mgmt space! MCP is already looking like a dumpster fire from a security perspective malicious NPM packages and, IS ALCHEMY REAL? Segment 3: RSAC Conference 2025 Interviews Interview 1: Pluralsight Emerging technologies like AI and deepfakes have significantly complicated the threat landscape of today. As AI becomes more integrated into our lives, everyone - not just cybersecurity professionals - needs to develop security literacy skills to keep themselves, their organizations, and their loved ones safe. Luckily, there are countermeasures to spot and identify AI and deepfake-related threats in the wild. In this segment, Pluralsight's Director of Security and IT Ops Curriculum, Bri Frost, discusses how AI has changed the cybersecurity industry, how to spot AI and deepfakes in the wild, and the skills you should know to defend against these emerging threats. Pluralsight's AI Skills Report This segment is sponsored by Pluralsight. Visit https://securityweekly.com/pluralsightrsac to learn the skills you need to defend against the latest cyber threats! Interview 2: Radware Adversaries are rewriting the cybersecurity rules. Shifts in the threat landscape are being fueled by attackers with political and ideological agendas, more sophisticated attack tools, new coalitions of hacktivists, and the democratization of AI. Radware CTO David Aviv will discuss how companies must adapt their cyber defenses and lead in an evolving era of asymmetric warfare and AI-driven attacks. This segment is sponsored by Radware. Visit https://securityweekly.com/radwarersac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-407
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Julie Chatman. Julie is a distinguished cybersecurity executive with nearly two decades of experience in cybersecurity strategy, risk management, and AI governance. She began her career in the U.S. Navy, serving on active duty as a Hospital Corpsman specializing in Medical Laboratory Science & Technology. Her transition into cybersecurity began at the FBI, where strong mentorship shaped her approach to leadership, problem solving, and talent development. She currently serves as the Deputy Chief Information Security Officer for Finance at the Virginia Information Technologies Agency (VITA), where she is focused on driving risk reduction across state agencies. The role is part of a strategic engagement through her company, ResilientTech Advisors. Julie leads CyberPath Coaching, where she draws on her experience as an active CISO to mentor cybersecurity professionals, accelerate their growth, and prepare them for executive roles. She works with individuals breaking into the field, mid-career professionals, aspiring CISOs, and cybersecurity entrepreneurs. [May 19, 2025] 00:00 - Intro 00:53 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 02:03 - Julie Chatman Intro 03:14 - A Hungry Brain 04:25 - We Are Mushroomed 05:54 - Being an Enabler 10:13 - Speak Their Language 13:33 - Assigning Responsibility 16:05 - A Tool, Not a Replacement 20:35 - Career Challenges 22:40 - Strategic Empathy 23:46 - Setting Boundaries 24:15 - Narrative Control 25:38 - Staying Positive 29:39 - The Target is the Same 32:09 - Book Recommendations - World War Z - Max Brooks 33:20 - Mentors - MB Kinder - Martha Williams 35:14 - Find Julie Chatman Online - Website: cyberpathcoaching.net - LinkedIn: linkedin.com/in/julie-chatman-mba-infosec 35:54 Wrap Up & Outro - www.social-engineer.com - www.innocentlivesfoundation.org
Guest: Christine Sizemore, Cloud Security Architect, Google Cloud Topics: Can you describe the key components of an AI software supply chain, and how do they compare to those in a traditional software supply chain? I hope folks listening have heard past episodes where we talked about poisoning training data. What are the other interesting and unexpected security challenges and threats associated with the AI software supply chain? We like to say that history might not repeat itself but it does rhyme – what are the rhyming patterns in security practices people need to be aware of when it comes to securing their AI supply chains? We've talked a lot about technology and process–what are the organizational pitfalls to avoid when developing AI software? What organizational "smells" are associated with irresponsible AI development? We are all hearing about agentic security – so can we just ask the AI to secure itself? Top 3 things to do to secure AI software supply chain for a typical org? Resources: Video “Securing AI Supply Chain: Like Software, Only Not” blog (and paper) “Securing the AI software supply chain” webcast EP210 Cloud Security Surprises: Real Stories, Real Lessons, Real "Oh No!" Moments Protect AI issue database “Staying on top of AI Developments” “Office of the CISO 2024 Year in Review: AI Trust and Security” “Your Roadmap to Secure AI: A Recap” (2024) "RSA 2025: AI's Promise vs. Security's Past — A Reality Check" (references our "data as code" presentation)
Segment 1: Fastly Interview In this week's interview segment, we talk to Marshall Erwin about the state of cybersecurity, particularly when it comes to third party risk management, and whether we're ready for the next big SolarWinds or Crowdstrike incident. These big incidents have inspired executive orders, the Secure by Design initiative, and even a memo from JPMorgan Chase's CISO. We will discuss where Marshall feels like we should be pushing harder, where we've made some progress, and what to do about incentives. How do you convince a software supplier or service provider to prioritize security over features? This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them! Segment 2: Weekly Enterprise News In this week's enterprise security news, Agents replacing analysis is highly misunderstood only one funding round Orca acquires Opus to automate remediation OneDrive is updating to make BYOD worse? Companies are starting to regret replacing workers with AI Is venture capital hanging on by a thread (made of AI)? Potential disruption in the traditional vuln mgmt space! MCP is already looking like a dumpster fire from a security perspective malicious NPM packages and, IS ALCHEMY REAL? Segment 3: RSAC Conference 2025 Interviews Interview 1: Pluralsight Emerging technologies like AI and deepfakes have significantly complicated the threat landscape of today. As AI becomes more integrated into our lives, everyone - not just cybersecurity professionals - needs to develop security literacy skills to keep themselves, their organizations, and their loved ones safe. Luckily, there are countermeasures to spot and identify AI and deepfake-related threats in the wild. In this segment, Pluralsight's Director of Security and IT Ops Curriculum, Bri Frost, discusses how AI has changed the cybersecurity industry, how to spot AI and deepfakes in the wild, and the skills you should know to defend against these emerging threats. Pluralsight's AI Skills Report This segment is sponsored by Pluralsight. Visit https://securityweekly.com/pluralsightrsac to learn the skills you need to defend against the latest cyber threats! Interview 2: Radware Adversaries are rewriting the cybersecurity rules. Shifts in the threat landscape are being fueled by attackers with political and ideological agendas, more sophisticated attack tools, new coalitions of hacktivists, and the democratization of AI. Radware CTO David Aviv will discuss how companies must adapt their cyber defenses and lead in an evolving era of asymmetric warfare and AI-driven attacks. This segment is sponsored by Radware. Visit https://securityweekly.com/radwarersac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-407
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Yaron Levi, CISO, Dolby. Joining us is Joey Rachid, CISO, Xerox. In this episode: It's a balancing act Choose to leave the kids' table Your team is essential Don't change CISOs midstream Huge thanks to our sponsor, Blackslash Backslash offers a new approach to application security by creating a digital twin of your application, modeled into an AI-enabled App Graph. It categorizes security findings by business process, filters “triggerable” vulnerabilities, and simulates the security impact of updates. Backslash dramatically improves AppSec efficiency, eliminating legacy SAST and SCA frustration. Learn more at https://www.backslash.security/
Tired of the same old advice that isn't getting you anywhere in your cybersecurity career? Everyone says "get more technical skills," but what if that's only part of the story? If you're aiming for leadership roles like CISO, Security Director, or Head of GRC, or other security leadership roles, this episode is for you. In this episode, we dive into: why technical skills alone won't land you a cybersecurity leadership role, the real skills that executives are desperately seeking (it's not what you think), how to showcase leadership skills even without a leadership title (break the catch-22), effective communication strategies to influence executives and your team, what it really takes to lead during a cybersecurity crisis (the uncomfortable truth). It's time to stop wasting time on outdated advice and focus on what truly matters. Listen now to unlock the secrets to accelerating your cybersecurity leadership career.Looking to become an influential and effective security leader? Don't know where to start or how to go about it? Follow Monica Verma (LinkedIn) and Monica Talks Cyber (Youtube) for more content on cybersecurity, technology, leadership and innovation, and 10x your career. Subscribe to The Monica Talks Cyber newsletter at https://www.monicatalkscyber.com.
In this episode of Life of a CISO, Dr. Eric Cole shines a spotlight on a critical blind spot that many Chief Information Security Officers overlook: legal liability. While CISOs are often highly skilled and technically knowledgeable, it's what they don't know—particularly about their legal exposure—that can put them at serious risk. Dr. Cole explains that many CISOs hold the title of “chief” without realizing they may not officially be corporate officers, and that distinction matters. If you are considered a true officer of the company, you may be personally liable for failures or breaches, even if you weren't the root cause. He urges CISOs to ask the right questions during negotiations, ensure they understand their official role, and protect themselves with legal counsel and proper insurance coverage. He goes on to emphasize the importance of understanding how communication becomes evidence at the executive level. In today's digital world, emails and text messages are no longer just conversations—they are legal records that can be used for or against you. Dr. Cole discusses how even a lack of written documentation can lead to lawsuits or termination if it's perceived that a CISO failed to inform the board about a critical risk. However, over-documenting can also backfire by making colleagues uncomfortable or wary. This delicate balance between transparency and discretion is a key leadership skill every CISO must develop. Ultimately, this episode is a wake-up call to every cybersecurity leader: the higher you rise, the more you must be aware of the legal and personal implications of your role.
In the leadership and communications section, How CISOs can talk cybersecurity so it makes sense to executives, Firms to spend more on GenAI than security in 2025, Europe leads shift from cyber security ‘headcount gap' to skills-based hiring, and more! Next, pre-recorded interviews from RSAC Conference 2025, including: This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinetrsac to learn more about them! Unpacking the latest annual report from Fortinet's FortiGuard Labs. We're talking with Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet's FortiGuard Labs, to get a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The report reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders. Read the full report at https://securityweekly.com/fortinetrsac. This segment is sponsored by Cobalt. Visit https://securityweekly.com/cobaltrsac to learn more about them! In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI). While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems. Segment Resources: https://www.cobalt.io/blog/key-takeaways-state-of-pentesting-report-2025 https://resource.cobalt.io/state-of-pentesting-2025?gl=1*zwbjgz*gclaw*R0NMLjE3MzcwNTU5ODMuQ2owS0NRaUEtYUs4QmhDREFSSXNBTF8tSDltRlB0X2FmSVhnQnBzSjYxOHlRZ1dhcmRMQ0lHalo3eVgxcTh1cHVnWFVwV0todHFPSDFZZ2FBb0hNRUFMd193Y0I.*gcl_au*MTc4MjQwMTAwNC4xNzQ0NjM0MTgz Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-395
In this episode of Breaking Badness, Kali Fencl sits down with Mick Baccio, Global Security Advisor at Splunk and former CISO for Pete Buttigieg's 2020 presidential campaign. Mick shares his journey from aspiring Navy nuclear engineer to leading security in some of the highest-stakes environments, including the White House. They explore how threat intelligence, storytelling, and mentorship shape the future of cybersecurity. From his early days in government to his work on the Splunk SURGe team, Mick opens up about what it takes to build secure systems, stronger teams, and more empathetic leadership in cybersecurity.
Hosts: David Homovich, Customer Advocacy Lead, Office of the CISO, Google Cloud Alicja Cade, Director, Office of the CISO, Google Cloud Guest: Christian Karam, Strategic Advisor and Investor Resources: EP2 Christian Karam on the Use of AI (as aired originally) The Cyber-Savvy Boardroom podcast site The Cyber-Savvy Boardroom podcast on Spotify The Cyber-Savvy Boardroom podcast on Apple Podcasts The Cyber-Savvy Boardroom podcast on YouTube Now hear this: A new podcast to help boards get cyber savvy (without the jargon) Board of Directors Insights Hub Guidance for Boards of Directors on How to Address AI Risk
Send us a textOn this episode of @SeriousPrivacy, hosts Paul Breitbarth and Dr. K Royal (Ralph wasn' able to join us in DC) catch up with Tahu Kukutai, Professor, The University of Waikato; Jade Makory, CIPP/E, CIPM, CIPT, FIP, Legal and Advocacy Director, Data Analytics Kenya, and Privacy Expert, PwC (on Sabbatical); and Shana Morgan, AIGP, CIPP/E, CIPM, FIP, Global Head of AI / Privacy, L3Harris Technologies - just after the first IAPP panel on indigenous privacy at GPS25 (moderated by Shoshana Rosenberg). Fabulous and enlightening. Powered by TrustArcSeamlessly manage your privacy program, assess risks, and stay up to date on laws across the globe.With TrustArc's Privacy Studio and Governance Suite, you can automate cookie compliance, streamline data subject rights, and centralize your privacy tasks—all while reducing compliance costs. Visit TrustArc.com/serious-privacy.If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.
In episode 135 of Cybersecurity Where You Are, Sean Atkinson is joined live at RSAC Conference 2025 by five attendees, including two Center for Internet Security® (CIS®) employees. He conducts a lightning chat with each attendee to get their thoughts about the conference, how it reflects the changing cybersecurity industry, and the role CIS plays in this ongoing evolution. Here are some highlights from our episode:00:40. Stephanie Gass, Sr. Director of Information Security at CISHow to start creating a policy and make it effective through implementation processesA transition to an approach integrating mappings for CIS security best practicesThe use of GenAI and security champions to make this transition04:08. Brad Bock, Director of Product Management at ChainguardBuilding and compiling security from the ground up in open-source container imagesTrusting pre-packaged software in an increasingly complex worldSupport of customer compliance with attestation, SBOMs, and vulnerability remediation07:43. Stephane Auger, Vice President Technologies and CISO at Équipe MicrofixCustomer awareness and other top challenges for MSPs and MSSPsThe use of case studies and referrals to communicate the importance of cybersecurityA growing emphasis on cyber risk insurance as media attention around breaches grows11:36. Brent Holt, Director of Cybersecurity Technology at Edge Solutions LLCHow the CIS Critical Security Controls facilitates a consultative approach to customersThe importance of knowing where each company is in their use of GenAIMapping elements of a portfolio to CIS security best practices17:23. Mishal Makshood, Sr. Cloud Security Account Executive at CISThe use of learning and research to investigate GenAI's utility for CISAn aspiration to scale efficiency and drive improvements with GenAI trainingA reminder to augment human thought, not replace it, with GenAIResourcesEpisode 63: Building Capability and Integration with SBOMsMapping and ComplianceCybersecurity for MSPs, MSSPs, & ConsultantsEpisode 130: The Story and Future of CIS Thought LeadershipIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
Michael Coates is the founding partner of Seven Hill Ventures. He has an extensive background going back to his time as Twitter's first CISO, and has held executive roles at CoinList, Mozilla and OWASP. In this episode, Coates joins host Heather Engel to discuss his experience, including making the jump from CISO to venture capitalist, how his perspective on the industry has shifted over the years, and more. • For more on cybersecurity, visit us at https://cybersecurityventures.com
Cybercrime Magazine was in attendance at the 2025 RSA Conference, where we caught up with some of the top minds in cybersecurity, including board members, industry leaders, and of course, CISOs. Tune in to this 2-minute episode and hear directly from Adam Keown, CISO at Eastman. • For more on cybersecurity, visit us at https://cybersecurityventures.com
Discover the 6 Steps to Build True Cyber Resilience in 2025 with David White, President and Co-founder of Axio. In this insightful episode of the Risk Management Show, we discussed actionable strategies to enhance cybersecurity fundamentals, prioritize risk investments, and foster a culture of resilience. David draws on decades of experience in cyber risk quantification and operational resilience to share how companies can prepare for and recover from major events like ransomware attacks. Learn why financial modeling is key to aligning cybersecurity with business risk management and how tabletop exercises can strengthen your organization's preparedness. If you want to be our guest or suggest a speaker, send your email to info@globalriskconsult.com with the subject line “Guest Proposal.”
In the leadership and communications section, How CISOs can talk cybersecurity so it makes sense to executives, Firms to spend more on GenAI than security in 2025, Europe leads shift from cyber security ‘headcount gap' to skills-based hiring, and more! Next, pre-recorded interviews from RSAC Conference 2025, including: This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinetrsac to learn more about them! Unpacking the latest annual report from Fortinet's FortiGuard Labs. We're talking with Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet's FortiGuard Labs, to get a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The report reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders. Read the full report at https://securityweekly.com/fortinetrsac. This segment is sponsored by Cobalt. Visit https://securityweekly.com/cobaltrsac to learn more about them! In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI). While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems. Segment Resources: https://www.cobalt.io/blog/key-takeaways-state-of-pentesting-report-2025 https://resource.cobalt.io/state-of-pentesting-2025?gl=1*zwbjgz*gclaw*R0NMLjE3MzcwNTU5ODMuQ2owS0NRaUEtYUs4QmhDREFSSXNBTF8tSDltRlB0X2FmSVhnQnBzSjYxOHlRZ1dhcmRMQ0lHalo3eVgxcTh1cHVnWFVwV0todHFPSDFZZ2FBb0hNRUFMd193Y0I.*gcl_au*MTc4MjQwMTAwNC4xNzQ0NjM0MTgz Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-395
Robert Acosta is the VP of IT at Spanish Broadcasting. In this episode, he joins host Heather Engel and Tia Hopkins, Chief Cyber Resilience Officer and Field CTO at eSentire, to discuss rebuilding after a breach from the inside out, including the best approaches to resilience, general best practices for security programs, and more. Next Level CISO is a Cybercrime Magazine podcast brought to you by eSentire, the Authority in Managed Detection and Response. eSentire's mission is to hunt, investigate and stop cyber threats before they become business disrupting events. To learn more about our sponsor, visit https://esentire.com
Today, we're talking to Kevin Korpics, Field CTO and Reza Zaheri, CISO at Quantum Metric. We discuss the impact of AI law in the EU, the levels of regulation that affect your business based on risk, and how to stop being a workaholic. All of this right here, right now, on the Modern CTO Podcast! To learn more about Quantum Metric, check out their website here. Produced by ProSeries Media: https://proseriesmedia.com/ For booking inquiries, email booking@proseriesmedia.com
Guest: Diana Kelley, CSO at Protect AI Topics: Can you explain the concept of "MLSecOps" as an analogy with DevSecOps, with 'Dev' replaced by 'ML'? This has nothing to do with SecOps, right? What are the most critical steps a CISO should prioritize when implementing MLSecOps within their organization? What gets better when you do it? How do we adapt traditional security testing, like vulnerability scanning, SAST, and DAST, to effectively assess the security of machine learning models? Can we? In the context of AI supply chain security, what is the essential role of third-party assessments, particularly regarding data provenance? How can organizations balance the need for security logging in AI systems with the imperative to protect privacy and sensitive data? Do we need to decouple security from safety or privacy? What are the primary security risks associated with overprivileged AI agents, and how can organizations mitigate these risks? Top differences between LLM/chatbot AI security vs AI agent security? Resources: “Airline held liable for its chatbot giving passenger bad advice - what this means for travellers” “ChatGPT Spit Out Sensitive Data When Told to Repeat ‘Poem' Forever” Secure by Design for AI by Protect AI “Securing AI Supply Chain: Like Software, Only Not” OWASP Top 10 for Large Language Model Applications OWASP Top 10 for AI Agents (draft) MITRE ATLAS “Demystifying AI Security: New Paper on Real-World SAIF Applications” (and paper) LinkedIn Course: Security Risks in AI and ML: Categorizing Attacks and Failure Modes
Alias Cybersecurity Jonathan Kimmitt is joined by Chad Kliewer to discuss the exciting CISO Showdown competition between Chief Information Security Officers (CISOs) at BSidesOK. They delve into the history of the showdown, how it works, and highlight significance of the championship belt. Tune in as they share insights and fun facts about this unique event! Don't miss out! Follow us for more updates, episodes, and all things cybersecurity! Instagram: @alias_cybersecurity X: https://x.com/cyber_af LinkedIn: https://www.linkedin.com/company/aliascybersecurity/Watch the full video at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Send Bidemi a Text Message!In this episode, host Bidemi Ologunde spoke with Jay Trinckes, the Data Protection Officer and CISO at Thoropass. During the conversation, Jay broke down why many organizations still rely on reactive measures despite claiming to be proactive. The conversation also touched on the biggest misconceptions about proactive security and how companies can get it right.Support the show
On this episode of Technically Leadership, we’re joined by Aleksandra Lemańska to learn about the Process Communication Model (PCM), a framework for enhancing communication. Alex calls PCM an algorithm for people, and it can be useful for improving interactions with engineers and technical folks operating in high-stress environments. We talk about how PCM works, understanding... Read more »
On this episode of Technically Leadership, we’re joined by Aleksandra Lemańska to learn about the Process Communication Model (PCM), a framework for enhancing communication. Alex calls PCM an algorithm for people, and it can be useful for improving interactions with engineers and technical folks operating in high-stress environments. We talk about how PCM works, understanding... Read more »
A critical flaw in a Samsung's CMS is being actively exploited. President Trump's proposed 2026 budget aims to slash funding for CISA. “ClickFix” malware targets both Windows and Linux systems through advanced social engineering. CISA warns of a critical Langflow vulnerability actively exploited in the wild. A new supply-chain attack targets Linux servers using malicious Go modules found on GitHub. The Venom Spider threat group targets HR professionals with fake resume submissions. The Luna Moth group escalates phishing attacks on U.S. legal and financial institutions. The U.S. Treasury aims to cut off a Cambodia-based money laundering operation. Our guest is Monzy Merza, Co-Founder and CEO of Crogl, discussing the CISO's conundrum in the face of AI. Malware, mouse ears, and mayhem: Disney hacker pleads guilty. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Monzy Merza, Co-Founder and CEO of Crogl, who is discussing the CISO's conundrum—the growing challenge of securing organizations in a world where AI rapidly expands both the number of users and potential adversaries.Selected Reading Samsung MagicINFO Vulnerability Exploited Days After PoC Publication (SecurityWeek) Trump would cut CISA budget by $491M amid ‘censorship' claim (The Register) New ClickFix Attack Mimics Ministry of Defense Website to Attack Windows & Linux Machines (Cyber Security News) Critical Vulnerability in AI Builder Langflow Under Attack (SecurityWeek) Linux wiper malware hidden in malicious Go modules on GitHub (Bleeping Computer) Malware scammers target HR professionals with Venom Spider malware (SC Media) Luna Moth extortion hackers pose as IT help desks to breach US firms (Bleeping Computer) US Readies Huione Group Ban Over Cybercrime Links (GovInfo Security) Hacker 'NullBulge' pleads guilty to stealing Disney's Slack data (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
It's all well and good to develop a technology strategy, articulate and document the strategy, and agree (supposedly) on that strategy. But what do you do when one or more of the tech teams act in apparent opposition to the strategy? John and Johna discuss why this happens and what questions you need to ask... Read more »