Podcasts about ciso

All links and images can be found on CISO Series. Check out this post by Dr. Chase Cunningham, CSO at Demo-Force, for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Brett Conlon, CISO, American Century Investments. In this episode: The experience paradox Who benefits from the narrative Kitchen sink job postings The aggregation problem Huge thanks to our sponsor, Scanner All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data lakes, 10x cheaper than SIEMs. Loved by analysts. Built for AI agents. Learn more at scanner.dev  

Send a textWelcome to the newest episode of the Serious Privacy podcast, where hosts Paul Breitbarth, Ralph O'Brien, and Dr. K Royal connect with Josh Schwartz of Phaselaw to discuss the increasing use of data subject access rights (DSARs) as a weapon. The resources required to handle such requests can be quite extensive. How do companies keep up? Maybe Josh has some insight. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Greg Crowley is the CISO at eSentire. In this episode, he joins host Charlie Osborne to discuss the concerning jump in account compromise in 2025, how best to stop identity attacks, and more. eSentire is the Authority in Managed Detection and Response. eSentire's mission is to hunt, investigate and stop cyber threats before they become business disrupting events. To learn more about our sponsor, visit https://esentire.com

Please enjoy this encore of CISO Perspectives. In the season finale of CISOP, Kim Jones is joined by N2K's own Ethan Cook to reflect on the conversations that shaped this season. Together, they revisit standout moments from Kim's interviews, unpacking their significance and getting Ethan's fresh perspective on the cybersecurity workforce challenge—as someone viewing the industry from the outside. Since the mid-season reflection, Kim has explored a wide range of workforce issues, including skills mapping, talent identification, and the evolving strategies needed to close cybersecurity's talent gap. Survey: We want to hear your perspectives on this season, fill out our audience survey before August 31st. Learn more about your ad choices. Visit megaphone.fm/adchoices

The recent U.S. Executive Order 14365, Ensuring a National Policy Framework for Artificial Intelligence, is the administration's latest attempt to prevent the enforcement of most of the AI laws passed in individual US states. Because it is only an executive order (EO), it cannot directly nullify, supersede, forestall, or put a pause on state-level laws.... Read more »

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining them is Russ Ayres, CISO, Principal Financial Group. In this episode: Metrics that matter Tool babysitting problem Automating the brokenness Stay connected intentionally Huge thanks to our sponsor, Strike48 Strike48 is the Agentic Log Intelligence Platform that actually puts AI agents to work, combining full log visibility with AI agents that investigate, detect, and respond 24/7. With pre-built agent clusters for security and a no-code agentic workflow builder, it's easy to get started. Learn more at strike48.com/security.  

Show NotesMost organizations treat cybersecurity as a technology problem. They invest in layers of defense, run phishing tests, and deploy identity and access management tools. Yet headlines about breaches keep coming. Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at the MIT Sloan School of Management, argues that the real opportunity lies not in more technology but in changing how people across the organization think about and value cybersecurity.In this episode of the Human-Centered Cybersecurity Series, co-hosted by Julie Haney, Computer Scientist and Lead of the Human-Centered Cybersecurity Program at the National Institute of Standards and Technology (NIST), Dr. Keri Pearlson introduces her framework for cybersecurity culture built around values, attitudes, and beliefs. Rather than simply training employees on what to do, the focus shifts to shaping why they do it. When people genuinely believe cybersecurity matters, they take action without waiting for mandates or programs to tell them how.Dr. Pearlson shares vivid examples from her research: a CISO who hired a marketing professional to run the cybersecurity culture program, a CEO who opens every all-hands meeting with a five-minute cybersecurity story, and organizations that use creative rewards like chocolate chip cookies and digital badges to reinforce positive behaviors. She also outlines a five-stage maturity model for cybersecurity culture, from ad hoc efforts all the way to a dynamic culture that self-regulates as new threats like AI-driven vulnerabilities emerge.The conversation also tackles the relationship between organizational culture and cybersecurity culture, the role of group-level accountability, and why consequences matter just as much as rewards. Dr. Pearlson makes the case that cybersecurity should move from being viewed as an infrastructure play to a strategic advantage, one that can attract customers, reduce costs, and build competitive differentiation.For any leader looking to move the needle on security culture, this episode offers a research-backed roadmap and practical steps that anyone can take starting tomorrow.HostSean Martin, Co-Founder at ITSPmagazine, Studio C60, and Host of Redefining CyberSecurity Podcast & Music Evolves Podcast | Website: https://www.seanmartin.com/Guest(s)Dr. Keri Pearlson, Senior Lecturer and Principal Research Scientist at MIT Sloan School of Management | On LinkedIn: https://www.linkedin.com/in/kpearlson/Julie Haney (Co-Host), Computer Scientist and Lead, Human-Centered Cybersecurity Program at National Institute of Standards and Technology (NIST) | On LinkedIn: https://www.linkedin.com/in/julie-haney-037449119/ResourcesLearn more about Dr. Keri Pearlson's research: https://mitsloan.mit.edu/faculty/directory/keri-pearlsonLearn more about the NIST Human-Centered Cybersecurity Program: https://csrc.nist.gov/projects/human-centered-cybersecurityCybersecurity at MIT Sloan (CAMS): https://cams.mit.edu/The Future of Cybersecurity Newsletter | https://www.linkedin.com/newsletters/7108625890296614912/More Redefining CyberSecurity Podcast episodes | https://www.seanmartin.com/redefining-cybersecurity-podcastRedefining CyberSecurity Podcast on YouTube | https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqKeywordsdr. keri pearlson, julie haney, mit sloan, nist, sean martin, cybersecurity culture, security culture, values attitudes beliefs, cyber resilience, human-centered cybersecurity, security awareness, phishing, cybersecurity maturity model, security behavior, cybersecurity strategy, redefining cybersecurity, cybersecurity podcast, redefining cybersecurity podcast Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

None of Your Goddamn BusinessJohn Morgan Salomon said something during our conversation that I haven't stopped thinking about. We were discussing encryption, privacy laws, the usual terrain — and he cut through all of it with five words: "It's none of your goddamn business."Not elegant. Not diplomatic. But exactly right.John has spent 30 years in information security. He's Swiss, lives in Spain, advises governments and startups, and uses his real name on social media despite spending his career thinking about privacy. When someone like that tells you he's worried, you should probably pay attention.The immediate concern is something called "Chat Control" — a proposed EU law that would mandate access to encrypted communications on your phone. It's failed twice. It's now in its third iteration. The Danish Information Commissioner is pushing it. Germany and Poland are resisting. The European Parliament is next.The justification is familiar: child abuse materials, terrorism, drug trafficking. These are the straw man arguments that appear every time someone wants to break encryption. And John walked me through the pattern: tragedy strikes, laws pass in the emotional fervor, and those laws never go away. The Patriot Act. RIPA in the UK. The Clipper Chip the FBI tried to push in the 1990s. Same playbook, different decade.Here's the rhetorical trap: "Do you support terrorism? Do you support child abuse?" There's only one acceptable answer. And once you give it, you've already conceded the frame. You're now arguing about implementation rather than principle.But the principle matters. John calls it the panopticon — the Victorian-era prison design where all cells face inward toward a central guard tower. No walls. Total visibility. The transparent citizen. If you can see what everyone is doing, you can spot evil early. That's the theory.The reality is different. Once you build the infrastructure to monitor everyone, the question becomes: who decides what "evil" looks like? Child pornographers, sure. Terrorists, obviously. But what about LGBTQ individuals in countries where their existence is criminalized? John told me about visiting Chile in 2006, where his gay neighbor could only hold his partner's hand inside a hidden bar. That was a democracy. It was also a place where being yourself was punishable by prison.The targets expand. They always do. Catholics in 1960s America. Migrants today. Anyone who thinks differently from whoever holds power at any given moment. These laws don't just catch criminals — they set precedents. And precedents outlive the people who set them.John made another point that landed hard: the privacy we've already lost probably isn't coming back. Supermarket loyalty cards. Surveillance cameras. Social media profiles. Cookie consent dialogs we click through without reading. That version of privacy is dead. But there's another kind — the kind that prevents all that ambient data from being weaponized against you as an individual. The kind that stops your encrypted messages from becoming evidence of thought crimes. That privacy still exists. For now.Technology won't save us. John was clear about that. Neither will it destroy us. Technology is just an element in a much larger equation that includes human nature, greed, apathy, and the willingness of citizens to actually engage. He sent emails to 40 Spanish members of European Parliament about Chat Control. One responded.That's the real problem. Not the law. Not the technology. The apathy.Republic comes from "res publica" — the thing of the people. Benjamin Franklin supposedly said it best: "A republic, if you can keep it." Keeping it requires attention. Requires understanding what's at stake. Requires saying, when necessary: this is none of your goddamn business.Stay curious. Stay Human. Subscribe to the podcast. And if you have thoughts, drop them in the comments — I actually read them.Marco CiappelliSubscribe to the Redefining Society and Technology podcast. Stay curious. Stay human.> https://www.linkedin.com/newsletters/7079849705156870144/Marco Ciappelli: https://www.marcociappelli.com/John Salomon Experienced, international information security leader. vCISO, board & startup advisor, strategist.https://www.linkedin.com/in/johnsalomon/  Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What if the real risk isn't adopting AI agents, but refusing to? James Nettesheim, CISO & Head of Enterprise Technology at Block, argues that principled risk-taking beats playing it safe. James shares Block's journey co-designing the Model Context Protocol with Anthropic and building Goose, their open-source general-purpose agent that enables anyone in the company to write security detections using natural language.James also explores Block's Binary Intelligent Triage system achieving 99.9% accuracy, their data safety levels framework, and practical strategies for balancing autonomous AI capabilities with human oversight. James offers candid insights about implementing AI security principles, the evolution from tool experts to domain experts, and why open source remains fundamental to Block's mission of economic empowerment and technological innovation. Topics discussed:Co-designing of MCP with Anthropic and developing of Goose as an open-source general-purpose AI agentImplementing prompt injection defenses and adversarial AI concepts to harden Goose against malicious instructions and attacksRolling out AI responsibly through data safety levels modeled after CDC bio-contamination protocols for sensitive data handlingDemocratizing detection engineering by enabling anyone at Block to write detections using natural languageAchieving 40% of new detections created with AI assistance through recipes, playbooks, and automated tuning capabilitiesBuilding Binary Intelligent Triage system that analyzes historical alerts and investigations to achieve 99.9% automated triage accuracyBalancing autonomous AI capabilities with human oversight, requiring PR reviews and maintaining accountability for agent-generated codeTransitioning from tool expertise to domain expertise as the future skill set needed for detection and response professionalsBlock's commitment to open source development driven by economic empowerment mission and desire to build accessible financial tools Listen to more episodes: Apple Spotify YouTubeWebsite

The recent U.S. Executive Order 14365, Ensuring a National Policy Framework for Artificial Intelligence, is the administration's latest attempt to prevent the enforcement of most of the AI laws passed in individual US states. Because it is only an executive order (EO), it cannot directly nullify, supersede, forestall, or put a pause on state-level laws.... Read more »

Can cyber risk actually be measured in dollars? How do you know if your risk data vendor is any good? And is cyber insurance really worth the investment? Let's find out with our guest Scott Stransky, who leads the Cyber Risk Intelligence Center at Marsh and was named 2023 Cyber Risk Industry Person of the Year. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.  LinkedIn profile -- https://www.linkedin.com/in/scott-stransky-92659095/ Top 12 Report -- https://www.marsh.com/en/services/cyber-risk/insights/cybersecurity-signals.html                          Marsh Cyber Risk Intelligence Center -- https://www.corporate.marsh.com/solutions/cyber-resilience/cyber-risk-intelligence-center.html  

Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Nick Ryan, former CISO, and Chris Ray, Field CTO, GigaOm Thanks to our show sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at  ztw.com. All links and the video of this episode can be found on CISO Series.com      

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is their sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: Getting permissions right The fundamentals that still fail Know what you have Simple controls, outsized impact Huge thanks to our sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.

As 2026 begins, security leaders are facing growing uncertainty across technology, economics, and global risk. In this episode of Life of a CISO, Dr. Eric Cole challenges the fear-driven narrative around artificial intelligence and explains why CISOs must take the lead in guiding AI adoption, not reacting to it. Dr. Cole breaks down why AI is not here to replace people, but to eliminate repetitive, low-value work so humans can focus on creativity, judgment, and leadership. He explains the danger of allowing AI to make decisions without emotional and human context, and why unmanaged AI tools are quietly creating massive data leaks and financial losses inside organizations. This episode outlines how CISOs should responsibly manage AI as an enterprise application, just like any other critical technology, and how to clearly present AI risk, cost savings, and solutions to the board in language executives understand. Dr. Cole also shares a practical framework for aligning security budgets, roadmaps, and business risk so CISOs can drive real impact and earn trust at the executive level. If you are navigating AI, boardroom expectations, or the evolving role of the CISO, this episode delivers clear guidance on how to lead with simplicity, accountability, and solutions.

Marko Horvat has been a public accountant, Controller, head of FP&A and CFO, as well as VP in Gartner's research and advisory practice, specializing in topics most relevant to CFOs and finance transformation. In this episode he talks:  Interplay IT and CISO and organizational politics (“if it runs on electricity, it's ours”) CFO skillsets gap Real change in CFO's Office with AI (audit pattern recognition to forecasting) Last mile transformation in finance  Mindset, skillset, toolset transformation  Treating forecast as in perpetual beta  The power of the subtotal function  Recommended books: There's Got to Be a Better Way: How to Deliver Results and Get Rid of the Stuff That Gets in the Way of Real Work Superforecasting: The Art and Science of Prediction

Greg van der Gaast, cybersecurity leader and founder of Sequoia Consulting, shares why modern security keeps failing — and it's not because attackers are getting smarter. Drawing from his path from teenage hacker to government witness to CISO, Greg reveals how weak IT foundations, broken processes, and poor data habits create the conditions for most breaches. He explains why security must be treated as a quality discipline, how unstructured data quietly multiplies risk, and how AI can finally help uncover the root causes that organizations often overlook.

Send us a textWelcome to the Serious Privacy podcast, where Paul Breitbarth, Dr. K Royal, and Ralph O'Brien meet with Tom Kemp of the California Privacy Protection Agency. We talk about the new DROP system, priorities, history, and coordination with other agencies and lawmakers. Tom was previously on Serious Privacy, before his CPPA days. If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

Please enjoy this encore of CISO Perspectives. In this mid-season episode, Kim takes a step back to reflect on the journey so far—revisiting key conversations, standout moments, and recurring themes that have shaped the season. During the episode, Kim sits down with N2K's own Ethan Cook to connect the dots across episodes, uncovering deeper patterns and takeaways. Whether you're catching up or tuning in weekly, this episode offers a thoughtful recap and fresh perspective on where we've been—and what's still to come. Learn more about your ad choices. Visit megaphone.fm/adchoices

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series, and Andy Ellis, principal of Duha. Joining them is Janet Heins, CISO, ChenMed. In this episode: Inbound gets ignored Independence under constraint Methodology means nothing Lives over logins Huge thanks to our sponsor, Guardsquare Guardsquare delivers mobile app security without compromise, providing advanced protections for both Android and iOS apps. From app security testing to code hardening to real-time visibility into the threat landscape, Guardsquare solutions provide enhanced mobile application security from early in the development process through publication. Learn more about how to protect your app at Guardsquare.com.

It's a brand new season of Random but Memorable — and we're kicking things off with practical security for the people you care about most.

Rob Suárez, Vice President and Chief Information Security Officer at CareFirst BlueCross BlueShield joins Ann on this week's episode of Afternoon Cyber Tea. In the conversation, Rob shares how his career path and personal philosophy have shaped a mission-driven approach to cybersecurity that places patient trust, safety, and privacy at the center of every decision. He discusses the unique challenges of securing a deeply interconnected healthcare ecosystem, the critical role of culture and cyber literacy across organizations, and why transparency and resilience are essential during incidents. The episode also explores secure-by-design principles, the ethical use of AI in healthcare, and how the CISO role is evolving toward a broader focus on trust, collaboration, and human impact.     Resources:  View Rob Suárez on LinkedIn    View Ann Johnson on LinkedIn     Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast   The BlueHat Podcast    Uncovering Hidden Risks            Discover and follow other Microsoft podcasts at microsoft.com/podcasts       Afternoon Cyber Tea with Ann Johnson is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.  

A CMO Confidential Interview with James Shira, Principal, Global and US CIO and Global CISO at PwC. James details how @PwC is running an "AI marketplace" within the company which features a number of models, his focus on scale, security, and user experience, and the case for approaching AI with a "humility" mindset. Key topics include: how the CISO (Chief Information Security Officer) balances rapid enablement and security needs; why CMO's should have a working knowledge of the technology roadmap; and tips for aligning with your CIO. Tune in to hear how to "go rogue" if you must and a story about socks. Sponsored by Scrunch AI: learn more here → https://www.scrunchai.com/cmoGlobal CIO & CISO James Shira joins Mike to decode what your CIO wishes you knew—AI adoption, security trade-offs, model “marketplaces,” and how CMOs should really partner with IT. Concrete guidance on prioritization, tech stack decisions, legacy constraints, and when “going rogue” is justified. Practical, senior-level playbook for winning with AI without lighting money—or trust—on fire. **Chapters**00:00 – Welcome & setup: “What your CIO wants to tell you, but won't” 01:15 – The AI era: pace, complexity, stakeholder pressure 03:24 – Humility first: why being late to AI isn't OK 04:09 – Designing for scale, security, and real user adoption at PwC 06:00 – Building a model “marketplace” (40+ models) & minimum bars 07:27 – Guardrails: encryption, data governance, and safe experimentation 09:32 – Adoption reality: super-users, skeptics, and moving the middle 11:00 – What “leading” looks like: C-suite prioritization & high-value use cases 13:00 – CISO shift: from gatekeeper to enabler; managing Kobayashi-Maru choices 16:59 – How marketers help: anticipate CIO/CISO problems, simplify choices 19:00 – MarTech the smart way: align to architecture, reduce sprawl, bring options 22:00 – No IT dance partner? Work with COO/CFO; standardize and choose fit over “sexy” 24:33 – Legacy estates: outsource vs. “AI-ify” retained work; show ROI math 26:29 – When to go rogue—and how not to get fired doing it 31:00 – Free advice to agencies: do the work, bring substance, not spam 32:00 – Closing & funniest story (Zurich board-meeting socks) CMO Confidential,Mike Linton,James Shira,PwC,CIO,CISO,AI,GenAI,AI adoption,AI governance,cybersecurity,enterprise IT,MarTech,marketing technology,tech stack,cloud strategy,data governance,model marketplace,digital transformation,change management,prioritization,COO,CFO,CapEx,legacy modernization,outsourcing,automation,meeting summaries,audit,experimentation,go rogue,executive leadership,marketing strategy,enterprise software,boardroom,CMO tipsSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Segment 1: Interview with Warwick Webb From Initial Entry to Resilience: Understanding Modern Attack Flows Modern cyberattacks don't unfold as isolated alerts--they move as coordinated attack flows that exploit gaps between tools, teams, and time. In this episode, Warwick Webb, Vice President of Managed Detection and Response at SentinelOne, breaks down how today's breaches often begin invisibly, progress undetected through siloed security stacks, and accelerate faster than human response alone can handle. He'll discuss how unified platforms, machine-speed detection powered by global threat intelligence, and expert-led response change the equation--turning fragmented signals into clear attack narratives. The conversation concludes with how organizations can move beyond incident response to build resilience, readiness, and continuous improvement through post-attack analysis. Listeners will leave with a clearer understanding of how attacks actually unfold in the real world—and what it takes to move from reactive alert handling to true attack-flow-driven defense. Segment Resources: Wayfinder MDR Solution Brief 451 MDR Report Managed Defense Redefined Blog This segment is sponsored by SentinelOne. Visit https://securityweekly.com/sentinelone to learn more about them! Segments 2 and 3: The Weekly News In this week's enterprise security news, we've got funding free tools! the CISO's craft agentic browsers tech companies are building cyber units? giving AI agents access to your entire life lots of dumpster fires in the industry today Cisco killed Kenna the state of AI in the SOC homemade EMP guns! don't try this at home All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-444

Segment 1: Interview with Warwick Webb From Initial Entry to Resilience: Understanding Modern Attack Flows Modern cyberattacks don't unfold as isolated alerts--they move as coordinated attack flows that exploit gaps between tools, teams, and time. In this episode, Warwick Webb, Vice President of Managed Detection and Response at SentinelOne, breaks down how today's breaches often begin invisibly, progress undetected through siloed security stacks, and accelerate faster than human response alone can handle. He'll discuss how unified platforms, machine-speed detection powered by global threat intelligence, and expert-led response change the equation--turning fragmented signals into clear attack narratives. The conversation concludes with how organizations can move beyond incident response to build resilience, readiness, and continuous improvement through post-attack analysis. Listeners will leave with a clearer understanding of how attacks actually unfold in the real world—and what it takes to move from reactive alert handling to true attack-flow-driven defense. Segment Resources: Wayfinder MDR Solution Brief 451 MDR Report Managed Defense Redefined Blog This segment is sponsored by SentinelOne. Visit https://securityweekly.com/sentinelone to learn more about them! Segments 2 and 3: The Weekly News In this week's enterprise security news, we've got funding free tools! the CISO's craft agentic browsers tech companies are building cyber units? giving AI agents access to your entire life lots of dumpster fires in the industry today Cisco killed Kenna the state of AI in the SOC homemade EMP guns! don't try this at home All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-444

Tim Brown is the CISO at SolarWinds. In this episode, he joins host Paul John Spaulding and Bobby Ford, Chief Strategy & Experience Officer at Doppel, to discuss today's threat landscape and what organizations can do to protect themselves in light of new threats such as deepfakes and artificial intelligence. This episode of CISO Confidential is brought to you by Doppel. Learn more about our sponsor at https://doppel.com.

Segment 1: Interview with Warwick Webb From Initial Entry to Resilience: Understanding Modern Attack Flows Modern cyberattacks don't unfold as isolated alerts--they move as coordinated attack flows that exploit gaps between tools, teams, and time. In this episode, Warwick Webb, Vice President of Managed Detection and Response at SentinelOne, breaks down how today's breaches often begin invisibly, progress undetected through siloed security stacks, and accelerate faster than human response alone can handle. He'll discuss how unified platforms, machine-speed detection powered by global threat intelligence, and expert-led response change the equation--turning fragmented signals into clear attack narratives. The conversation concludes with how organizations can move beyond incident response to build resilience, readiness, and continuous improvement through post-attack analysis. Listeners will leave with a clearer understanding of how attacks actually unfold in the real world—and what it takes to move from reactive alert handling to true attack-flow-driven defense. Segment Resources: Wayfinder MDR Solution Brief 451 MDR Report Managed Defense Redefined Blog This segment is sponsored by SentinelOne. Visit https://securityweekly.com/sentinelone to learn more about them! Segments 2 and 3: The Weekly News In this week's enterprise security news, we've got funding free tools! the CISO's craft agentic browsers tech companies are building cyber units? giving AI agents access to your entire life lots of dumpster fires in the industry today Cisco killed Kenna the state of AI in the SOC homemade EMP guns! don't try this at home All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-444

Kevin Carlson is a rare blend of technologist, strategist, and coach who bridges the gap between executive vision and operational execution. Drawing from his experience as a CTO, CISO, and Executive Coach, he aligns technological frameworks, security protocols, and leadership development strategies, enabling leaders to enhance both their organizational infrastructure and their personal effectiveness. Listen NOW to discover, The AI Leadership Gap That Nobody Talks About

All links and images can be found on CISO Series. Check out this post by Patrick Garrity of VulnCheck for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is Tom Doughty, CISO, Generate:Biomedicines. In this episode:  The 3Ms of product clarity Buzzwords work because buyers aren't experts Investor pressures distort messaging Threading the needle Huge thanks to our sponsor, Alteryx Alteryx is a leading AI and data analytics company that powers actionable insights that help organizations drive smarter, faster decisions. Alteryx One helps security, risk, and operations leaders cut hours of manual work to minutes, generate trusted insights at scale, and turn raw data into action faster than ever. Learn more at www.alteryx.com.

In this episode of The New CISO, host Steve Moore speaks with Manuel "Manu" Ressel, CISO at SAUTER Group, about his unconventional journey from classroom teacher to cybersecurity leader—and why the "Four Cs" of modern education provide a powerful framework for building effective security programs. Drawing from years as both a teacher and school principal in Germany, Manu introduces Critical Thinking, Communication, Collaboration, and Creativity as essential leadership skills that fundamentally challenge how the industry approaches awareness training and incident response.After growing frustrated with Germany's outdated education system that prioritized memorization over critical thinking, Manu left his position as principal and reinvented himself as a digital transformation consultant. Working with schools and mid-sized companies to adopt cloud technologies, he eventually landed the CISO role at SAUTER, an international building automation company with 4,000 employees across multiple countries.The conversation tackles security's most persistent failure: awareness training that doesn't work. Manu reveals that 37% of security incidents in Germany could be prevented if users made better decisions, yet most organizations rely on boring click-through programs. He advocates for scenario-based, role-specific training—an approach now mandated by Europe's NIS 2 regulation—that treats people as the biggest opportunity in cybersecurity rather than the weakest link.One of the episode's most practical frameworks is Manu's Observation-Description-Interpretation method for analyzing security incidents. He explains how humans naturally jump from observation directly to interpretation, skipping the crucial middle step of accurately describing what actually happened. This leads to finger-pointing, misdiagnosis, and hasty decisions. By training security analysts to pause and describe incidents factually first, teams make better decisions and build trust with the business.Manu challenges the punitive approach many organizations take toward security failures, particularly companies that fire employees for repeatedly clicking phishing simulations. He champions building positive fault cultures where employees feel safe reporting mistakes. His three crisis questions—Is anyone dying? Major financial impact? Will someone be hurt?—provide a simple framework for staying calm and deciding when immediate action is necessary versus taking time to think strategically.Key Topics Discussed:Why the "Four Cs" (Critical Thinking, Communication, Collaboration, Creativity) define effective security leadershipThe Observation-Description-Interpretation framework for incident analysis without biasTransforming ineffective awareness training into engaging, scenario-based programsBuilding positive security cultures where employees report issues without fearNIS 2's mandate for role-specific cybersecurity training across organizational levelsWhy Germany and European mid-market companies lag in cloud adoptionThree critical crisis questions: Is anyone dying? Financial impact? Risk of harm?Why punitive phishing training destroys trust and cultural engagementApplying teacher skills to security leadership and de-escalation...

Send us a textWe are back! Welcome to season 7 of the Serious Privacy podcast, with dr. K Royal, Ralph O'Brien and Paul Breitbarth. Also this season, we will keep you up to date of developments in the data protection and privacy community, artificial intelligence and some cybersecurity. And of course we'll bring you interviews with great guests! If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. with the voiceover by Tim Foley.

In episode 172 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Chirag Arora, Cyber Security Executive Advisor and CISO at Dorf Nelson & Zauderer LLP. Together, they discuss how Chirag draws upon his experience as a CISO and his community work as a CIS Critical Security Controls® (CIS Controls®) Ambassador to help other CISOs with their cybersecurity programs.Here are some highlights from our episode:00:51. Introduction to Chirag and the early years of his work as a CIS Controls Ambassador06:03. The value of measurement and psychology when discussing assessments with CISOs09:00. Chirag's work on a CISO certification and vision for aligning it to the CIS Controls12:31. How open sharing of wisdom between CISOs makes the world more secure20:57. The importance of storytelling for CISOs, CIS Controls Ambassadors, and other leaders24:29. Chirag's use of law school to take his understanding of reasonableness up a level28:13. Regular opportunities for CIS Controls Ambassadors to discuss universal issues31:08. The heightened importance of nonprofit organizations bringing people togetherResourcesCIS Critical Security Controls®Episode 160: Championing SME Security with the CIS ControlsEpisode 168: Institutionalizing Good Cybersecurity IdeasReasonable Cybersecurity GuideSimplify Security Management with CIS SecureSuite PlatformCISO Certification by GlobalCISO Leadership Foundation™If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Are there some things that can come off your strategic planning radar for IT and cybersecurity in 2026? If you ask AI, you'll get some surprising answers. Johna and John take a critical look at this AI-generated list to see which ones may or may not be “solved enough” to fall off the strategic planning... Read more »

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Johann Balaguer, Global CISO, Hard Rock Hotels and Casinos. In this episode: Understanding the why Own your digital self Invest beyond tenure Prepare for dependencies Thanks to Louis Zhichao Zhang, AIA Australia for contributing this week's "What's Worse?!" scenario. Huge thanks to our sponsor, Guardsquare Guardsquare delivers mobile app security without compromise, providing advanced protections for both Android and iOS apps. From app security testing to code hardening to real-time visibility into the threat landscape, Guardsquare solutions provide enhanced mobile application security from early in the development process through publication. Learn more about how to protect your app at Guardsquare.com.

Are there some things that can come off your strategic planning radar for IT and cybersecurity in 2026? If you ask AI, you'll get some surprising answers. Johna and John take a critical look at this AI-generated list to see which ones may or may not be “solved enough” to fall off the strategic planning... Read more »

Why do IT organizations cling to ancient technology like Windows 2003, creating dangerous technical debt they don't even recognize? And how do they get out of this trap? Let's find out with our guest Anton Chuvakin, who advises the biggest customers of Google's Cloud services. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.   LinkedIn profile -- https://www.linkedin.com/in/chuvakin/   Podcast -- https://cloud.withgoogle.com/cloudsecurity/podcast/

Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Krista Arndt, associate CISO, St. Luke's University Health Network, and Jason Shockey, CISO, Cenlar FSB Thanks to our show sponsor, Conveyor Ever dream of giving customers instant answers to their security questions without ever filling out another questionnaire? Meet Conveyor's new Trust Center Agent. The Agent lives in your Conveyor Trust Center and answers every customer question, surfaces documents and even completes full questionnaires instantly so customers can finish their review and be on their way. Top tech companies like Atlassian, Zapier, and more are using Conveyor to automate away tedious work. Learn more at conveyor.com. All links and the video of this episode can be found on CISO Series.com

Show Notes: Jason Baumgarten is a partner at Spencer Stuart where he is also the global head and CEO of board practice. He assists businesses in all sectors to identify and evaluate CEOs who motivate senior leadership teams to reach their full potential. Additionally, he assists boards with CEO succession planning, director recruitment, and identifying future leaders.  How to Join a For-profit Board Jason talks about the range of roles on a board and the specific roles a board might be looking to fill. He explains that the specificity of board roles varies based on the scale and maturity of the organization, using a real example of a board search he is currently involved in. Jason discusses how sophisticated boards often have specific requirements for board members, such as industry experience, geographic expertise, and specific skill sets. Identifying and Defining Board Roles When asked about the various categories of board roles, such as finance, data analytics, and HR, Jason explains that the most common request is for recently or actively retired CEOs, followed by CFOs with specific finance experience. He  highlights the importance of understanding the nature and type of business the company is in, such as regulated industries, capital-light businesses, or capital-heavy businesses. Board Member Etiquette Jason outlines the main drivers for wanting to be on a board: prestige and the desire to be helpful. He explains the concept of "noses in, fingers out" in governance, emphasizing the importance of board members being helpful but not overly involved. He also discusses the range of compensation for board members, from stipends to significant annual fees, and advises against depending on board compensation as a primary source of income.  He stresses the importance of being willing to fire oneself from a board to provide objective advice to the CEO. The Reality of Joining a Board for Management Consultants Jason advises not to limit aspirations and suggests using a simple litmus test: "if the company wouldn't hire you as a top executive, they probably won't consider you for a board role." He explains the importance of nonprofit boards, both fundraising and operating boards, and how they can provide valuable experience and networking opportunities. Jason discusses the potential for board roles in small private companies, large private companies, and public companies, emphasizing the importance of regional connections and unique experiences. The Role of Executive Search Firms in Board Recruitment Jason explains that search firms are often involved in board searches for public or pre-IPO companies and large private equity firms. He advises building relationships with search firms and being responsive and helpful when they reach out for market intelligence or advisory work. Jason also shares the importance of having a network of firms that work in your industry or location and how advisory work can lead to board opportunities. How Boards Vet Prospective Members The conversation turns to the process of being vetted and evaluated for a board role, including interviews, background checks, and social media history. Jason explains that some  boards generally recruit with a lighter touch than other roles, but private equity and regulated boards may conduct more thorough diligence. He advises candidates to ask about the board's process, including the last board member hired and the steps involved in the recruitment process. He also emphasizes the importance of meeting all board members and ensuring a good fit in terms of personality and interests. The Commitment Reality of Being on the Board Jason talks about the typical time commitment for board members, including meetings, committee calls, and ad hoc time with the CEO. He explains the importance of understanding the size of board decks and the amount of preparation required for each meeting. Jason also advises candidates to be patient and persistent, as the process of getting on a board can take years and is often unpredictable. Identifying Risks to Board Members When asked about the risks involved in accepting a board position and the importance of D&O insurance, Jason recommends consulting with a D&O insurance broker to understand the market and ensure appropriate coverage. He advises candidates to be aware of any litigation or regulatory risks associated with the board and to seek legal advice if necessary. Jason also emphasizes the importance of understanding the board's D&O policy and ensuring that board members are covered appropriately. Final Thoughts and Advice Jason reiterates the importance of understanding the time commitment and potential disruptions that can arise. He advises candidates to be patient and persistent, as the process of getting on a board can take years. Jason shares a story about a former CISO who became a sought-after board member, illustrating the unpredictability of the process and the importance of perseverance. Timestamps: 02:18: Types of Board Roles and Common Requests 05:29: Benefits of Being on a Board  08:08: Levels of Boards and Aspirations  15:24: Search Firms and Board Recruitment Processes  32:38: The Board Recruitment Process 39:41: Time Commitment and Potential Disruptions  42:50: Risk and Insurance Considerations  47:16: Final Thoughts and Advice  Links: Website: getscalar.ai   This episode on Umbrex: https://umbrex.com/unleashed/episode-632-jason-baumgarten-how-to-position-yourself-for-board-roles/ Unleashed is produced by Umbrex, which has a mission of connecting independent management consultants with one another, creating opportunities for members to meet, build relationships, and share lessons learned. Learn more at www.umbrex.com. *AI generated timestamps and show notes.  

You'd think the folks steering the cybersecurity ship would be the last ones to punch holes in the hull—but nope, even the pros trip over their own policies. In this episode, we dive headfirst into a cautionary tale where a CISO (yes, the security guy) admits to becoming the insider threat he warns others about. From skipping his own software vetting procedures to triggering network alarms like it's the 4th of July, this story is equal parts cringe and crucial. Strap in as we explore how even the most iron-clad experts are still deliciously human. More info at HelpMeWithHIPAA.com/544

The most dangerous attack surface isn't your infrastructure, it's desire under pressure. When people are emotional, impulsive, and hoping for connection, security controls don't fail… judgment does. Ron sits down with George Al-Koura, CISO at Ruby Life, to talk about securing some of the most psychologically sensitive data on the internet, and why dating data can carry more real-world risk than financial data. From the fallout of the Tea dating-safety app breaches to impulse-driven human behavior, sexual science, and intel-driven security, this conversation cuts straight to the uncomfortable truth: protecting users means understanding how people actually behave when emotion overrides logic. Impactful Moments 00:00 - Introduction 01:45 - Tea app breach reality-check 04:26 - Why George chose Ruby Life 09:10 - Dating data hits harder 11:52 - Competitors refuse threat sharing 16:15- AI boosts social engineering 18:47 - Horny brains create risk 19:49 - Sexual science meets security 21:20 - AI avatars dating first 33:13 - Trust is earned in layers Links Connect with our guest on LinkedIn: https://www.linkedin.com/in/george-y-al-koura/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/    

Ransomware isn't a technical problem—it's a leadership test. In this episode of Life of a CISO, Dr. Eric Cole welcomes back bestselling author and cybersecurity leader Zachary Lewis to break down the real-world realities of responding to a ransomware attack. Drawing from firsthand experience, they discuss why executive relationships, preparation, and credibility matter more than tools, how CISOs survive high-pressure incidents, and what separates leaders who thrive after a breach from those who don't. If you're a CISO, security leader, or aspiring executive, this episode offers practical insight into what ransomware response really looks like when everything is on the line.  

In this three-part series our guests reprise their panel discussion at the Executive Women's Forum DSG Global conference titled "You Be The Judge," during which they explored scenarios involving harms potentially caused by Agentic AI.In Episode 1 they discuss an Agentic AI mammography triage system designed to flag positives for a radiologist, auto-send “all clear” letters for negatives, and operate with minimal human oversight. They answer this difficult question: When the machine gets it wrong, who is accountable? Developers, hospitals, clinicians, and/or data providers? What role do contracts, warnings, and intended-use labels play in establishing liability? What safeguards would balance speed and safety? Random audits? Documentation? Will a new standard of care develop for machine decision-making? I take the back seat in this series as the panelists moderate the discussion. They are:Galina Datskovsky, PhD, CRM, FAIBoard of Directors, FIT and OpenAxesInformation Governance and AI expertMarina KaganovichAMERS Financial Services Executive Trust LeadOffice of the CISO, Google Cloud Hon. Lisa WalshFlorida Circuit Judge11th Judicial Circuit, Miami-Dade CountySpecial thanks to Kathryn M. Rattigan, Partner, Data Privacy + Cybersecurity with Robinson+Cole for bringing this team to the Emerging Litigation Podcast. If you work in health tech, compliance, or hospital operations -- or you advise these professionals -- this conversation offers a clear-eyed guide to deploying autonomous agents responsibly—without sleepwalking into preventable harm. If you like what you hear, watch for Episodes 2 and 3. ______________________________________ Thanks for listening! If you like what you hear please give us a rating. You'd be amazed at how much that helps. If you have questions for Tom or would like to participate, you can reach him at Editor@LitigationConferences.com. Ask him about creating this kind of content for your firm -- podcasts, webinars, blogs, articles, papers, and more. Tom on LinkedIn Emerging Litigation Podcast on LinkedIn Emerging Litigation Podcast on the HB Litigation site

What happens when cyber risk leaders stop speaking in acronyms and start telling stories? In this episode, host Jason Bradwell sits down with Jeffrey Wheatman, SVP of Cyber Risk Strategy at Black Kite and longtime cybersecurity evangelist, to talk about how to lead with problems, not products. From decades advising CISOs at Gartner to launching the panel show Third Party, Jeff shares what he's learned about building trust, breaking down "terminal uniqueness," and why vendors need to collaborate on educating the market instead of competing. If you care about cutting through noise in a saturated market, this conversation is packed with insights you can actually use. Jason and Jeff dive into why so many cybersecurity vendors fall into the trap of "terminal uniqueness" believing they're so different that they can't learn from anyone else. Jeff explains why this mindset kills effective marketing and how leading with the problem, not your product features, is the only way to break through. They explore why CISOs won't talk to sales teams (hint: it's not personal, it's about trust) and why the cybersecurity industry desperately needs more collaboration. Jeff makes a compelling case that we're at war with ransomware networks, yet vendors refuse to talk to each other about how to educate buyers. The conversation shifts to buyer awareness stages and where most marketing completely misses the mark. Jeff shares his framework for thinking about audiences beyond just problem-aware buyers, and why "hallway therapy" at conferences builds more trust than any keynote ever will. Jason asks Jeff how he'd spend $100K to build an audience (not a campaign), and Jeff's answer revolves around creating spaces for real conversation, which is exactly what led him to launch Third Party, a panel show tackling cybersecurity topics with both strategic and tactical depth. They wrap with Jeff's shoutouts to creators doing cyber content right and key takeaways for B2B marketers trying to build trust in technical markets. Whether you're a security vendor struggling to differentiate, a CISO trying to communicate risk to the board, or a B2B marketer in any technical space, Jeff's insights on problem-first storytelling and building genuine community will transform how you think about reaching your audience. This isn't about more content, it's about better conversations. Subscribe to catch every episode. Leave a review to help others discover the show. Share with security professionals or B2B marketers trying to break through technical noise. Follow B2B Better on LinkedIn for weekly insights. 00:00 - Introduction: Cutting through cyber noise 01:30 - Jeff's journey from Gartner to Black Kite 04:00 - Terminal uniqueness: the "we're different" trap 07:00 - Lead with problems, not product features 09:30 - Why CISOs avoid sales conversations 13:00 - We're at war: Why vendors need to collaborate 17:30 - Buyer awareness stages marketers miss 20:00 - Why competitors won't talk (and should) 24:00 - Hallway therapy beats keynotes 27:00 - The $100K audience-building question 30:00 - Launching Third Party panel show 35:00 - Strategic + tactical content together 38:00 - Cybersecurity creators doing it right 42:00 - Key takeaways for B2B marketers Connect with Jason Bradwell on LinkedIn Connect with Jeffrey Wheatman on LinkedIn Visit Black Kite podcast/resource hub Visit InfoSec World's official site Explore B2B Better website and the Pipe Dream podcast

In episode 171 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager sit down with Soledad Antelada Toledano, Security Advisor, Office of the CISO, Google Cloud at Google. Together, they discuss securing critical national infrastructure (CNI) in U.S. State, Local, Tribal, and Territorial (SLTT) government organizations through artificial intelligence (AI) adoption.Here are some highlights from our episode:00:50. Introduction to Soledad02:48. How the convergence of informational technology (IT) and operational technology (OT) has created bigger attack surfaces04:10. The proliferation of threat actors targeting critical infrastructure sectors07:24. The challenge of legacy systems for U.S. SLTT owners of CNI08:13. Alert fatigue, limited visibility, and other challenges facing OT networks13:22. The value of automated cyber threat intelligence (CTI)24:46. Building strategic AI implementation around human in the loop (HITL)33:17. U.S. SLTTs' use of the cloud to test and build trust for securing CNIResourcesThe Changing Landscape of Security Operations and Its Impact on Critical InfrastructureCybersecurity for Critical InfrastructureEpisode 139: Community Building for the Cyber-UnderservedEpisode 119: Multidimensional Threat Defense at Large EventsLeveraging Generative Artificial Intelligence for Tabletop Exercise DevelopmentThe Evolving Role of Generative Artificial Intelligence in the Cyber Threat LandscapeEpisode 148: How MDR Helps Shine a Light on Zero-Day AttacksVulnerability Management Policy Template for CIS Control 7CIS Critical Security Controls v8.1 Industrial Control Systems (ICS) GuideIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining them is Sara Madden, CISO, Convera. In this episode: Hold developers accountable Credibility through candor Be strategic with AI deployment Resources don't guarantee security Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

David Gee, a veteran CISO, CIO, board advisor, and author, joins Ann Johnson, CVP of Cybersecurity, Microsoft, on this week's episode of Afternoon Cyber Tea. Drawing on decades of experience and insights from his books, Gee explores the gap between theory and reality for security leaders, the role of imposter syndrome in professional growth, and why embracing discomfort is essential to effective leadership. The conversation examines how CISOs can balance risk management with business enablement, reset expectations with boards and executives, and build resilient, team-driven security cultures. Gee also shares perspectives on mentorship, long-term sustainability in the role, and how the CISO must evolve from a control-focused operator to a strategic influencer in an era shaped by AI, regulation, and constant change.    Resources:  View David Gee on LinkedIn  View Ann Johnson on LinkedIn     Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast   The BlueHat Podcast    Uncovering Hidden Risks           Discover and follow other Microsoft podcasts at microsoft.com/podcasts      Afternoon Cyber Tea with Ann Johnson is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.

Rob Hughes — CISO at RSA and Champion of a Passwordless FutureNo Password Required Season 7:  Episode 1 - Rob HughesRob Hughes, the CISO at RSA, has more than 25 years of experience leading security and cloud infrastructure teams. In this episode, he reflects on his unconventional career path, from co-founding the original Geek.com and serving as its Chief Technologist during the early days of the internet, to leading security and systems design at Philips Home Monitoring.Jack Clabby of Carlton Fields, P.A. and Kayley Melton welcome Rob for a wide-ranging conversation on identity, leadership, and the realities of modern cybersecurity. Rob currently leads RSA's Security and Risk Office, overseeing cybersecurity, information security governance, and risk across both RSA's products and corporate environment.Rob explains his dream for a passwordless future. He unpacks why passwords remain one of the largest sources of cyber risk, how real-world incidents and password-spraying attacks have accelerated change, and why phishing-resistant technologies like passkeys may finally be reaching a tipping point.  The episode wraps with the Lifestyle Polygraph, where Rob lightens the conversation with stories about gaming with his kids, underrated horror films, and classic cars.Follow Rob on LinkedIn: https://www.linkedin.com/in/robert-hughes-816067a4/Chapters: 00:00 Introduction to No Password Required01:43 Meet Rob Hughes, CISO at RSA02:05 The Role of a CISO in a Security Company05:09 Transitioning to the CISO Role08:00 The Early Days of Geek.com12:14 Launching a Startup During the Dot Com Boom14:30 The Push for a Passwordless Future18:21 Tipping Point for Passwordless Adoption20:20 Ongoing Learning in Cybersecurity26:09 Managing Stress in High-Pressure Environments33:46 The Lifestyle Polygraph Begins34:15 Career Insights in Cybersecurity36:08 Dream Cars and Personal Preferences39:58 Underrated Horror Films41:19 Creating a Cybersecurity Monster

Please enjoy this encore of Career Notes. Deepen Desai, Global Chief Information Security Officer at Zscaler, shares his story as a doctor that treats computer viruses. He describes how he got into the security field and his work with Zscaler. He says what it's like learning and growing in this field and shares great advice for people who are up and coming in the field. Deepen describes working with an incredible team and how much joy it brings him to see his team learning and growing beyond their roles working with him. He says he want's to be remembered as a mentor among his colleagues. He says "I still remember my first team that I built, 15 years ago. Most of those guys are leading key technologies at many of the major security vendors, and some of them are still with me." We thank Deepen for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Deepen Desai, Global Chief Information Security Officer at Zscaler, shares his story as a doctor that treats computer viruses. He describes how he got into the security field and his work with Zscaler. He says what it's like learning and growing in this field and shares great advice for people who are up and coming in the field. Deepen describes working with an incredible team and how much joy it brings him to see his team learning and growing beyond their roles working with him. He says he want's to be remembered as a mentor among his colleagues. He says "I still remember my first team that I built, 15 years ago. Most of those guys are leading key technologies at many of the major security vendors, and some of them are still with me." We thank Deepen for sharing his story. Learn more about your ad choices. Visit megaphone.fm/adchoices

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by me, David Spark, the producer of CISO Series, and Jerich Beason, CISO, WM. Their guest is Pam Lindemoen, CSO and vp of strategy, RH-ISAC. In this episode: From loudest to most trusted Letting go of the win Listening over proving Beyond right and wrong Huge thanks to our sponsor, Alteryx Alteryx is a leading AI and data analytics company that powers actionable insights that help organizations drive smarter, faster decisions. Alteryx One helps security, risk, and operations leaders cut hours of manual work to minutes, generate trusted insights at scale, and turn raw data into action faster than ever. Learn more at www.alteryx.com.  

Leaders may shy away from thinking about insider threats because it means assuming the worst about colleagues and friends. But technology executives do need to confront this problem because insider attacks are prevalent—a recent study claims that in 2024, 83% of organizations experienced at least one—and on the rise. Moreover, AI and deepfakes vastly enhance... Read more »