POPULARITY
Categories
All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining them is Daniel Liber, CISO, Monday.com. In this episode: AI security's blind spot problem Vendors don't understand the assignment Marketing budgets overshadow actual innovation Accuracy versus effectiveness Huge thanks to our sponsor, Material Security Built specifically for Google Workspace, Material is a detection and response platform that protects Gmail, Google Drive, and accounts by proactively eliminating security gaps, stopping misconfigurations, and preventing shadow IT before they turn into costly problems. See Material in action today - https://material.security/providers/google-workspace?utm_source=third-party&utm_medium=website&utm_campaign=20251007-cisoseries
Government shutdown furloughs most CISA staff Microsoft Defender bug triggers erroneous BIOS update alerts Motility RV software company suffers cyberattack Huge thanks to our sponsor, Nudge Security Here's the thing: your employees are signing up for new apps, sharing data, and connecting tools together, often without anyone knowing. And, AI adoption is accelerating this trend. What if you could continuously discover when people start using new apps or sharing data, then prompt them with security guidance right when and where they are working? At Nudge Security, we call that securing the Workforce Edge. Instead of trying to control everything (which, let's face it, is impossible), we give IT and security teams the visibility they need and automation to guide employees toward secure behaviors. The result? Your workforce stays productive, your data stays secure, and you can finally get some sleep at night. Learn more at nudgesecurity.com/workforceedge Find the stories behind the headlines at CISOseries.com.
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Nick Espinosa, nationally syndicated host of The Deep Dive Radio Show, with guest Steve Zalewski, co-host, Defense in Depth Thanks to our show sponsor, Nudge Security Here's the thing: your employees are signing up for new apps, sharing data, and connecting tools together, often without anyone knowing. And, AI adoption is accelerating this trend. What if you could continuously discover when people start using new apps or sharing data, then prompt them with security guidance right when and where they are working? At Nudge Security, we call that securing the Workforce Edge. Instead of trying to control everything (which, let's face it, is impossible), we give IT and security teams the visibility they need and automation to guide employees toward secure behaviors. The result? Your workforce stays productive, your data stays secure, and you can finally get some sleep at night. Learn more at nudgesecurity.com/workforceedge All links and the video of this episode can be found on CISO Series.com
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Dan Walsh, CISO, Datavant. Joining them is their sponsored guest, Ash Hunt, vp, strategy, EMEA, Cyera. In this episode: The access creep challenge Bridging intent and execution Looking for integrity Racing against exponential complexity Huge thanks to our sponsor, Cyera AI is moving fast - can your security keep up? Join the leaders shaping the future of data and AI security at DataSecAI Conference 2025, hosted by Cyera, Nov 12–13 in Dallas. Register now at https://www.cyera.com/?utm_source=cisoseries
All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Pavi Ramamurthy, global CISO and CIO, Blackhawk Network. In this episode: We can't promise safe, but we can promise ready Are we accidentally building security nightmares? Being held accountable for things you had no say in The safe space problem in vendor evaluation Huge thanks to our sponsor, Adaptive Security Sponsored by Adaptive Security — the first cybersecurity company backed by OpenAI. Adaptive helps security leaders defend against AI-powered social engineering threats like deepfakes, vishing, and GenAI phishing with advanced phishing simulations and next-generation security awareness training. Adaptive's new AI Content Creator enables teams to instantly convert threat intelligence and compliance updates into interactive, multilingual training — no instructional design required. Trusted by Fortune 500s and backed by Andreessen Horowitz and the OpenAI. Learn more at http://www.adaptivesecurity.com
Dutch teenagers arrested for attempted espionage for Russia DoD announces replacement for risk management framework Fake Microsoft Teams installers deliver Oyster malware Huge thanks to our sponsor, Nudge Security Here's the thing: your employees are signing up for new apps, sharing data, and connecting tools together, often without anyone knowing. And, AI adoption is accelerating this trend. What if you could continuously discover when people start using new apps or sharing data, then prompt them with security guidance right when and where they are working? At Nudge Security, we call that securing the Workforce Edge. Instead of trying to control everything (which, let's face it, is impossible), we give IT and security teams the visibility they need and automation to guide employees toward secure behaviors. The result? Your workforce stays productive, your data stays secure, and you can finally get some sleep at night. Learn more at nudgesecurity.com/workforceedge Find the stories behind the headlines at CISOseries.com.
Microsoft to offer free Windows 10 security updates in Europe Teenage Vegas casino hacker released to parents Boyd Gaming hacked, employee data stolen Huge thanks to our sponsor, Conveyor Logging into yet another security questionnaire portal on a Friday at 3pm? Yeah, that's chaos. Conveyor AI is your fast path to calm. It finds every question no matter the format and fills in the answers—across portals, spreadsheets, PDFs, you name it. So instead of grinding through copy-paste, you get a first pass of accurate answers in minutes. Find your Friday Zen at www.conveyor.com. Find the stories behind the headlines at CISOseries.com.
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by David Spark with guests Brett Conlon, CISO, American Century Investments, and TC Niedzialkowski, Head of Security & IT, OpenDoor Thanks to our show sponsor, Conveyor Still stuck in security review chaos week after week? You're not the only one. But with Conveyor, teams finally get to a place of Questionnaire Zen. Our AI auto-fills answers across any format of questionnaire, even portals, and an enterprise-ready trust center keeps documents and policies ready for instant sharing. No more manual copy-pasting. No more last-minute scrambles. Just calm, clear security reviews that keep deals moving. Find your Zen with Conveyor at www.conveyor.com. All links and the video of this episode can be found on CISO Series.com
All links and images can be found on CISO Series. Check out this post by David Mundy of Tuskira for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is Jason Taule, CISO, Luminis Health. In this episode: ROI challenges Venture capital saturation Risk aversion and organizational politics A GTM transformation Huge thanks to our sponsor, Doppel Doppel is the first social engineering defense platform built to dismantle deception at the source. It uses AI and infrastructure correlation to detect, link, and disrupt impersonation campaigns before they spread - protecting brands, executives, and employees while turning every threat into action that strengthens defenses across a shared intelligence network. Learn more at https://www.doppel.com/platform
All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Erwin Lopez, CISO, SLAC National Accelerator Laboratory. In this episode: The AI experimentation phase isn't optional When selling security becomes the hardest part of the job Threat actors aren't hacking in anymore We build, we bond, and we can't bear to let go Huge thanks to our sponsor, ThreatLocker Human error remains one of the top cybersecurity threats. Just one wrong click can open the door to ransomware or data loss. With ThreatLocker, unauthorized apps, scripts, and devices are blocked before they can ever run. See how ThreatLocker can help you gain more control over your environment. Learn more at Threatlocker.com/CISO
European airport disruption due to cyberattack check-in and baggage software SMS scammers now using mobile fake cell towers GPT-4-powered MalTerminal malware creates ransomware and Reverse Shell Huge thanks to our sponsor, Conveyor If security questionnaires make you feel like you're drowning in chaos, you're not alone. Endless spreadsheets, portals, and questions—always when you least expect them. Conveyor brings calm to the storm. With AI that auto-fills questionnaires and a trust center that shares all your docs in one place, you'll feel peace where there used to be panic. Find your security review zen at www.conveyor.com. Find the stories behind the headlines at CISOseries.com.
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guests Jack Kufahl, CISO, Michigan Medicine, and Nick Espinosa, host, The Deep Dive Radio Show Thanks to our show sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust Center puts your security posture in one secure, customer-facing portal, giving buyers instant visibility into your company's continuous controls, certifications, and policies. With AI-powered Questionnaire Assistance, blast through inbound security questionnaires in minutes instead of days, automate cross functional workflows, and eliminate friction. That means less manual work, and faster deal cycles. Win with Trust. Learn more at SafeBase.io. All links and the video of this episode can be found on CISO Series.com
Google patches sixth Chrome zero-day exploited in attacks this year Microsoft to force install the Microsoft 365 Copilot app in October Two more Scattered Spider teen suspects arrested Huge thanks to our sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust Center puts your security posture in one secure, customer-facing portal, giving buyers instant visibility into your company's continuous controls, certifications, and policies. With AI-powered Questionnaire Assistance, blast through inbound security questionnaires in minutes instead of days, automate cross functional workflows, and eliminate friction. That means less manual work, and faster deal cycles. Win with Trust. Learn more at SafeBase.io. Find the stories behind the headlines at CISOseries.com.
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is our sponsored guest, Kara Sprague, CEO, HackerOne. In this episode: Shadow AI as a control problem Rethinking identity for autonomous agents When process meets momentum Beyond blocking: channeling AI usage Huge thanks to our sponsor, HackerOne Discover how AI innovators like Adobe, Anthropic, and Snap are using AI to find and fix vulnerabilities across the software development lifecycle. HackerOne, the global leader in offensive security solutions, reveals all in the CISOs' guide to securing the future of AI. Download it now to see how AI can strengthen your security posture. Learn more at https://www.hackerone.com/
All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Brian Long, CEO, Adaptive Security. In this episode: Hiring North Korean operatives on a Tuesday AI coding and the death of specifications Deepfake personas beyond video calls The middleman problem with SMS Huge thanks to our sponsor, Adaptive Security AI-powered social engineering threats like deepfake voice calls, GenAI phishing, and vishing attacks are evolving fast. Adaptive helps security leaders get ahead with an AI-native platform that simulates realistic genAI attacks, and delivers expert-vetted security awareness training — all in one unified solution. And now, with Adaptive's new AI Content Creator, security teams can instantly transform breaking threat intel or updated policy docs into interactive, multilingual training — no instructional design needed. That means faster compliance, better engagement, and less risk. Trusted by Fortune 500s and backed by Andreessen Horowitz and the OpenAI Startup Fund, Adaptive is helping security teams prepare for the next generation of cyber threats. Learn more at adaptivesecurity.com.
ShinyHunters hits Vietnam National Credit Information Center HybridPetya is a Petya/NotPetya copycat with UEFI Secure Boot bypass CISA seeks control over CVE Huge thanks to our sponsor, Drata Leading security teams trust SafeBase by Drata to turn trust into a growth engine. Our enterprise-grade Trust Center puts your security posture in one secure, customer-facing portal, giving buyers instant visibility into your company's continuous controls, certifications, and policies. With AI-powered Questionnaire Assistance, blast through inbound security questionnaires in minutes instead of days, automate cross functional workflows, and eliminate friction. That means less manual work, and faster deal cycles. Win with Trust. Learn more at SafeBase.io. Find the stories behind the headlines at CISOseries.com.
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guests Rob Teel, CTO, Oklahoma Department of Commerce and Howard Holton, CEO, GigaOm Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta.Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. All links and the video of this episode can be found on CISO Series.com
SonicWall SSL VPN flaws now being actively exploited Acting federal cyber chief outlines his priorities U.S. based investors in spyware firms nearly tripled in 2024 Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is CISO Series reporter and CISO herself, Hadas Cassorla. In this episode: Security poverty line excludes SMBs Skills gap and channel dynamics slow SMB security adoption The startup disadvantage cycle Technology adoption flows from enterprise complexity to market simplification Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is Jason Loomis, CISO, Freshworks. In this episode: Making organizations take their security medicine Building CISO support systems Holding the door for humans Underappreciated risks: beyond the headlines Huge thanks to our sponsor, Safe Security SAFE is the category leader in Cyber Risk Quantification (CRQ) and the first vendor to deliver fully autonomous Third-Party Risk Management.We help CISOs, GRC, and TPRM leaders continuously and efficiently quantify, prioritize, and mitigate cyber risks across their entire attack surface — enabling digital growth and resilience. Learn more at tprmdemo.safe.security.
New malware phishing campaign hidden in SVG files Anthropic agrees to pay $1.5bn in book piracy lawsuit Qantas penalizes executives for cyberattack Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.
France fines Google and Shein over cookie misconduct CISA adds more TP-Link routers flaws to its KEV catalog World's largest sports piracy site shut down Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Ray Espinoza, vp of information security, Elite Technology Thanks to our show sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. All links and the video of this episode can be found on CISO Series.com
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is our sponsored guest Mokhtar Bacha, founder and CEO, Formal. In this episode: Access management faces transformation AI agents demand new authentication paradigms AI complexity demands simplified governance approaches Data-centric identity management replaces role-based approaches Huge thanks to our sponsor, Formal Formal secures humans, AI agent's access to MCP servers, infrastructure, and data stores by monitoring and controlling data flows in real time. Using a protocol-aware reverse proxy, Formal enforces least-privilege access to sensitive data and APIs, ensuring AI behavior stays predictable and secure. Visit joinformal.com to learn more or schedule a demo.
Fintech foils bank heist NotDoor backdoor Salesloft-Drift impact continues drifting Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Jennifer Swann, CISO, Bloomberg Industry Group. In this episode: Vulnerability management vs. configuration control Open source security and supply chain trust Building security leadership presence AI governance and enterprise risk Huge thanks to our sponsor, Vanta Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started today at Vanta.com/CISO.
LegalPwn technique hides LLMs prompts inside contract legalese Maryland Transit investigating cyberattack Hacker attempts to forge his way into Spanish university Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Velociraptor forensic tool used for C2 tunneling City of Baltimore gets socially engineered to the tune of $1.5 million Ransomware gang takedowns create more smaller groups Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Johna Till Johnson, CEO and founder, Nemertes Thanks to our show sponsor, Prophet Security Ever feel like your security team is stuck in a loop of alert fatigue and manual investigations? Meet Prophet Security. Their Agentic AI SOC Platform automates the tedious stuff: triaging, investigating, and responding to alerts - so your analysts can focus on real threats. Think 10x faster response times and a smarter way to secure your business. Learn more at prophetsecurity.ai. All links and the video of this episode can be found on CISO Series.com
Malicious nx Packages leak GitHub, Cloud, and AI Credentials North Korean remote worker scheme boosted by generative AI The Netherlands announces Salt Typhoon penetration Huge thanks to our sponsor, Prophet Security Security teams are drowning in alerts - many companies generate upwards of 1000 or more alerts a day, and nearly half go ignored. That's where Prophet Security comes in. Their AI SOC platform automatically triages and investigates alerts, so your team can focus on real threats instead of busywork. Faster response, less burnout, and lower risk to your business. Learn more at prophetsecurity.ai. Find the stories behind the headlines at CISOseries.com.
All links and images can be found on CISO Series. Check out this post by Geoff Belknap, co-host of Defense in Depth, for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and John Overbaugh, CISO, Alpine Investors. Joining us is our sponsored guest, Pukar Hamal, founder and CEO at SecurityPal. In this episode: When business moves faster than security Turning obstacles into opportunities The art of saying "not like that" Know your regulatory landscape Huge thanks to our sponsor, SecurityPal AI SecurityPal is the leader in Customer Assurance, helping companies accelerate security assurance without compromising accuracy. Their AI + human expertise approach, dynamic Trust Center, and modern TPRM solution eliminate manual work and streamline vendor security at scale. To learn more, visit securitypal.ai.
All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is David Cross, CISO, Atlassian. In this episode: Breaking the Sales Cycle Leadership Under Fire Predicting the Unpredictable Security Startups' Security Paradox A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
Malicious Go module steals credentials via Telegram Mirai-based botnet resurfaces targeting systems globally Silk Typhoon hackers exploit cloud trust to hack downstream customers Huge thanks to our sponsor, Prophet Security Ever feel like your security team is stuck in a loop of alert fatigue and manual investigations? Meet Prophet Security. Their Agentic AI SOC Platform automates the tedious stuff: triaging, investigating, and responding to alerts - so your analysts can focus on real threats. Think 10x faster response times and a smarter way to secure your business. Learn more at prophetsecurity.ai. Find the stories behind the headlines at CISOseries.com.
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino. This is our milestone edition, celebrating five years of the daily Cyber Security Headlines news podcast. Our guests today will be the CSH reporters themselves, reflecting on some stories from this week as well as their favorite stories from the past few years. Joining Rich live will be Hadas Cassorla and Steve Prentice, with videos from Sarah Lane and Lauren Verno. Thanks to our show sponsor, Conveyor Does logging into a portal security questionnaire feel like punishment? We get it. Other solutions offer browser extensions that require you to do all the copy-pasting. It's slow, tedious, and frustrating. Conveyor takes care of it for you. Our AI auto-scrolls, finds every question, and fills in accurate answers—all automatically. Oh, and our AI completes security questionnaires of any format, not just portals. Visit www.conveyor.com to learn more. All links and the video of this episode can be found on CISO Series.com
Apple urges iPhone, iPad and Mac update ASAP Scattered Spider operative gets 10 years and a big fine Microsoft seeks customer feedback on SSD failure issues Huge thanks to our sponsor, Conveyor Does logging into a portal security questionnaire feel like punishment? We get it. Other solutions offer browser extensions that require you to do all the copy-pasting. It's slow, tedious, and frustrating. Conveyor takes care of it for you. Our AI auto-scrolls, finds every question, and fills in accurate answers—all automatically. Oh, and our AI completes security questionnaires of any format, not just portals. Visit www.conveyor.com to learn more. Find the stories behind the headlines at CISOseries.com.
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Justin Berman, formerly vp of platform engineering and CISO at Thirty Madison Health. In this episode: Maps without transportation The untouchable employee problem Attestation theater The lightbulb moment Huge thanks to our sponsor, SecurityPal SecurityPal is the leader in Customer Assurance, helping companies accelerate security assurance without compromising accuracy. Their AI + human expertise approach, dynamic Trust Center, and modern TPRM solution eliminate manual work and streamline vendor security at scale. To learn more, visit securitypal.ai.
A patch today keeps the zero-day away Jailbreaking ChatGPT-5 Pro The thing about vulnerabilities is they stay vulnerable Huge thanks to our sponsor, Conveyor It's Thursday. Have you been personally victimized by a portal security questionnaire this week? Most solutions just give you a browser extension to copy and paste answers in, still leaving hours of manual work. With Conveyor, you don't have to slog through it yourself. Just open the portal and Conveyor's AI will scroll through each page, find the questions, and fill in answers for you—start to finish. See how at www.conveyor.com Find the stories behind the headlines at CISOseries.com.
All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining us is Gary Chan, CISO, SSM Health. Be sure to check out Gary's security mentalism website: https://www.gschan2000.com. In this episode: Decision-making with incomplete information Translation beats technical expertise Influence trumps authority for CISOs Technical prowess creates adversaries Huge thanks to our sponsor, Vanta Automate, centralize, & scale your GRC program with Vanta. Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.
Cisco warns of maximum-severity defect in firewall software UK's Colt Telecom suffers cyberattack CISA implores OT environments to lock down critical infrastructure Huge thanks to our sponsor, Conveyor Have you been personally victimized by portal security questionnaires? Conveyor is here to help. Endless clicks, bad navigation, and expanding questions stacked like Russian nesting dolls, all add up to hours of your life you'll never get back. With Conveyor's AI-powered browser extension, you can open a portal questionnaire, scan for questions, and watch it auto-populate your answers back into the portal without the copy and paste. See how at www.conveyor.com Find the stories behind the headlines at CISOseries.com.
New wave of NFC relay fraud, call hijacking, and root exploits in banking sector Canada's House of Commons suffers cyberattack Zoom fixes critical Windows client flaw that could enable privilege escalation Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines Find the stories behind the headlines at CISOseries.com.
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Steve Zalewski, co-host, Defense in Depth Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines All links and the video of this episode can be found on CISO Series.com
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: Legacy infrastructure creates the biggest hurdles More marketing than methodology Implementation complexity makes zero trust a Sisyphean task Don't ignore human factors Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit Threatlocker.com/CISO
The hits just keep on coming Where's the Little Dutch Boy when you need him? I felt the ransomware down in Africa Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines Find the stories behind the headlines at CISOseries.com
All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining us is our sponsored guest, Kevin Tian, co-founder and CEO, Doppel. In this episode: AI fraud gets on the juice Agentic AI demands a new security mindset The new frontier for social engineering We still need human verification Huge thanks to our sponsor, Doppel Doppel is the first social engineering defense platform built to dismantle deception at the source. It uses AI and infrastructure correlation to detect, link, and disrupt impersonation campaigns before they spread - protecting brands, executives, and employees while turning every threat into action that strengthens defenses across a shared intelligence network.
DARPA awards $4 million prize for AI code review at DEF CON North Korea ScarCruft group adds ransomware to its activities Columbia University hack affects over 860,000 Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines Find the stories behind the headlines at CISOseries.com.
Microsoft warns of high-severity flaw in hybrid Exchange deployments France's third-largest mobile operator suffers breach Dialysis company's April attack affects 900,000 people Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is Terry O'Daniel, former CISO at Amplitude. In this episode: Beyond prioritization: aligning risk with reality From signals to strategy The Case for Maturity Models Security Starts With Culture Huge thanks to our sponsor, SecurityPal SecurityPal is the leader in Customer Assurance, helping companies accelerate security assurance without compromising accuracy. Their AI + human expertise approach, dynamic Trust Center, and modern TPRM solution eliminate manual work and streamline vendor security at scale. To learn more, visit securitypal.ai.
All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is their sponsored guest, Rajan Kapoor, CEO of Material Security. In this episode: AI creates security's catch-22 Delegation without abandonment Google's security gaps demand better tools Trust beats sophistication every time A huge thanks to our sponsor, Material Security What if you could get a view of security across Google Workspace–email, documents, and accounts–all in one place? Material Security unifies your Google Workspace security operations, simplifying and strengthening security with continuous monitoring and automatic issue resolution. See how Material Security simplifies your security for GMail, GDrive and Google accounts. Learn more at https://material.security.
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is their sponsored guest, Matt Eberhart, CEO, Query. In this episode: Quality over quantity in AI decision-making Process before technology The connectivity challenge The context complexity paradox Huge thanks to our sponsor, Query Query is a Federated Search and Analytics platform that builds a security data mesh, giving security teams real-time context from all connected sources. Analysts move faster and make better decisions with AI agents and copilots that handle the grunt work and guide each step. Learn more at query.ai
All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: Large enterprise security demands drive vendor improvements Technical expertise becomes leadership liability without delegation EDR evolution needs prevention focus Career breaks require personal ownership and strategic timing A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.