Podcasts about ciso

S1E4: Gripping the Hot Blade of AI: Risk, Trust, and Governance Nate Couture, CISO of the University of Vermont Health System, joins hosts Tamer Baker and Steven Hajny to explore how healthcare organizations can manage shadow AI responsibly, secure sensitive data, and build governance frameworks to unlock AI's full potential. Key Takeaways: 1. Discovering and managing shadow AI starts with visibility, DLP, and cross-functional collaboration. 2. Thoughtful AI governance is the key to balancing innovation with patient privacy and trust. 3. AI is a powerful tool to enhance, not replace, human productivity in healthcare. To stream our Station live 24/7 visit www.HealthcareNOWRadio.com or ask your Smart Device to “….Play Healthcare NOW Radio”. Find all of our network podcasts on your favorite podcast platforms and be sure to subscribe and like us. Learn more at www.healthcarenowradio.com/listen

For episode 627 of the BlockHash Podcast, host Brandon Zemp is joined by Sara Madden, CISO of Convera.Convera is a global leader in commercial payments. With an unrivaled regulatory footprint and a financial network spanning more than 140 currencies and 200 countries and territories, they're reimagining the future of business payments to better serve their customers.  Their tech-led payment solutions are built on deep expertise in foreign exchange, risk management, and compliance - helping businesses grow with confidence. From small businesses to CFOs and treasurers, they make business payments simple, smart, and secure.⏳ Timestamps: (0:00) Introduction(0:53) Who is Sara Madden?(2:45) Convera at Money20/20(4:54) Convera report on fraud prevention(7:08) AI arms race(10:02) Importance of data sharing in fraud prevention(13:50) Future of Fraud Defense in Finance(17:05) Convera in 2026(18:52) Convera website & social media 

In 2026, governments across Asia grapple with escalating cybersecurity challenges amid rapid digital transformation and geopolitical tensions. AI-powered threats, including sophisticated phishing and deepfakes, pose significant risks, with IDC forecasting that 76.5% of Asia/Pacific enterprises lack confidence in detecting such attacks. Ransomware continues to evolve, targeting critical infrastructure, while supply chain vulnerabilities expose sensitive data—Gartner predicts 45% of global organisations will face software supply chain attacks by 2025, a trend persisting into 2026. Cloud adoption amplifies hybrid environment breaches, compounded by espionage-driven incursions, as Verizon reports 25% of APAC cyberattacks motivated by spying, with public administration the most targeted sector. Regulatory mandates demand robust compliance, straining resources in an era of legacy systems and talent shortages.In this PodChats for FutureCISO, Aaron Bugal, Field CISO, APJ, Sophos, walks us through some of the coming cybersecurity issues government CISOs as well as those in the private sector, will find important in 2026.1.       How can government CISOs effectively measure and improve their cybersecurity resilience, moving beyond compliance-based checklists to ensure the continuous delivery of essential citizen services during an attack?2.       What strategies, have proven, most effective for securing legacy systems that remain critical to national operations, given they cannot be immediately replaced?3.       With Gartner highlighting that by 2026, 50% of C-level executives will have performance requirements tied to cybersecurity risk, how can government CISOs best align their security metrics with national-level outcomes? 4.       How can CISOs proactively defend against state-aligned (sponsored) actors who are increasingly targeting digital public services and critical infrastructure for espionage and disruption?5.       Name one CISO strategy for managing third-party and supply chain risk, particularly as organisations, both private and public, rely on an ecosystem of partners to deliver complex, cloud-native government services?6.       Given IDC's prediction that by 2026, 70% of organisations will consider environmental sustainability in their cloud purchase decisions, how can CISOs balance security, sovereignty, and sustainability in their technology procurements?7.       How are government CISOs addressing the critical cybersecurity skills gap, and what new models for talent acquisition and retention must be developed to compete with the private sector? a.       How to avoid burnout?8.       To what extent have CISOs integrated security into the entire application lifecycle (DevSecOps) for their national digital identity and other citizen-facing platforms?9.       Name a governance and technical framework for the safe and ethical adoption of AI, both to enhance a government's cyber defences and to mitigate its potential malicious use by threat actors?10.   How are government CISOs collaborating with regional counterparts and international bodies to share threat intelligence and establish coordinated response protocols for cross-border cyber incidents?11.   What is that one final advice for government CISOs as their update their cybersecurity strategies for 2026?

In this episode of the Cyber Uncut podcast, David Hollingworth catches up with Proofpoint's chief strategy officer, Ryan Kalember, and vice president of systems engineering for the APJ region, Adrian Covich, while attending the Proofpoint Protect Tour in Melbourne. The three talk about the high-level trends and concerns they're seeing from CISOs both in Australia and abroad and the very real challenges of dealing with a fast-paced and ever-evolving threat landscape. Enjoy the episode, The Cyber Uncut team

Please enjoy this encore of Caveat. This week, we are joined by ⁠Max Shier⁠, ⁠Optiv⁠'s CISO, to discuss the newly-released CMMC 2.0, Cybersecurity Maturity Model Certification, and how to ensure compliance. Ben discusses a federal court's decision holding warrantless queries of the Section 702 database unconstitutional. Dave looks at a murder case in Cleveland that's been derailed by the prosecution's use of AI. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Please take a moment to fill out an ⁠audience survey⁠! Let us know how we are doing! Links to the stories: ⁠VICTORY! Federal Court (Finally) Rules Backdoor Searches of 702 Data Unconstitutional⁠ ⁠Cleveland police used AI to justify a search warrant. It has derailed a murder case⁠ Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our ⁠Caveat Briefing⁠, a weekly newsletter available exclusively to ⁠N2K Pro⁠ members on ⁠N2K CyberWire's⁠ website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's ⁠Caveat Briefing⁠ covers the story of President Trump revoking a 2023 executive order by Joe Biden that mandated AI developers to share safety test results for high-risk systems with the U.S. government before public release, citing it as a hindrance to innovation. While Biden's order aimed to address national security and public safety risks associated with AI, Trump left intact a separate Biden order supporting energy needs for AI data centers. Curious about the details? Head over to the ⁠Caveat Briefing⁠ for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to ⁠caveat@thecyberwire.com⁠. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

All links and images can be found on CISO Series. Check out this post by Kevin Paige, CISO at ConductorOne, for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: When configuration drift becomes operational reality The garden that never stops growing From detection to cultural shift The maturity gap Huge thanks to our sponsor, ThreatLocker ThreatLocker® Defense Against Configurations continuously scans endpoints to uncover misconfigurations, weak firewall rules, and risky settings that weaken defenses. With compliance mapping, daily updates, and actionable remediation in one dashboard, it streamlines hardening, reduces attack surfaces, and strengthens security. Learn more at https://www.threatlocker.com/

In this episode of The New CISO (Episode 137), host Steve Moore speaks with Gideon Knocke, CISO at Visage Imaging, about rethinking how we grow in our careers and why learning to “think outside the job” is key to long-term success.From studying cybersecurity when the field was still new to leading security for millions of patient records in healthcare, Gideon shares how his early curiosity and “career accidents” helped shape his mindset as a modern CISO. He reflects on shifting from technical problem-solving to people-centric leadership, learning how visibility and credibility shape opportunity, and why networking—inside and outside your company—is essential for resilience and growth. Gideon also explains why risk quantification isn't just about numbers, but about decision-making, communication, and understanding what your organization truly values.Key Topics Covered:Early lessons from studying cybersecurity before it went mainstreamWhy some of the best careers evolve through “happy accidents” and curiosityHow to build visibility and relevance beyond doing good workThe difference between being seen as an asset versus a personHow networking and outreach can transform your mindset and open new doorsTurning fear of public speaking into confidence through preparation and iterationThe leadership balance between taking accountability and fostering team candorWhy large-organization politics can hinder honest communicationThe art of quantifying risk for better decision-making, not just reportingWhy the new CISO must start with company beliefs and build security on shared valuesGideon's journey reveals that career success often comes from stepping outside your comfort zone—whether that's reaching out to 100 strangers on LinkedIn, giving your first talk, or reframing how you communicate risk. His insights remind leaders that growth begins when you stop thinking only about your job and start thinking about your impact.

In this episode of Life of a CISO, Dr. Eric Cole sits down with Attila Torok, CISO at GoTo (formerly LogMeIn), to unpack what it really takes to move from security engineer to strategic leader.  Attila shares his journey, the advice that shaped his career, and why "relationships matter more than engineering skills."  From mastering executive communication in three bullet points to building your personal brand and navigating AI in the enterprise, this conversation is packed with practical insight for anyone aspiring to the C-suite in cybersecurity.  

In this episode of Life of a CISO, Dr. Eric Cole sits down with Attila Torok, CISO at GoTo (formerly LogMeIn), to unpack what it really takes to move from security engineer to strategic leader.  Attila shares his journey, the advice that shaped his career, and why "relationships matter more than engineering skills."  From mastering executive communication in three bullet points to building your personal brand and navigating AI in the enterprise, this conversation is packed with practical insight for anyone aspiring to the C-suite in cybersecurity.  

JC Gaillard continues his journey through the "First 100 Days of the New CISO" and focuses on the context of cybersecurity transformation and why it is key to map it from the start

The most dangerous AI attacks don't just break your systems, they break your trust in reality. From deepfakes that fooled a company into losing an enormous amount of money to data poisoning that silently corrupts AI models, today's threats are unlike anything cybersecurity teams have faced before. Don't wait for these threats to hit your organisation, get ahead of them now.In this episode, Monica, a hacker turned CISO, keynote speaker, and founder of Monica Talks Cyber, reveals the dark side of AI and how you can protect your organisation while accelerating your security career. What you'll learn: Why deepfakes are just the beginning of AI-based attacks? How data poisoning works (and why it's so dangerous)? Practical defences: from AI supply chain security to human-in-the-loop protocols. How to position yourself as the AI security leader your company needs?Looking to become an influential and effective security leader? Don't know where to start or how to go about it? Follow Monica Verma (LinkedIn) and Monica Talks Cyber (Youtube) for more content on cybersecurity, technology, leadership and innovation, and 10x your career. Subscribe to The Monica Talks Cyber newsletter at https://www.monicatalkscyber.com.

Brian Long is the CEO & Co-Founder at Adaptive Security. In this episode, he joins host Paul John Spaulding and Adam Keown, CISO at Eastman, a Fortune 500 company focused on developing materials that enhance the quality of life while addressing climate change, the global waste crisis, and supporting a growing global population. Together, they discuss the rise of AI-powered social engineering, including various attack methods, and how businesses can face these threats. The AI Security Podcast is brought to you by Adaptive Security, the leading provider of AI-powered social engineering prevention solutions, and OpenAI's first and only cybersecurity investment. To learn more about our sponsor, visit https://AdaptiveSecurity.com

Microsoft Ignite 2025 is just around the corner. As is tradition by now, we take a look at what to expect from Ignite: the announcements, expectations, and sessions.(00:00) - Intro and catching up.(04:55) - Show content starts.Show links- Microsoft Ignite 2025- Give us feedback!

In this episode, we are joined by Kyle, the President and CEO, and Todd, the COO and CISO, to discuss the critical importance of vetting your vendors. Kyle and Todd delve into why businesses need to meticulously select their vendors, the risks of failing to perform due diligence, and the benefits of building strong partnerships. They also offer practical advice on key questions to ask during the vetting process and emphasize the importance of ongoing vendor evaluation. Whether you're part of a small to midsize business or a larger enterprise, this episode provides valuable insights into maintaining security and ensuring long-term vendor partnerships.00:00 Introduction to Vendor Vetting00:26 Understanding the Importance of Vendor Vetting01:45 Risks of Not Vetting Vendors03:48 Benefits of Thorough Vendor Vetting05:35 Choosing Vendors for Long-Term Partnerships08:27 Key Questions to Ask When Vetting Vendors09:11 Commonly Missed Checklist Items10:58 Financial Stability and Acquisition Risks12:03 Account Management and Vendor Relationships12:56 Understanding Vendor Partnerships13:08 Evaluating Company Culture15:38 Compliance and Vendor Due Diligence17:16 Key Questions for Vendor Assessment21:39 Reevaluating Vendor Relationships23:41 Final Thoughts on Due Diligence

Fraud has always been a consistent challenge. As the world has continued to become increasingly interconnected and as new technologies have become widely available, threat actors have continued to evolve their tactics. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Mel Lanning from the Better Business Bureau to discuss fraud and how it has been evolving in recent years. From exploiting cryptocurrencies to utilizing emerging technologies, Kim and Mel look into how threat actors are changing and refining tactics in the current threat landscape. This episode of N2K Pro's CISO Perspectives podcast is brought to you by our sponsor, Meter. Meter provides a full-stack, enterprise-grade networking solution—wired, wireless, and cellular—designed, deployed, and managed end-to-end. From hardware to software, ISP to security, Meter delivers seamless, secure, and scalable connectivity for modern business environments. Learn more about ⁠Meter⁠. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. Learn more about your ad choices. Visit megaphone.fm/adchoices

The evolution of the modern, Internet-driven economy has created the conditions for essentially unbounded Nth-party risks (that is, risks from your suppliers, and risks from your suppliers’ suppliers, and risks from your suppliers’ suppliers’ suppliers, ad infinitum). Nth party risks exist in public clouds, SaaS, software and hardware supply chains, and now in the form... Read more »

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Jeff Steadman, deputy CISO, Corning Incorporated. Joining them is Quincey Collins, CSO, Sheppard Mullin. This episode was recorded live at the ISSA LA Summit in Santa Monica, California. In this episode:  The foundational debate Strength over breadth Beyond traditional backgrounds Keeping perspective on risk Huge thanks to our sponsors, Adaptive Security and Dropzone AI AI-powered social engineering threats like deepfake voice calls, GenAI phishing, and vishing attacks are evolving fast. Adaptive helps security leaders get ahead with an AI-native platform that simulates realistic genAI attacks, and delivers expert-vetted security awareness training — all in one unified solution. Learn more at adaptivesecurity.com. Dropzone AI autonomously investigates every security alert—no playbooks needed. This AI SOC analyst queries your CrowdStrike, Splunk, threat intel feeds, and 60+ other tools to build complete investigations in 5 minutes. Unlike black-box automation, it shows every query, finding, and decision. See it work yourself—explore the self-guided demo at dropzone.ai.

Ever wondered what happens to your online accounts when you're gone?

The evolution of the modern, Internet-driven economy has created the conditions for essentially unbounded Nth-party risks (that is, risks from your suppliers, and risks from your suppliers’ suppliers, and risks from your suppliers’ suppliers’ suppliers, ad infinitum). Nth party risks exist in public clouds, SaaS, software and hardware supply chains, and now in the form... Read more »

In this episode of the MSP Business School podcast, host Brian Doyle welcomes Jesse Miller from PowerPSA Consulting to discuss the importance and structuring of vCISO programs in MSPs. Jesse shares his journey from a CISO of an MSP to founding PowerPSA Consulting, emphasizing the need for MSPs to offer vCISO services to enhance client value and expand recurring revenue. This engaging discussion explores the primary hurdles MSPs face in implementing and monetizing these services, delivering actionable insights and practical advice for listeners. Jesse Miller elaborates on how MSPs can become proactive by incorporating vCISO programs into their offerings. He highlights the significance of market research to tailor these programs to client needs and explains the importance of detailed client interviews for developing unique value propositions. The conversation dives deep into key issues like effectively packaging and pricing vCISO services, the role of cyber insurance in driving the demand for these services, and leveraging vCISO offerings as a strategy to outpace competitors. Jesse's experiences and advice provide a roadmap for MSPs aiming to build successful vCISO programs. Key Takeaways: Monetizing VCISO Programs: It's crucial for MSPs to effectively package and promote vCISO services, positioning them as essential rather than optional to clients. Market Research and Target Clients: Conducting detailed interviews with existing clients helps in creating a tailor-made vCISO program that aligns with client needs and expectations. Cyber Insurance as a Catalyst: Rising demands from cyber insurance work as a significant factor pushing the necessity for robust vCISO programs. Opportunity for Growth: vCISO services can be an entry point into new markets and clients, offering a competitive edge over other MSPs. Elevating Strategic Partnerships: Providing vCISO services allows MSPs to transition from being viewed as commodities to strategic partners with their clients. Guest Name: Jesse Miller LinkedIn page: https://www.linkedin.com/in/secopswarrior/ Company: PowerPSA Consulting Website: https://powerpsa.com/ Show Website: https://mspbusinessschool.com/ Host Brian Doyle: https://www.linkedin.com/in/briandoylevciotoolbox/ Sponsor vCIOToolbox: https://vciotoolbox.com

Guest: Ari Herbert-Voss, CEO at RunSybil Topics: The market already has Breach and Attack Simulation (BAS), for testing known TTPs. You're calling this 'AI-powered' red teaming. Is this just a fancy LLM stringing together known attacks, or is there a genuine agent here that can discover a truly novel attack path that a human hasn't scripted for it? Let's talk about the 'so what?' problem. Pentest reports are famous for becoming shelf-ware. How do you turn a complex AI finding into an actionable ticket for a developer, and more importantly, how do you help a CISO decide which of the thousand 'criticals' to actually fix first? You're asking customers to unleash a 'hacker AI' in their production environment. That's terrifying. What are the 'do no harm' guardrails? How do you guarantee your AI won't accidentally rm -rf a critical server or cause a denial of service while it's 'exploring'? You mentioned the AI is particularly good at finding authentication bugs. Why that specific category? What's the secret sauce there, and what's the reaction from customers when you show them those types of flaws? Is this AI meant to replace a human red teamer, or make them better? Does it automate the boring stuff so experts can focus on creative business logic attacks, or is the ultimate goal to automate the entire red team function away? So, is this just about finding holes, or are you closing the loop for the blue team? Can the attack paths your AI finds be automatically translated into high-fidelity detection rules? Is the end goal a continuous purple team engine that's constantly training our defenses? Also, what about fixing? What makes your findings more fixable? What will happen to red team testing in 2-3 years if this technology gets better? Resource: Kim Zetter Zero Day blog EP230 AI Red Teaming: Surprises, Strategies, and Lessons from Google EP217 Red Teaming AI: Uncovering Surprises, Facing New Threats, and the Same Old Mistakes? EP68 How We Attack AI? Learn More at Our RSA Panel! EP71 Attacking Google to Defend Google: How Google Does Red Team  

Send us a textIn this episode of Serious Privacy, Ralph O'Brien and Dr. K Royal discuss the weekly news, including the Google settlement in Texas, ClearviewAI and much more. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Jacob Coombs, CISO, Tandem Diabetes Care, and Ross Young, Co-host, CISO Tradecraft Thanks to our show sponsor, Vanta What's your 2 AM security worry?   Is it "Do I have the right controls in place?"   Or "Are my vendors secure?"   ….or the really scary one: "how do I get out from under these old tools and manual processes?   Enter Vanta.   Vanta automates manual work, so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Vanta also fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit-ready—ALL…THE…TIME. With Vanta, you get everything you need to move faster, scale confidently—and get back to sleep.   Get started at vanta.com/headlines All links and the video of this episode can be found on CISO Series.com  

CISO Sandy Dunn breaks down her blueprint for AI-ready defense—pairing MITRE ATT&CK v18 with MITRE ATLAS to move from policy to behavior-based detections. We hit practical AI governance, her early focus on defending and understanding AI, and how OWASP GenAI tools turn checklists into action. Segment Resources: Article: https://www.linkedin.com/pulse/attck-v18-atlas-blueprint-ai-ready-defense-sandy-dunn-mafoc  AI Cheat Sheet:  https://www.linkedin.com/feed/update/urn:li:activity:7388688396166238208/ OWASP LLM Governance Checklist: https://genai.owasp.org/resource/llm-applications-cybersecurity-and-governance-checklist-english/ OWASP Threat Defense COMPASS: https://genai.owasp.org/resource/owasp-genai-security-project-threat-defense-compass-1-0/ Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-218

Send us a textIn this conversation, Nicole Dove shares her unique journey into the cybersecurity field, highlighting her transition from a finance and audit background to becoming a leader in information security at Riot Games. She discusses the importance of continuous learning, the challenges of writing a book on cybersecurity, and the evolving role of Business Information Security Officers (BISOs) in aligning security with business goals. Nicole emphasizes the need for innovative problem-solving and relationship management in cybersecurity, while also reflecting on her personal routines for maintaining sharpness in her role.

In this episode, James talks to Charles Herring about what happens when an IT wizard runs away to join the Navy, works on fighter jets, and then gets thrown into cybersecurity right after 9/11? He shares his unconventional journey from the Wild West days of network defense—complete with fighting worms with worms—to being CISO during the Target breach. Plus: why trauma creates silos, why your SOC is like throwing receipts in garbage bags, and what it takes to build a "good neighborhood" in cybersecurity.

Nightfall AI is pioneering AI-native data loss prevention (DLP) for enterprises navigating cloud, SaaS, and AI application proliferation. Founded in 2017 by former Uber engineers who witnessed data breaches firsthand, Nightfall addresses the architectural limitations and false positive problems plaguing legacy DLP solutions. By leveraging machine learning and large language models across three distinct layers—content classification, risk assessment, and forensic investigation—Nightfall delivers 10x accuracy improvements while enabling secure AI adoption. In this episode of Category Visionaries, I sat down with Rohan Sathe, Co-Founder & CEO of Nightfall AI, to explore their strategy for displacing entrenched incumbents and positioning as the security enabler for organizational AI deployment. Topics Discussed: Nightfall's founding thesis addressing DLP coverage gaps created by cloud and SaaS migration Three-layer AI architecture: content classification, behavioral risk analysis, and agent-assisted forensics Positioning against legacy DLP's rules-based approaches and exact data match workarounds Market education shift post-ChatGPT: from "don't use AI" to "enable AI securely" Purple brand differentiation strategy in security's dark-themed visual landscape Conference ROI reallocation: executive suite meetings versus booth presence at RSA and Black Hat Mid-market to enterprise expansion pattern through peer-to-peer word-of-mouth Founder-led LinkedIn strategy balancing market education with competitive displacement narratives Sales team composition: domain practitioners versus traditional sales profiles GTM Lessons For B2B Founders: Structure POVs to prove quantifiable superiority on one dimension: Rohan revealed Nightfall benchmarks against Google and Microsoft DLP APIs, demonstrating 10x accuracy improvements during proof-of-value cycles. When challenging mature categories, identify the single metric where you demonstrably outperform and architect evaluations to surface that gap. The key isn't claiming superiority—it's creating controlled comparisons where buyers verify it themselves. Deploy AI across three workflow layers, not as a monolithic feature: Nightfall applies AI distinctly at content classification (identifying sensitive data with high precision), behavioral analysis (distinguishing risky data movement from standard workflows), and investigation assistance (helping analysts focus forensic efforts). This creates compounding value and defensibility. Map where AI can reduce friction at multiple decision points in your customer's workflow rather than treating it as a single capability. Replace field marketing spend with curated CISO access: Nightfall redirected budget from RSA and Black Hat booths to private suites hosting scheduled executive meetings. Rohan emphasized engaging "chief information security officers who sign the checks" in intimate settings rather than booth traffic. For enterprise sales, calculate cost-per-meeting with economic buyers and reallocate spend accordingly. Design 8-person dinners as vendor-neutral industry forums: Nightfall hosts 3-4 annual dinners with 5-7 prospects and 2-3 team members (founders, head of product) structured around industry developments—like OpenAI's agent workflow builder and security implications—not product pitches. The format positions Nightfall as thought leaders while qualifying prospects through discussion quality. Agenda topics, not sales decks, drive conversion. Hire former practitioners into quota-carrying roles: Rohan identified hiring former DLP security operations analysts as account executives or solutions architects, mirroring trends in legal tech (hiring lawyers) and HR tech (hiring recruiters). For technical categories with sophisticated buyers, domain fluency in customer-facing roles outweighs traditional sales experience. This isn't solutions engineering—it's putting practitioners in quota-carrying positions. Use LinkedIn for two narratives: market education and competitive wins: Rohan posts thought leadership on DLP evolution and AI security implications alongside selective announcements of competitive displacements at enterprise AI companies and top 10 banks. He noted role postings also drive engagement, signaling growth momentum. The pattern: educate on category gaps, prove you're winning deals in those gaps, show team expansion. Avoid pure product promotion. Leverage AI adoption mandates as your demand generation engine: Post-ChatGPT, Rohan noted "board mandate and CEO mandate from every company to use as much AI as you can" created new security requirements. Nightfall shifted positioning from "prevent data loss" to "enable AI adoption securely." When macro shifts create executive-level mandates in your category, realign messaging around enabling that mandate rather than preventing its risks. Challenge category conventions through education, not assertion: Rather than simply claiming exact data match (EDM) is obsolete, Nightfall explains EDM emerged as a workaround for rules-based approaches' false positive problems—and ML eliminates the need for workarounds entirely. When displacing established practices, reveal why current solutions exist (what problem they patch) before explaining why your approach eliminates the underlying issue. //  Sponsors:  Front Lines — We help B2B tech companies launch, manage, and grow podcasts that drive demand, awareness, and thought leadership. www.FrontLines.io The Global Talent Co. — We help tech startups find, vet, hire, pay, and retain amazing marketing talent that costs 50-70% less than the US & Europe. www.GlobalTalent.co // Don't Miss: New Podcast Series — How I Hire Senior GTM leaders share the tactical hiring frameworks they use to build winning revenue teams. Hosted by Andy Mowat, who scaled 4 unicorns from $10M to $100M+ ARR and launched Whispered to help executives find their next role. Subscribe here: https://open.spotify.com/show/53yCHlPfLSMFimtv0riPyM

In a world where cyber risk is business risk, today's Chief Information Security Officers are not just defenders of data—they are strategic partners driving organizational resilience. Moderated by Gartner's Ash Ahuja, this candid conversation explores how security leaders are balancing innovation with risk management, influencing board-level decision-making, and navigating complex threat environments in 2025.Ash Ahuja, VP & Executive Partner, Security & Risk Management - GartnerTim Silverline, VP of Security, Rocket LawyerJarell Mikell, Executive Director - Power Systems & Gas Cybersecurity - Southern CompanyThis session took place at SecurityWeek's CISO Forum at the Ritz-Carlton, Half Moon Bay in August 2025.Follow SecurityWeek on LinkedIn

In this episode of the @Endace, Packet Forensic Files, Michael Morris chats with Steve Fink, CTO and CISO of Secure Yeti and architect of the SOCs for Black Hat, RSA Conference, and Cisco Live, for an in-depth look at building effective Security Operations Centers (SOCs). With 26 years of cybersecurity experience, Fink shares strategies for leveraging packet data, integrating AI for automation, fostering vendor collaboration, and ensuring scalability and resilience. This expert-led discussion is a must-watch for cybersecurity professionals who want to learn how to optimize threat detection and avoid data swamps .ABOUT ENDACE *****************Endace (https://www.endace.com) is a world leader in high-performance packet capture solutions for cybersecurity, network and application performance. EndaceProbes are deployed on some of the world's largest, fastest and most critical networks. EndaceProbe models are available for on-premise, private cloud and public cloud deployments - delivering complete hybrid cloud visibility from a single pane-of-glass.Endace's open EndaceProbe Analytics appliances (https://www.endace.com/endaceprobe) can be deployed in on-premise locations and can also host third-party security and performance monitoring solutions while simultaneously recording a 100% accurate history of network activity.CHAPTERS01:24 Why is your nickname 'Fink' and not Steve?02:17 What foundational, architectural principles are essential when designing a next-gen SOC?05:43 How do you approach scalability & modularity in NOC/SOC design to accommodate future growth?08:57 How have you evolved to integrate cloud native technology or hybrid environments into your SOC and what were the challenges?12:04 What role does packet data and centralized logging play in your SOC design and how do you ensure efficient data ingestion and retrieval?14:45 How do you architect SOC to support real time threat detection and response across geographically distributed global infrastructures?17:55 What strategies do you use for disaster recovery?20:35 How do you incorporate AI, ML and automation capabilities into your SOC architecture to enhance threat hunting?23:02 What are your best practices for integrating third-party tools?

All links and images can be found on CISO Series. Check out this post by Kevin Paige, CISO at ConductorOne, for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is Julie Tsai, CISO-in-Residence, Ballistic Ventures. In this episode: Is least privilege dead? Modern tactics, timeless principle Implementation over ideology Pragmatism over purity Huge thanks to our sponsor, Cyera AI is moving fast - can your security keep up? Join the leaders shaping the future of data and AI security at DataSecAI Conference 2025, hosted by Cyera, Nov 12–13 in Dallas. Register now at https://datasecai2025.com/did.

In this urgent and eye-opening episode of Life of a CISO, Dr. Eric Cole dives into one of the most consequential moments in U.S. cybersecurity history: the expiration of the Information Sharing Act of 2015, which quietly lapsed the same day the government shut down. Dr. Cole explains how this coincidence has effectively cut off the flow of critical cyber threat intelligence between the U.S. government and private sector, leaving organizations blind to emerging attacks and operating at a major disadvantage. He breaks down the data-driven realities every CISO must communicate to their executive teams: The collapse of formal information sharing protections and the resulting liability risks for companies. The severe reduction of federal cybersecurity capacity, with 65% of CISA furloughed. The surge in cyberattacks from foreign adversaries exploiting U.S. vulnerability. Practical strategies for regaining the upper hand—reducing attack surfaces, deploying AI-based threat detection, and reassessing over-reliance on cloud providers following suspicious AWS and Microsoft outages. Dr. Cole urges CISOs to lead with data, not emotion, and to act decisively in this new era of "cyber wartime." Whether you're an executive or a security professional, this episode delivers the critical insights and strategic playbook you need to safeguard your organization when the nation's early warning system has gone dark.  

BlueRock is building an agentic security fabric to protect organizations deploying AI agents and MCP workflows. With a $25 Million Series A, founder Bob Tinker is tackling what he sees as a 10x larger opportunity than mobile's enterprise disruption. Bob previously scaled MobileIron from zero to $150 million in five years and took it public in 2014. In this episode of Category Visionaries, Bob shares the strategic mistakes that cost MobileIron its category positioning, why go-to-market fit is the missing framework between PMF and scale, and how B2B marketing has fundamentally transformed in just 18 months. Topics Discussed: Taking a company public: the killer marketing event versus the unexpected team psychology challenges of daily stock volatility Why agentic AI workflows create unprecedented security challenges at the action and data layer, not just prompts The strategic timing of category definition: MobileIron's cautionary tale of letting Gartner define you as "MDM" when customers bought for security Where enterprise buyers actually get advice now that Gartner's influence has diminished AEO (Answer Engine Optimization) replacing SEO as the primary discovery mechanism for B2B solutions Why 1.0 categories have fundamentally unclear ICPs versus 2.0/3.0 products with crisp buyer personas The "high urgency, low friction" framework for prioritizing what to build in nascent markets Go-to-market fit: the repeatable growth recipe that unlocks scaling post-PMF Unlearning as competitive advantage for second-time founders GTM Lessons For B2B Founders: Time your category noun definition strategically: MobileIron focused exclusively on solving the problem (the verb) but waited too long to influence category nomenclature. Gartner labeled it "Mobile Device Management" when customer purchase drivers were security-focused, not management. This misalignment constrained positioning for years with no way to correct it. The framework: lead with verb, but proactively shape the noun before external analysts do it for you. Bob's doing this differently at BlueRock by distinguishing "agentic action security" from "prompt security" early, even while the broader market sorts out AI security taxonomy. Use customer language as category discovery, not invention: Bob's breakthrough on BlueRock positioning came from asking prospects: "How would you describe what we do to your peers?" One prospect distinguished their focus on "the action side - taking AI and taking action on data and tools" versus prompt inspection and AI firewalls. This customer-generated framing revealed the natural fault lines in how practitioners think about the problem space. The tactical application: run this exact question with your first 10-15 qualified prospects and pattern-match their language, rather than workshopping category names internally. Engineer for the "high urgency, low friction" intersection: Bob's filtering criteria for BlueRock's roadmap requires both dimensions simultaneously. When a prospect revealed they were building their own MCP security tools - a signal of acute, unmet pain - they also asked BlueRock to add prompt security features. Bob's framework forced a "no" despite clear demand because it would violate low friction. The discipline: if a feature request fails either test (not urgent enough OR too much friction), it doesn't make the cut, even when prospects explicitly ask for it. Accept ICP ambiguity as a feature, not bug, of 1.0 markets: In 2.0/3.0 categories, you can target "VP of Detection & Response" with precision. In 1.0 markets like agentic security, Bob finds buyers across three distinct orgs: agentic development teams building secure-by-default systems, product security teams inside engineering (not under the CISO), and traditional security organizations. His thesis: this lack of crisp ICP definition is actually a reliable signal you're in a genuinely new market. The response: invest in community engagement across all three buyer types rather than forcing premature segmentation. Shift content strategy from SEO to AEO immediately: Bob identifies the clock speed of marketing change as "breathtaking" - what worked 18 months ago is obsolete. The specific shift: ranking above the fold in Google search is now irrelevant. What matters is appearing in the answer box that ChatGPT or Google Gemini surfaces above traditional results. This isn't incremental SEO optimization - it requires fundamentally restructuring content to feed LLM context windows and answer engines rather than keyword-optimizing for traditional search crawlers. Treat go-to-market fit as a distinct inflection point: Bob observed a consistent pattern across MobileIron, Box (Aaron Levie), Citrix (Mark Templeton), Palo Alto Networks (Mark McLaughlin), and SendGrid (Sameer Dholakia) - all hit PMF, hired salespeople aggressively, burned cash, and stalled growth while boards grew frustrated. The missing concept: PMF proves you can create value; GTM fit proves you can capture it repeatedly. It's the "repeatable growth recipe to find and win customers over and over again." The tactical implication: after PMF, resist pressure to scale headcount and instead obsess over making your first 3-5 sales cycles systematically repeatable before hiring your second AE. Build community as primary discovery in fragmented buyer markets: Bob's most different GTM motion versus five years ago: "We're just out talking to prospects and customers - individual reach outs, hitting people up on LinkedIn, posting in discussion boards, engaging with the community." This isn't supplemental to demand gen; it's replaced traditional top-of-funnel. When prospects exist across multiple personas without clear titles, community presence in Reddit, Stack Overflow, and LinkedIn becomes the only scalable discovery mechanism. The benchmark: successful new tech companies have built communities of early users before they've built repeatable sales motions. Practice systematic unlearning as second-time founder discipline: Bob's most personal insight: "What really got in my way wasn't what I needed to learn. It was what I needed to unlearn." The specific application: he's questioning his entire MobileIron marketing playbook because "blindly applying that eight-year-old playbook to marketing or sales will end in tears." His framework: periodic gut checks asking "What assumptions am I making? How should I think about this differently?" rather than letting inertia drive execution. The meta-lesson: success creates muscle memory that becomes liability without deliberate examination. Second-time founders should actively audit which reflexes to preserve versus discard. // Sponsors: Front Lines — We help B2B tech companies launch, manage, and grow podcasts that drive demand, awareness, and thought leadership. www.FrontLines.io The Global Talent Co. — We help tech startups find, vet, hire, pay, and retain amazing marketing talent that costs 50-70% less than the US & Europe. www.GlobalTalent.co // Don't Miss: New Podcast Series — How I Hire Senior GTM leaders share the tactical hiring frameworks they use to build winning revenue teams. Hosted by Andy Mowat, who scaled 4 unicorns from $10M to $100M+ ARR and launched Whispered to help executives find their next role.  Subscribe here: https://open.spotify.com/show/53yCHlPfLSMFimtv0riPyM

Bridging the CISO-board disconnect which hinders your cyber-security progressMeasuring cyber-risk in financial, economic and operational terms and demonstrating value in cyber-investmentsFocusing on governance and compliance – how to answer when asked “are we compliant?Thom Langford, Host, teissTalkhttps://www.linkedin.com/in/thomlangford/Zia Ush Shamszaman, Senior Lecturer in Computer Science, Teesside Universityhttps://www.linkedin.com/in/zia-ush-shamszaman/Edd Hardy, Director Cyber Security, AlixPartnershttps://www.linkedin.com/in/eddhardyPenny Jackson, Director Strategy, Awareness & Engagement (Human Risk Management), Aristos Partnershiphttps://www.linkedin.com/in/pennykjackson/

JC Gaillard continues with his exploration of the "First 100 Days of the New CISO" and highlights why building trust and managing expectations from the start are key to long-term success

⬥GUEST⬥Andrew Morgan, Chief Information Security Officer | On LinkedIn: https://www.linkedin.com/in/andrewmorgancism/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥The cybersecurity community has long recognized an uncomfortable truth: the gap between well-resourced enterprises and underfunded organizations keeps widening. This divide isn't just about money; it's about survivability. When a small business, school, or healthcare provider is hit with a major breach, the likelihood of permanent closure is exponentially higher than for a large enterprise.As host of the Redefining CyberSecurity Podcast, I've seen this imbalance repeatedly — and the conversation with Andrew Morgan underscores why it persists and what can be done about it.The Problem: Structural ImbalanceLarge enterprises operate with defined budgets, mature governance, and integrated security operations centers. They can afford redundancy, talent, and tooling. Meanwhile, small and mid-sized organizations are often left with fragmented controls, minimal staff, and reliance on external vendors or managed providers.The result is a “have and have not” world. The “haves” can detect, contain, and recover. The “have nots” often cannot. When they are compromised, the impact isn't just reputational — it can mean financial collapse or service disruption that directly affects communities.The Hidden Costs of ComplexityEven when smaller organizations invest in technology, they often fall into the trap of overtooling without strategy. Multiple, overlapping systems create noise, false confidence, and operational fatigue. Morgan describes this as a symptom of viewing cybersecurity as a subset of IT rather than as a business enabler.Simplification is key. A rationalized platform approach — even if not best-of-breed — can deliver better visibility and sustainability than a patchwork of disconnected tools. The goal should not be perfection; it should be proportionate protection aligned with business risk.The Solution: Culture, Collaboration, and ContinuityCyber resilience starts with people and culture. As Morgan puts it, programs must be driven by culture, informed by risk, and delivered through people, process, and technology. Security can't succeed in isolation from the organization's purpose or its people.The Australian CISO Tribe provides a real-world model for collaboration. Its members share threat intelligence, peer validation, and practical experiences — a living example of collective defense in action. Whether formalized or ad-hoc, these networks give security leaders context, community, and shared strength.Getting Back to BasicsPractical resilience isn't glamorous. It's about getting the basics right — consistent patching, logging, phishing-resistant authentication, verified backups, and tested recovery plans. It's about ensuring that, if everything fails, you can still get back up.When security becomes a business-as-usual practice rather than a project, organizations begin to move from reactive defense to proactive resilience.The TakeawayBridging the cybersecurity divide doesn't require endless budgets. It requires prioritization, simplification, and partnership. The “have nots” may never mirror enterprise scale, but they can adopt enterprise discipline — and that can make all the difference between temporary disruption and permanent failure.⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/andrewmorgancism_last-night-i-was-fortunate-enough-to-spend-activity-7383972144507994112-V3Zr/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

This week, we unpack the hero announcements from GitHub Universe 2025. Much of this is related to agents, agentic AI, and GitHub Copilot. We reflect on these new announcements as we proceed.(00:00) - Intro and catching up.(03:59) - Show content starts.Show links- Agent HQ- Custom agents examples- Copilot integrations - Agentic code review in Copilot- Plan mode- Agents.md- GitHub Code Quality- Usage metrics and API- Enterprise AI controls and agent control plane- Give us feedback!

⬥GUEST⬥Andrew Morgan, Chief Information Security Officer | On LinkedIn: https://www.linkedin.com/in/andrewmorgancism/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥The cybersecurity community has long recognized an uncomfortable truth: the gap between well-resourced enterprises and underfunded organizations keeps widening. This divide isn't just about money; it's about survivability. When a small business, school, or healthcare provider is hit with a major breach, the likelihood of permanent closure is exponentially higher than for a large enterprise.As host of the Redefining CyberSecurity Podcast, I've seen this imbalance repeatedly — and the conversation with Andrew Morgan underscores why it persists and what can be done about it.The Problem: Structural ImbalanceLarge enterprises operate with defined budgets, mature governance, and integrated security operations centers. They can afford redundancy, talent, and tooling. Meanwhile, small and mid-sized organizations are often left with fragmented controls, minimal staff, and reliance on external vendors or managed providers.The result is a “have and have not” world. The “haves” can detect, contain, and recover. The “have nots” often cannot. When they are compromised, the impact isn't just reputational — it can mean financial collapse or service disruption that directly affects communities.The Hidden Costs of ComplexityEven when smaller organizations invest in technology, they often fall into the trap of overtooling without strategy. Multiple, overlapping systems create noise, false confidence, and operational fatigue. Morgan describes this as a symptom of viewing cybersecurity as a subset of IT rather than as a business enabler.Simplification is key. A rationalized platform approach — even if not best-of-breed — can deliver better visibility and sustainability than a patchwork of disconnected tools. The goal should not be perfection; it should be proportionate protection aligned with business risk.The Solution: Culture, Collaboration, and ContinuityCyber resilience starts with people and culture. As Morgan puts it, programs must be driven by culture, informed by risk, and delivered through people, process, and technology. Security can't succeed in isolation from the organization's purpose or its people.The Australian CISO Tribe provides a real-world model for collaboration. Its members share threat intelligence, peer validation, and practical experiences — a living example of collective defense in action. Whether formalized or ad-hoc, these networks give security leaders context, community, and shared strength.Getting Back to BasicsPractical resilience isn't glamorous. It's about getting the basics right — consistent patching, logging, phishing-resistant authentication, verified backups, and tested recovery plans. It's about ensuring that, if everything fails, you can still get back up.When security becomes a business-as-usual practice rather than a project, organizations begin to move from reactive defense to proactive resilience.The TakeawayBridging the cybersecurity divide doesn't require endless budgets. It requires prioritization, simplification, and partnership. The “have nots” may never mirror enterprise scale, but they can adopt enterprise discipline — and that can make all the difference between temporary disruption and permanent failure.⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/andrewmorgancism_last-night-i-was-fortunate-enough-to-spend-activity-7383972144507994112-V3Zr/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

Building a Security Culture: Insights from CIT In this episode of 'Our Tech for Business' podcast, Nate, the Director of Cybersecurity, and Todd, the COO and CISO, dive into the importance of building a robust security culture within organizations. They discuss the significance of integrating security into company culture, the challenges faced when implementing security measures, and the disconnect between business leaders and employees regarding cybersecurity. With practical advice for non-tech leaders and employees, they share insights on how to transition from mere compliance to a committed security culture. Tune in to learn how to foster security awareness and commitment across all levels of your organization.00:00 Introduction to Building a Security Culture00:29 The Importance of Security Culture01:12 Challenges in Implementing Security Measures03:09 Misconceptions About Cybersecurity04:53 Evolving Security Practices at CIT09:51 Empowering Non-Security Professionals14:13 Engaging in the Security Process14:43 IT Leaders and Executive Buy-In15:03 Translating Business Needs to Security15:13 Driving Security in Non-Tech Leaders15:38 Advocates for Security16:00 Creating a Safe Feedback Environment16:17 Transitioning from Compliance to Commitment16:56 The Role of Business in Security18:41 The Importance of Compliance19:25 Culture Change in Organizations20:30 Practical Steps for Non-IT People23:19 Outsourcing Security Services27:03 Communication and Culture28:17 Final Thoughts and Conclusion

When discussing privacy risks, many often look to implementing strong encryption, secure data storage practices, and data sanitization processes to help ensure sensitive information remains protected. Though these practices are good and should be prioritized, many often miss other key areas that need just as much focus. As the internet of things has only continued to grow larger and larger, so has the risk these devices inherently create as they collect and store more information than many would instinctively assume. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Merry Marwig, the Vice President of Global Communications & Advocacy at Privacy4Cars, to explore how privacy risks are in places many do not think to look. Together, Merry and Kim discuss why security leaders need to rethink how they approach privacy and consider how the devices we use every day could inadvertently expose our sensitive information. This episode of N2K Pro's CISO Perspectives podcast is brought to you by our sponsor, Meter. Meter provides a full-stack, enterprise-grade networking solution—wired, wireless, and cellular—designed, deployed, and managed end-to-end. From hardware to software, ISP to security, Meter delivers seamless, secure, and scalable connectivity for modern business environments. Learn more about ⁠Meter⁠. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. Learn more about your ad choices. Visit megaphone.fm/adchoices

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining us is Sara Madden, CISO, Convera. In this episode:  Optimizing for reality, not idealism Engineering governance instead of monitoring compliance When AI finds what humans miss The measurement problem Huge thanks to our sponsor, ThreatLocker Human error remains one of the top cybersecurity threats. Just one wrong click can open the door to ransomware or data loss. With ThreatLocker, unauthorized apps, scripts, and devices are blocked before they can ever run. See how ThreatLocker can help you gain more control over your environment. https://threatlocker.com

AI agents are everywhere: 91% of organizations already use them. But can we control these autonomous digital workers? And what happens when they go rogue? Let's find out with our guest Matthew Hansen, Regional Chief Security Officer for the Americas with Okta. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.   NIST AI RMF episodes:   https://cr-map.com/podcast/153/ https://cr-map.com/podcast/154/

In this episode, Dr. Dave Chatterjee sits down with Pam Lindemoen, Chief Security Officer and Vice President of Strategy at the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC), to explore the CISO's evolving role in global nonprofit organizations. Moving beyond traditional corporate metrics of cost and compliance, Lindemoen reveals how cybersecurity leadership in the nonprofit sector is ultimately about preserving trust, protecting donor data, and sustaining mission-driven operations. Drawing on three decades of experience across healthcare, finance, and retail, Lindemoen shares how RH-ISAC has become a collaborative force multiplier, enabling member companies to detect, respond, and adapt collectively to cyber threats. Through the Commitment–Preparedness–Discipline (CPD) framework, Dr. Chatterjee and Lindemoen illustrate how leadership, empathy, and shared intelligence drive resilience across the nonprofit ecosystem.Time Stamps• 00:49 — Dave introduces the topic and Pam Lindemoen's professional journey.• 02:49 — Career reflections: from IT foundations to cybersecurity leadership.• 04:23 — Inside RH-ISAC: a trusted model for cross-industry collaboration.• 07:06 — Navigating dual responsibilities—defending RH-ISAC and empowering members.• 09:09 — Governance, trust, and relationship management in a global community.• 12:27 — RH-ISAC's differentiation and member-driven value.• 14:00 — Leadership through listening and connection.• 20:50 — Advice for CISOs exploring nonprofit leadership paths.• 24:26 — Real-world example: supply chain attack mitigation through shared intelligence.• 27:55 — Final reflections on collective trust, collaboration, and resilience.To access and download the entire podcast summary with discussion highlights - https://www.dchatte.com/episode-94-guardians-of-trust-the-cisos-strategic-role-in-global-non-profits/Connect with Host Dr. Dave Chatterjee LinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Books PublishedThe DeepFake ConspiracyCybersecurity Readiness: A Holistic and High-Performance ApproachArticles PublishedRamasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness,” Business Horizons, Accepted on Oct 29, 2024.Isik, O., Chatterjee, D., and Lourenco, D.A. (2024). “Getting Cybersecurity Right,” California Management Review — Insights, Accepted for Publication, July 8, 2024.

Send us a textPioneering technology executive and Leadership Vision advisor Deb Dixson joins Nathan to unpack how leaders move teams from dependence on one person to interdependence—through mission clarity (“we sell lettuce”), Strengths-based roles, and a culture where fast, safe learning is encouraged. Drawing on her 30+ years as a CISO, CIO, and executive coach, Deb shares stories of building resilient teams, empowering others to lead, and offering timeless guidance for leaders navigating change.Deb also wrote the forward to Unfolded, and we are so grateful for her continued investment in our team.What we discussFrom hero to builder: Why great leaders aim to make themselves unnecessary—and how Deb did it.Mission clarity: Connecting daily work to the outcome (“we sell lettuce”) so everyone sees how they serve the customer.Strengths in action: Placing people where they're wired to excel; using a common language to handle conflict and change.Safe failure → faster learning: Celebrating responsible experiments, shortening feedback loops, and avoiding “death-march” projects.Finding the gaps: Spotting unowned work and empowering people to own it (including Deb's CISO origin story).Resources & LinksLeadership Vision Consulting – services, podcast, newsletter: https://www.leadershipvisionconsulting.comUnfolded: Lessons in Transformation from an Origami Crane (Brian & Dr. Linda Schubring)CliftonStrengths (StrengthsFinder)Dale Carnegie trainingConnect with us on social & subscribe to the podcast

Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud and a recognized expert in SIEM, log management, and PCI DSS compliance, will help us cut through the buzzwords and discuss modern security operations.Join the Defender Fridays community, live every Friday, to discuss the dynamic world of information security in a collaborative space with seasoned professionals.Dr. Chuvakin is now involved with security solution strategy at Google Cloud, where he arrived via Chronicle Security (an Alphabet company) acquisition in July 2019. He is also a co-host of Cloud Security Podcast.Until June 2019, Dr. Anton Chuvakin was a Research VP and Distinguished Analyst at Gartner for Technical Professionals (GTP) Security and Risk Management Strategies (SRMS) team. At Gartner he covered a broad range of security operations and detection and response topics, and is credited with inventing the term "EDR." He is a recognized security expert in the field of SIEM, log management and PCI DSS compliance. He is an author of books "Security Warrior", "PCI Compliance", "Logging and Log Management" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others. Anton has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS, honeypots, etc. His blog securitywarrior.org was one of the most popular in the industry.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining them is their sponsored guest Bobby Ford, chief strategy and experience officer, Doppel. In this episode: Beyond the click High-risk users demand different metrics Building engagement over punishment Creating a security culture through community Huge thanks to our sponsor, Doppel Doppel is protecting the world's digital integrity. Impersonators adapt fast — but so does Doppel. By pairing AI with expert analysis, we don't just detect deception; we dismantle it. Our platform learns from every attack, expands its reach across digital channels, and disrupts threats before they cause harm. The result? Impersonators lose. Businesses become too costly to attack. And trust stays intact. Learn more at https://www.doppel.com/

In 2025, it's not about degrees or certifications, it's about real skills, AI-readiness, and strategic thinking. In this episode, Monica, a board-certified cybersecurity leader with 20+ years of experience, breaks down the 5 biggest shifts shaping the cybersecurity job market right now.• Why mindset and adaptability now outrank credentials• How AI is redefining job roles and hiring criteria• Why communication is the #1 skill for cybersecurity leaders• How skill stacking gives you a salary and career edge• How compliance and regulation are changing hiring in Europe and beyondWhether you're an aspiring CISO, a security analyst, or pivoting into cybersecurity, this episode gives you the insights you won't hear anywhere else.Looking to become an influential and effective security leader? Don't know where to start or how to go about it? Follow Monica Verma (LinkedIn) and Monica Talks Cyber (Youtube) for more content on cybersecurity, technology, leadership and innovation, and 10x your career. Subscribe to The Monica Talks Cyber newsletter at https://www.monicatalkscyber.com.

Privacy is one of the most universally valued rights. Yet, despite its importance, data breaches exposing millions of people's sensitive information have become routine. Many have come to assume that their personal data has already been, or inevitably will be, compromised. Despite this reality, prioritizing privacy is more important than ever. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Kristy Westphal, the Global Security Director of Spirent Communications, to explore data privacy's impacts on cybersecurity efforts. Together, Kristy and Kim discuss why privacy cannot be an afterthought but rather must be something actively addressed through proactive security efforts, shifting security culture mindsets, and staying ahead of rapidly changing technologies. This episode of N2K Pro's CISO Perspectives podcast is brought to you by our sponsor, Meter. Meter provides a full-stack, enterprise-grade networking solution—wired, wireless, and cellular—designed, deployed, and managed end-to-end. From hardware to software, ISP to security, Meter delivers seamless, secure, and scalable connectivity for modern business environments. Learn more about ⁠Meter⁠. Want more CISO Perspectives? Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. Learn more about your ad choices. Visit megaphone.fm/adchoices

To understand how much to spend on cybersecurity, you have to accurately assess or quantify your risks. Too many people still peg their cybersecurity spend to their IT budget; that is, they’ll look at what they’re spending on IT, and then allocate a percentage of that to cybersecurity. That may have made some sense when... Read more »

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Jerich Beason, CISO, WM. Joining them on stage is Jack Leidecker, CISO, Gong. This episode was recorded live at HOU SEC CON 2025. In this episode: The open source sustainability problem AI levels the geopolitical playing field Cutting through AI vendor hype Why the fundamentals still hurt Thanks to Erik Bloch from Illumio for providing our "What's Worse" scenario. Huge thanks to our sponsor, Vorlon Security SaaS data moves fast—Vorlon gives security teams the context to move faster. Vorlon combines posture and secrets management, data flow visibility, and detection and response —
so you can see the full picture: what's connected, what's at risk,
and what needs immediate action. Learn more at https://vorlon.io/

On this episode, host Kim Jones is joined by Ethan Cook, N2K's lead analyst and editor, for a deeper, more reflective conversation on cybersecurity regulation, privacy, and the future of policy. This episode steps back from the news cycle to connect the dots and explore where the regulatory landscape is heading — and why it matters. Ethan, who will join the show regularly this season to provide big-picture analysis after major policy conversations, shares his perspective on the evolving balance between government oversight, innovation, and individual responsibility. This episode of N2K Pro's CISO Perspectives podcast is brought to you by our sponsor, Meter. Meter provides a full-stack, enterprise-grade networking solution—wired, wireless, and cellular—designed, deployed, and managed end-to-end. From hardware to software, ISP to security, Meter delivers seamless, secure, and scalable connectivity for modern business environments. Learn more about Meter. Learn more about your ad choices. Visit megaphone.fm/adchoices