CISO Series Podcast

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Pam Lindemoen, CSO, vp of strategy, Retail and Hospitality-ISAC. Joining them is Jason Mayor, deputy CISO, Raymond James Financial. This episode was recorded in front of a live audience at the National Cybersecurity Alliance's Convene conference in Clearwater, Florida. In this episode: Coaching security Planned security theater Making "nothing bad happened" a compelling story Getting security teams to think like the business A huge thanks to our sponsor, Adaptive Security Sponsored by Adaptive Security – the first security awareness platform built to stop AI-powered social engineering. AI impersonation and deepfakes have made trust the new attack surface. Adaptive runs social-engineering simulations and instantly turns threats, policies, and compliance needs into interactive, multilingual training. Trusted by Fortune 500s. Learn more at adaptivesecurity.com. A huge thanks to our sponsor, Zepo Zepo Intelligence transforms employee behavior into measurable security capability. Moving beyond check-box compliance, our human risk management platform uses hyper-personalized simulations to turn your workforce into a proactive defense layer. We don't just improve human behavior; we enable mastery against modern social engineering threats. Learn more at zepo.ai. A huge thanks to our sponsor, KnowBe4 KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, we help strengthen security culture and manage human risk. Our comprehensive AI-driven HRM+ platform includes modules for awareness and compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity content, tools, and techniques to keep the modern workforce—both humans and AI agents—cybersafe from phishing, vishing, deepfakes, and all forms of social engineering. Learn more at knowbe4.com.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining is Julie Myerholtz, CISO, Brunswick Corporation. In this episode: Your cloud, your problem Kill your sacred cows AI broke your vendor math Feedback is a gift. Open it. A huge thanks to our sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is Rebecca Harness, CISO, Deltek. In this episode: Let it fail The CIO seat is empty. Now what? Design for how people actually work "We found 23 issues. That'll be $15,000." Huge thanks to our sponsor, Strike48 Strike48 is the Agentic Log Intelligence Platform that actually puts AI agents to work, combining full log visibility with AI agents that investigate, detect, and respond 24/7. With pre-built agent clusters for security and a no-code agentic workflow builder, it's easy to get started. Learn more at strike48.com/security.

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: Your best employee is your biggest risk Stop guessing the next attack AI is not a feature Stop blaming the user Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Tim Leehealey, vp of corporate strategy and operations, Strike48. In this episode: Defensible, not perfect Tools aren't going to save you Logs are wasted on the SOC The myth of the lone wolf Huge thanks to our sponsor, Strike48 Strike48 is the Agentic Log Intelligence Platform that actually puts AI agents to work, combining full log visibility with AI agents that investigate, detect, and respond 24/7. With pre-built agent clusters for security and a no-code agentic workflow builder, it's easy to get started. Learn more at strike48.com/security.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining them is Vikas Mahajan, vp and CISO, American Red Cross. In this episode: Questionnaires aren't risk management The good old days were worse Buying or building your SOC Start the conversation, not the checklist Huge thanks to our sponsor, Adaptive Security Sponsored by Adaptive Security—the first cybersecurity company backed by OpenAI. AI impersonation and deepfakes have made trust the new attack surface. Adaptive runs realistic social-engineering simulations and instantly turns threats, policies, and compliance needs into interactive, multilingual training. Trusted by Fortune 500s. Learn more at adaptivesecurity.com.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Steve Zalewski. Joining them is Tammy Klotz, CISO, Trinseo. In this episode: Accountability without authority Kill your hacklore Voice is no longer enough Studies that tell us what we already know Huge thanks to our sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining them is Russ Ayres, CISO, Principal Financial Group. In this episode: Metrics that matter Tool babysitting problem Automating the brokenness Stay connected intentionally Huge thanks to our sponsor, Strike48 Strike48 is the Agentic Log Intelligence Platform that actually puts AI agents to work, combining full log visibility with AI agents that investigate, detect, and respond 24/7. With pre-built agent clusters for security and a no-code agentic workflow builder, it's easy to get started. Learn more at strike48.com/security.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series, and Andy Ellis, principal of Duha. Joining them is Janet Heins, CISO, ChenMed. In this episode: Inbound gets ignored Independence under constraint Methodology means nothing Lives over logins Huge thanks to our sponsor, Guardsquare Guardsquare delivers mobile app security without compromise, providing advanced protections for both Android and iOS apps. From app security testing to code hardening to real-time visibility into the threat landscape, Guardsquare solutions provide enhanced mobile application security from early in the development process through publication. Learn more about how to protect your app at Guardsquare.com.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Johann Balaguer, Global CISO, Hard Rock Hotels and Casinos. In this episode: Understanding the why Own your digital self Invest beyond tenure Prepare for dependencies Thanks to Louis Zhichao Zhang, AIA Australia for contributing this week's "What's Worse?!" scenario. Huge thanks to our sponsor, Guardsquare Guardsquare delivers mobile app security without compromise, providing advanced protections for both Android and iOS apps. From app security testing to code hardening to real-time visibility into the threat landscape, Guardsquare solutions provide enhanced mobile application security from early in the development process through publication. Learn more about how to protect your app at Guardsquare.com.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining them is Sara Madden, CISO, Convera. In this episode: Hold developers accountable Credibility through candor Be strategic with AI deployment Resources don't guarantee security Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Matthew Southworth, CSO, Priceline. Joining them is sponsored guest, Saket Modi, CEO, Safe Security. This episode was recorded live at FAIRCON25 in NYC. In this episode: AI won't stay broken Identity before intelligence People decide risk appetite Automate with oversight Huge thanks to our sponsor, Safe Security SAFE is the leader in Cyber Risk Quantification and the first company to deliver 100% autonomous Third-Party Risk Management. Powered by Agentic AI and built on FAIRtm, SAFE empowers CISOs, cybersecurity, and TPRM leaders to continuously quantify, prioritize, and mitigate cyber risks across their entire attack surface – enabling digital growth and organizational resilience. Learn more at testdrive.safe.security/

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Matt Southworth, CISO, Priceline. Joining us is our sponsored guest, Leslie Nielsen, CISO, Mimecast. In this episode: Automating dysfunction Leading without dominating Unglamorous wins Code without comprehension Huge thanks to our sponsor, Mimecast. Cyber threats are getting smarter every day, and threat actors aren't just targeting your technology, they're targeting your most valuable asset - your people. Mimecast helps you identify and secure risk with a unified, intelligent platform that protects across the spectrum of threats; from email and chat to file sharing. Learn more at www.mimecast.com.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Brett Conlon, CISO, American Century Investments. Joining them are Ryan Barras, CISO, Mount Sinai Medical Center. In this episode: Nobody understands what we do Someone else should fix this Make the audience care Speaking CEO Huge thanks to our sponsor, Dropzone AI Dropzone AI autonomously investigates every security alert—no playbooks needed. This AI SOC analyst queries your CrowdStrike, Splunk, threat intel feeds, and 60+ other tools to build complete investigations in 5 minutes. Unlike black-box automation, it shows every query, finding, and decision. See it work yourself—explore the self-guided demo at dropzone.ai.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is their sponsored guest, Danny Jenkins, CEO, ThreatLocker. In this episode: AI for AI's sake Stop selling, start protecting Stop calling everything sophisticated Least privilege, rebranded Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining us is John Barrow, CISO, JB Poindexter & Co. In this episode: Building unicorns, not hunting them Cold War frameworks for modern threats Trading dollars for stories Mirror, mirror on the wall Huge thanks to our sponsor, Vanta Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get back time to focus on strengthening security and scaling your business at vanta.com/ciso

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining them is Richard Rushing, CISO, Motorola Mobility. In this episode Mindset over tools When hygiene becomes risk Systems for actual humans Conversations over compliance Huge thanks to our sponsor, ThreatLocker ThreatLocker® Defense Against Configurations continuously scans endpoints to uncover misconfigurations, weak firewall rules, and risky settings that weaken defenses. With compliance mapping, daily updates, and actionable remediation in one dashboard, it streamlines hardening, reduces attack surfaces, and strengthens security. Learn more at threatlocker.com.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining them is our sponsored guest, Nathan Hunstad, director, security, Vanta. In this episode: Metrics that matter Testing for real AI as an assistant Intelligence without context Huge thanks to our sponsor, Vanta Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get back time to focus on strengthening security and scaling your business at vanta.com/ciso

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Jeff Steadman, deputy CISO, Corning Incorporated. Joining them is Quincey Collins, CSO, Sheppard Mullin. This episode was recorded live at the ISSA LA Summit in Santa Monica, California. In this episode: The foundational debate Strength over breadth Beyond traditional backgrounds Keeping perspective on risk Huge thanks to our sponsors, Adaptive Security and Dropzone AI AI-powered social engineering threats like deepfake voice calls, GenAI phishing, and vishing attacks are evolving fast. Adaptive helps security leaders get ahead with an AI-native platform that simulates realistic genAI attacks, and delivers expert-vetted security awareness training — all in one unified solution. Learn more at adaptivesecurity.com. Dropzone AI autonomously investigates every security alert—no playbooks needed. This AI SOC analyst queries your CrowdStrike, Splunk, threat intel feeds, and 60+ other tools to build complete investigations in 5 minutes. Unlike black-box automation, it shows every query, finding, and decision. See it work yourself—explore the self-guided demo at dropzone.ai.

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining us is Sara Madden, CISO, Convera. In this episode: Optimizing for reality, not idealism Engineering governance instead of monitoring compliance When AI finds what humans miss The measurement problem Huge thanks to our sponsor, ThreatLocker Human error remains one of the top cybersecurity threats. Just one wrong click can open the door to ransomware or data loss. With ThreatLocker, unauthorized apps, scripts, and devices are blocked before they can ever run. See how ThreatLocker can help you gain more control over your environment. https://threatlocker.com

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Jerich Beason, CISO, WM. Joining them on stage is Jack Leidecker, CISO, Gong. This episode was recorded live at HOU SEC CON 2025. In this episode: The open source sustainability problem AI levels the geopolitical playing field Cutting through AI vendor hype Why the fundamentals still hurt Thanks to Erik Bloch from Illumio for providing our "What's Worse" scenario. Huge thanks to our sponsor, Vorlon Security SaaS data moves fast—Vorlon gives security teams the context to move faster. Vorlon combines posture and secrets management, data flow visibility, and detection and response — so you can see the full picture: what's connected, what's at risk, and what needs immediate action. Learn more at https://vorlon.io/

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Dan Walsh, CISO, Datavant. Joining them is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: When EDR gets knocked out Red flags in vendor theater Configuration chaos The sticker problem Huge thanks to our sponsor, ThreatLocker ThreatLocker® Defense Against Configurations continuously scans endpoints to uncover misconfigurations, weak firewall rules, and risky settings that weaken defenses. With compliance mapping, daily updates, and actionable remediation in one dashboard, it streamlines hardening, reduces attack surfaces, and strengthens security. Learn more at threatlocker.com.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Khush Kashyap, senior director, GRC, Vanta. In this episode: Skip the Sermon When to coach versus command Making risk quantification useful Recognizing a distinct discipline Huge thanks to our sponsor, Vanta Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get back time to focus on strengthening security and scaling your business at https://www.vanta.com/landing/demo-grc?utm_campaign=new-way-grc&utm_source=ciso-series-podcast&utm_medium=podcast&utm_content=banner

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining them is Daniel Liber, CISO, Monday.com. In this episode: AI security's blind spot problem Vendors don't understand the assignment Marketing budgets overshadow actual innovation Accuracy versus effectiveness Huge thanks to our sponsor, Material Security Built specifically for Google Workspace, Material is a detection and response platform that protects Gmail, Google Drive, and accounts by proactively eliminating security gaps, stopping misconfigurations, and preventing shadow IT before they turn into costly problems. See Material in action today - https://material.security/providers/google-workspace?utm_source=third-party&utm_medium=website&utm_campaign=20251007-cisoseries

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Pavi Ramamurthy, global CISO and CIO, Blackhawk Network. In this episode: We can't promise safe, but we can promise ready Are we accidentally building security nightmares? Being held accountable for things you had no say in The safe space problem in vendor evaluation Huge thanks to our sponsor, Adaptive Security Sponsored by Adaptive Security — the first cybersecurity company backed by OpenAI. Adaptive helps security leaders defend against AI-powered social engineering threats like deepfakes, vishing, and GenAI phishing with advanced phishing simulations and next-generation security awareness training. Adaptive's new AI Content Creator enables teams to instantly convert threat intelligence and compliance updates into interactive, multilingual training — no instructional design required. Trusted by Fortune 500s and backed by Andreessen Horowitz and the OpenAI. Learn more at http://www.adaptivesecurity.com

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Erwin Lopez, CISO, SLAC National Accelerator Laboratory. In this episode: The AI experimentation phase isn't optional When selling security becomes the hardest part of the job Threat actors aren't hacking in anymore We build, we bond, and we can't bear to let go Huge thanks to our sponsor, ThreatLocker Human error remains one of the top cybersecurity threats. Just one wrong click can open the door to ransomware or data loss. With ThreatLocker, unauthorized apps, scripts, and devices are blocked before they can ever run. See how ThreatLocker can help you gain more control over your environment. Learn more at Threatlocker.com/CISO

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Brian Long, CEO, Adaptive Security. In this episode: Hiring North Korean operatives on a Tuesday AI coding and the death of specifications Deepfake personas beyond video calls The middleman problem with SMS Huge thanks to our sponsor, Adaptive Security AI-powered social engineering threats like deepfake voice calls, GenAI phishing, and vishing attacks are evolving fast. Adaptive helps security leaders get ahead with an AI-native platform that simulates realistic genAI attacks, and delivers expert-vetted security awareness training — all in one unified solution. And now, with Adaptive's new AI Content Creator, security teams can instantly transform breaking threat intel or updated policy docs into interactive, multilingual training — no instructional design needed. That means faster compliance, better engagement, and less risk. Trusted by Fortune 500s and backed by Andreessen Horowitz and the OpenAI Startup Fund, Adaptive is helping security teams prepare for the next generation of cyber threats. Learn more at adaptivesecurity.com.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is Jason Loomis, CISO, Freshworks. In this episode: Making organizations take their security medicine Building CISO support systems Holding the door for humans Underappreciated risks: beyond the headlines Huge thanks to our sponsor, Safe Security SAFE is the category leader in Cyber Risk Quantification (CRQ) and the first vendor to deliver fully autonomous Third-Party Risk Management.We help CISOs, GRC, and TPRM leaders continuously and efficiently quantify, prioritize, and mitigate cyber risks across their entire attack surface — enabling digital growth and resilience. Learn more at tprmdemo.safe.security.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Jennifer Swann, CISO, Bloomberg Industry Group. In this episode: Vulnerability management vs. configuration control Open source security and supply chain trust Building security leadership presence AI governance and enterprise risk Huge thanks to our sponsor, Vanta Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started today at Vanta.com/CISO.

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is David Cross, CISO, Atlassian. In this episode: Breaking the Sales Cycle Leadership Under Fire Predicting the Unpredictable Security Startups' Security Paradox A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining us is Gary Chan, CISO, SSM Health. Be sure to check out Gary's security mentalism website: https://www.gschan2000.com. In this episode: Decision-making with incomplete information Translation beats technical expertise Influence trumps authority for CISOs Technical prowess creates adversaries Huge thanks to our sponsor, Vanta Automate, centralize, & scale your GRC program with Vanta. Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining us is our sponsored guest, Kevin Tian, co-founder and CEO, Doppel. In this episode: AI fraud gets on the juice Agentic AI demands a new security mindset The new frontier for social engineering We still need human verification Huge thanks to our sponsor, Doppel Doppel is the first social engineering defense platform built to dismantle deception at the source. It uses AI and infrastructure correlation to detect, link, and disrupt impersonation campaigns before they spread - protecting brands, executives, and employees while turning every threat into action that strengthens defenses across a shared intelligence network.

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is their sponsored guest, Rajan Kapoor, CEO of Material Security. In this episode: AI creates security's catch-22 Delegation without abandonment Google's security gaps demand better tools Trust beats sophistication every time A huge thanks to our sponsor, Material Security What if you could get a view of security across Google Workspace–email, documents, and accounts–all in one place? Material Security unifies your Google Workspace security operations, simplifying and strengthening security with continuous monitoring and automatic issue resolution. See how Material Security simplifies your security for GMail, GDrive and Google accounts. Learn more at https://material.security.

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: Large enterprise security demands drive vendor improvements Technical expertise becomes leadership liability without delegation EDR evolution needs prevention focus Career breaks require personal ownership and strategic timing A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Peter Clay, CISO, Aireon. In this episode: Purple teaming evolution misses operational realities Effective postmortems require systematic failure analysis Risk expertise requires business context over methodology Compliance and resilience serve different purposes Huge thanks to our sponsor, Safe Security SAFE is reinventing Third-Party Risk Management with Agentic AI. Our AI Agents automate onboarding, assessments, and monitoring—giving security teams real-time visibility and zero-effort control across their vendor ecosystem. See why SAFE is the fastest-growing TPRM platform on the market at https://testdrive.safe.security/.

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal, Duha. Joining us is our sponsored guest, Edward Wu, CEO and founder, Dropzone AI. In this episode: Building context-aware verification frameworks Understanding why UX fails Moving beyond AI replacement narratives Building for a crisis A huge thanks to our sponsor, Dropzone AI Dropzone AI autonomously investigates every security alert—no playbooks needed. This AI SOC analyst queries your CrowdStrike, Splunk, threat intel feeds, and 60+ other tools to build complete investigations in 5 minutes. Unlike black-box automation, it shows every query, finding, and decision. See it work yourself—explore the self-guided demo at dropzone.ai.

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Anthony Candeias, CISO, Weight Watchers. In this episode: AI agents require structured supervision, not autonomy Hiring for potential over credentials in cybersecurity AppSec training effectiveness depends on organizational relevance AI oversight requires purpose-built models, not general solutions A huge thanks to our sponsor, Vanta Vanta's Trust Management Platform helps 10k+ companies—like Atlassian, Quora, and Chili Piper—start and scale their security programs and build trust with buyers. Vanta saves security teams time and improves program visibility by automating 35+ compliance frameworks, such as SOC 2 and ISO 27001, and GRC workflows, like risk management. Get started at Vanta.com/CISO

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining us is Anne Marie Zettlemoyer, former vp of security, Activision Blizzard. In this episode SOC automation: Moving beyond alert fatigue The entry-level security talent reality Learning from security incidents without blame Evaluating security vendor viability and partnerships A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Ryan Bachman, executive vice president and CISO, GM Financial. In this episode Identity consolidation versus simplification Entry-level pathways into cybersecurity Evolution of the CISO role toward business resilience Applying simplification principles to cybersecurity complexity Huge thanks to our sponsor, Doppel Doppel is the first social engineering defense platform built to dismantle deception at the source. It uses AI and infrastructure correlation to detect, link, and disrupt impersonation campaigns before they spread - protecting brands, executives, and employees while turning every threat into action that strengthens defenses across a shared intelligence network.

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Alex Hall, CISO, Gensler. In this episode: Evaluating secure messaging beyond the app Reframing compliance as a business enabler Incremental security investment vs. crisis response Why culture, not punishment, drives secure behavior Huge thanks to our sponsor, Vanta Automate, centralize, & scale your GRC program with Vanta Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, partner, YL Ventures. Joining us is our sponsored guest, Sam Curry, global vp, CISO at Zscaler. This episode was recorded at a Zscaler event in Boston, MA. In this episode: Guardrails for decision making under fatigue Preparing for quantum threats Strategic use of generative AI Reassessing outdated knowledge Huge thanks to our sponsor, Zscaler Zscaler is a cloud-based cybersecurity company that provides secure internet access and private application access. Its platform replaces traditional network security by delivering Zero Trust architecture, protecting users, data, and applications regardless of location. Zscaler's scalable services help organizations modernize IT and reduce risk with seamless, cloud-native security solutions.

All images and links can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Alexandra Landegger, global head of cyber strategy & transformation, RTX. In this episode: A cybersecurity fast-track? When Ambition Becomes a Liability Giving the CVE Program the Credit It Deserves Elevating human cyber talent with AI Huge thanks to our sponsors, Nudge Security, SecurityScorecard, and Vanta Take control of SaaS security and AI governance with Nudge Security. Start a free trial today and get a full inventory of all SaaS and GenAI accounts in minutes along with risk insights and automation to help you quickly improve your security posture. Get started here: nudgesecurity.com/cisoseries Third-party risk doesn't stop at monitoring. SecurityScorecard delivers real-time detection and response across your supply chain—helping you fix vulnerabilities before they become breaches. Empower your team with expert-driven remediation, continuous vendor oversight, and board-ready insights that drive results. Automate, centralize, & scale your GRC program with Vanta Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Tim Jacobs, vp, CISO, Commonwealth Care Alliance. In this episode: Starting from zero Prepare for decisive decisions Working back from unacceptable Discovering inefficiencies A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images for this episode can be found on CISO Series. I host this week's episode, David Spark (@dspark), producer of CISO Series and Jesse Whaley, CISO, Amtrak. Joining them is their guest Vaughn Hazen, CISO, CN. In this episode: The classics endure The rules of the rail "Prove It. With data." It's all just software A huge thanks to our sponsor, Doppel Doppel is the first social engineering defense platform built to dismantle deception at the source. It uses AI and infrastructure correlation to detect, link, and disrupt impersonation campaigns before they spread - protecting brands, executives, and employees while turning every threat into action that strengthens defenses across a shared intelligence network. Learn more at https://www.doppel.com/platform