POPULARITY
Categories
All links and images can be found on CISO Series Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and George Finney, CISO, University of Texas System. Joining is Sean Walls, CISO, Bob's Discount Furniture. In this episode: Asymmetric accounting Sometimes it really is that easy The spirit of the saying The cheapest way in A huge thanks to our sponsor, Native Security Native is the Cloud Security Control Plane. It helps enterprises enforce secure-by-design architecture across multi-cloud environments by translating security intent into the cloud provider's built-in controls, previewing impact before rollout, and keeping enforcement aligned as the environment changes.
All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining is Megan Samford, vp product and supply chain security, Schneider Electric. In this episode: Two modes of CISO The vendor has the keys The economic argument for secure code Burning through the talent A huge thanks to our sponsor, Native Security Native makes secure-by-design inherent to how the cloud operates. It's the control plane for built-in cloud security, unifying and governing native controls, so security intent is defined once and applied consistently across providers. Learn more at native.security.
What It Takes To Be Successful in Cyber Media All links and images can be found on CISO Series Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Dave Bittner, producer and host, The CyberWire. Joining is Graham Cluley, host of Smashing Security podcast and Leo Laporte, founder of TWiT (This Week in Tech) and host of Security Now podcast. In this episode: Format follows function The decision gap Practitioner fingerprints Beyond the news cycle A huge thanks to our sponsor, Palo Alto Networks Cortex Cloud unifies code, cloud, and SOC on a single data, risk, and control plane — giving teams the context, workflows, and agentic intelligence to turn risk into resolution. Native AI agents investigate and act within enterprise guardrails, delivering real-time protection from workload to network edge. Cloud security that outpaces machine-speed threats. Learn more at paloaltonetworks.com/cortex/cloud/demo.
All links and images can be found on CISO Series This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is Dmitriy Sokolovskiy, senior vice president, information security, Semrush. This episode was recorded in front of a live audience at the offices of Aqueduct Technologies in Canton, MA. See photos from the event. In this episode: A clock on everything The oversight loop Not a better tool, a different one It's not the alerts A huge thanks to our sponsor, Strike48 It's no secret that AI is only as good as the data available to it. Strike48 unifies agentic AI with unmatched log visibility while avoiding the typical hefty price tag. Build and deploy agents for phishing detection, alert triage, threat correlation and more. Queries existing logs where they currently live, so you can keep the technology you already have. Learn more at Strike48.com. A huge thanks to our sponsor, Dropzone AI Dropzone AI delivers a team of AI agents that investigate alerts, hunt threats, and respond to attacks across your full security stack. No playbooks required. No hidden humans in the critical path. Your analysts stay in control, directing strategy while AI agents handle the investigation workload at machine speed. Learn more at dropzone.ai.
This week's Department of Know is hosted by Rich Stroffolino, with guests Brett Conlon, CISO, American Century Investments, and Jason Thomas, senior director, technology security, governance, and risk, Cystic Fibrosis Foundation. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Huge thanks to our episode sponsor, Doppel Cybercriminals don't respect your security silos. They use one connected attack chain to hit your brand externally, infiltrate your inbox, and manipulate your team. Stop playing whack-a-mole with fragmented tools. Doppel unifies Digital Risk Protection, Human Risk Management, and Email Security into one unified platform. One attack chain. Three pillars of defense. Zero blind spots. Secure your enterprise relentlessly at doppel.com.
All links and images can be found on CISO Series Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Howard Holton, CEO, GigaOm. Joining is Tyler King, senior director - threat operations and response, Sinclair. In this episode: Career insurance In the trenches together Who are you actually selling to? Common sense, uncommon in sales A huge thanks to our sponsor, Material Security Legacy email security only watches the door. Material protects your entire cloud workspace—email, files, and accounts—as one ecosystem. It's more coverage for less than the cost of a legacy SEG. One price, no surprises: just security that covers the whole surface area. Learn more at material.security.
All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining is our sponsored guest, Danny Jenkins, CEO, ThreatLocker. In this episode: Permission creep at machine speed The pattern we keep calling a mistake Stop authenticating the human Vibe coded out of existence A huge thanks to our sponsor, ThreatLocker ThreatLocker delivers Zero Trust Network Access and Zero Trust Cloud Access that verifies both user and device before granting access to specific applications. No broad access, nothing exposed, and no reliance on credentials alone. It's a smarter way to control access and reduce risk. Learn more at ThreatLocker.com/CISO.
This week's Department of Know is hosted by Rich Stroffolino, with guests Robb Dunewood, host, Daily Tech News Show, and David Cross, CISO, Atlassian. Get the show notes here. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Your team just added its 67th AI tool. And unfortunately, also your 67th security blind spot. The good news: The Vanta Agent works like a GRC engineer in the background, finding every app your team uses, scoring the risk, and drafting fixes for you. Vanta is the platform used by over sixteen thousand fast-moving companies like Ramp, Cursor, and Harvey who are shaping the future with AI, AND staying ahead of AI risk. Get started at vanta.com/headlines.
All links and images can be found on CISO Series We think of cybersecurity as a discipline. But when do ideas like best practices and NIST frameworks change into a system of belief? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Davi Ottenheimer, principal, Flying Penguin. Joining is Joshua Copeland, director of security, Crescendo. In this episode: Tools, not religion The case for structured discipline The management problem underneath Fix the damn holes A huge thanks to our sponsor, ThreatLocker ThreatLocker delivers Zero Trust Network Access and Zero Trust Cloud Access that verifies both user and device before granting access to specific applications. No broad access, nothing exposed, and no reliance on credentials alone. It's a smarter way to control access and reduce risk. Learn more at ThreatLocker.com/CISO.
Our Data Security Policy Is Transparent in That It Doesn't Exist All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining is Mike Melo, CISO, TMX Group. In this episode: The weight of old controls Data you can actually see 68 vendors and counting Authority you never had to claim A huge thanks to our sponsor, Vanta Still stuck on the quarterly audit treadmill? Meet Calm-pliance. Vanta combines compliance, risk, and proof on one Agentic Trust Platform—and continuously monitors your controls, keeping you audit-ready all year round. Find your Calm-pliance here.
All links and images can be found on CISO Series We know human-paced security controls can't be applied to autonomous AI agents. So what needs to change with CNAPP and cloud security? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Dan Benjamin, vp product - data, identity, and AI security, Palo Alto Networks. In this episode: The detection ceiling A category gap, not a feature gap Resilience by design An insider threat with no face A huge thanks to our sponsor, Palo Alto Networks Cortex Cloud unifies code, cloud, and SOC on a single data, risk, and control plane — giving teams the context, workflows, and agentic intelligence to turn risk into resolution. Native AI agents investigate and act within enterprise guardrails, delivering real-time protection from workload to network edge. Cloud security that outpaces machine-speed threats. Visit Palo Alto Networks and search cortex cloud.
All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series, and Andy Ellis, principal of Duha. Joining them is their sponsored guest Amit Megiddo, CEO and founder, Native. In this episode: The CISO you don't need Misconfigurations aren't a cloud problem Secure by design means enforcing it Finding bugs faster isn't the bottleneck A huge thanks to our sponsor, Native Native makes secure-by-design inherent to how the cloud operates. It's the control plane for built-in cloud security, unifying and governing native controls, so security intent is defined once and applied consistently across providers. Learn more at native.security.
This week's Department of Know is hosted by Rich Stroffolino, with guests Kathleen Mullin, former CISO, MyCareGorithm, and Nick Espinosa, host, Deep Dive Radio Show. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is exposed, and access is limited to exactly what's needed. Learn more and start your free trial today at ThreatLocker.com/CISO.
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our guest, Paul Guerra. In this episode: Read the contract How vendors win before the evaluation ends The fallout The real cost A huge thanks to our sponsor, Native Security Native makes secure-by-design inherent to how the cloud operates. It's the control plane for built-in cloud security, unifying and governing native controls, so security intent is defined once and applied consistently across providers. Learn more at native.security.
All links and images can be found on CISO Series This week's CISO Series Podcast features David Spark, producer of CISO Series, and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Jadee Hanson, CISO, Vanta. In this episode: The compliance receipt nobody reads Who signs off on the AI that wrote the code The agent that wouldn't stop The questionnaire that should not exist A huge thanks to our sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.
This week's Department of Know is hosted by Rich Stroffolino, with guests Gary Chan, CISO, SSM Health and Peter Liebert, CISO, Salesloft. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Huge thanks to our sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar face on a call. But Doppel sees through the disguise. Our AI-native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception. We fight relentlessly to protect your business, brand, and people. Doppel. Outpacing what's next in social engineering. Learn more at doppel.com.
All links and images can be found on CISO Series All security startups will tell you they talk to potential customers. The problem is that you limit your development when you only talk to CISOs who might buy. It's not the same guidance you'll get from a CISO who advises. Check out this post by Val Tsanev of the Cyber Risk Alliance for the discussion that is the basis of our conversation. This week's episode is co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Steve Jensen, CISO, University of Maine System. In this episode: Building for whom? The only feedback loop that matters Valid, but for whom? Rethink the advisor roster A huge thanks to our sponsor, Material Security Legacy email security only watches the door. Material protects your entire cloud workspace—email, files, and accounts—as one ecosystem. It's more coverage for less than the cost of a legacy SEG. One price, no surprises: just security that covers the whole surface area. Learn more at material.security.
All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining is Jean-Paul Calabio, vp and CISO, Grainger. In this episode: Scanning the map isn't securing the territory CFOs don't fund faith What your AI inherits Nobody owns the gap Thanks to Jonathan Waldrop, CISO, Acoustic for providing our "What's Worse" scenario. A huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.
Link to the episode This week's Department of Know is hosted by Rich Stroffolino, with guests Jonathan Waldrop, CISO, Acoustic, and Jason Elrod, CISO, MultiCare Health System. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Huge thanks to our sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Rob Allen. In this episode: The vulnerable stack Changing the structural economics Change the terrain The cost-benefit equation A huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.
All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining is Sara Madden, CISO, Convera. This episode was recorded live at BSidesSF 2026. In this episode: Playing vendor roulette Confident and wrong Making conferences count The stakes problem in tabletops A huge thanks to our sponsor, QuilrAI Can you tell if an action in your environment was performed by a human — or an AI agent? QuilrAI's Decision Engine evaluates content, context, and intent before actions complete — across browsers, endpoints, SaaS, LLMs, and agents. Not more alerts. Better decisions, in real time. Visit quilr.ai. A huge thanks to our sponsor, Nudge Security Get a full inventory of AI assets on Day One of your free trial, even those introduced before you started using Nudge. Get started. A huge thanks to our sponsor, Zenity Help shape the future of AI agent security. On May 27th, the AI Agent Security Summit returns to San Francisco. Hear from leading researchers and security pioneers, and usher in the new age of secure AI deployment across the enterprise. Register at zenity.io/ai-security-summit.
This week's Department of Know is hosted by Rich Stroffolino, with guests Janet Heins, CISO, ChenMed, and TC Niedzialkowski, Head of IT & Security, Opendoor. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Get the show notes here: https://cisoseries.com/cybersecurity-news-critical-cpanel-zero-day-swiss-black-axe-arrests-hhs-data-center-questions/ Thanks to our episode sponsor, Guardsqaure Attackers are treating your mobile app like an open book. Sixty-three percent of security leaders recently detected app tampering, cloning, or unauthorized modifications. When your code runs in an untrusted environment, you need runtime self-protection and code hardening to keep attackers out. Address tampering before it starts. Learn more at Guardsquare.com.
All links and images can be found on CISO Series Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Heath Renfrow, co-founder, Fenix24. In this episode: Knowing which systems to save first Recovery is a business conversation, not an IT ticket Not all systems are created equal Recovery knowledge as a governed asset A huge thanks to our sponsor, Fenix24 Fenix24 is the world's leading breach recovery firm, providing rapid ransomware restoration, full asset visibility, and threat informed hardening. Alongside expert recovery services, Fenix24 delivers ongoing managed protection that secures backups, infrastructure, and critical controls, helping organizations stay resilient, recoverable, and prepared for modern cyber threats. Learn more at fenix24.com.
All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series and Michelle Wilson, CISO, Movement Mortgage. Joining is sponsored guest Rob Allen, chief product officer, ThreatLocker. This show was recorded in front of a live audience at ThreatLocker's conference, Zero Trust World 2026. In this episode: Risk as a daily habit AI agents talking to AI agents The code on the lock Words that shape decisions A huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.
Link to episode This week's Department of Know is hosted by Rich Stroffolino, with guests Brett Conlon, CISO, American Century Investments, and Michael Bickford, former CISO, New York State Gaming Commission. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com. Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is exposed, and access is limited to exactly what's needed. Learn more and start your free trial today at ThreatLocker.com/CISO.
What Makes a Successful Security Vendor Demo? All links and images can be found on CISO Series. Check out this post from Adam Palmer for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Geoff Belknap. Joining is Ken Beasley, BISO, Kaiser Permanente. In this episode: Show me the problem, not the product Walking in blind Discovery is the demo Define the use case, set the clock A huge thanks to our sponsor, Fenix24 Fenix24 is the world's leading breach recovery firm, providing rapid ransomware restoration, full asset visibility, and threat informed hardening. Alongside expert recovery services, Fenix24 delivers ongoing managed protection that secures backups, infrastructure, and critical controls, helping organizations stay resilient, recoverable, and prepared for modern cyber threats. Learn more at fenix24.com.
All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining is Paul Drapeau, head of global information security, New Balance. In this episode: The logo trap Immunity through exposure The synthesis edge The cost of holding tight A huge thanks to our sponsor, Doppel This episode is sponsored by Doppel, the AI-native social engineering defense platform. Doppel strengthens human risk management by training employees to recognize deception, while our digital risk protection detects and disrupts attacks across every channel. Learn more at doppel.com
Should You Use Native or 3rd Party Cloud Management Tools? All links and images can be found on CISO Series. Check out this post from Steve Zalewski for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is their sponsored guest, Gal Ordo, co-founder and CPO, Native. In this episode: More tools, more problems A gap in design Catching what slips through Competence over complexity A huge thanks to our sponsor, Native Security Native makes secure-by-design inherent to how the cloud operates. It's the control plane for built-in cloud security, unifying and governing native controls, so security intent is defined once and applied consistently across providers. Learn more at native.security.
Our Theoretical Controls Work Great Against Hypothetical Attacks All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining is David Nolan, former CISO, Asurion. In this episode: Influence, not control The initiative gap Skip the framework, patch the server Confident code with no owner A huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.
How Should We Measure the Performance of a CISO? All links and images can be found on CISO Series. Check out this post from the cybersecurity subreddit for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is Jason Richards, vp, information security, CHG Healthcare. In this episode: Likability as a career strategy The storytelling gap How the math actually gets done The unofficial scorecard A huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.
All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is Hilik Kotler, svp, CISO and IT, Expedia Group. In this episode: The numbers game What makes a vendor worth your time Humanity in the loop Alignment is a prerequisite, not a nice-to-have A huge thanks to our sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Ross Young, co-host, CISO Tradecraft. Joining them is Dan Walsh, CISO, Datavant. Be sure to check out Ross's book Cybersecurity's Dirty Secret: Why Most Budgets Go to Waste. In this episode: Patterns hiding in plain sight Activity vs. advancement The human cost Frameworks about frameworks A huge thanks to our sponsor, Fenix24 Fenix24 is the world's leading breach recovery firm, providing rapid ransomware restoration, full asset visibility, and threat informed hardening. Alongside expert recovery services, Fenix24 delivers ongoing managed protection that secures backups, infrastructure, and critical controls, helping organizations stay resilient, recoverable, and prepared for modern cyber threats. Learn more at fenix24.com.
All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Pam Lindemoen, CSO, vp of strategy, Retail and Hospitality-ISAC. Joining them is Jason Mayor, deputy CISO, Raymond James Financial. This episode was recorded in front of a live audience at the National Cybersecurity Alliance's Convene conference in Clearwater, Florida. In this episode: Coaching security Planned security theater Making "nothing bad happened" a compelling story Getting security teams to think like the business A huge thanks to our sponsor, Adaptive Security Sponsored by Adaptive Security – the first security awareness platform built to stop AI-powered social engineering. AI impersonation and deepfakes have made trust the new attack surface. Adaptive runs social-engineering simulations and instantly turns threats, policies, and compliance needs into interactive, multilingual training. Trusted by Fortune 500s. Learn more at adaptivesecurity.com. A huge thanks to our sponsor, Zepo Zepo Intelligence transforms employee behavior into measurable security capability. Moving beyond check-box compliance, our human risk management platform uses hyper-personalized simulations to turn your workforce into a proactive defense layer. We don't just improve human behavior; we enable mastery against modern social engineering threats. Learn more at zepo.ai. A huge thanks to our sponsor, KnowBe4 KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, we help strengthen security culture and manage human risk. Our comprehensive AI-driven HRM+ platform includes modules for awareness and compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity content, tools, and techniques to keep the modern workforce—both humans and AI agents—cybersafe from phishing, vishing, deepfakes, and all forms of social engineering. Learn more at knowbe4.com.
Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Dennis Pickett, vp, CISO, RTI International, and Jacob Combs, CISO, Tandem Diabetes Care Thanks to our show sponsor, ThreatLocker Many security strategies still assume everything is allowed until proven malicious. Attackers understand that model well. That's why more organizations are rethinking endpoint security — shifting from detection-first tools to control-first approaches that reduce attack surface before an incident occurs. Learn more at ThreatLocker.com All links and the video of this episode can be found on CISO Series.com
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is Adam Palmer, CISO, First Hawaiian Bank. Be sure to check out David's book, Three Feet from Seven Figures: One-on-One Engagement Techniques to Qualify More Leads at Trade Shows. In this episode: Lead with insight, not persuasion Recognize the opportunity when it arrives Strategy over features Keep it efficient A huge thanks to our sponsor, Endor Labs Discover how AI coding agents are reshaping software supply chain risk in the State of Dependency Management. Original research from Endor Labs shows 49% of dependency versions have known vulnerabilities (and that 34% don't actually exist). Get the report to see how "shadow AI" is reshaping attack surfaces. Learn more at endorlabs.com.
All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining is Julie Myerholtz, CISO, Brunswick Corporation. In this episode: Your cloud, your problem Kill your sacred cows AI broke your vendor math Feedback is a gift. Open it. A huge thanks to our sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.
Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Bil Harmer, CISO, Supabase, and Chris Ray, Field CTO, GigaOm Thanks to our show sponsor, ThreatLocker Many security strategies still assume everything is allowed until proven malicious. Attackers understand that model well. That's why more organizations are rethinking endpoint security — shifting from detection-first tools to control-first approaches that reduce attack surface before an incident occurs. Learn more at ThreatLocker.com All links and the video of this episode can be found on CISO Series.com
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining is their sponsored guest, Matt Brown, solutions architect, Endor Labs. In this episode: The development disconnect Functionality first, security second The incentive problem Speed as the common ground A huge thanks to our sponsor, Endor Labs Discover how AI coding agents are reshaping software supply chain risk in the State of Dependency Management. Original research from Endor Labs shows 49% of dependency versions have known vulnerabilities (and that 34% don't actually exist). Get the report to see how "shadow AI" is reshaping attack surfaces. Learn more at www.endorlabs.com.
All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is Rebecca Harness, CISO, Deltek. In this episode: Let it fail The CIO seat is empty. Now what? Design for how people actually work "We found 23 issues. That'll be $15,000." Huge thanks to our sponsor, Strike48 Strike48 is the Agentic Log Intelligence Platform that actually puts AI agents to work, combining full log visibility with AI agents that investigate, detect, and respond 24/7. With pre-built agent clusters for security and a no-code agentic workflow builder, it's easy to get started. Learn more at strike48.com/security.
Link to episode page This week's Department of Know is hosted by Rich Stroffolino with guests Jonathan Waldrop, CISO, Acoustic, and Chris Ray, Field CTO, GigaOm Thanks to our show sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI-powered social engineering. Deepfakes aren't science fiction anymore; they're a daily threat. Quick tip: if your voicemail greeting is your real voice, switch it to the default robot voice. A few seconds of audio can be enough to clone you. Adaptive helps teams spot and stop these AI-powered social engineering attacks. Learn more at adaptivesecurity.com. All links and the video of this episode can be found on CISO Series.com
All links and images can be found on CISO Series. Check out this post by Caleb Sima for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Evan McHenry, CISO, Robinhood. In this episode: The information paradox Setting realistic expectations Prioritization over noise The cart before the horse Huge thanks to our sponsor, Endor Labs Discover how AI coding agents are reshaping software supply chain risk in the State of Dependency Management. Original research from Endor Labs shows 49% of dependency versions have known vulnerabilities (and that 34% don't actually exist). Get the report to see how "shadow AI" is reshaping attack surfaces.
All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: Your best employee is your biggest risk Stop guessing the next attack AI is not a feature Stop blaming the user Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.
Link to episode page This week's Department of Know is hosted by Sarah Lane with guests John Barrow, CISO, JB Poindexter & Co., and Derek Fisher, Director of the Cyber Defense and Information Assurance Program, Temple University Thanks to our show sponsor, Dropzone AI Here is a number worth knowing before RSAC. The average enterprise SOC sees tens of thousands of alerts a day. Most get triaged. A fraction get thoroughly investigated. The rest sit in the queue or get auto-closed. Dropzone AI puts AI SOC agents on every one of those alerts. Every alert investigated, end to end, across your full tool stack, around the clock. Over 300 deployments in production today. They are at RSAC this year. Booth 455. dropzone.ai/rsa-2026-ai-diner All links and the video of this episode can be found on CISO Series.com
All links and images can be found on CISO Series. Check out this post, CISO, Upwind Security, for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap, CISO, LinkedIn. Joining us is Octavia Howell, vp and CISO, Equifax Canada. In this episode: Beyond the quota The hard truth beats the polished bluff Paying for someone else's mistakes Reducing friction, increasing trust Huge thanks to our sponsor, ThreatLocker ThreatLocker takes a deny-by-default approach to endpoint security — controlling what applications can run, what can access data, and what can elevate privileges. Used by organizations that want to reduce attack surface without relying on detection alone. Learn more at threatlocker.com/ciso.
All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Tim Leehealey, vp of corporate strategy and operations, Strike48. In this episode: Defensible, not perfect Tools aren't going to save you Logs are wasted on the SOC The myth of the lone wolf Huge thanks to our sponsor, Strike48 Strike48 is the Agentic Log Intelligence Platform that actually puts AI agents to work, combining full log visibility with AI agents that investigate, detect, and respond 24/7. With pre-built agent clusters for security and a no-code agentic workflow builder, it's easy to get started. Learn more at strike48.com/security.
All links and images can be found on CISO Series. This week's episode is co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Mark Eggleston, CISO, CSC. In this episode: Breaking trust to test it Technical controls over testing The measurement imperative Fire drills, not gotchas Huge thanks to our sponsor, Scanner All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data lakes, 10x cheaper than SIEMs. Loved by analysts. Built for AI agents. Learn more at scanner.dev.
All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining them is Vikas Mahajan, vp and CISO, American Red Cross. In this episode: Questionnaires aren't risk management The good old days were worse Buying or building your SOC Start the conversation, not the checklist Huge thanks to our sponsor, Adaptive Security Sponsored by Adaptive Security—the first cybersecurity company backed by OpenAI. AI impersonation and deepfakes have made trust the new attack surface. Adaptive runs realistic social-engineering simulations and instantly turns threats, policies, and compliance needs into interactive, multilingual training. Trusted by Fortune 500s. Learn more at adaptivesecurity.com.
All links and images can be found on CISO Series. This week's episode is co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Cliff Crosland, co-founder and CEO, Scanner.dev. In this episode: Earning autonomy gradually The blast radius question The reality check Today's value, tomorrow's evolution Huge thanks to our sponsor, Scanner All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data lakes, 10x cheaper than SIEMs. Loved by analysts. Built for AI agents. Learn more at scanner.dev.
All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Steve Zalewski. Joining them is Tammy Klotz, CISO, Trinseo. In this episode: Accountability without authority Kill your hacklore Voice is no longer enough Studies that tell us what we already know Huge thanks to our sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.
All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining them is Russ Ayres, CISO, Principal Financial Group. In this episode: Metrics that matter Tool babysitting problem Automating the brokenness Stay connected intentionally Huge thanks to our sponsor, Strike48 Strike48 is the Agentic Log Intelligence Platform that actually puts AI agents to work, combining full log visibility with AI agents that investigate, detect, and respond 24/7. With pre-built agent clusters for security and a no-code agentic workflow builder, it's easy to get started. Learn more at strike48.com/security.