Podcasts about cisos

Show Notes: As cybersecurity has matured, the field has become more formalized within businesses with CISOs leading the way. However, despite the value of the CISO and its widespread adoption, the role has continued to lose agency with other board members. In this episode of CISO Perspectives, host ⁠Kim Jones⁠ sits down with Patty Ryan, the CISO at QuidelOrtho, to assess the value of the role. Throughout the conversation, Patty and Kim will discuss the challenges facing CISOs, why the role has lost its agency, and what can be done to reverse the current trajectory. Want more CISO Perspectives?: Check out a companion ⁠⁠blog post⁠⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It's the perfect follow-up if you're curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals. Learn more about your ad choices. Visit megaphone.fm/adchoices

What keeps a CISO up at night? Hint: It's probably not what you think. While the headlines scream about "genius hackers", the real battle in 2026 is being fought over resilience, identity, and the psychological warfare of AI-driven scams.In this episode of InfosecTrain Tech Talk: Real World Decoded, we sit down with seasoned risk professional Nizamuddin Khaja to peel back the curtain on the modern security leadership mindset. We move past the technical jargon to explore why cybersecurity is a "decision-making problem" rather than a "technology problem".Key Discussion Points:The Resilience Shift: Why the question is no longer "Will we be hacked?" but "How fast can we recover?"The Invisible Boundary: Managing the nightmare of vendor and supply chain risks in a borderless digital world.Human Psychology vs. Intelligence: Why even the smartest employees fall for phishing and how hackers exploit "urgency".The 24-Hour War Room: A CISO's step-by-step checklist for the first 24 hours of a major airline or bank breach.The Rise of the "Deepfake" Scam: How voice cloning and $25M impersonation frauds are changing the threat landscape.A Passwordless Future: Is the era of the "Secret Question" finally over?.

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: Your best employee is your biggest risk Stop guessing the next attack AI is not a feature Stop blaming the user Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.  

I spend a lot of time talking with people in cybersecurity. Founders, analysts, CISOs, researchers. One thing that comes up again and again is that the problem space keeps getting bigger. Not just more threats—more complexity. That's really the thread […] The post Rethinking Cybersecurity For A World Of AI And Machine Identities appeared first on TechSpective.

Why do your friends and parents still get breach notification letters from companies they've never heard of?John Watters aka “The Cowboy” joins the show this week for a hard look at information security. In the early 2000s, he built iDefense from a bankruptcy buyout into one of the most influential threat intelligence companies in the world, pioneered responsible disclosure before the term even existed, and has watched the attack surface evolve from nation-state espionage into something that hits your credit card at a restaurant on a Tuesday.His answer to the breach question? The industry's been losing the clock. Attackers can move from target selection to exploitation in days. Defenders are still operating in weeks. And the gap isn't closing, not by a long shot. If anything, it's widening.This conversation goes from the living rooms of people who've stopped trusting cybersecurity to the boardrooms of Fortune 500 CISOs who still can't explain their third-party risk exposure in plain English. We talk time compression, threat intelligence architecture, the AI arms race that only one side seems to be taking seriously, and the uncomfortable truth about analysis paralysis in a field where the cost of inaction is terminal.John's closing advice to defenders: automate yourself out of a job before someone else does it for you.That one's worth the price of admission alone.Mentioned:This is How They Tell Me the World Ends, by Nicole PerlrothCISO Mike Melo's post on security theater

How does a CISO turn cybersecurity from a technical conversation into a business conversation that boards actually care about? In this episode of Tech Talks Daily, I sit down with Thom Langford, EMEA CTO at Rapid7 and a former CISO, to explore what he calls the second phase of cybersecurity leadership. For years, the industry worked hard to secure a seat at the boardroom table. In many organizations, that mission has largely succeeded. But as Thom explains, gaining access was only the first step. The real challenge now is communicating security in a way that drives meaningful business decisions. Thom shares why many CISOs still approach board conversations in the same way they did a decade ago, even though boardroom awareness of cybersecurity has changed dramatically. Today, many boards include members with cybersecurity knowledge or direct security experience. That means security leaders can no longer rely on technical jargon, complex frameworks, or compliance language to make their case. One of the most interesting insights from our conversation is the disconnect between how CISOs frame risk and what boards are actually focused on. While security teams often lead with risk reduction, boards tend to think in terms of revenue growth and operational costs. Thom argues that security leaders must learn to translate cybersecurity into the language of profit and loss if they want their message to resonate at the executive level. We also explore how traditional security tools such as risk frameworks, audits, and compliance standards can sometimes create distance rather than clarity in board discussions. Instead of helping executives understand security priorities, these models can obscure the real question boards are trying to answer. How secure are we, and what does that mean for the business? Another area we discuss is the growing role of tabletop exercises. Thom explains why these simulations are becoming one of the most effective ways for CISOs to demonstrate the real-world impact of security decisions. By walking executives through a realistic incident scenario, leaders can see how security, operations, legal teams, and business priorities intersect during a crisis. Looking ahead, Thom believes the most successful CISOs will increasingly need to think like business leaders rather than purely technical specialists. Communication skills, relationship building, and understanding the organization's financial priorities may prove just as important as deep technical expertise. So if cybersecurity leaders have already earned their place in the boardroom, the next question becomes much more interesting. Are they speaking the language the board actually understands, or are they still trying to solve business problems using only security vocabulary?

Podcast: Industrial Cybersecurity InsiderEpisode: The Blind Spots Putting Manufacturers at Risk: WEF 2026 Global Cybersecurity OutlookPub date: 2026-03-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationLuRae Lumpkin, Producer of Industrial Cybersecurity Insider, sits down with industrial cybersecurity expert Dino Busalachi to break down the 2026 World Economic Forum Global Cybersecurity Outlook Report and what it really means for manufacturers. While the report surveyed nearly a thousand CEOs, CIOs, and CISOs, Dino reveals a critical blind spot: industrial control systems and OT environments are being left dangerously exposed. They discuss how AI is becoming a double-edged sword for attackers and defenders, why supply chain vulnerabilities remain unaddressed, the shocking lack of cybersecurity skills on plant floors, and why most companies still aren't conducting incident response exercises. Dino shares real-world insights from working in nearly 2,000 plants over four decades, explaining why IT and OT remain disconnected, how remote access creates massive security gaps, and why outdated equipment with decades-old vulnerabilities sits unpatched in critical manufacturing environments. The conversation reveals that while enterprises focus on IT security, the plant floor—where revenue is actually generated—remains critically vulnerable, with potentially catastrophic consequences for businesses, supply chains, and even national GDP. Chapters: (00:00:00) - Introduction and Overview of WEF 2026 Cybersecurity Report (00:01:00) - Where Cybersecurity Funding Actually Goes: IT vs OT Reality (00:03:00) - The Myth of Disconnected Legacy Equipment (00:05:00) - AI as a Double-Edged Sword in Industrial Environments (00:08:00) - The Vulnerability Crisis: Thousands of Unpatched Systems (00:09:00) - Third-Party and Supply Chain Security Gaps (00:12:00) - Remote Access: The Hidden Attack Vector (00:14:00) - Critical Supplier Dependencies and Decentralized OT (00:15:00) - The Skills Gap: Why Industrial Cybersecurity Expertise is Scarce (00:19:00) - The Shocking Truth About Incident Response Exercises (00:22:00) - Real-World Impact: When Manufacturers Get Hit (00:24:00) - Getting All Stakeholders in the Same Room (00:28:00) - Insurance vs Prevention: The True Cost of Cyber Incidents (00:29:00) - Final Thoughts: Who Should Own OT Cybersecurity? Links And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

The CISO role isn't the finish line, it's a launchpad. 69% of security executives are eyeing the exit, and Anthony Johnson is proof that what comes next can be even bigger. Anthony Johnson, former Global CISO at JP Morgan and Fannie Mae, now founder and managing partner at Delve Risk, breaks down what really happens when a security leader stops buying tools and starts building companies. From the trap of unpaid advisory boards to why AI is eliminating the entry-level pipeline, Anthony delivers a no-nonsense look at career strategy, the future of fractional work, and why understanding how your company makes money is the most underrated skill in cybersecurity. If you're a security practitioner at any level, this episode will change how you think about your next move. Impactful Moments 00:00 - Introduction 01:00 - Meet Anthony Johnson 02:00 - 69% of CISOs want out 06:00 - Why Anthony left the CISO seat 09:00 - Revenue changes your security priorities 11:00 - Career paths after the CISO role 13:00 - The advisory board compensation trap 17:00 - AI's threat to the talent pipeline 22:00 - Hiring for aptitude over competency 24:00 - Soft skills win in the AI era 29:00 - Corporate loyalty is dead—now what 31:00 - Networking that actually lands roles 34:00 - Know how your company makes money 36:00 - Ron's personal reflection on freedom Links Connect with our guest, Anthony Johnson, on LinkedIn: https://www.linkedin.com/in/anthony-johnson-delverisk/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/  

Podcast: Industrial Cybersecurity InsiderEpisode: IT SOC vs OT SOC How & Why They're DifferentPub date: 2026-02-25Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCraig and Dino tackle the critical differences between IT and OT Security Operations Centers, revealing why traditional IT-centric SOCs are failing to protect manufacturing environments.Drawing from real-world examples, including a global beverage company that discovered they were only monitoring one-third of their OT assets, the hosts expose the fundamental disconnect between IT security teams and operational technology environments.They discuss why IT SOCs struggle with OT visibility, the challenges of asset inventory in dynamic manufacturing environments, and the critical importance of localization in security operations.The conversation covers practical barriers like line changeovers, PLC modifications, remote access vulnerabilities, and the need for OT-specific incident response protocols.Craig and Dino emphasize that effective OT security requires IT teams to become embedded in plant operations, working collaboratively with OEMs and system integrators, and understanding the unique operational context of manufacturing assets.This episode is essential listening for CISOs, plant managers, and security professionals trying to bridge the IT-OT security gap.Chapters:(00:00:00) - The Two-Thirds Problem: When Your SOC Can't See Your Plant Floor(00:01:00) - The OT SOC Asset Visibility Problem: A Case Study(00:03:00) - Why IT SOCs Can't Manage OT Assets(00:05:00) - Line Changeovers and Operational Context(00:07:00) - First Responders and Incident Response Challenges(00:10:00) - The WannaCry Response Gap(00:12:00) - Asset Inventory and Baseline Challenges(00:15:00) - Incident Response and Phone Trees(00:17:00) - Organizational Accountability Problems(00:19:00) - Greenfield Opportunities and Standardization(00:22:00) - The IT-OT Collaboration Challenge(00:24:00) - Think Global, Act Local: Embedding IT in PlantsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

What should a Chief Information Security Officer focus on during the first 100 days in the role? In this episode of the Leadership Podcast, Niels Brabandt interviews cybersecurity strategist and author JC Gaillard. Drawing on decades of experience in financial institutions and global organisations, JC Gaillard explains why the first hundred days of a CISO are critical for establishing long term cybersecurity impact. The discussion explores leadership, governance and execution in cybersecurity and introduces JC Gaillard's 666 framework for navigating the early months of a new CISO role. Topics include: • Why many CISOs struggle to create lasting impact • The cybersecurity spiral of failure in large organisations • The leadership nature of the modern CISO role • The 666 framework for the first 100 days • Moving beyond compliance towards real business value • Why execution is the central challenge of cybersecurity strategy This conversation between Niels Brabandt and JC Gaillard provides strategic insights for executives, board members and cybersecurity leaders responsible for protecting modern organisations. Guest: JC Gaillard Host: Niels Brabandt Contact Niels Brabandt: https://www.linkedin.com/in/nielsbrabandt/ Niels Brabandt's Leadership Letter: https://expert.nb-networks.com/ Niels Brabandt's Website: https://www.nb-networks.biz/ 

Attackers are moving in 72 minutes. One CISO has already eliminated the entire SOC team. And the industry is spending a quarter of a trillion dollars while struggling to define what "resilience" even means. In this edition of Lens Four, Sean Martin looks at the cybersecurity landscape through three lenses — programs, innovation, and messaging — to connect the signals that matter.

What separates an average CISO from a world-class cybersecurity leader? In this episode of Life of a CISO, Dr. Eric Cole explains why the most influential security leaders don't just manage technology—they become the trusted authority executives rely on to make critical business decisions. Dr. Cole shares how CISOs can gain influence with the board, communicate cyber risk in business terms, and guide organizations through major decisions around AI, data security, and emerging cyber threats. If you want executives to listen to cybersecurity—not ignore it—this episode shows you how.

#SecurityConfidential #DarkRhiinoSecurityTiffini Smith is a strategic legal executive and board advisor with over 20 years of experience in privacy, cybersecurity, and AI governance. A U.S. Patent Attorney with bar admissions in the U.S. and England & Wales, she helps organizations navigate everything from breach preparedness to the EU AI Act. Tiffini has led global legal teams and provided global cybersecurity legal advice, including addressing issues such as incident response readiness, vendor risk programs, AI model risk reviews, and board-level briefings, and is known for translating complex legal and cyber risk into actionable guidance for executives. She also authors a newsletter.00:00 Intro02:28 Our Guest05:48 Regulation across states and countries09:48 Cybersecurity regulation culturally14:00 Employee training and teaching them the Why 23:07 How do you mitigate against AI?25:00 CISOs don't understand how the business works29:11 Does being compliant actually reduce your exposure? 34:00 Regulations on AI in your business50:10 More about Tiffini----------------------------------------------------------------------To learn more about Tiffini visit https://www.linkedin.com/in/tiffini-smith/To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com----------------------------------------------------------------------

Podcast: PrOTect It All (LS 27 · TOP 10% what is this?)Episode: Safe AI Automation for Cybersecurity: Practical Workflows Without the RiskPub date: 2026-03-02Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationAI can accelerate cybersecurity - or accidentally expose it. In this solo episode of Protect It All, host Aaron Crow breaks down how cybersecurity professionals can safely integrate AI into their IT and OT workflows. As tools like ChatGPT, Copilot, and enterprise AI platforms become part of daily operations, the question isn't whether to use AI - it's how to use it responsibly. Aaron moves beyond buzzwords to focus on practical, everyday applications: automating reports, summarizing threat intelligence, drafting policies, enhancing documentation, and streamlining repetitive tasks. At the same time, he tackles the real concerns leaders face - data privacy, compliance, policy alignment, and shadow AI risks. You'll learn: Where AI delivers immediate value in cybersecurity workflows How to automate without exposing proprietary or regulated data The difference between enterprise AI tools and public platforms How to align AI usage with corporate security policies Practical ways CISOs and analysts can boost productivity safely Why governance and awareness matter as much as innovation Whether you're leading a security program or working hands-on in IT or OT environments, this episode delivers actionable strategies to use AI smarter—not riskier. Tune in to learn how to automate with confidence and stay ahead of the curve—only on Protect It All. Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast   To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Attackers are moving in 72 minutes. One CISO has already eliminated the entire SOC team. And the industry is spending a quarter of a trillion dollars while struggling to define what "resilience" even means. In this edition of Lens Four, Sean Martin looks at the cybersecurity landscape through three lenses — programs, innovation, and messaging — to connect the signals that matter.

With the introduction of Agentic AI, autonomous "everything" is all the rage. But we've been burned by automation in the past. Remember the days of Intrusion Prevention Systems and why we never put them into blocking mode? Automation may be the future of security and IT operations, but the path to autonomous "everything" must be earned. How do you build autonomous capabilities with confidence and trust? Tim Morris, Financial Services Strategist at Tanium, joins Business Security Weekly to discuss how teams can introduce autonomous capabilities in a crawl-walk-run progression that builds trust over time. Automation is not about laying off employees, it's about efficiency and speed. Tim will guide us on a journey to build automation we can trust that allow us to reduce repetitive work and minimize human error without creating fear of “machine mistakes.” This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! In the leadership and communications segment, Boards don't need cyber metrics — they need risk signals, Why Cybersecurity Is Now a Business Strategy, Not Just IT?, Where Senior Leaders Are Struggling with AI Adoption, According to Research, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-437

The MSP market is undergoing a critical shift toward risk management as the central value proposition, with operational accountability now defined by the ability to produce defensible documentation and deliver rapid incident response. According to Dave Sobel, MSPs are no longer primarily offering stack management, but are increasingly brokering risk through cyber warranties, insurance underwriting, incident retainers, and AI governance frameworks. Those unable to support their claims with evidence and formal processes risk becoming mere facilitators for third-party terms and losing control over their margins. Recent developments reinforce this shift. A Splunk report finds that nearly all CISOs now view AI governance and risk management as their responsibility, citing threat actor sophistication as a primary driver. AI is assisting with event triage and data correlation, but verification—especially around AI-generated content—is unreliable, with detection tools struggling against advanced fakes. Insurance mechanisms are becoming productized with prioritized incident response, and legal intelligence is being embedded into MSP workflows. Vendors like N-able, Monjur, SentinelOne, and DocuSign are directly integrating financial, legal, and governance functions into their offerings, fundamentally altering client and vendor relationships. Adjacent stories illustrate volatility in traditional safeguards and the operational reality of adaptive threats. CISA leadership changes indicate instability in public response institutions. AI-powered malware exemplifies the challenge: ESET's PromptSpy uses Gemini to continuously adapt its persistence, outpacing static detection models. Insurance underwriters are increasingly demanding machine-verifiable evidence of controls, using detailed questionnaires to distinguish autonomous AI from marketing claims. The risk is no longer just technical; it is structural. For MSPs and IT leaders, operational posture is now shaped by an ecosystem of embedded warranties, legal terms, governance requirements, and adaptive threats. The ability to document, defend, and productize risk controls becomes a baseline for credibility and insurance eligibility. Failure to build evidence pipelines and clarify vendor-imposed liabilities exposes service providers to compounded risk. The practical implication is a necessity for MSPs to treat governance and detection as measurable, documented capabilities—not assumptions or routine paperwork. Three things to know today: 00:00 CISOs Own Governance, Detectors Lag Fakes, Response Gets Contracted — Accountability Follows 03:14 N-able, SentinelOne, DocuSign Move Risk Management Into the Stack — MSP Terms Follow 05:10 CISOs Want Agentic AI, But Insurers and Adaptive Malware Are Forcing the Timeline 07:32 Why Do We Care?  Supported by:  CometBackUpSmall Biz Thoughts Community

#SecurityConfidential #DarkRhiinoSecurityTiffini Smith is a strategic legal executive and board advisor with over 20 years of experience in privacy, cybersecurity, and AI governance. A U.S. Patent Attorney with bar admissions in the U.S. and England & Wales, she helps organizations navigate everything from breach preparedness to the EU AI Act. Tiffini has led global legal teams and provided global cybersecurity legal advice, including addressing issues such as incident response readiness, vendor risk programs, AI model risk reviews, and board-level briefings, and is known for translating complex legal and cyber risk into actionable guidance for executives. She also authors a newsletter.00:00 Intro02:28 Our Guest05:48 Regulation across states and countries09:48 Cybersecurity regulation culturally14:00 Employee training and teaching them the Why 23:07 How do you mitigate against AI?25:00 CISOs don't understand how the business works29:11 Does being compliant actually reduce your exposure? 34:00 Regulations on AI in your business50:10 More about Tiffini----------------------------------------------------------------------To learn more about Tiffini visit https://www.linkedin.com/in/tiffini-smith/To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com----------------------------------------------------------------------

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

With the introduction of Agentic AI, autonomous "everything" is all the rage. But we've been burned by automation in the past. Remember the days of Intrusion Prevention Systems and why we never put them into blocking mode? Automation may be the future of security and IT operations, but the path to autonomous "everything" must be earned. How do you build autonomous capabilities with confidence and trust? Tim Morris, Financial Services Strategist at Tanium, joins Business Security Weekly to discuss how teams can introduce autonomous capabilities in a crawl-walk-run progression that builds trust over time. Automation is not about laying off employees, it's about efficiency and speed. Tim will guide us on a journey to build automation we can trust that allow us to reduce repetitive work and minimize human error without creating fear of "machine mistakes." This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! In the leadership and communications segment, Boards don't need cyber metrics — they need risk signals, Why Cybersecurity Is Now a Business Strategy, Not Just IT?, Where Senior Leaders Are Struggling with AI Adoption, According to Research, and more! Show Notes: https://securityweekly.com/bsw-437

With the introduction of Agentic AI, autonomous "everything" is all the rage. But we've been burned by automation in the past. Remember the days of Intrusion Prevention Systems and why we never put them into blocking mode? Automation may be the future of security and IT operations, but the path to autonomous "everything" must be earned. How do you build autonomous capabilities with confidence and trust? Tim Morris, Financial Services Strategist at Tanium, joins Business Security Weekly to discuss how teams can introduce autonomous capabilities in a crawl-walk-run progression that builds trust over time. Automation is not about laying off employees, it's about efficiency and speed. Tim will guide us on a journey to build automation we can trust that allow us to reduce repetitive work and minimize human error without creating fear of "machine mistakes." This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! In the leadership and communications segment, Boards don't need cyber metrics — they need risk signals, Why Cybersecurity Is Now a Business Strategy, Not Just IT?, Where Senior Leaders Are Struggling with AI Adoption, According to Research, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-437

With the introduction of Agentic AI, autonomous "everything" is all the rage. But we've been burned by automation in the past. Remember the days of Intrusion Prevention Systems and why we never put them into blocking mode? Automation may be the future of security and IT operations, but the path to autonomous "everything" must be earned. How do you build autonomous capabilities with confidence and trust? Tim Morris, Financial Services Strategist at Tanium, joins Business Security Weekly to discuss how teams can introduce autonomous capabilities in a crawl-walk-run progression that builds trust over time. Automation is not about laying off employees, it's about efficiency and speed. Tim will guide us on a journey to build automation we can trust that allow us to reduce repetitive work and minimize human error without creating fear of "machine mistakes." This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! In the leadership and communications segment, Boards don't need cyber metrics — they need risk signals, Why Cybersecurity Is Now a Business Strategy, Not Just IT?, Where Senior Leaders Are Struggling with AI Adoption, According to Research, and more! Show Notes: https://securityweekly.com/bsw-437

Cybersecurity leader and author George Finney joins Ann on this week's episode of Afternoon Cyber Tea to explore how trust, communication, and culture shape effective security leadership. Drawing on his experience in higher education and enterprise environments, George explains why Zero Trust succeeds or fails based on people not technology, and how CISOs can better communicate risk to executives and boards. The conversation also dives into AI governance, relatable storytelling as a leadership tool, and why making cybersecurity approachable is essential for building resilient organizations.  Resources:  View George Finney on LinkedIn   View Ann Johnson on LinkedIn   Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast   The BlueHat Podcast    Uncovering Hidden Risks         Discover and follow other Microsoft podcasts at microsoft.com/podcasts      Afternoon Cyber Tea with Ann Johnson is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.    

AI hype isn't slowing down, and for cybersecurity leaders, that's exactly the point. As organizations race to inject generative AI and AI agents into every corner of the business, CISOs face a new challenge: cutting through inflated expectations without getting left behind.  In this preview of the Opening Keynote from Gartner Security & Risk Management Summit, Gartner experts Christine Lee and Leigh McMullen explain why now is the moment for cybersecurity to stop resisting the Hype Cycle, and start using it as a strategic advantage.   You'll learn: Why AI hype is becoming a catalyst, not a distraction, for cybersecurity How to use outcome‑driven metrics to guide smarter investments The biggest risks and realities of GenAI and AI agents What early AI adopters in cybersecurity are doing differently How embracing hype can strengthen resilience and unlock innovation   Dig deeper: Explore more Gartner for CISOs insights Attend a Gartner Cybersecurity Conference near you See why Gartner is the world authority on AI Become a client to try AskGartner  

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

This week on Ethical Voices Bill Keeler, senior director of PR and communications with Semperis a leader in AI powered identity security, and cyber resilience, discusses: Why "vaporware" claims are the fastest way to lose credibility in cyber PR The ethics issues involved in ransomware attacks The issues CISOs face – and how it is coming to the big screen The power of transparency

Jeff and Jim sit down with David Llorens, principal at RSM, to break down the RSM 2026 Attack Vectors Report. Drawing from real-world offensive security engagements, David explains why identity continues to be the primary attack surface, how AI chatbots are creating new vulnerabilities through prompt injection, and what separates organizations that get breached from those that don't. The conversation covers MFA gaps, the explosion of non-human identities, why PAM is the top investment priority for 2026, and how CISOs can align security spending with business objectives. Plus, the episode wraps up with soccer stories and some quality trash talk.Connect with David: https://www.linkedin.com/in/david-llorens-009a3310/Review RSM's 2026 Attack Vectors Report: https://rsmus.com/insights/services/risk-fraud-cybersecurity/rsm-attack-vector-report.htmlConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comTIMESTAMPS0:00 - Intro and Jim's big personal news4:51 - Main topic intro: RSM 2026 Attack Vectors Report5:55 - David's origin story and how he got into cybersecurity9:53 - What a principal is at RSM and David's current role11:16 - What the Attack Vectors Report is and how it is created14:40 - Why identity security is a dominant theme in this year's report17:19 - What separates organizations that get breached from those that don't18:18 - MFA as the first line of defense18:45 - Privileged access management as a growing priority19:40 - Detecting lateral movement through identity anomalies21:00 - Credential rotation as an advanced defensive technique22:26 - Non-human identities and service account risks24:37 - Middle market challenges and budget constraints25:17 - Is it the size of the budget or how you spend it?28:29 - Using internal audit and cross-department collaboration for security wins30:15 - Cybersecurity as a business enabler, not a deterrent32:45 - Non-human identities and agentic AI creating new attack surfaces35:51 - Prompt injection attacks and AI chatbot vulnerabilities39:42 - Actionable recommendations for practitioners42:41 - MFA implementation gaps and session hijacking45:02 - The case for FIDO2 and layered conditional access46:35 - Is identity security a board-level issue?49:47 - Three things CISOs should focus on through 202650:52 - PAM as the top investment priority51:28 - Removing unnecessary privileges from users56:11 - Redefining what privilege means in your organization57:43 - Social media accounts as privileged access58:42 - Credentials stored in SharePoint and OneDrive59:38 - Wrap up and where to find the report59:58 - Lighter topic: David's soccer background and playing semi-pro1:05:06 - Best trash talk stories1:07:03 - Jim's trash talk philosophy: scoreboard1:08:00 - Jeff's basketball trash talk and calling his shots1:10:00 - Final thoughts and sign offKEYWORDSIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, David Llorens, RSM, attack vectors report, offensive security, penetration testing, identity security, MFA, multifactor authentication, privileged access management, PAM, non-human identities, service accounts, agentic AI, AI security, prompt injection, lateral movement, credential rotation, FIDO2, conditional access, session hijacking, middle market, CISO, board-level security, certificate-based authentication, active directory, configuration management, shadow AI

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

From ViVE 2026 in Los Angeles, Michael chats with John Kirkman, Vice President of Government, Healthcare, and Education at Island. Together, they discuss how CIOs and CISOs can show that their approach to AI governance is working; the playbook for securing AI-assisted workflows; overcoming the biggest "shadow AI" risk today; how CIOs are modernizing their systems while still relying on essential legacy applications; uncovering blind spots for managing third parties and contractor access; and much more.

This week on Cyber Uncut, David Hollingworth and Daniel Croft unpack the week's cyber and AI news and entertain a special guest to boot! The pair kick off the podcast discussing Qantas facing a backlash over a series of job cuts that may be informed by the company embracing AI, while WiseTech's announcement of 2,000 job cuts definitely is driven by AI uptake. The pair also talk about CrowdStrike's latest research, which shows hackers are embracing AI as much as everyone else. Hollingworth then unpacks a hacking spree targeting Australian small and medium-sized businesses by the Qilin ransomware operation, as well as a hack that has taken a major Aussie poultry producer offline. The pair also discuss the implications of an Australian man charged for selling cyber secrets to a broker linked to Russia. Hollingworth introduces this week's guest, ProofPoint CEO Sumit Dhawan, before the pair have a chat about agentic AI threats and how CISOs can educate their boards, and then they have a look at a more lighthearted – somewhat – sex toy data breach. Enjoy, The Cyber Uncut team

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Aleksandr Yampolskiy was doing everything right. He had the tools, the budget, the processes - the full security stack humming along at the e-commerce company where he served as CISO. Then one routine vendor integration blew the whole thing open. Unencrypted credit card data from other customers, just sitting there, inside a platform that had been rubber-stamped by a Big Four firm. In that moment, he realized something most security leaders spend their careers trying not to think about: you can do everything right and still lose your job because someone else didn't.That scar became SecurityScorecard.But here's where the story gets interesting. When Aleksandr, or AY - as he introduced himself when joining me in my studio, started telling people in 2013 that he wanted to quantify cyber risk the same way credit scores quantify financial risk, nobody was excited. The reactions ranged from "that's impossible" to a polite shrug. Most founders would have taken that as a signal to pivot. Alex took it as proof he was early enough to matter.In this episode, we go deep. We talk about why the status quo, not a named competitor, is the most dangerous thing your sales team will ever face. AY tells the story of twenty buyers who all said "I love it, I'll buy it" and then every single one of them disappeared when he came back with the finished product. (Oh, how I resonate deeply with this pain.)He explains how a pediatrician named Dr. Virginia Apgar, who saved tens of thousands of newborns with a simple scoring system, became the intellectual blueprint for how Security Scorecard thinks about risk. And he gets honest about hiring decisions that went wrong because he ignored a gut feeling he couldn't quite articulate at the time.We also get into territory that most cybersecurity podcasts don't touch. AY talks about boards adopting AI to impress Wall Street while CISOs scramble to secure shadow deployments nobody authorized. He walks through why 150 companies control ninety percent of the global attack surface and what that means for everyone else. He makes the case that quantum computing will be a Y2K-scale migration problem much sooner than the industry wants to admit. And he shares a question from his company advisor that I think every GTM leader needs to sit with: Who do you want your customers to become?This is a conversation about how a scientist thinks about risk, why the language gap between the SOC and the boardroom is an actual vulnerability, and what it really takes to build something that changes how an industry operates.Listen in and enjoy.A special thanks to our friends at SecurityScorecard for partnering with us to tell this story. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit audience1st.substack.com

Send a textCameron and Gabe sit down with Girish Redekar, co-founder and CEO of Sprinto, to pull back the curtain on one of the most misunderstood areas of security: compliance.Girish built his first startup, RecruiterBox, to 3,500 customers before selling it, and it was the painful, expensive, duct-taped compliance process he experienced firsthand that sparked the idea for Sprinto. Today, Sprinto helps companies move beyond point-in-time audits into something far more valuable: continuous, autonomous trust.In this episode, we dig into:Why passing a SOC 2 or ISO 27001 audit doesn't mean you're actually secureThe three stages of compliance maturity — and how to climb themWhat "compliance debt" is and why it's quietly eating your businessHow smart CISOs use their security posture as a revenue driver, not a back-office cost centerThe "$100/month" challenge: what actually moves the needle for startupsHow AI is reshaping compliance programs — for better or worseWhy Girish spent over a year talking to customers before writing a single line of codePlus: the "sell more jeans" framework every CISO should know, Rich Hickey, The Mom Test, and the toilet paper question.

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

In this Secur(IT) episode, host Philip de Souza talks with George Tsantes, Partner at Newport LLC, former Accenture partner, EY principal, and co‑author of Cyber Attacks: Managing the Risk and Results. They explore how boardscan turn cybersecurity into business strategy by prioritizing vigilance over pure prevention, protecting the “crown jewels,” and using business metrics instead of vanity dashboards. The conversation also covers AI‑driven threats, third‑party and “meta‑enterprise” exposure, incident readiness, and how CISOs can “prove cybersecurity” in clear board language

In this episode of Life of a CISO, Dr. Eric Cole sits down with cloud and AI expert Matt Lea to unpack the real risks and opportunities shaping cybersecurity today. They dive into AWS outages, cloud resiliency strategies, and how organizations should think about redundancy instead of blindly trusting a single provider. The conversation explores how CISOs can balance cost versus risk when designing cloud architectures and why insider issues, burnout, and knowledge silos often pose bigger threats than external attackers. Matt shares practical insights on AWS AI tools like Bedrock and SageMaker, when to adopt them, and how AI is changing cloud operations at scale. The episode also covers startup lessons, building resilient teams, and the importance of documenting knowledge to avoid single points of failure. Plus, they discuss Cloud War Games, a hands-on approach to training teams under real outage scenarios. If you're a security leader, cloud architect, or technologist navigating AI and cloud transformation, this episode delivers actionable guidance on building resilient systems, managing risk, and preparing for the next wave of cyber challenges.  

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

In this episode of the CISO Tradecraft podcast, PKWARE Field CTO EJ Pappas joined host G Mark Hardy and Ross Young. The group talked about many challenges and solutions for modern data security. One critical component is the shift from platform-centric to data-centric security. The experts also discussed the barriers to data visibility that CISOs face and how discovery solutions bring clarity. No conversation could be complete without AI and its role as both a defensive framework and the threats it carries. Tune into this engaging conversation with takeaways that are practical and useful.

What does autonomous IT really look like when you move beyond the slideware and start wiring systems together in the real world? At Dynatrace Perform in Las Vegas, I sat down with Pablo Stern, EVP and GM of Technology Workflow Products at ServiceNow, to unpack exactly that. Pablo leads the teams focused on CIOs and CISOs, building the workflows and security products that sit at the heart of modern IT organizations. From service desks and command centers to risk and asset management, his remit is clear: enable AI to work for people, not the other way around. We began with ServiceNow's deepening multi-year partnership with Dynatrace. While the announcement made headlines, Pablo was quick to point out that the real story starts with customers. This collaboration is rooted in a shared goal of helping joint customers reduce outages, improve SLA adherence, and shrink mean time to resolution. The vision of autonomous IT operations is not about hype. It is about connecting observability data with deterministic workflows so that insight can evolve into coordinated, system-level action. Pablo walked me through the maturity curve he sees emerging. First came AI-powered insight, summarizing data and surfacing signals from noise. Then came task automation, drafting knowledge articles, paging teams, triggering predefined playbooks. The next step, and the one that excites him most, is orchestrated autonomy. That means stitching together skills, agents, and workflows into systems that can drive end-to-end outcomes. It is a journey measured in years, not months, and it depends as much on digitizing process and building trust as it does on technology. We also explored root cause analysis, still one of the biggest time drains in IT. By combining Dynatrace's AI-driven observability with ServiceNow's workflow engine, enterprises can automate forensic steps, correlate events faster, and shorten the time spent on major incident bridges where teams debate ownership. Even incremental improvements in accuracy can save hours when incidents strike. Trust, of course, remains central. Pablo was candid that full self-healing systems are still some distance away. What we will see first is relief automation, controlled failovers, scripted actions suggested by machines but approved by humans. Over time, as confidence grows and processes become fully digitized, the balance will shift. Beyond the technology, a consistent theme ran through our conversation. Outcomes have not changed. Enterprises still want higher availability, faster resolution, better employee experiences. What is changing is the how. ServiceNow is reimagining its platform to deliver those outcomes at a much higher standard, not through incremental tweaks, but through rethinking workflows for an AI-first world. From design partnerships with banks building pre-flight change checks, to internal teams acting as the toughest customers, this was a grounded, practical conversation about where autonomous operations are headed and what it will take to get there. If you are a CIO, CISO, or IT leader wondering how to move from theory to execution, this episode offers a clear-eyed look behind the curtain.      

What separates organizations that pass audits from those that survive real incidents? In this episode of The Segment, host Raghu Nandakumara sits down with Phil Park, global cybersecurity and risk leader at IBM. With more than 25 years advising financial institutions across the U.S., Europe, and Asia-Pacific, Phil brings a practical perspective on how supervision is rapidly evolving from compliance checklists to real-world operational readiness. Together, Raghu and Phil unpack the industry's biggest mindset shift: regulators no longer ask “Are you protected?” — they ask “Can you operate through disruption?” They explore why prevention alone is no longer enough, why containment and recovery now define security maturity, and how CISOs are moving from siloed operators to enterprise-wide risk leaders accountable to boards and regulators alike. The conversation also dives into: Why regulators evaluate response quality rather than technical perfection   How organizations are turning tabletop exercises into realistic resilience testing   The growing pressure created by third-party and supply-chain dependencies   Why evidence and outcomes matter more than policies and frameworks   How overlapping reporting requirements are reshaping incident response playbooks   The double-edged role of AI in both defense and attack, including deepfake risks   Why security fundamentals matter even more in the AI era   This episode is a must-listen for security leaders and executives navigating a world where passing the audit is no longer the goal — proving you can withstand disruption is. Also, if you're attending FSISAC, join Illumio, IBM, and Palo Alto Networks for an exclusive dinner at Capital Grille! Save your seat here: https://lp.illumio.com/20260302-Steak-And-Security-Dinner.html?utm_medium=email&utm_source=marketo

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Flavius Plesu is the founder and CEO of OutThink, a revolutionary Human Risk Management Platform (SaaS) empowering CISOs by targeting the source of 90% of all data breaches: human behavior. In this episode, he joins host Scott Schober and Adam Keown, CISO at Eastman, to discuss social engineering, humans, and why it's so important to train them. Culture Shapes Security is a Cybercrime Magazine podcast series brought to you by OutThink. To learn more about our sponsor, visit https://outthink.io.

In this episode of the Shift AI Podcast, Scott Roberts, CISO at UiPath, joins host Boaz Ashkenazy for a deep dive into how agentic AI is reshaping enterprise security and automation—both for customers and inside UiPath itself.Scott shares his 25-year security journey spanning Microsoft's early Security Response Center days (including the era that produced Patch Tuesday and the Security Development Lifecycle), product security work across Windows and Xbox, time at AWS, and leadership roles at Google where he helped build the Android Security Assurance and Pixel Security teams and the Android Monthly Security Update process. He also discusses his work in security standards across IPsec, HTML5 encrypted media, GSMA device security, and most recently, contributions to emerging agentic AI security standards.The conversation then explores UiPath's evolution from traditional RPA into a unified platform that combines deterministic automation with agentic workflows. Scott walks through a real-world healthcare billing example where agentic automation increased deduplication accuracy dramatically by handling complex, variable inputs that classic RPA struggled with—while still keeping humans in the loop and feeding outcomes back into the system to improve over time.Boaz and Scott go deep on what's changed for CISOs in the post-LLM world: the need for guardrails, identity and entitlements for AI agents, and the challenge of end users copying sensitive information into consumer AI tools. Scott explains UiPath's approach: enable adoption while using nudges and policy controls to redirect sensitive workflows into enterprise-safe environments rather than relying solely on blocks.The episode closes with an eye-opening look at UiPath's internal “agentic threat analyst” system—an orchestration of 60+ agents that can investigate SIEM alerts end-to-end, generate structured incident writeups, and compress hours of analyst work into roughly a minute and a half. Scott's future-looking takeaway: as AI models evolve beyond “read-only” into potentially “read-write” systems that can update their foundational knowledge, the acceleration could be truly mind-blowing.This episode is essential listening for security leaders, enterprise operators, and automation teams trying to understand how agentic systems change not just productivity, but the entire security operating model.Chapters[00:01] Scott's Security Journey: Microsoft, Google, Coinbase, UiPath[01:33] Security Standards Work: From IPsec to Agentic AI Standards[04:08] What UiPath Does: Process Orchestration, RPA, and Enterprise Automation[06:28] RPA vs Agentic Automation: A Healthcare Billing Deduplication Example[09:17] The Agentic Stack: Canvas, Guardrails, and the AI Trust Layer[10:31] How LLMs Change Security: Data Controls, Access, and Governance[12:14] Internal Adoption at UiPath: AI Tooling by Persona (Legal, Finance, Engineering)[13:13] Code Velocity and Security: Agents Generating Code, Agents Verifying It[15:53] Two AI Security Worlds: Orchestration Platforms vs End-User Chat Interfaces[17:11] Securing End Users: Enterprise LLMs, Nudges, and Browser-Based Controls[19:07] Sovereign AI and Data Boundaries: Keeping Data in the Right Region[21:00] Over-Permissioning Meets Agents: Why AI Makes Old Problems Obvious Fast[22:21] The Next Wave: AI Transforming the Entire SDLC End-to-End[24:53] Security Pitfalls in Agentic SDLC: Misaligned Incentives and Permissions[26:02] UiPath's Agentic Threat Analyst: 60+ Agents, SIEM to Writeup Automation[30:07] What Changes for Humans: Faster “Time to Truth” and Higher-Leverage Work[32:09] Two-Word Future: “Mind Blowing” and Read/Write ModelsConnect with Scott RobertsLinkedIn: https://www.linkedin.com/in/scottroberts6/Connect with Boaz AshkenazyLinkedIn: https://www.linkedin.com/in/boazashkenazy/Email: info@shiftai.fm

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Stevie Case is the CRO of Vanta, the trust management platform serving everyone from founders to Fortune 100 CISOs. A former pro-video gamer who stumbled into sales through a mentor's bet, Stevie has built one of the most unconventional paths to the C-suite in tech. In this episode, she unpacks why early revenue hires fail, what separates a true CRO from a VP of Sales, and why she believes fewer than 10% of current CROs will thrive by 2028. In today's episode, we discuss: Why early revenue hires fail What a top 1% CRO actually does The scaling mistake Stevie made by copying Twilio's playbook at Vanta Why Vanta remains 100% sales-led at every segment AI vs. humans in go-to-market References: Cursor: https://cursor.sh/ Gong: https://www.gong.io/ Salesforce: https://www.salesforce.com/ Twilio: https://www.twilio.com/ Vanta: https://www.vanta.com/ Where to find Stevie: LinkedIn: https://www.linkedin.com/in/steviecase/ Where to find Brett: LinkedIn: https://www.linkedin.com/in/brett-berson-9986094/ Twitter/X: https://twitter.com/brettberson Where to find First Round Capital: Website: https://firstround.com/ First Round Review: https://review.firstround.com/ Twitter/X: https://twitter.com/firstround YouTube: https://www.youtube.com/@FirstRoundCapital This podcast on all platforms: https://review.firstround.com/podcast Timestamps: 00:00 Why early revenue hires fail 02:23 Who to hire at $5M in revenue 04:16 Coin-operated sellers vs. long-term builders 05:57 What excellence looks like in the CRO role 07:44 Metrics, confidence, and velocity 12:04 Should CROs lead sales? 14:39 From shy seller to revenue leader 16:36 Learning to scale at Twilio 17:44 "There is no CRO playbook" 19:58 Stevie's scaling mistake at Vanta 22:16 Why Vanta stays 100% sales-led 23:16 The value of planning 24-26 months ahead 29:54 When trusting intuition was the wrong call 30:49 Do humans still have a place in the future of GTM? 33:33 Stevie's leadership non-negotiables 36:36 The myth of hiring for industry expertise 40:00 What stays centralized in a 600-person company 47:09 The hidden leverage of a customer's first 30 days 53:42 Why the CRO role will face enormous changes by 2028 58:42 What leaders must do now to stay relevant 01:02:30 Unpacking the CEO-CRO dynamic

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is brought to you Cybercrime Magazine, Page ONE for Cybersecurity at https://cybercrimemagazine.com. • For more breaking news, visit https://cybercrimewire.com

Chris and Hector sit down with an anonymous CISO who pulls back the curtain on how cybersecurity actually works inside large organizations. From security theater and boardroom politics to AI risk, bug bounties, and why CISOs are often the fall guy during major incidents, the conversation gets candid fast. Join our Patreon for weekly bonus episodes: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Steve Zalewski. Joining them is Tammy Klotz, CISO, Trinseo. In this episode: Accountability without authority Kill your hacklore Voice is no longer enough Studies that tell us what we already know Huge thanks to our sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.