Podcasts about ciso

Send us a textIf you don't know where the patient's data is at every moment, you really can't protect it yet. That's the reality many healthcare organizations are facing. Regulations can help but legacy siloed systems keep patients exposed.In this episode of the HealthBiz Podcast, David Williams is joined by Aimee Cardwell, CISO-in-residence at Transcend. Aimee breaks down why compliance doesn't equal security, how legacy architectures and vendor ecosystems create hidden vulnerabilities, and what modern, identity-centric, AI-enabled security should look like.

In this episode of CISO IT, host Jason Kikta, CTO of Automox, brings you insights straight from the floor of Microsoft Ignite. After meeting with customers, partners, and countless IT pros, one message came through loud and clear: reliability and consolidation matter now more than ever.Jason breaks down why teams are exhausted by tool sprawl, frustrated by unreliable platforms, and ready to reclaim time by eliminating manual, repetitive work. From the renewed demand for a unified operational view to the rising expectation that software simply works, this conversation explores the real-world pressures facing IT in 2025.He also dives into the industry's growing shift toward automation and agentic AI, including how MCP servers are expanding what's possible for modern IT environments – and why progress, not perfection, remains the guiding principle for practitioners everywhere.Whether you're fighting tool fatigue, navigating evolving IT stacks, or exploring the next wave of AI-driven operations, this episode offers a grounded, practitioner-first perspective from one of the most influential events of the year.Tune in for insights from the Ignite show floor and a candid look at the future of IT operations.

It's an acronym-filled, government-only bonanza this week! We discuss the DoJ sanctioning Russian bulletproof hosting provider Media Land (0:53), the SEC dropping its enforcement action against SolarWinds and its CISO (13:25), and the FCC reversing course on a longstanding security rule for telecom providers (26:00).Support the show

Mon Carnet, le podcast de Bruno Guglielminetti
 Vendredi 21 novembre 2025 Le grand magazine francophone de l'actualité numérique Débrief avec Jérôme Colombain (1:35) Retour sur l'actualité technologique de la semaine Événements :
 Zoholics Toronto : Zoho selon Anwar Khoja (21:58)
Rencontres au OVHcloud Summit à Paris :
 Yaniv Fdida, CPTO (29:23)
 Julien Levrard, CISO (45:37) Billets :
 Weber : Regards depuis la Suisse sur les transformations numériques (1:07:54) Ricoul : Réflexion sur les enjeux et mutations de l'intelligence artificielle (1:13:44) Collaborateurs :
Jérôme Colombain, Thierry Weber, Stéphane Ricoul www.MonCarnet.com Une production de Guglielminetti.com Novembre 2025

Today's episode is hosted by Chris Hackett and they are joined on the podcast by Staffan Fredriksson, CISO at Regent AB, Konrad Jelen, Director of Data & AI at KOLOMOLO and Johan Lido, Chief Architect and Architect Manager at AFA Försäkring. The conversation explores the evolving intersection of security and AI, reflecting on how organisations can respond to new challenges while strengthening long-term digital resilience. The guests consider the broader shifts influencing modern architectures and discuss how teams can adapt to rapid advances in automation, data systems and intelligent tooling. The exchange highlights the significance of integrating responsible AI practices into core security frameworks. It also looks at how leaders can navigate emerging risks, enhance operational readiness and support sustainable innovation across complex environments. By examining both strategic and practical dimensions, the discussion provides a clear view of how security and AI continue to shape the future of technology-driven organisations.

All links and images can be found on CISO Series. Check out this post by Ross Haleliuk of Venture in Security for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Davi Ottenheimer, vp, trust and digital ethics, Inrupt. In this episode: Network security isn't dying—it's evolving The observability layer that can't be replaced What's old is new again The innovation gap Huge thanks to our sponsor, HackerOne Discover how AI innovators like Adobe, Anthropic, and Snap are using AI to find and fix vulnerabilities across the software development lifecycle. HackerOne, the global leader in offensive security solutions, reveals all in the CISOs' guide to securing the future of AI. Download it now to see how AI can strengthen your security posture. Learn more at https://www.hackerone.com/  

In this episode of Life of a CISO, Dr. Eric Cole explains the top priorities every CISO must focus on as we move into 2026. He begins by highlighting the importance of personal health and why nutrition, hydration, and daily habits directly impact your ability to lead and make smart decisions in cybersecurity. After facing his own health challenges and losing friends in the industry, he shares why health must be the starting point for any world-class CISO. Dr. Cole also breaks down what it means to operate as a true chief officer. He covers why CISOs need to work in person with other executives, ask better questions, and always be prepared with the three slides that guide clear risk decisions. He also discusses the lessons learned from recent cloud outages and why understanding risk posture and critical data is essential for 2026. The episode encourages listeners to begin planning now, build their CISO roadmap, reduce noise, and strengthen their executive mindset.   Access Dr. Cole's $299 course deal here: https://ar407.infusionsoft.app/app/storeFront/showProductDetail?productId=135  

Identifying critical assets and dependencies to focus investment where impact is highestDesigning for rapid recovery with tested runbooks and clear RTO/RPO targetsStrengthening resilience through training, playbooks, and cross-functional drillsThom Langford, Host, teissTalkhttps://www.linkedin.com/in/thomlangford/Scott Hardy, CISO, Sargent-Dischttps://www.linkedin.com/in/scott-hardy-cissp-ccsk-44882a45Tamara Kaye, Group Director - Resilience, Ardagh Grouphttps://www.linkedin.com/in/tamara-kaye-8997852b/Sam Woodcock, Sr. Director, Solutions Architecture - EMEA, 11:11 Systemshttps://www.linkedin.com/in/samuel-woodcock-9745b831/

JC Gaillard talks about his new book "The First 100 Days of the New CISO - A Leadership Guide to Lasting Impact" ; he highlights its structure and why this is truly a blueprint for the next decade of cybersecurity leadership

It's a topic we discuss often on Business Security Weekly: CISO Burnout. It's real, but how should you manage it? Dr. Yonesy Núñez, Global Cybersecurity Executive at Chain Bridge Bank and former Managing Director, Chief Cybersecurity Risk Officer, and Chief Information Security Officer at The Depository Trust & Clearing Corporation (DTCC), joins Business Security Weekly to share his personal insights. An advocate of CISO Health and Wellness, Yonesy will discuss how we can "Optimize the Operator" by creating harmony with mind and spirit. Segment Resources: https://councils.forbes.com/profile/Yonesy-Nunez-Global-Cybersecurity-Executive-Chain-Bridge-Bank/e79e72a5-4b18-48b1-b5ab-8a0afd47d782 In the leadership and communications segment, CISOs are cracking under pressure, How BISOs enable CISOs to scale security across the business, Great Leaders Empower Strategic Decision-Making Across the Organization, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-422

⬥EPISODE NOTES⬥Understanding Beg Bounties and Their Growing ImpactThis episode examines an issue that many organizations have begun to notice, yet often do not know how to interpret. Sean Martin is joined by Casey Ellis, Founder of Bugcrowd and Co-Founder of disclose.io, to break down what a “beg bounty” is, why it is increasing, and how security leaders should think about it in the context of responsible vulnerability handling.Bug Bounty vs. Beg BountyCasey explains the core principles of a traditional bug bounty program. At its core, a bug bounty is a structured engagement in which an organization invites security researchers to identify vulnerabilities and pays rewards based on severity and impact. It is scoped, governed, and linked to an established policy. The process is predictable, defensible, and aligned with responsible disclosure norms.A beg bounty is something entirely different. It occurs when an unsolicited researcher claims to have found a vulnerability and immediately asks whether the organization offers incentives or rewards. In many cases, the claim is vague or unsupported and is often based on automated scanner output rather than meaningful research. Casey notes that these interactions can feel like unsolicited street windshield washing, where the person provides an unrequested service and then asks for payment.Why It Matters for CISOs and Security TeamsSecurity leaders face a difficult challenge. These messages appear serious on the surface, yet most offer no actionable details. Responding to each one triggers incident response workflows, consumes time, and raises unnecessary internal concern. Casey warns that these interactions can create confusion about legality, expectations, and even the risk of extortion.At the same time, ignoring every inbound message is not a realistic long-term strategy. Some communications may contain legitimate findings from well-intentioned researchers who lack guidance. Casey emphasizes the importance of process, clarity, and policy.How Organizations Can PrepareAccording to Casey, the most effective approach is to establish a clear vulnerability disclosure policy. This becomes a lightning rod for inbound security information. By directing researchers to a defined path, organizations reduce noise, set boundaries, and reinforce safe communication practices.The episode highlights the need for community norms, internal readiness, and a shared understanding between researchers and defenders. Casey stresses that good-faith researchers should never introduce payment into the first contact. Organizations should likewise be prepared to distinguish between noise and meaningful security input.This conversation offers valuable context for CISOs, security leaders, and business owners navigating the growing wave of unsolicited bug claims and seeking practical ways to address them.⬥GUEST⬥Casey Ellis, Founder and Advisor at Bugcrowd | On LinkedIn: https://www.linkedin.com/in/caseyjohnellis/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/caseyjohnellis_im-thinking-we-should-start-charging-bug-activity-7383974061464453120-caEWDisclose.io: https://disclose.io/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

Send us a textOn this episode of the award-winning Serious Privacy, Paul Breitbarth, Ralph O'Brien, and Dr. K Royal bring you an analysis of the leaked GDPR revisions recorded live at the award-winning Privacy Space in the UK. Tune in to hear what might be happening. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

It's a topic we discuss often on Business Security Weekly: CISO Burnout. It's real, but how should you manage it? Dr. Yonesy Núñez, Global Cybersecurity Executive at Chain Bridge Bank and former Managing Director, Chief Cybersecurity Risk Officer, and Chief Information Security Officer at The Depository Trust & Clearing Corporation (DTCC), joins Business Security Weekly to share his personal insights. An advocate of CISO Health and Wellness, Yonesy will discuss how we can "Optimize the Operator" by creating harmony with mind and spirit. Segment Resources: https://councils.forbes.com/profile/Yonesy-Nunez-Global-Cybersecurity-Executive-Chain-Bridge-Bank/e79e72a5-4b18-48b1-b5ab-8a0afd47d782 In the leadership and communications segment, CISOs are cracking under pressure, How BISOs enable CISOs to scale security across the business, Great Leaders Empower Strategic Decision-Making Across the Organization, and more! Show Notes: https://securityweekly.com/bsw-422

It's a topic we discuss often on Business Security Weekly: CISO Burnout. It's real, but how should you manage it? Dr. Yonesy Núñez, Global Cybersecurity Executive at Chain Bridge Bank and former Managing Director, Chief Cybersecurity Risk Officer, and Chief Information Security Officer at The Depository Trust & Clearing Corporation (DTCC), joins Business Security Weekly to share his personal insights. An advocate of CISO Health and Wellness, Yonesy will discuss how we can "Optimize the Operator" by creating harmony with mind and spirit. Segment Resources: https://councils.forbes.com/profile/Yonesy-Nunez-Global-Cybersecurity-Executive-Chain-Bridge-Bank/e79e72a5-4b18-48b1-b5ab-8a0afd47d782 In the leadership and communications segment, CISOs are cracking under pressure, How BISOs enable CISOs to scale security across the business, Great Leaders Empower Strategic Decision-Making Across the Organization, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-422

⬥EPISODE NOTES⬥Understanding Beg Bounties and Their Growing ImpactThis episode examines an issue that many organizations have begun to notice, yet often do not know how to interpret. Sean Martin is joined by Casey Ellis, Founder of Bugcrowd and Co-Founder of disclose.io, to break down what a “beg bounty” is, why it is increasing, and how security leaders should think about it in the context of responsible vulnerability handling.Bug Bounty vs. Beg BountyCasey explains the core principles of a traditional bug bounty program. At its core, a bug bounty is a structured engagement in which an organization invites security researchers to identify vulnerabilities and pays rewards based on severity and impact. It is scoped, governed, and linked to an established policy. The process is predictable, defensible, and aligned with responsible disclosure norms.A beg bounty is something entirely different. It occurs when an unsolicited researcher claims to have found a vulnerability and immediately asks whether the organization offers incentives or rewards. In many cases, the claim is vague or unsupported and is often based on automated scanner output rather than meaningful research. Casey notes that these interactions can feel like unsolicited street windshield washing, where the person provides an unrequested service and then asks for payment.Why It Matters for CISOs and Security TeamsSecurity leaders face a difficult challenge. These messages appear serious on the surface, yet most offer no actionable details. Responding to each one triggers incident response workflows, consumes time, and raises unnecessary internal concern. Casey warns that these interactions can create confusion about legality, expectations, and even the risk of extortion.At the same time, ignoring every inbound message is not a realistic long-term strategy. Some communications may contain legitimate findings from well-intentioned researchers who lack guidance. Casey emphasizes the importance of process, clarity, and policy.How Organizations Can PrepareAccording to Casey, the most effective approach is to establish a clear vulnerability disclosure policy. This becomes a lightning rod for inbound security information. By directing researchers to a defined path, organizations reduce noise, set boundaries, and reinforce safe communication practices.The episode highlights the need for community norms, internal readiness, and a shared understanding between researchers and defenders. Casey stresses that good-faith researchers should never introduce payment into the first contact. Organizations should likewise be prepared to distinguish between noise and meaningful security input.This conversation offers valuable context for CISOs, security leaders, and business owners navigating the growing wave of unsolicited bug claims and seeking practical ways to address them.⬥GUEST⬥Casey Ellis, Founder and Advisor at Bugcrowd | On LinkedIn: https://www.linkedin.com/in/caseyjohnellis/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/caseyjohnellis_im-thinking-we-should-start-charging-bug-activity-7383974061464453120-caEWDisclose.io: https://disclose.io/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

It's a topic we discuss often on Business Security Weekly: CISO Burnout. It's real, but how should you manage it? Dr. Yonesy Núñez, Global Cybersecurity Executive at Chain Bridge Bank and former Managing Director, Chief Cybersecurity Risk Officer, and Chief Information Security Officer at The Depository Trust & Clearing Corporation (DTCC), joins Business Security Weekly to share his personal insights. An advocate of CISO Health and Wellness, Yonesy will discuss how we can "Optimize the Operator" by creating harmony with mind and spirit. Segment Resources: https://councils.forbes.com/profile/Yonesy-Nunez-Global-Cybersecurity-Executive-Chain-Bridge-Bank/e79e72a5-4b18-48b1-b5ab-8a0afd47d782 In the leadership and communications segment, CISOs are cracking under pressure, How BISOs enable CISOs to scale security across the business, Great Leaders Empower Strategic Decision-Making Across the Organization, and more! Show Notes: https://securityweekly.com/bsw-422

Visste du att rymden påverkar din vardag betydligt mer än du kanske någonsin tänkt på? Från väderprognoser och GPS-navigering till tv-sändningar och kommunikation. Varje dag förlitar vi oss på satelliter som snurrar tusentals mil ovanför oss. Men vad händer om de manipuleras, hackas eller slås ut?I det här avsnittet lyfter vi blicken, bokstavligen, och beger oss ut i rymden. Vi utforskar hur satelliter, rymddata och kommunikationssystem har blivit en central del av vår digitala infrastruktur, och varför rymden i dag är en arena för cybersäkerhet.Med oss i cyberhörnan har vi Mattias Wallén, CISO på Svenska rymdaktiebolaget (SSC). Han har över 20 års erfarenhet av att arbeta med cybersäkerhet och skydd av kritisk infrastruktur, både inom näringslivet och Försvarsmaktens underrättelse- och säkerhetstjänst. I dag leder han arbetet med att säkra satellitkommunikation och rymddata på SSC.Tillsammans pratar vi om allt från vad rymden faktiskt är till hur beroende vi är av satelliter i vår vardag. Vi diskuterar hoten mot rymdbaserade system, Kessler-syndromet och den växande risken för cyberangrepp även i omloppsbana. Vi snackar om geopolitik, maktbalansen mellan stormakter och hur rymden egentligen regleras. Slutligen blickar vi framåt: hur ser framtidens cyberhotlandskap ut i rymden? Kommer rymden att bli lika kritisk för samhället som el och internet, eller är den redan det? Och finns det en risk att framtidens krig börjar, eller avgörs, i rymden?Häng med när vi reder ut allt du inte visste om rymden, satelliter och varför cybersäkerhet spelar roll även ute i omloppsbanan. Och som bonus bjuder Linda på oväntade filmkunskaper, direkt från cyberhörnan! Hosted on Acast. See acast.com/privacy for more information.

El programa de esta semana se realiza durante la jornada del ISMS Forum celebrada en el Estadio Metropolitano de Madrid. Como invitados tenemos a Óscar Sánchez (CISO de PUIG), Antonio Cerezo (CISO de SANITAS) Y Jaime Perea (CARREFOUR). También contamos con la asistencia de Women4Cyber, representadas por Ana Gómez (BBVA) y Elena García (Microsoft). Con: Mar Sánchez. Dirige: Carlos Lillo. Producción: ClickRadioTV. Gracias a: Semperis, Cyber Guru, Cato Networks, V-Valley, Kaspersky, Cybertix

Quando um ataque acontece, não importa o quão sofisticado seja o plano no papel. Importa se ele funciona sob pressão. No Redcast #102, Eduardo Lopes, CEO da Redbelt Security, e Marcos Sena, gerente de SOC, conversam com Cleber Ferreira, CISO na Klabin, e João Teodoro, CIO na TP, sobre pontos críticos: ➡ Por que planos bem escritos não garantem recuperação rápida? ➡ Como reduzir a distância entre intenção e execução? ➡ O que realmente significa estar preparado quando cada hora custa milhões? Este episódio é sobre resiliência na prática e como mitigar a distância entre intenção e prática. Assista agora!

El programa de esta semana se realiza durante la jornada del ISMS Forum celebrada en el Estadio Metropolitano de Madrid.Como invitados tenemos a Óscar Sánchez (CISO de PUIG), Antonio Cerezo (CISO de SANITAS) y Jaime Perea (CARREFOUR). También contamos con la asistencia de Women4Cyber, representadas por Ana Gómez (BBVA) y Elena García (Microsoft).Con: Mar Sánchez. Dirige: Carlos Lillo. Producción: ClickRadioTV. Gracias a: Semperis, Cyber Guru, Cato Networks, V-Valley, Kaspersky, Cybertix

Managing identity has been an evolving challenge as networks have only continued to grow and become more sophisticated. In this current landscape, these challenges have only become further exacerbated with new emerging technologies. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Richard Bird from Singular AI to discuss this evolving paradigm. Throughout this conversation, Kim and Richard tackle how managing identity has evolved and how security leaders can get ahead of AI to better secure their systems and networks. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. Learn more about your ad choices. Visit megaphone.fm/adchoices

Environmental, Social, Governance (ESG) initiatives aren't just “the right thing to do”, they can also save companies real dollars, particularly if they're investing in data centers and other infrastructure. Join Jonathan Ciccio, Continuous Improvement Manager for The Siemon Company, as we discuss The Siemon Company’s ESG initiatives. The Siemon Company has been in business for... Read more »

SHOW NOTES:In this episode, Matt Zaun sits down with Rob Black, Founder & CEO of Fractional CISO, to demystify cybersecurity for growing companies—without the fear-mongering. Rob explains how his team operates as a virtual CISO (security leader) to strengthen programs, enable enterprise sales, and translate “security-speak” into clear business outcomes.Rob shares why security shouldn't be priority #1 (sales and delivery come first), how to size up the risk when incidents are low-probability but high-impact, and why humor can drive far more adoption than dry policy memos.In this episode, they cover:✅ Prioritization reality: why cybersecurity should be priority 4–5—not 100✅ Humor that converts: skits, wigs, and why fun content outperforms stoic lectures✅ LinkedIn as referral fuel: staying top-of-mind vs. hard selling (and why neighbors all know what Rob does)…and much more.BIOS:Rob Black is the founder of Fractional CISO, where he and his team serve as virtual CISOs for companies. A veteran security leader with an MBA from Kellogg, Rob blends operator pragmatism with clear business storytelling, often using humor to drive adoption of best practices.Matt Zaun is an award-winning speaker and strategic storytelling expert who helps leaders inspire action and drive results through the power of story. He's the author of The StoryBank, a practical playbook for using narrative to build culture, boost sales, strengthen marketing, and become a dynamic public speaker.

Environmental, Social, Governance (ESG) initiatives aren't just “the right thing to do”, they can also save companies real dollars, particularly if they're investing in data centers and other infrastructure. Join Jonathan Ciccio, Continuous Improvement Manager for The Siemon Company, as we discuss The Siemon Company’s ESG initiatives. The Siemon Company has been in business for... Read more »

What happens when critical third-party services go down? What do your vendors actually owe you when that happens? Are new regulations going to make a difference? Let's find out with our guest Dan Bowdan, Global Business CISO with Marsh McLennan. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.   "Cyber Incident Reporting for Critical Infrastructure Act” (CIRCIA) episodes:   https://cr-map.com/podcast/161 https://cr-map.com/podcast/162/

This episode features Nathan Wenzler, Field Chief Information Security Officer at Optiv.With nearly 30 years of experience leading cybersecurity programs across government agencies, nonprofits, and Fortune 1000 companies, Nathan has spent his career at the intersection of people, process, and technology. He's helped organizations redefine what it means to build security cultures that actually work.In this episode, Nathan explains why communication (not technology) s a CISO's most important skill, how to create a culture that values security without slowing innovation, and why empathy may be the most underrated tool in cybersecurity.This is an insightful look at the people-first mindset behind stronger, more resilient security programs.Guest Bio Nathan Wenzler is a field chief information security officer at Optiv, where he advises clients on how to strengthen and optimize every aspect of their cybersecurity program. With nearly 30 years of experience, he has built and led security initiatives for government agencies, nonprofits and Fortune 1000 companies.Wenzler has served as a CISO, executive management consultant and senior analyst, holding leadership roles at Tenable, Moss Adams, AsTech and Thycotic. He also spent more than a decade in public sector IT and security roles with Monterey County, California, and supported state and federal agencies.He is known for helping security leaders better communicate the measurable value and benefit of a mature, effective cybersecurity program to executives, technical stakeholders and nontechnical business partners. His approach emphasizes not only technical excellence but also the human and organizational factors that drive long-term security success.Wenzler has spoken at more than 400 events worldwide, educating security leaders and professionals on how to excel in their role as an organization's risk expert. He has also served on advisory boards, including the Tombolo Institute at Bellevue College, and is a former member of the Forbes Technology Council. His areas of expertise include vulnerability and exposure management, privileged access management and identity governance, cyber risk management, incident response, and executive-level communications and program managementGuest Quote  “If you can win the people over in your organization, you can make those big changes for better identity governance.”Time stamps 01:22 Meet Nathan Wenzler: Veteran CISO and Security Strategist 02:16 Redefining Identity in a World of Infinite Accounts 05:15 How Culture Can Make or Break Your Security Program 13:34 Winning Over the Business: Aligning Security and Culture 24:45 From “Department of No” to Trusted Partner: Fixing Cyber Communication 40:25 The Human Side of Incident Response 46:23 Leading with Empathy: Nathan's Advice for Security LeadersSponsorThe HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Nathan on LinkedInLearn more about OptivConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Guests Phil Buck, VP, Workforce Identity Management Business Unit and Darwin Rivera, Manager, Sales Engineering, are hosted by Matthew Lewis, Director of Product Marketing - all of HID GlobalIn this episode, we dive deep into the evolving role of CISOs in shaping holistic security strategies that bridge the gap between physical and cyber domains. Join host Matthew Lewis and leaders Phil Buck and Dr. Darwin Rivera as they unpack the growing influence of identity and access management (IAM), the critical importance of data governance, and the rising challenges posed by third-party risk and agentic AI.From regulatory shifts to real-world breaches, this conversation explores the pressing concerns facing security leaders today—and why the convergence of technologies and responsibilities demands a fresh playbook. Whether you're a seasoned CISO or simply security-curious, this episode offers insights that will reshape how you think about risk, compliance, and the future of enterprise protection.Chapters:0:00 -- Introductions3:21 -- The Role of Data in the Top 5 Concerns CISOs Face Today5:40 -- Data and Risk of Suppliers8:05 -- AI & PIAM Considerations *with Security Breach Example13:18 -- Key Takeaways

In this episode of the Identity at the Center podcast, hosts Jeff and Jim broadcast from InfoSec World 2025, sharing lively discussions on identity management, AI security, and identity's evolving role in information security. They are joined by Ross Young and G Mark Hardy, co-hosts of the CISO Tradecraft podcast, who share their journeys into cybersecurity, illuminating how identity intersects with cybersecurity topics like deep fakes, AI implications, and non-human identities. The conversation also covers practical advice for securing budget approvals for identity projects and speculations on the role of AI in cybersecurity's future. The episode wraps up with each guest sharing personal ideas for potential new podcast ventures.The CISO Tradecraft podcast: CISOTradecraft.comConnect with Ross: https://www.linkedin.com/in/mrrossyoung/Connect with G Mark: https://www.linkedin.com/in/gmarkhardy/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapters00:00 Introduction and Welcome00:16 Live from InfoSec World 202500:52 Shoutouts and Day Jobs01:37 Meeting Ross and G Mark from the CISO Tradecraft podcast02:22 Ross's Journey into Cybersecurity04:24 G Mark's Cybersecurity Career Path07:44 Top Concerns for CISOs Today09:53 The Role of Identity in Cybersecurity16:18 Challenges and Trends in Identity Management24:33 Pitching Identity Projects to CISOs32:21 The Role of AI in Automating SOC Operations33:23 AI's Impact on Developer Efficiency35:48 The Future of AI-Assisted Coding37:42 Challenges and Opportunities in AI and Cybersecurity39:46 The Importance of Human Expertise in AI Development48:17 The Role of Identity in Information Security49:44 Introduction to CISO Tradecraft Podcast55:24 Podcasting Tips and Personal Interests01:00:48 Conclusion and Final ThoughtsKeywords:Identity at the Center, IDAC, CISO Tradecraft, InfoSec World 2025, cybersecurity leadership, identity security, IAM, AI security, Jeff Steadman, Jim McDonald, Ross Young, G. Mark Hardy, InfoSec, CISOs, cyber career development, non-human identity, deepfakes, security automation

Guests: Alexander Pabst, Deputy Group CISO, Allianz Lars Koenig,  Global Head of D&R, Allianz  Topics:  Moving from traditional SIEM to an agentic SOC model, especially in a heavily regulated insurer, is a massive undertaking. What did the collaboration model with your vendor look like?  Agentic AI introduces a new layer of risk - that of unconstrained or unintended autonomous action. In the context of Allianz, how did you establish the governance framework for the SOC alert triage agents? Where did you draw the line between fully automated action and the mandatory "human-in-the-loop" for investigation or response? Agentic triage is only as good as the data it analyzes. From your perspective, what were the biggest challenges - and wins - in ensuring the data fidelity, freshness, and completeness in your SIEM to fuel reliable agent decisions? We've been talking about SOC automation for years, but this agentic wave feels different. As a deputy CISO, what was your primary, non-negotiable goal for the agent? Was it purely Mean Time to Respond (MTTR) reduction, or was the bigger strategic prize to fundamentally re-skill and uplevel your Tier 2/3 analysts by removing the low-value alert noise? As you built this out, were there any surprises along the way that left you shaking your head or laughing at the unexpected AI behaviors? We felt a major lack of proof - Anton kept asking for pudding - that any of the agentic SOC vendors we saw at RSA had actually achieved anything beyond hype! When it comes to your org, how are you measuring agent success?  What are the key metrics you are using right now? Resources: EP238 Google Lessons for Using AI Agents for Securing Our Enterprise EP242 The AI SOC: Is This The Automation We've Been Waiting For? EP249 Data First: What Really Makes Your SOC 'AI Ready'? EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI "Simple to Ask: Is Your SOC AI Ready? Not Simple to Answer!" blog "How Google Does It: Building AI agents for cybersecurity and defense" blog Company annual report to look for risk "How to Win Friends and Influence People" by Dale Carnegie "Will It Make the Boat Go Faster?" book

In this episode of the Cyber Uncut podcast, David Hollingworth catches up with Proofpoint's chief strategy officer, Ryan Kalember, and vice president of systems engineering for the APJ region, Adrian Covich, while attending the Proofpoint Protect Tour in Melbourne. The three talk about the high-level trends and concerns they're seeing from CISOs both in Australia and abroad and the very real challenges of dealing with a fast-paced and ever-evolving threat landscape. Enjoy the episode, The Cyber Uncut team

S1E4: Gripping the Hot Blade of AI: Risk, Trust, and Governance Nate Couture, CISO of the University of Vermont Health System, joins hosts Tamer Baker and Steven Hajny to explore how healthcare organizations can manage shadow AI responsibly, secure sensitive data, and build governance frameworks to unlock AI's full potential. Key Takeaways: 1. Discovering and managing shadow AI starts with visibility, DLP, and cross-functional collaboration. 2. Thoughtful AI governance is the key to balancing innovation with patient privacy and trust. 3. AI is a powerful tool to enhance, not replace, human productivity in healthcare. To stream our Station live 24/7 visit www.HealthcareNOWRadio.com or ask your Smart Device to “….Play Healthcare NOW Radio”. Find all of our network podcasts on your favorite podcast platforms and be sure to subscribe and like us. Learn more at www.healthcarenowradio.com/listen

For episode 627 of the BlockHash Podcast, host Brandon Zemp is joined by Sara Madden, CISO of Convera.Convera is a global leader in commercial payments. With an unrivaled regulatory footprint and a financial network spanning more than 140 currencies and 200 countries and territories, they're reimagining the future of business payments to better serve their customers.  Their tech-led payment solutions are built on deep expertise in foreign exchange, risk management, and compliance - helping businesses grow with confidence. From small businesses to CFOs and treasurers, they make business payments simple, smart, and secure.⏳ Timestamps: (0:00) Introduction(0:53) Who is Sara Madden?(2:45) Convera at Money20/20(4:54) Convera report on fraud prevention(7:08) AI arms race(10:02) Importance of data sharing in fraud prevention(13:50) Future of Fraud Defense in Finance(17:05) Convera in 2026(18:52) Convera website & social media 

Please enjoy this encore of Caveat. This week, we are joined by ⁠Max Shier⁠, ⁠Optiv⁠'s CISO, to discuss the newly-released CMMC 2.0, Cybersecurity Maturity Model Certification, and how to ensure compliance. Ben discusses a federal court's decision holding warrantless queries of the Section 702 database unconstitutional. Dave looks at a murder case in Cleveland that's been derailed by the prosecution's use of AI. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Please take a moment to fill out an ⁠audience survey⁠! Let us know how we are doing! Links to the stories: ⁠VICTORY! Federal Court (Finally) Rules Backdoor Searches of 702 Data Unconstitutional⁠ ⁠Cleveland police used AI to justify a search warrant. It has derailed a murder case⁠ Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠Caveat Briefing⁠, a weekly newsletter available exclusively to ⁠N2K Pro⁠ members on ⁠N2K CyberWire's⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's ⁠Caveat Briefing⁠ covers the story of President Trump revoking a 2023 executive order by Joe Biden that mandated AI developers to share safety test results for high-risk systems with the U.S. government before public release, citing it as a hindrance to innovation. While Biden's order aimed to address national security and public safety risks associated with AI, Trump left intact a separate Biden order supporting energy needs for AI data centers. Curious about the details? Head over to the ⁠Caveat Briefing⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠caveat@thecyberwire.com⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

All links and images can be found on CISO Series. Check out this post by Kevin Paige, CISO at ConductorOne, for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: When configuration drift becomes operational reality The garden that never stops growing From detection to cultural shift The maturity gap Huge thanks to our sponsor, ThreatLocker ThreatLocker® Defense Against Configurations continuously scans endpoints to uncover misconfigurations, weak firewall rules, and risky settings that weaken defenses. With compliance mapping, daily updates, and actionable remediation in one dashboard, it streamlines hardening, reduces attack surfaces, and strengthens security. Learn more at https://www.threatlocker.com/

In this episode of The New CISO (Episode 137), host Steve Moore speaks with Gideon Knocke, CISO at Visage Imaging, about rethinking how we grow in our careers and why learning to “think outside the job” is key to long-term success.From studying cybersecurity when the field was still new to leading security for millions of patient records in healthcare, Gideon shares how his early curiosity and “career accidents” helped shape his mindset as a modern CISO. He reflects on shifting from technical problem-solving to people-centric leadership, learning how visibility and credibility shape opportunity, and why networking—inside and outside your company—is essential for resilience and growth. Gideon also explains why risk quantification isn't just about numbers, but about decision-making, communication, and understanding what your organization truly values.Key Topics Covered:Early lessons from studying cybersecurity before it went mainstreamWhy some of the best careers evolve through “happy accidents” and curiosityHow to build visibility and relevance beyond doing good workThe difference between being seen as an asset versus a personHow networking and outreach can transform your mindset and open new doorsTurning fear of public speaking into confidence through preparation and iterationThe leadership balance between taking accountability and fostering team candorWhy large-organization politics can hinder honest communicationThe art of quantifying risk for better decision-making, not just reportingWhy the new CISO must start with company beliefs and build security on shared valuesGideon's journey reveals that career success often comes from stepping outside your comfort zone—whether that's reaching out to 100 strangers on LinkedIn, giving your first talk, or reframing how you communicate risk. His insights remind leaders that growth begins when you stop thinking only about your job and start thinking about your impact.

In this episode of Life of a CISO, Dr. Eric Cole sits down with Attila Torok, CISO at GoTo (formerly LogMeIn), to unpack what it really takes to move from security engineer to strategic leader.  Attila shares his journey, the advice that shaped his career, and why "relationships matter more than engineering skills."  From mastering executive communication in three bullet points to building your personal brand and navigating AI in the enterprise, this conversation is packed with practical insight for anyone aspiring to the C-suite in cybersecurity.  

In this episode of Life of a CISO, Dr. Eric Cole sits down with Attila Torok, CISO at GoTo (formerly LogMeIn), to unpack what it really takes to move from security engineer to strategic leader.  Attila shares his journey, the advice that shaped his career, and why "relationships matter more than engineering skills."  From mastering executive communication in three bullet points to building your personal brand and navigating AI in the enterprise, this conversation is packed with practical insight for anyone aspiring to the C-suite in cybersecurity.  

JC Gaillard continues his journey through the "First 100 Days of the New CISO" and focuses on the context of cybersecurity transformation and why it is key to map it from the start

The most dangerous AI attacks don't just break your systems, they break your trust in reality. From deepfakes that fooled a company into losing an enormous amount of money to data poisoning that silently corrupts AI models, today's threats are unlike anything cybersecurity teams have faced before. Don't wait for these threats to hit your organisation, get ahead of them now.In this episode, Monica, a hacker turned CISO, keynote speaker, and founder of Monica Talks Cyber, reveals the dark side of AI and how you can protect your organisation while accelerating your security career. What you'll learn: Why deepfakes are just the beginning of AI-based attacks? How data poisoning works (and why it's so dangerous)? Practical defences: from AI supply chain security to human-in-the-loop protocols. How to position yourself as the AI security leader your company needs?Looking to become an influential and effective security leader? Don't know where to start or how to go about it? Follow Monica Verma (LinkedIn) and Monica Talks Cyber (Youtube) for more content on cybersecurity, technology, leadership and innovation, and 10x your career. Subscribe to The Monica Talks Cyber newsletter at https://www.monicatalkscyber.com.

Brian Long is the CEO & Co-Founder at Adaptive Security. In this episode, he joins host Paul John Spaulding and Adam Keown, CISO at Eastman, a Fortune 500 company focused on developing materials that enhance the quality of life while addressing climate change, the global waste crisis, and supporting a growing global population. Together, they discuss the rise of AI-powered social engineering, including various attack methods, and how businesses can face these threats. The AI Security Podcast is brought to you by Adaptive Security, the leading provider of AI-powered social engineering prevention solutions, and OpenAI's first and only cybersecurity investment. To learn more about our sponsor, visit https://AdaptiveSecurity.com

Fraud has always been a consistent challenge. As the world has continued to become increasingly interconnected and as new technologies have become widely available, threat actors have continued to evolve their tactics. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Mel Lanning from the Better Business Bureau to discuss fraud and how it has been evolving in recent years. From exploiting cryptocurrencies to utilizing emerging technologies, Kim and Mel look into how threat actors are changing and refining tactics in the current threat landscape. This episode of N2K Pro's CISO Perspectives podcast is brought to you by our sponsor, Meter. Meter provides a full-stack, enterprise-grade networking solution—wired, wireless, and cellular—designed, deployed, and managed end-to-end. From hardware to software, ISP to security, Meter delivers seamless, secure, and scalable connectivity for modern business environments. Learn more about ⁠Meter⁠. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. Learn more about your ad choices. Visit megaphone.fm/adchoices

The evolution of the modern, Internet-driven economy has created the conditions for essentially unbounded Nth-party risks (that is, risks from your suppliers, and risks from your suppliers’ suppliers, and risks from your suppliers’ suppliers’ suppliers, ad infinitum). Nth party risks exist in public clouds, SaaS, software and hardware supply chains, and now in the form... Read more »

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Jeff Steadman, deputy CISO, Corning Incorporated. Joining them is Quincey Collins, CSO, Sheppard Mullin. This episode was recorded live at the ISSA LA Summit in Santa Monica, California. In this episode:  The foundational debate Strength over breadth Beyond traditional backgrounds Keeping perspective on risk Huge thanks to our sponsors, Adaptive Security and Dropzone AI AI-powered social engineering threats like deepfake voice calls, GenAI phishing, and vishing attacks are evolving fast. Adaptive helps security leaders get ahead with an AI-native platform that simulates realistic genAI attacks, and delivers expert-vetted security awareness training — all in one unified solution. Learn more at adaptivesecurity.com. Dropzone AI autonomously investigates every security alert—no playbooks needed. This AI SOC analyst queries your CrowdStrike, Splunk, threat intel feeds, and 60+ other tools to build complete investigations in 5 minutes. Unlike black-box automation, it shows every query, finding, and decision. See it work yourself—explore the self-guided demo at dropzone.ai.

Ever wondered what happens to your online accounts when you're gone?

The evolution of the modern, Internet-driven economy has created the conditions for essentially unbounded Nth-party risks (that is, risks from your suppliers, and risks from your suppliers’ suppliers, and risks from your suppliers’ suppliers’ suppliers, ad infinitum). Nth party risks exist in public clouds, SaaS, software and hardware supply chains, and now in the form... Read more »

In this episode of the MSP Business School podcast, host Brian Doyle welcomes Jesse Miller from PowerPSA Consulting to discuss the importance and structuring of vCISO programs in MSPs. Jesse shares his journey from a CISO of an MSP to founding PowerPSA Consulting, emphasizing the need for MSPs to offer vCISO services to enhance client value and expand recurring revenue. This engaging discussion explores the primary hurdles MSPs face in implementing and monetizing these services, delivering actionable insights and practical advice for listeners. Jesse Miller elaborates on how MSPs can become proactive by incorporating vCISO programs into their offerings. He highlights the significance of market research to tailor these programs to client needs and explains the importance of detailed client interviews for developing unique value propositions. The conversation dives deep into key issues like effectively packaging and pricing vCISO services, the role of cyber insurance in driving the demand for these services, and leveraging vCISO offerings as a strategy to outpace competitors. Jesse's experiences and advice provide a roadmap for MSPs aiming to build successful vCISO programs. Key Takeaways: Monetizing VCISO Programs: It's crucial for MSPs to effectively package and promote vCISO services, positioning them as essential rather than optional to clients. Market Research and Target Clients: Conducting detailed interviews with existing clients helps in creating a tailor-made vCISO program that aligns with client needs and expectations. Cyber Insurance as a Catalyst: Rising demands from cyber insurance work as a significant factor pushing the necessity for robust vCISO programs. Opportunity for Growth: vCISO services can be an entry point into new markets and clients, offering a competitive edge over other MSPs. Elevating Strategic Partnerships: Providing vCISO services allows MSPs to transition from being viewed as commodities to strategic partners with their clients. Guest Name: Jesse Miller LinkedIn page: https://www.linkedin.com/in/secopswarrior/ Company: PowerPSA Consulting Website: https://powerpsa.com/ Show Website: https://mspbusinessschool.com/ Host Brian Doyle: https://www.linkedin.com/in/briandoylevciotoolbox/ Sponsor vCIOToolbox: https://vciotoolbox.com

Guest: Ari Herbert-Voss, CEO at RunSybil Topics: The market already has Breach and Attack Simulation (BAS), for testing known TTPs. You're calling this 'AI-powered' red teaming. Is this just a fancy LLM stringing together known attacks, or is there a genuine agent here that can discover a truly novel attack path that a human hasn't scripted for it? Let's talk about the 'so what?' problem. Pentest reports are famous for becoming shelf-ware. How do you turn a complex AI finding into an actionable ticket for a developer, and more importantly, how do you help a CISO decide which of the thousand 'criticals' to actually fix first? You're asking customers to unleash a 'hacker AI' in their production environment. That's terrifying. What are the 'do no harm' guardrails? How do you guarantee your AI won't accidentally rm -rf a critical server or cause a denial of service while it's 'exploring'? You mentioned the AI is particularly good at finding authentication bugs. Why that specific category? What's the secret sauce there, and what's the reaction from customers when you show them those types of flaws? Is this AI meant to replace a human red teamer, or make them better? Does it automate the boring stuff so experts can focus on creative business logic attacks, or is the ultimate goal to automate the entire red team function away? So, is this just about finding holes, or are you closing the loop for the blue team? Can the attack paths your AI finds be automatically translated into high-fidelity detection rules? Is the end goal a continuous purple team engine that's constantly training our defenses? Also, what about fixing? What makes your findings more fixable? What will happen to red team testing in 2-3 years if this technology gets better? Resource: Kim Zetter Zero Day blog EP230 AI Red Teaming: Surprises, Strategies, and Lessons from Google EP217 Red Teaming AI: Uncovering Surprises, Facing New Threats, and the Same Old Mistakes? EP68 How We Attack AI? Learn More at Our RSA Panel! EP71 Attacking Google to Defend Google: How Google Does Red Team  

Send us a textIn this episode of Serious Privacy, Ralph O'Brien and Dr. K Royal discuss the weekly news, including the Google settlement in Texas, ClearviewAI and much more. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Jacob Coombs, CISO, Tandem Diabetes Care, and Ross Young, Co-host, CISO Tradecraft Thanks to our show sponsor, Vanta What's your 2 AM security worry?   Is it "Do I have the right controls in place?"   Or "Are my vendors secure?"   ….or the really scary one: "how do I get out from under these old tools and manual processes?   Enter Vanta.   Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Vanta also fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit-ready—ALL…THE…TIME. With Vanta, you get everything you need to move faster, scale confidently—and get back to sleep.   Get started at vanta.com/headlines All links and the video of this episode can be found on CISO Series.com  

When discussing privacy risks, many often look to implementing strong encryption, secure data storage practices, and data sanitization processes to help ensure sensitive information remains protected. Though these practices are good and should be prioritized, many often miss other key areas that need just as much focus. As the internet of things has only continued to grow larger and larger, so has the risk these devices inherently create as they collect and store more information than many would instinctively assume. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Merry Marwig, the Vice President of Global Communications & Advocacy at Privacy4Cars, to explore how privacy risks are in places many do not think to look. Together, Merry and Kim discuss why security leaders need to rethink how they approach privacy and consider how the devices we use every day could inadvertently expose our sensitive information. This episode of N2K Pro's CISO Perspectives podcast is brought to you by our sponsor, Meter. Meter provides a full-stack, enterprise-grade networking solution—wired, wireless, and cellular—designed, deployed, and managed end-to-end. From hardware to software, ISP to security, Meter delivers seamless, secure, and scalable connectivity for modern business environments. Learn more about ⁠Meter⁠. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. Learn more about your ad choices. Visit megaphone.fm/adchoices