POPULARITY
Categories
All images and links can be found on CISO Series. Check out this post by Gautam ‘Gotham' Sharma of AccessCyber for the discussion that is the basis of our conversation on this week's episode, co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is Krista Arndt, associate CISO, St. Luke's University Health Network. In this episode: Verify then trust Dishonesty on all sides A lack of flexibility What about integrity? Huge thanks to our sponsor, Formal Formal secures humans, AI agent's access to MCP servers, infrastructure, and data stores by monitoring and controlling data flows in real time. Using a protocol-aware reverse proxy, Formal enforces least-privilege access to sensitive data and APIs, ensuring AI behavior stays predictable and secure. Visit joinformal.com to learn more or schedule a demo.
All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Tim Jacobs, vp, CISO, Commonwealth Care Alliance. In this episode: Starting from zero Prepare for decisive decisions Working back from unacceptable Discovering inefficiencies A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
Malicious npm and VS Code packages stealing data Nova Scotia Power confirms ransomware attack Researchers claim ChatGPT o3 bypassed shutdown in controlled test Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
CISA warns Commvault clients of campaign targeting cloud applications Russian hacker group Killnet returns with slightly adjusted mandate Fake VPN and browser NSIS installers used to deliver Winos 4.0 malware Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Signal adds Recall blocker Critical Windows Server 2025 dMSA vulnerability warning Pathology lab suffers data breach Huge thanks to our sponsor, Conveyor Still spending hours maintaining a massive spreadsheet of Q&A pairs or using RFP tools to answer security questionnaires? Conveyor's AI doesn't need hand-holding and gets you accurate answers every time with limited knowledge base maintenance. It reads directly from your connected sources—documents, wikis, websites, Confluence, Google drive, and even your Conveyor trust center. You don't maintain a knowledge base. You connect to one. And our AI does the rest for you. See what real auto-fill magic looks like at www.conveyor.com Find the stories behind the headlines at CISOseries.com.
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest George Finney, CISO, The University of Texas System – check out George's new book plus all his other achievements at his website, WellAwareSecurity. Thanks to our show sponsor, Conveyor Still spending hours maintaining a massive spreadsheet of Q&A pairs or using RFP tools to answer security questionnaires? Conveyor's AI doesn't need hand-holding and gets you accurate answers every time with limited knowledge base maintenance. It reads directly from your connected sources—documents, wikis, websites, Confluence, Google drive, and even your Conveyor trust center. You don't maintain a knowledge base. You connect to one. And our AI does the rest for you. See what real auto-fill magic looks like at www.conveyor.com All links and the video of this episode can be found on CISO Series.com
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Dennis Pickett, vp, CISO, Westat. In this episode: Stop siloing cybersecurity Leading the charge A culture of ownership Preparing for resilience A huge thanks to our sponsor, Recorded Future Every day, security teams face an impossible challenge: sorting through millions of threats, each potentially critical. But somewhere in that noise are the signals you can't afford to miss. Recorded Future's gives you the power to outpace AI-driven threats through intelligence tuned specifically to your needs, enabling you to act with precision. Their advanced AI detects patterns human eyes might miss, while their experts provide context that machines alone cannot. Visit recordedfuture.com to learn more about securing what matters to your business.
All links and images for this episode can be found on CISO Series. I host this week's episode, David Spark (@dspark), producer of CISO Series and Jesse Whaley, CISO, Amtrak. Joining them is their guest Vaughn Hazen, CISO, CN. In this episode: The classics endure The rules of the rail "Prove It. With data." It's all just software A huge thanks to our sponsor, Doppel Doppel is the first social engineering defense platform built to dismantle deception at the source. It uses AI and infrastructure correlation to detect, link, and disrupt impersonation campaigns before they spread - protecting brands, executives, and employees while turning every threat into action that strengthens defenses across a shared intelligence network. Learn more at https://www.doppel.com/platform
Scattered Spider facilitates UK retail hacks and is moving to the U.S. Defendnot tool can disable Microsoft Defender FBI warns government officials about new waves of deepfakes Huge thanks to our sponsor, Conveyor Are you dealing with security questionnaire chaos this week? If so, get Conveyor's AI to knock them out for you. Connect Conveyor to any source, easily upload any format of questionnaire or use the browser extension for portals and their AI handles the rest—from parsing the questions to generating answers and auto-tagging collaborators. Let Conveyor do the work for you. Learn more at www.conveyor.com. Find the stories behind the headlines at CISOseries.com.
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Nick Espinosa, host, The Deep Dive Radio Show. Here's where you can find him: Daily Podcast on SoundCloud | YouTube | Forbes | Twitter/X | Facebook | BlueSky | Mastodon Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. All links and the video of this episode can be found on CISO Series.com
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Yaron Levi, CISO, Dolby. Joining us is Joey Rachid, CISO, Xerox. In this episode: It's a balancing act Choose to leave the kids' table Your team is essential Don't change CISOs midstream Huge thanks to our sponsor, Blackslash Backslash offers a new approach to application security by creating a digital twin of your application, modeled into an AI-enabled App Graph. It categorizes security findings by business process, filters “triggerable” vulnerabilities, and simulates the security impact of updates. Backslash dramatically improves AppSec efficiency, eliminating legacy SAST and SCA frustration. Learn more at https://www.backslash.security/
Radware says recently WAF bypasses were patched in 2023 Marks & Spencer confirms data stolen in ransomware attack Alabama suffers cybersecurity event Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is our sponsored guest, Saket Modi, co-founder and CEO, SAFE Security. In this episode: Elevating AI to table stakes Security for the real world Using dynamic models for TPRM The agentic AI augmentation Huge thanks to our sponsor, SAFE Security SAFE (#1 platform to unify the management of all cyber risks) has reinvented cyber risk management with Agentic AI. We help CISOs, TPRM, and GRC leaders become strategic business partners by automating the understanding, prioritization and management of cyber risk—accelerating AI adoption and digital transformation.
Hackers hijack Japanese financial accounts to conduct billions in trades Education giant Pearson hit by cyberattack exposing customer data Microsoft Teams will soon block screen capture during meetings Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.
Cisco patches a level 10 vulnerability in IOS XE President nominates former Unilever CISO to be Pentagon CIO SonicWall patches a new zero-day vulnerability Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Dan Holden, CISO, BigCommerce Thanks to our show sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. All links and the video of this episode can be found on CISO Series.com
Europol shuts down six DDoS-for-hire services used in global attacks CrowdStrike says it will lay off 500 workers Passkeys set to protect GOV.UK accounts against cyber-attacks Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Congress challenges Noem over proposed CISA cuts Texas school district breach impacts over 47,000 people NSO Group to pay WhatsApp $167 million in damages Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series, and Andy Ellis, partner of YL Ventures. Their sponsored guest is Jadee Hanson, CISO of Vanta. In this episode: Find a partner to work with Fixing the root of burnout The limitations of human vigilance Balancing openness and control Thanks to our sponsor, Vanta. Automate, centralize, & scale your GRC program with Vanta Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.
Signal clone gets hacked Sounding the alarm on easyjson Ransomware group takes credit for UK retail attacks Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Microsoft ends Authenticator password autofill in favor of Edge StealC malware enhanced with stealth upgrades and data theft White House proposes cutting $491M from CISA budget Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
UK retailer Co-Op suffers cyberattack FBI shares list of 42,000 LabHost phishing domains NSO group looking at hefty damages in WhatsApp case Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest DJ Schleen, Head of Security, Boats Group Thanks to our show sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. All links and the video of this episode can be found on CISO Series.com
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is Jay Jay Davey, vp of cyber security operations, Planet. In this episode: Aligning incentives The realities of the job Delivering ROI Holistic cybersecurity Thanks to our sponsor, Backslash Security Backslash offers a new approach to application security by creating a digital twin of your application, modeled into an AI-enabled App Graph. It categorizes security findings by business process, filters “triggerable” vulnerabilities, and simulates the security impact of updates. Backslash dramatically improves AppSec efficiency, eliminating legacy SAST and SCA frustration. Learn more at www.backslash.security.
Alleged ‘Scattered Spider' member extradited to U.S. Experts see little progress after major Chinese telecom hack Polish police take down impersonation scammers Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. For the stories behind the headlines, visit CISOseries.com.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining us is Charles Blauner, formerly of Team8 (at time of recording) and now operating partner, Crosspoint Capital. In this episode: Expanding collective defense Getting talent to the municipal level A mature reporting structure A pill for that cyberailment Huge thanks to our sponsor, Material Security Material Security is purpose-built to protect the entire cloud workspace – email, data, and accounts. With deep integration and powerful automations, Material prevents and detects a wider range of threats, responds to active attacks faster, and secures data and accounts even after a breach. See Material in action today!
SAP zero-day vulnerability under widespread active exploitation Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts Cybersecurity firm CEO charged with installing malware on hospital systems Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.
Russian army targeted by Android malware hidden in mapping app Attackers hit security device defects hard in 2024 Critical Commvault Command Center flaw warning Huge thanks to our sponsor, Dropzone AI Alert investigation is eating up your security team's day—30 to 40 minutes per alert adds up fast. Dropzone AI's SOC Analyst transforms this reality by investigating every alert with expert-level thoroughness at machine speed. Our AI SOC Analyst gathers evidence, connects the dots across your security tools, and delivers clear reports with recommended actions—all in minutes. No playbooks to build, no code to write. Just consistent, high-quality investigations that free your team to focus on what matters: stopping actual threats. Meet us at RSA Booth ESE-60. Find the stories behind the headlines at CISOseries.com.
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Bethany De Lude, CISO emeritus, The Carlyle Group Thanks to our show sponsor, Dropzone AI Alert investigation is eating up your security team's day—30 to 40 minutes per alert adds up fast. Dropzone AI‘s SOC Analyst transforms this reality by investigating every alert with expert-level thoroughness at machine speed. Our AI SOC Analyst gathers evidence, connects the dots across your security tools, and delivers clear reports with recommended actions—all in minutes. No playbooks to build, no code to write. Just consistent, high-quality investigations that free your team to focus on what matters: stopping actual threats. Meet us at RSA Booth ESE-60. All links and the video of this episode can be found on CISO Series.com
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Eric Gold, chief evangelist, BackSlash. In this episode: Start with the culture Moving AppSec to a higher level A strategy for security Maturing the basics Thanks to our sponsor, Backslash Security Backslash offers a new approach to application security by creating a digital twin of your application, modeled into an AI-enabled App Graph. It categorizes security findings by business process, filters “triggerable” vulnerabilities, and simulates the security impact of updates. Backslash dramatically improves AppSec efficiency, eliminating legacy SAST and SCA frustration.
Blue Shield of California shared private health data of millions with Google The FBI issues its 2024 IC3 report Ex-Army sergeant jailed for selling military secrets Huge thanks to our sponsor, Dropzone AI Security analysts need practical experience to build investigation skills, but getting expert guidance for every alert is impossible. That's why Dropzone AI created COACH—a free Chrome extension that serves as an AI security mentor for SOC analysts at any level. COACH reads alerts across all major security platforms, explains their context, provides alternative hypotheses, and guides analysts through industry-standard investigation methodologies. Unlike our AI SOC Analyst product, COACH doesn't do the work for you—it teaches you how to think through investigations yourself. It supplements human mentoring with always-available guidance that respects your data with zero retention. Develop your security team's skills at Dropzone.ai/coach. For the stories behind the headlines, head to CISOseries.com.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series, and Andy Ellis, partner, YL Ventures. Joining us is Mandy Huth, svp, CISO, Ultra Clean Technology. In this episode: Start with good defaults Building talent bridges Don't forget the humans Differentiating with privacy Automate, centralize, & scale your GRC program with Vanta Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.
Widespread Microsoft Entra lockouts cause by new security feature rollout Malware delivered through diplomatic wine-tasting invites British companies told to hold in-person interviews to thwart North Korea job scammers Huge thanks to our sponsor, Dropzone AI Growing your MSSP client roster while your alerts are multiplying? Dropzone AI works alongside your team, investigating alerts just like your best human analysts would. Our AI SOC Analyst cuts investigation time from an hour to minutes while handling five times more alerts per analyst. Unlike complex SOAR solutions, Dropzone deploys quickly and adapts to your environment without the need for playbooks or coding. Eliminate backlogs, reduce false positives, and deliver the detailed investigations your clients expect. Ready to scale your MSSP without scaling your team? Meet us at booth ESE-60 at RSA. Find the stories behind the headlines at CISOseries.com.
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by David Spark with guest Trina Ford, CISO, iHeartMedia Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. All links and the video of this episode can be found on CISO Series.com
Bipartisan push for renewal of cyberthreat information sharing law ClickFix becoming a favorite amongst state-sponsored hackers GoDaddy puts Zoom on mute for about 90 minutes Thanks to this week's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com
All links and images for this episode can be found on CISO Series. Check out this post from Jerich Beason, CISO at WM, for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Dan Walsh, CISO, Datavant. Joining us is Rinki Sethi, vp and CISO, BILL. In this episode: You need a solid foundation A lot depends on the role Underappreciated skills Structures and frameworks Huge thanks to our sponsor, Recorded Future Every day, security teams face an impossible challenge: sorting through millions of threats, each potentially critical. But somewhere in that noise are the signals you can't afford to miss. Recorded Future's gives you the power to outpace AI-driven threats through intelligence tuned specifically to your needs, enabling you to act with precision. Their advanced AI detects patterns human eyes might miss, while their experts provide context that machines alone cannot. Visit recordedfuture.com to learn more about securing what matters to your business.
MITRE gets last-minute bailout from CISA Krebs exits SentinelOne after security clearance pulled Apple fixes two zero-days exploited in targeted iPhone attacks Thanks to this week's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. For the stories behind the headlines, visit CISOseries.com. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, partner, YL Ventures. Joining us is Mike D'Arezzo, executive director of infosec and GRC, Wellstar Health Systems. In this episode: The shift left myth Reconsidering CISO evaluations The power of “how” Building bridges Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
Major workforce cuts planned for CISA Microsoft warns Windows users not to delete ‘inetpub' folder Data breach at testing lab affects 1.6 million people Thanks to this week's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.
President orders probe of former CISA Director Chris Krebs Nissan Leaf cars can be hacked for remote spying and physical takeover Infosec experts warn of China Typhoon retaliation against tariffs Thanks to our episode sponsor, Nudge Security Are you struggling to secure your exploding SaaS footprint? With Nudge Security, you can discover all SaaS apps and accounts, manage access, ensure secure configurations, vet unfamiliar tools, and automate daily identity security tasks. Start a free 14-day trial Find the stories behind the headlines at CISOseries.com.
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Carla Sweeney, SVP, InfoSec, Red Ventures Thanks to our show sponsor, Nudge Security Are you struggling to secure your exploding SaaS footprint? With Nudge Security, you can discover all SaaS apps and accounts, manage access, ensure secure configurations, vet unfamiliar tools, and automate daily identity security tasks. Start a free 14-day trial All links and the video of this episode can be found on CISO Series.com
All links and images for this episode can be found on CISO Series. Check out this post from Caleb Sima of WhiteRabbit for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Alex Hutton, CISO, Atlantic Union Bank. In this episode: The race to differentiate Don't blame Gartner Simplifying is complicated Seeking connection Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
U.S. Comptroller suffers ‘major incident' Oracle confirms "obsolete servers" hacked Police seize Smokeloader malware servers and detain customers Thanks to our episode sponsor, Nudge Security Nudge Security is the only solution for SaaS security and governance that can discover up to two years of historical SaaS spend along with usage insights so you can uncover wasted spend and sources of unnecessary risk. Start a free 14-day trial today For the stories behind the headlines, visit CISOseries.com.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, partner, YL Ventures. Joining us is our sponsored guest Nathan Hunstad, director, security at Vanta. In this episode: Thinking like AI Building off a solid foundation Start with ownership Following the leader Big thanks to our sponsor, Vanta Automate, centralize, & scale your GRC program with Vanta. Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.
Haugh fired from leadership of NSA and Cyber Command WinRAR flaw bypasses Windows Mark of the Web security alerts Researcher creates fake passport using ChatGPT Thanks to our episode sponsor, Nudge Security Nudge Security helps you mitigate security risks stemming from SaaS sprawl by discovering every SaaS account ever created by anyone in your org within minutes of starting a free trial. And, you can automate on-going governance tasks like security posture checks, user access reviews, employee offboarding, and more. Start a free 14-day trial Find the stories behind the headlines at CISOseries.com.
Google patches Quick Share vulnerability ChatGPT suffered brief outage Wednesday UK's Royal Mail investigates data leak claims Thanks to today's episode sponsor, Qualys "Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise TruRisk Management. Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, streamline remediation, and accelerate risk reduction— while effectively communicating impact to stakeholders. Empower your cybersecurity strategy with tools that drive faster, smarter, and more efficient risk management. Your secure future starts today with Qualys Enterprise TruRisk Management. Visit qualys.com/etm for more information." Find the stories behind the headlines at CISOseries.com.
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Jason Elrod, CISO, MultiCare Health System. Joining us is our sponsored guest, Nick Muy, CISO, Scrut Automation. In this episode: Supercharging teams Shifting to proactive A unique opportunity A human in the legal loop HUGE thanks to our sponsor, Scrut Automation Scrut Automation empowers compliance and risk teams of all sizes to build enterprise-grade security programs effortlessly. With powerful automation, AI-driven efficiencies, and seamless integrations, Scrut eliminates compliance debt and enables proactive risk management—helping your business stay secure as it scales. Visit www.scrut.io to learn more or schedule a demo.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Christina Shannon, CIO, KIK Consumer Products. Joining them is Jim Bowie, CISO, Tampa General Hospital. In this episode: A journey, not a destination The difference between pressure and stress Fighting commodity deepfakes Getting leadership on the same page HUGE thanks to our sponsors, Proofpoint, Cofense, & KnowBe4 With an integrated suite of cloud-based cybersecurity and compliance solutions, Proofpoint helps organizations around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Discover cutting-edge security insights and industry trends from leading experts at Proofpoint Power Series—a monthly virtual event designed to empower the security community. Learn more at proofpoint.com Powered by 35 million trained employee reporters, the exclusive Cofense® PhishMe® Email Security Awareness Training with Risk Validation and Phishing Threat Detection and Response Platforms combine robust training with advanced tools for phishing identification and remediation. Together, our solutions empower organizations to identify, combat, and eliminate phishing threats in real-time. Learn more at cofense.com KnowBe4's PhishER Plus is a lightweight SOAR platform that streamlines threat response for high-volume, potentially malicious emails reported by users. It automatically prioritizes messages, helping InfoSec and Security Operations teams quickly address the most critical threats, reducing inbox clutter and enhancing overall security efficiency. Learn more at knowbe4.com
All links and images for this episode can be found on CISO Series. Check out this post by Tallis Jordan of the U.S. Army Cyber Command for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is Montez Fitzpatrick, CISO, Navvis. In this episode: Start with foundations Learning to learn Don't get hustled Building a pipeline HUGE thanks to our sponsor, Scrut Automation Scrut Automation empowers compliance and risk teams of all sizes to build enterprise-grade security programs effortlessly. With powerful automation, AI-driven efficiencies, and seamless integrations, Scrut eliminates compliance debt and enables proactive risk management—helping your business stay secure as it scales. Visit www.scrut.io to learn more or schedule a demo.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Trina Ford, CISO, iHeartMedia. Joining us is our sponsored guest Rob Allen, chief product officer, ThreatLocker. This episode was recorded in front of a live audience at Zero Trust World in Orlando, Florida. In this episode: Severity versus impact Breaking the anti-pattern Take the first step to zero trust What are your demands? ThreatLocker® is a Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally. With easy onboarding, management, and 24/7/365 support, ThreatLocker makes default deny a reality for businesses. Only allow what you need in your environment and block everything else, including ransomware!