The Professional CISO

In this episode of The Professional CISO Show, David Malicoat is joined by Lenny Krol, Head of Services Sales at Check Point Software, recorded live at GPSEC DFW. Lenny breaks down how Check Point’s services organization supports customers across both Check Point and third-party technologies, why an open ecosystem matters, and how CISOs can realistically scale security operations amid a global talent shortage. From fractional SOC coverage to process maturity and real-world engagement models, this conversation delivers practical insight for security leaders at every stage of their journey. Sponsors:Check Point Software (Premier Sponsor) (www.checkpoint.com)Guidepoint Security (Associate Sponsor) (www.guidepointsecurity.com) 🎙️ Listen on Spotify and Apple Podcasts🌐 Learn more at www.thpc.co

Episode 93: Practical Zero Trust, Apprenticeships, and Learning to Learn in the Age of AI Guest: Larry Woods Every breach has a story. Every leader has a strategy. In this episode of The Professional CISO Show, host David Malicoat sits down with Larry Woods, a seasoned cybersecurity executive, during the St. Louis stop of the U.S. Tour for a wide-ranging and deeply practical conversation about what it really takes to lead cybersecurity at scale. This is not a theoretical discussion. It’s a grounded, experience-driven dialogue focused on execution, leadership maturity, and the realities CISOs face every day. Larry shares his personal journey from early technology exposure through infrastructure leadership and into the CISO role, highlighting how security has quietly become embedded in nearly every aspect of modern IT. From there, the conversation expands into three critical areas shaping the future of the profession. 🔐 Practical Zero Trust — Not the Buzzword VersionZero Trust is often dismissed as unattainable or overly complex. Larry challenges that narrative by reframing Zero Trust as a series of pragmatic, achievable decisions rather than a perfect end state. He explains how removing users and devices from the traditional network, leveraging secure access paths, and embracing cloud-first and SaaS-first strategies can dramatically reduce breach impact. Rather than chasing perfection, the focus is on measurable risk reduction and resilience — a perspective every modern CISO needs. 👩‍💻 Building Cyber Talent Through ApprenticeshipsLarry also dives into one of the most actionable talent strategies discussed on the show: cybersecurity apprenticeships. Instead of short-term internships that rarely deliver meaningful impact, Larry outlines how long-term, part-time apprenticeships allow organizations to develop junior talent over multiple years. The result is stronger technical capability, deeper cultural alignment, and a pipeline of professionals who truly understand the business — not just the tools. For CISOs struggling with hiring, retention, and entry-level readiness, this segment alone is worth the listen. 🧠 Learning to Learn in the Age of AIOne of the most thought-provoking segments of the episode centers on a question few leaders are asking out loud:What happens to critical thinking when AI always has the answer? Larry and David explore the difference between using AI as a shortcut versus using it as an accelerator for learning. As AI reshapes how work gets done, the ability to learn how to learn becomes a defining leadership skill — especially in cybersecurity, where context, judgment, and reasoning still matter. This conversation connects AI, education, leadership development, and the future CISO skill set in a way that is both reflective and practical. 🏛️ From Technologist to Executive LeaderLarry also shares candid insights on:The moment a CISO truly becomes an executive: the first board presentationWhy leadership teams matter more than company brandsLeading through influence in decentralized organizationsThe value of business education for cybersecurity leadersWhy today’s CISO must be fluent in risk, communication, marketing, legal concepts, and board dynamicsThe episode closes with a personal and revealing “10 Questions” segment that offers a glimpse into Larry’s mindset beyond the title. 🎧 Why You Should ListenIf you are:A CISO navigating Zero Trust, cloud, and board expectationsA security leader building teams and future talentAn aspiring CISO trying to understand what the role really demandsA cybersecurity professional thinking about AI’s long-term impactThis episode will resonate. 🔗 Listen, Watch, and Connect🎥 Watch the episode: http://www.youtube.com/@TheProfessionalCISO🎧 Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673🍎 Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021🌐 Website: https://www.thpc.co🔗 LinkedIn: https://www.linkedin.com/company/the-professional-ciso-show📣 Call to ActionFollow The Professional CISO Show on Spotify and Apple Podcasts, subscribe on YouTube, and share this episode with a peer who’s serious about professionalizing the role of the CISO.🏷️ Hashtags#TheProfessionalCISO #CISOLeadership #ZeroTrust #CybersecurityLeadership #AIandSecurity #CISOJourney #CyberTalent #LearningToLearn #BoardroomSecurity #CyberStrategy

🔥 Episode SummaryGuests: Steve Lupo (Chevron, Retired FBI) & Orlan Streams (RA Infrastructure)Sponsor: CyberOne Security (www.cyberonesecurity.com) Recorded live at HOU.SEC.CON, this episode brings together two unique perspectives shaping the cybersecurity landscape. First, David speaks with Steve Lupo, Event Security Advisor at Chevron and a retired FBI agent, about the deep and often overlooked connection between physical security and cyber operations. From the role of InfraGard to counterintelligence insights and the enduring human attack surface, Steve brings clarity on how CISOs must merge both worlds. Then, Orlan Streams, Cyber Threat Intelligence Analyst at RA Infrastructure, joins to explore the rapidly evolving space of threat intelligence, AI-driven analysis, OT security, mentorship, and communication at the board level. He also shares his own professional development journey—particularly his focus on improving writing and presentation skills to better influence executive decision-making. 🎧 Key HighlightsWhat InfraGard is and why CISOs should engageHow the FBI leverages private-sector intelligenceWhy physical and cyber security must be unifiedHuman risk: the universal vulnerabilityFuture of nation-state adversaries and cyber warfareThreat intelligence challenges in 2025The rise of AI + human judgment in intel analysisWhy OT security is now unavoidableProfessional development: writing, communication & influenceBuilding the next generation of cyber talent through mentorship🔗 Episode Sponsor: CyberOne SecurityCyberOne Security delivers custom cybersecurity solutions built around your business strategy using their Defendable Network Framework. Whether you’re designing resilient architecture or strengthening threat readiness, CyberOne drives measurable outcomes aligned to your environment. CyberOne Security — Strategic. Measurable. Built to Defend. 📲 Follow The Professional CISO ShowWebsite: www.thpc.coYouTube: http://www.youtube.com/@TheProfessionalCISOLinkedIn: https://www.linkedin.com/company/the-professional-ciso-showSpotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021

🔥 Episode SummaryIn this St. Louis tour-stop episode, David Malicoat sits down with cybersecurity leader Moses Bulus to explore what it truly means to evolve into a professional CISO. Moses shares his journey from early developer to building security programs from scratch, and ultimately into executive leadership — showing how business acumen, networking, and intentional mentorship shape the future of the CISO role. Together they dive deep into the accelerating impact of AI, the rising urgency of data security, the realities of hybrid cloud environments, and how CISOs can better prepare both themselves and the next generation for what’s coming. 🎙️ What You’ll LearnWhy CISOs must be intentional about developing the next generation of cybersecurity leadersHow AI is exposing long-standing data governance gaps inside every organizationThe importance of returning to “Security 101” with access management and visibilityWhy hybrid IT + multi-cloud have expanded the attack surface beyond traditional modelsHow to build influence, trust, and presence across the business — not just ITThe power of networking and why it’s not optional for early-career professionalsMoses’ doctoral research in phishing attacks targeting the manufacturing sectorThe limitations of traditional cybersecurity education and how leaders can fill the gap💡 Key Quotes from This Episode“It’s not about cybersecurity. It’s about the business.” — Moses Bulus“You cannot protect what you don’t know or what you don’t understand.” — Moses Bulus“CISOs must be intentional — not just about their own growth, but about developing the role itself.” — David Malicoat“Networking is your future. Think of it like calling your brother when you need help.” — Moses Bulus“AI has introduced new advantages, but it’s also exposed vulnerabilities we’ve ignored for years.” — Moses Bulus🧠 Episode HighlightsMoses’ origin story: developer → network engineer → first cybersecurity hireThe executive leap: presenting to leadership early and building business fluencyWhy business conferences can matter more than technical onesAI’s dual nature: opportunity + internal risk amplifierCloud governance challenges and API-driven riskWhy security leaders must be present, approachable, and embedded in the businessRethinking hiring: degrees are helpful, but curiosity and problem-solving matter moreMoses’ personal story of pursuing a doctorate for his mother — and how research changes thinking🤝 Episode SponsorsPremier Sponsor: Check Point (www.checkpoint.com)Associate Sponsors: Armis (www.armis.com), GuidePoint Security (www.guidepointsecurity.com) 📌 Call to ActionFollow the show, share this episode with a colleague, and join us as we continue the mission to professionalize the role of the CISO. 🔗 Links & ResourcesWebsite:https://www.thpc.coYouTube Channel:http://www.youtube.com/@TheProfessionalCISOLinkedIn Page:https://www.linkedin.com/company/the-professional-ciso-showSpotify:https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673Apple Podcasts:https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021 🏷️ KeywordsCISO, Cybersecurity Leadership, AI Security, Data Security, Cloud Security, Hybrid IT, Cyber Careers, Cyber Education, Moses Bulus, Professional CISO, Cyber Podcast, Cyber Risk Management, CISO Development

🎙️ Episode SummaryEpisode 90 of The Professional CISO Show kicks off the GPSEC DFW series, recorded live in Dallas. Host David Malicoat welcomes Andy Lux, Kendall Reese, and Patrick Gillespie for a dynamic discussion on risk leadership, AI governance, and OT security. Together, they explore how the role of the CISO is evolving — from managing control frameworks to enabling business outcomes through smarter, risk-informed strategies. 🔑 Key TakeawaysThe CISO’s role continues to mature toward enterprise risk and business alignmentAI adoption is accelerating, but governance and ROI remain top concernsFrameworks and cross-functional cooperation define future-ready security programsOT security is no longer separate — it’s central to national and business resilience 💬 Notable Quotes“You can’t be Fort Knox everywhere — we have to know our risk tolerance.” — Andy Lux“We’re shoulder to shoulder in governance; AI requires collaboration and control.” — Kendall Reese“If your IT and OT teams don’t know each other before an incident, it won’t go well.” — Patrick Gillespie🎧 Listener BenefitsBy listening to this episode, you’ll gain insight into:Modern CISO decision frameworksPractical AI integration strategiesGovernance approaches for emerging techThe human and operational side of cybersecurity 📣 Call to ActionSubscribe, share, and join the movement to professionalize the role of the CISO.Visit www.thpc.co for upcoming events, recordings, and sponsor opportunities. 🏆 SponsorsPremier Sponsor: Check Point (www.checkpoint.com)Associate Sponsor: GuidePoint Security (www.guidepointsecurity.com)

Brought to you by:Check Point (www.checkpoint.com)Armis (www.armis.com)Guidepoint Security (www.guidepointsecurity.com)🎙️ Episode SummaryDuring The Professional CISO Show – St. Louis Tour Stop, Zach Lewis joins host David Malicoat to discuss his path from IT support to the executive suite, his experience navigating a real ransomware incident, and his forthcoming book Locked Up (Wiley, 2026).Wiley Books: https://www.wiley.com/en-us/Locked+Up%3A+Cybersecurity+Threat+Mitigation+Lessons+from+A+Real-World+LockBit+Ransomware+Response-p-9781394357048 Zach also explores how wilderness survival parallels cybersecurity—teaching preparedness, adaptability, and mental endurance—and why CISOs must lead with transparency and authenticity. 🔑 Key TakeawaysCIO and CISO roles are converging faster than ever in modern enterprises.Sharing real breach stories removes stigma and helps the community grow.Wilderness survival mirrors the mindset needed for effective incident response.Writing a book can transform your professional credibility and brand.Visibility matters: every CISO should cultivate a public voice.💬 Notable Quotes“Being out in the woods is like one giant tabletop exercise.”“No one talks about ransomware because of the stigma—I wanted to change that.”“When you find that unique idea, run with it.”“Everything is bearable—until it’s not, and then you die.”“Build your personal brand so you never have to go job hunting again.”🎁 Listener BenefitsHear a first-hand ransomware leadership storyLearn how to balance dual CIO and CISO responsibilitiesGain inspiration to publish your own cybersecurity insightsDiscover the surprising connection between wilderness survival and cybersecurity strategy📣 Call to ActionFollow The Professional CISO Show on your favorite platform for conversations that move the cybersecurity profession forward. 🔗 Connect with Us🌐 www.thpc.co💼 The Professional CISO Show on LinkedIn🎥 Watch on YouTube🎧 Spotify🍏 Apple Podcasts

Episode SummaryRecorded live at HOU.SEC.CON, The Professional CISO Show welcomes Tommy Perniciaro, Director of Solutions Architecture at LayerX, to explore why the browser has become the least-instrumented layer in the modern security stack — and how CISOs can finally gain visibility and control over it. David and Tommy discuss everything from malicious browser extensions and OAuth-based phishing to AI prompt leakage and the emergence of “AI browsers.” Listeners will walk away with a new appreciation for the browser as the enforcement point of the future — and practical insights on deploying LayerX to close this growing gap. Key TakeawaysThe browser is now a primary attack surface for enterprise users.LayerX gives security teams visibility and control without replacing browsers.GenAI tools and prompts can leak sensitive data if not monitored at the DOM level.OAuth-based phishing is bypassing traditional email and network defenses.Secure enterprise browsers struggle with user adoption — LayerX works inside the browsers you already have.AI browsers are emerging as the next battleground for identity and data protection.Post-quantum cryptography will further challenge network-layer inspection.Notable Quotes“The browser is where all the work is happening — SaaS, AI, identity — but it’s the least instrumented control plane we have.” – Tommy Perniciaro “Without visibility at the DOM level, you’re flying blind to what extensions, prompts, and identities are doing inside your environment.” – David Malicoat “Phishing doesn’t need your password anymore. OAuth grants and browser-based attacks are where it’s moving.” – Tommy Perniciaro “LayerX turns the browsers your people already use into secure browsers — no new deployment, no friction.” – David Malicoat “Post-quantum encryption will change inspection forever. The browser may become the new enforcement point.” – Tommy Perniciaro Listener BenefitsUnderstand why browser visibility is critical in today’s SaaS-driven enterprise.Learn how to prepare your organization for the age of GenAI and AI browsers.Get practical deployment and change management insights for LayerX and similar solutions.Discover how browser-level inspection complements your EDR and network security stack. Call to ActionSubscribe to The Professional CISO Show on your favorite platform and join the movement to professionalize the CISO role.🎧 Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673🍎 Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021🌐 Website: www.thpc.co

Episode Summary In this episode, host David Malicoat sits down in St. Louis, Missouri with Gary Chan, Chief Information Security Officer at SSM Health — and a professional Security Mentalist. Gary blends his background in cybersecurity, engineering, and mentalism to bring a refreshingly human and creative approach to leadership, awareness, and influence in the world of cyber. From performing mind-reading demonstrations to explaining how storytelling drives executive buy-in, Gary shows us how creativity and communication can transform a CISO’s impact inside and outside the organization. They dive deep into how CISOs can become better leaders, storytellers, and advocates for security — and why selling the “why” is far more powerful than explaining the “how.” Key Takeaways🎩 Magic Meets Cybersecurity: How Gary uses mentalism and showmanship to make security awareness engaging and unforgettable.🧭 The Future of the CISO: Why tomorrow’s security leaders must master storytelling, influence, and emotional intelligence — not just technology.💼 Selling the Business Case: How to translate “reduce risk” into tangible stories that matter to the CFO, board, and business leaders.🧠 Leadership Lessons from the Stage: What performing magic taught Gary about persuasion, empathy, and audience connection.💡 From VAR to Healthcare CISO: Gary’s career journey through consulting, sales, and healthcare leadership — and the lessons he carried forward.Notable Quotes“When you’re a senior leader, it’s all about storytelling — people need to understand how security ties back to why the organization exists.”“Nobody cares about reducing risk. They care about the impact to them — their goals, their reputation, their mission.”“Magic and cybersecurity aren’t that different — both are about understanding people’s perceptions and guiding them toward the right conclusion.” Listener BenefitsLearn how to communicate cybersecurity’s value through stories, not statsDiscover practical ways to make security awareness fun and memorableGain insight into leadership and influence beyond the technical realmHear real-world lessons on career growth from consulting to the CISO seatCall to Action ✅ Follow The Professional CISO Show on LinkedIn🎧 Listen and Subscribe on Spotify or Apple Podcasts🌐 Visit THPC.co for show updates and events Guest InformationGary ChanChief Information Security Officer, SSM HealthSecurity Mentalist & Speaker🔗 Website: gschan2000.com🔗 Search “Gary Chan Security Mentalist” for more information SponsorsThis episode is made possible by:Check Point – 2025 Workspace Security Insights Roadshow (www.checkpoint.com)Armis – 2025 Cyber Warfare Report (www.armis.com)GuidePoint Security – Trusted cybersecurity expertise across Fortune 500 and government agencies (www.guidepointsecurity.com)Hashtags#TheProfessionalCISO #CybersecurityLeadership #CISO #GaryChan #SecurityAwareness #CyberCulture #SecurityMentalist #LeadershipDevelopment #StorytellingInSecurity #CISOShow #THPCShow

Episode SummaryIn this episode, David Malicoat sits down with Kate Goldman, founder and CEO of Cybermaniacs, to challenge one of cybersecurity’s oldest assumptions — that humans are the weakest link. Kate argues it’s time for CISOs to rethink human risk, culture, and resilience in the modern organization. Together, David and Kate explore the emerging field of Human Risk Management, the idea of the Human Operating System, and how leaders can leverage psychology, culture, and AI to build resilient teams that thrive in the age of digital transformation. Key TakeawaysWhy the phrase “humans are the weakest link” needs to be retired.The concept of the Human Operating System — and how to “patch” human vulnerabilities.How to evolve from compliance-based awareness to behavior-based resilience.Why culture, psychology, and norms are the real keys to cybersecurity success.The intersection of AI and human risk — and how workforce roles must evolve.Why the next wave of cyber resilience will require rethinking training, learning, and leadership. Notable Quotes“Humans aren’t the weakest link — they’re the core operating system of your business.” — Kate Goldman“You can’t compliance people into good behavior. You have to design the culture around it.” — Kate Goldman“We’ve thrown chaos into a system we barely understood — AI has made human risk even more concentrated.” — Kate Goldman“CISOs must learn to use culture and psychology as part of their playbook.” — David Malicoat“The next era of security isn’t just about tech resilience — it’s about human resilience.” — Kate Goldman Listener BenefitsBy listening, cybersecurity leaders will gain:A new framework for understanding and managing human risk.Insights into integrating behavioral science and culture into cybersecurity programs.Practical ideas for evolving awareness, resilience, and workforce readiness in the AI era.Call to ActionIf you believe it’s time to professionalize the role of the CISO, hit Follow on Spotify or Apple Podcasts, and visit us at www.thpc.co for upcoming episodes and tour dates. Connect with UsLinkedIn: https://www.linkedin.com/company/the-professional-ciso-showYouTube: http://www.youtube.com/@TheProfessionalCISOSpotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021Guest InfoKate GoldmanCEO & Founder, Cybermaniacswww.thecybermaniacs.comFollow on LinkedIn: Kate Goldman SponsorsThis episode is made possible by:MagicMirror Security — “The magic happens when security is invisible.” magicmirrorsecurity.com/thpc Related EpisodesEp. 80 – Stop Rolling Your Eyes: AI Is Your CISO Leadership OpportunityEp. 82 – Responsible AI in Cybersecurity with Alain EspinosaEp. 85 – LLMs vs SLMs: The Future of AI in Cybersecurity Hashtags#CyberSecurity #CISO #HumanRisk #CyberAwareness #AIinSecurity #CyberCulture #Leadership #CyberResilience #TheProfessionalCISOShow

Episode Summary:Joe Sullivan returns to The Professional CISO Show for a wide-ranging discussion with host David Malicoat. Together, they unpack the Salesforce hack, SaaS application blind spots, identity and access management, AI noise versus real use cases, and how security teams must evolve. Joe also shares candid lessons from crisis leadership, regulatory scrutiny, and the personal realities of being a CISO under fire. Key Takeaways:Why SaaS security is still a blind spot — and how attackers exploit itIdentity, cookies, and why current authentication standards fall shortThe fading CIO role and the rise of security leaders managing ITHow AI will reshape both security threats and team structuresAppSec’s critical role in the future of cybersecurityBuilding true organizational resilience in the age of ransomwareJoe’s personal reflections on accountability, recovery, and resilienceNotable Quotes:“We can’t buy our way to good identity security yet.” – Joe Sullivan“AI is just a hyper speed version of a human problem.” – Joe Sullivan“Sooner or later, every CISO faces crisis — and we must prepare like firefighters.” – Joe Sullivan“The CEO wants a digital risk leader, not just a security leader.” – Joe SullivanListener Benefits:Gain insight into current and emerging cybersecurity risksLearn practical approaches to SaaS and identity securityUnderstand how AI will transform both attacks and defensesHear candid reflections on resilience, leadership, and accountabilityCall to Action:🎧 Subscribe and listen:Spotify: The Professional CISO ShowApple Podcasts: The Professional CISO Show💼 Connect on LinkedIn: The Professional CISO Show🌐 Learn more: www.thpc.co

"I get it. I need to stop banging on the table. This will be fixed in future episodes. Sorry for the poor sound experience." - David Get your Responsible AI Vendor Due Diligence Checklist here: https://webforms.pipedrive.com/f/ccV6a7kFIWKZpodmLcDbBhKhYnVU5N81A2tM20DGC8gepc0UtzfcqYaHXfzBi8gzuz Episode Summary:In this episode of The Professional CISO Show, David Malicoat explores whether “Responsible AI” pledges from vendors are genuine safeguards or simply marketing buzz. Using Zscaler’s recent claims as a case study, David walks through vendor promises, compliance implications, audit gaps, and blind spots around explainability, bias, and portability. The episode introduces a practical CISO Vendor AI Evaluation Sheet across six domains — data handling, AI governance, auditability, liability, transparency, and exit strategy — to help CISOs push beyond assurances and demand evidence. Key Takeaways:Why “Responsible AI” is often indistinguishable from “Responsible Marketing”The compliance challenges with GDPR, HIPAA, CCPA, SR 11-7, and the EU AI ActHow metadata, audit evidence gaps, and third-party dependencies introduce hidden riskWhy boards must be educated on AI risk vs. AI marketing hypeWhy CISOs must own the Responsible AI conversation before regulators step inNotable Quotes:“Responsible AI should be more than a press release. It must be auditable, enforceable, and defensible in front of a regulator.”“When regulators knock, they won’t call the vendor first. They’ll call you.”“Don’t just take a vendor’s word for it — ask hard questions, demand evidence, and get it in writing.”Listener Benefits:By listening, you’ll gain a sharper lens for evaluating AI vendor claims, practical tools to strengthen your vendor management process, and strategies to get ahead of inevitable regulation. Call to Action:👉 Download the free CISO Vendor AI Evaluation Sheet from the show notes.👉 Share this episode with your peers and comment your perspective on LinkedIn.👉 Subscribe on Spotify, Apple Podcasts, and YouTube.🔖 Hashtags#ResponsibleAI #CISO #CybersecurityLeadership #TheProfessionalCISO #AICompliance #VendorRisk #AIGovernance

Sponsors:ObservoAI (www.observo.ai)Guidepoint Security (www.guidepointsecurity.com) Episode Summary:AI isn’t just hype anymore — it’s transforming the way enterprises operate. At GPSEC St. Louis, David Malicoat sits down with Felix Simmons, Principal Security Architect at GuidePoint Security, to cut through the noise around AI adoption, risk, and controls. Felix explains why AI is unlike past technology waves, how business demand is driving adoption faster than security teams can keep up, and what enterprises can do to prepare. From agentic AI and non-human identities to offline models and emerging security tooling, this conversation offers a practical guide for CISOs navigating AI in the enterprise. What You’ll Learn in This Episode:The real risks of AI adoption beyond the hypeHow business-driven demand changes the security equationWhy AI controls lag adoption — and what to do about itThe rise of agentic AI and new identity risksOffline models, adversarial risks, and scanning challengesWhat the future of AI-driven enterprise security may look likeGuest:Felix Simmons — Principal Security Architect, GuidePoint Security Links & Resources:🌐 Website: www.thpc.co📺 Watch More Episodes: http://www.youtube.com/@TheProfessionalCISO 🎧 Listen on https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673 🍏 Listen on https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021 💼 Connect on https://www.linkedin.com/company/the-professional-ciso-show Hashtags:#Cybersecurity #CISO #AI #EnterpriseSecurity #GPSEC #GuidePointSecurity #ObservoAI

Summary:Recorded live at CISO XC DFW, this episode of The Professional CISO Show features three powerful conversations from leaders shaping the future of cybersecurity. First, Sonya Wickel shares her 24-year career journey from IT generalist to CISO & CIO, offering insights on fourth-party risk, the value of empathy in leadership, and the importance of staying sharp in both IT and cybersecurity. Then, Eric Bowerman takes us inside the complex task of securing Dallas Fort Worth International Airport — from operational technology and stakeholder management to implementing passwordless authentication and preparing for global events like FIFA. Finally, Tera Davis explains how CyberOne has built a true community partnership with CISO XC, scaling professional services, preparing organizations for AI adoption, and fostering the next generation of security talent.SponsorsValence Security (www.valencesecurity.com)CISO XC (www.cisoxc.com) Key Topics Covered:CISO/CIO dual-role challenges & strategiesThird & fourth-party risk management best practicesCritical infrastructure & OT security challengesBuilding trust and stakeholder alignment in high-impact environmentsPasswordless authentication for operational teamsAuthentic sponsor–community relationshipsScaling professional services & AI readinessLinks & Resources:🌐 Website: www.thpc.co📺 Watch More Episodes: http://www.youtube.com/@TheProfessionalCISO🎧 Listen on Spotify: Open on Spotify🍏 Listen on Apple Podcasts: Open on Apple Podcasts💼 LinkedIn: Follow on LinkedInHashtags:#CyberSecurity #CISO #TheProfessionalCISO #CISOXC #CyberLeadership #RiskManagement #OTSecurity #ThirdPartyRisk #AirportSecurity #Passwordless #CyberCommunity #CyberOne #ValenceSecurity

SponsorsAIM Security (www.aim.security)Guidepoint Security (www.guidepointsecurity.com) Kristi Cook, Head of Cybersecurity at Peabody Energy, joins David Malicoat live from GPSEC St. Louis — with AIM Security as our midday sponsor — to discuss how she’s leading her team through AI adoption, data governance, and talent development.From leveraging conferences as both morale boosters and strategic accelerators, to building a sustainable talent pipeline through the CyberUp apprenticeship program, Kristi offers actionable insights for CISOs facing rapid technological change. We also dive into the unique trust and collaboration in the St. Louis cybersecurity community, and why AI may finally give security leaders the leverage to fix long-standing data governance challenges. Key Topics Covered:Leadership panel insights: AI, SaaS security, hiring, and retentionUsing conferences for team building and strategy alignmentJustifying training investments to executive leadershipFoundations for AI security: IAM and data protectionSolving the talent gap with apprenticeship programsWhy local community trust matters in cybersecurityPreparing for the next wave of rapid tech change Resources & Links:AIM Security: www.aimsecurity.aiCyberUp Apprenticeship Program: wecyberup.orgThe Professional CISO Show Website: www.thpc.coWatch on YouTube: @TheProfessionalCISOListen on Spotify: Click HereListen on Apple Podcasts: Click HereConnect on LinkedIn: The Professional CISO Show #️⃣ Hashtags#Cybersecurity #CISO #TheProfessionalCISOShow #DataGovernance #AIsecurity #Leadership #TeamBuilding #CyberTalent #IdentityAccessManagement #StLouisCybersecurity #GPSEC #PeabodyEnergy #CyberUp

Sponsored by HivePro (www.hivepro.com) and CISO XC (www.cisoxc.com).EP80 – CISO XC DFW | Hive Pro Special: AI, Identity & The Future of Cyber Roles Live from CISO XC DFW, The Professional CISO Show dives into the intersection of innovation, leadership, and cyber resilience. Host David Malicoat sits down with:Ted Sanders, BISO and cybersecurity educator, to discuss embedding cyber strategy at scale and why the BISO role is the next great proving ground for future CISOs.Jon Brickey, SVP & Cybersecurity Evangelist at Mastercard, as he unpacks his unique career journey from NSA to Mastercard and explains how cyber innovation, threatcasting, and AI will reshape the landscape.Travis Farral, CISO at RK Energy, who shares actionable insights on session token hijacking, third-party risks, and his strategic push for FIDO2 adoption in a hybrid environment.Sponsored by Hive Pro, a leader in Continuous Threat Exposure Management. Learn more at https://hivepro.com Key Takeaways:The BISO role as a critical extension of CISO leadershipWhy threat translation is a core skill for cyber leadersHow AI will augment, not replace, cybersecurity rolesJon Brickey’s “Forrest Gump” career across the evolution of cyber defenseIdentity strategy as a cornerstone of modern resilience🎯 Perfect for: CISOs, aspiring cyber leaders, SOC managers, and innovators thinking about the future of security and strategy.🔗 Links & CTAs🌐 Website: www.thpc.co📺 Watch More Episodes: YouTube🎧 Listen on Spotify | Apple Podcasts🔗 Follow us on LinkedIn👤 Guest InfoTed Sanders – BISO in financial services, Cybersecurity Instructor at Collin CollegeJon Brickey – SVP & Cybersecurity Evangelist, MastercardTravis Farral – CISO, RK Energy📌 Related EpisodesEP79: Rob T. Lee on Cybersecurity Training FuturesEP77: The AI Opportunity for CISOs🔖 Hashtags#Cybersecurity #CISO #BISO #AIinSecurity #CyberInnovation #MastercardSecurity #FIDO2 #ThreatExposure #HivePro #TheProfessionalCISO #CISOStrategy #CyberEvangelism #CyberLeadership #CyberPodcast

In this special RSA Conference edition of The Professional CISO Show, host David Malicoat sits down with Rob T. Lee—Chief of Research at SANS Institute and a foundational figure in cybersecurity. With nearly three decades of experience spanning the Air Force, Mandiant, and SANS, Rob shares his insights on the evolving challenges of the CISO role, the toxicity of today’s security environments, and the urgent need for AI literacy across the industry.Rob dives deep into the accelerating threat landscape, the need for cyber safe harbors, and why he believes we’re on the verge of normalizing breaches as the cost of doing business. He also makes the case for rewarding defenders and rethinking how we define cybersecurity success.Key Highlights:Why most CISOs say “never again”—and what needs to changeWhy Rob coined DFIR and CTI (and the story behind it)The CISO “zero-sum game” and how toxic cultures persistRob’s 4-part personal health mantra: Sleep, Diet, Exercise… and AIA call to “Learn AI daily”—for security pros and business leaders alikeWhat boards should be doing—and why every board needs a cyber voiceRob’s RSA keynote preview: cyber safe harbors and AI velocity imbalanceGuest:👤 Rob T. Lee – Chief of Research, SANS Institute🔗 https://www.sans.org/profiles/rob-t-lee/Host:🎙️ David Malicoat, The Professional CISO Show🌐 www.thpc.coListen & Subscribe:🔊 Spotify: The Professional CISO Show on Spotify🍎 Apple Podcasts: The Professional CISO Show on Apple📣 Hashtags: #Cybersecurity #TheProfessionalCISO #RSA2025 #RobTLee #SANS #DFIR #AIinSecurity #CyberRisk #CISOLeadership #CTI #CyberSafeHarbor #LearnAIDaily #IncidentResponse #AIThreats #CyberCulture

Sponsors:Rubrik (www.rubrik.com)Guidepoint Security (www.guidepointsecurity.com)In this episode of The Professional CISO Show, David Malicoat hosts a special two-part discussion live from GPSEC STL in St. Louis. First up is Marc Ashworth, CISO of First Bank and host of The Cyber Executive Podcast, who discusses leadership development, AI, mentorship, and why he started podcasting as a CISO. Then, Michael Evans, Head of Information Security at Energizer, shares his grounded take on data governance, foundational AI readiness, and why security conversations at live events are vital for industry growth.Key Highlights:Marc Ashworth on AI maturity, team building, and starting a CISO podcastMichael Evans on AI implementation and why data governance must come firstLive insights on talent retention, vendor risk, and security leadershipA look ahead: quantum-safe encryption and what CISOs should watch nextCall to Action:Subscribe to The Professional CISO Show for unfiltered conversations with the leaders shaping cybersecurity.🎧 Listen on Spotify: The Professional CISO Show📱 Listen on Apple Podcasts: The Professional CISO Show🌐 More Episodes + Info: www.thpc.co🔗 Follow us on LinkedIn: The Professional CISO ShowHashtags:#CyberSecurity #CISO #AI #DataGovernance #Leadership #TheProfessionalCISO #CyberPodcast #GPSEC #CyberTalent #QuantumSecurity #MarcAshworth #MichaelEvans

🔹 Live from CISO XC DFW (www.cisoxc.com) | Sponsored by Valence Security (www.valencesecurity.com)In this field-recorded episode of The Professional CISO Show, host David Malicoat returns to CISO XC DFW for another round of dynamic, on-the-ground conversations with three influential cybersecurity leaders — each offering a unique and grounded perspective on today’s real-world risks and tomorrow’s security frontiers.Cyber attorney and governance thought leader Shawn Tuma returns to discuss the resurgence of business email compromise (BEC), the importance of humility in cyber defense, and why AI governance is rapidly becoming a core CISO responsibility. Maritime security executive Glen Vickers walks us through the harsh realities of securing satellite-connected vessels, dealing with Starlink, and the challenges of maritime connectivity. Then, longtime friend of the show and security visionary Chris Cochran reveals his newest venture: Commandant, an AI-powered incident response co-pilot designed to fundamentally change how organizations respond to crisis events — complete with its own assistant, Lucy.Throughout the episode, we also explore the challenges of securing SaaS ecosystems, managing identity at scale, and the rising importance of proactive vendor evaluation and tabletop readiness.Whether you’re a field-hardened CISO or just starting your executive security journey, this episode brings you into the heart of cybersecurity’s most pressing conversations — unfiltered, insightful, and straight from the source.🔑 What You’ll Learn in This EpisodeThe dangerous re-emergence of BEC as a top threat vector — and why AI may be amplifying the riskWhy CISOs must lead the charge on AI governance and strategy — or risk being sidelinedHow FIDO and identity modernization can reduce exposure to targeted fraudInsights on satellite cybersecurity, Starlink limitations, and maritime network vulnerabilitiesA behind-the-scenes preview of “Commandant,” an AI co-pilot for incident response — designed to help IR teams with note-taking, SLA tracking, notification workflows, and continuous tabletop exercisesHow vendor selection, tabletop simulations, and small supplier coordination can make or break your organization during a crisisWhy humility, not hubris, is the most underrated leadership trait in cybersecurity💬 Notable Quotes“Just because you can’t think of how the attacker got in doesn’t mean they didn’t. That’s why we need more humility in this industry.” —Shawn Tuma“AI isn’t just a buzzword. It’s a once-in-a-generation shift — and CISOs have a chance to shape it from the start.” —David Malicoat“Lucy is designed to help you during your worst day — capturing context, notes, contracts, timelines, and guiding you through the fog of war.” —Chris Cochran“We’re securing vessels in the middle of the ocean using tech that was old when we got it — Starlink’s changed the game, but it’s brought new challenges too.” —Glen Vickers“A $5M cyber insurance policy might only cover $250K of social engineering fraud. The rest is on you.” —Shawn Tuma🎧 Listen & Subscribe📍 Available now on all major platforms:🔗 Spotify🔗 Apple Podcasts🌐 Full episodes and show resources at www.thpc.co📣 Stay Connected with The Professional CISO Show📺 Watch on YouTube💼 Follow on LinkedIn🧠 Guest InfoShawn Tuma – Partner at Spencer Fane, co-author of GC + CISO ConnectionGlen Vickers – CISO at ABS WavesightChris Cochran – Co-founder, Commandant AI | Formerly of Netflix, NSA, Mandiant📚 Related EpisodesEP 71 – CISO Culture & AI StrategyEP 63 – AI Governance and the Role of the CISOEP 45 – Shawn Tuma on Legal Risk, AI, and Cyber Insurance🔖 Hashtags#CISO #CyberSecurity #TheProfessionalCISOShow #BusinessEmailCompromise #AIinSecurity #IncidentResponse #MaritimeCyber #StarlinkSecurity #ValenceSecurity #CommandantAI #LeadershipInCyber #FIDO #SupplyChainRisk #CyberInsurance #SaaSVisibility #RealWorldSecurity

Sponsors:ObservoAI (www.observo.ai)Guidepoint Security (www.guidepointsecurity.com)In this episode of The Professional CISO Show, recorded live at GuidePoint Security’s GPSEC STL event, host David Malicoat sits down with David Young, Chief Revenue Officer at ObservoAI. Together, they unpack the explosive growth of security data, the hidden costs of legacy pipelines, and why modern SOCs are hitting a breaking point. David shares Observo AI’s origin story from within Rubrik, and how their AI-native platform helps security teams stop drowning in data, reduce costs, and uncover real threats faster. It’s a must-listen for CISOs, SOC leaders, and anyone dealing with the complexity of modern security data environments.What You’ll Learn:Why traditional SIM and log management approaches are failingThe origin of ObservoAI inside Rubrik’s massive 20PB security lakeHow AI and open-box ML models are transforming SOC operationsReal-world cost reductions and productivity gains from major enterprisesWhere the future of data pipelines, SOAR, and AI in security is headedGuest:🎙 David Young, CRO at Observo AI🔗 Connect: https://www.linkedin.com/in/davidmyoung/Host:🎤 David Malicoat, Host of The Professional CISO Show🌐 www.thpc.co | LinkedInListen + Subscribe:🟢 Spotify🍎 Apple PodcastsHashtags:#Cybersecurity #CISO #SecurityData #AIinSecurity #SOAR #SecurityOps #ObservoAI #Rubrik #TheProfessionalCISOShow

Sponsors:AIM Security (www.aim.security)Guidepoint Security (www.guidepointsecurity.com)In this special on-location episode, David Malicoat returns to The Professional CISO Show from the heart of the St. Louis cybersecurity scene—GPSEC STL—presented by GuidePoint Security and AIM Security.He’s joined by two standout guests:🔹 Andrew Wilder, CISO at VetCor and unofficial “cruise director” of the vibrant St. Louis CISO community🔹 Carole Sharp, Lead Security Governance Analyst at Centene and a seasoned expert in GRC and risk quantificationFrom grassroots cybersecurity culture to the future of AI and post-quantum threats, this episode is a powerful snapshot of where security leadership is going—and who’s leading the charge.🧠 Topics CoveredThe legendary St. Louis CISO community (“don’t mess with the family”)AI + DSPM in the real world: what’s workingAgentic AI and the evolution of SOC workRisk quantification, FAIR, and practical GRC strategyThe future of cybersecurity beyond AI: quantum readinessSt. Louis as a cybersecurity hub with soul🛠 Sponsored by AIM SecurityAIM Security helps CISOs safely adopt AI across the enterprise—govern shadow AI, secure LLMs, and stop adversarial threats before they happen. Learn more at aimsecurity.ai🔗 Subscribe & Follow the Show:www.thpc.coLinkedInSpotifyApple Podcasts#cybersecurity #CISO #AIsecurity #GPSEC #quantumcomputing #GRC #DSPM #TheProfessionalCISO #riskmanagement #infosec

Sponsors:Rubrik (www.rubrik.com)Guidepoint Security (www.guidepointsecurity.com)In this live GPSEC St. Louis episode of The Professional CISO Show, host David Malicoat dives deep into cybersecurity leadership with two powerhouse guests: Victor Wieczorek, SVP of Offensive Security at GuidePoint Security, and Wayne Fajerski, Deputy CISO of Edward Jones.Victor shares real-world offensive security insights, including a jaw-dropping AI chatbot exploitation story from a red team engagement. He also unpacks how GuidePoint balances professional services and tech enablement while navigating the AI transformation in ethical, human-centered ways.Wayne, fresh off a panel, breaks down key takeaways around CISO leadership, AI maturity, and how Edward Jones has successfully developed internal cyber talent over his 25-year career. The two guests reflect on AI as a mirror to organizational gaps and explore how GPSEC events bring practitioners and communities closer together through real conversations—not ivory-tower thought leadership.Key Topics:Offensive security trends and AI augmentationReal-world exploitation of insecure chatbotsGPSEC’s role in localized cyber collaborationBuilding and retaining cybersecurity talentAI’s exposure of poor data governanceCultivating next-gen CISOs from within

Sponsors:HivePro (www.hivepro.com)CISO XC: (www.cisoxc.com)In this on-site episode from CISO XC DFW, David Malicoat sits down with Matt Walker (Goosehead Insurance) and Allen Rountree (IBM Public Cloud) for candid conversations on today’s biggest challenges and opportunities in cybersecurity leadership.💡 Topics CoveredApplying Zero Trust principles to AI use casesSaaS data leakage and the evolving DLP strategyContinuous Threat Exposure Management (CTEM) and Hive Pro’s roleSelling security risk to the board and executive teamEnabling business value through classification and risk reductionThe evolving edge and why exposure is the new perimeterWhat it means to “take off the badge” as a CISOHolistic data protection in fragmented environments💬 “Don’t just be the department of no. Enable the business with intelligence and insight.”

Sponsors:ObservoAI (www.observo.ai)Guidepoint Security (www.guidepointsecurity.com)Episode Summary:Live from GPSEC St. Louis, David Malicoat sits down with Gary Brickhouse, CISO of GuidePoint Security, for a wide-ranging discussion on company culture, cybersecurity leadership, and AI governance. Gary shares how GuidePoint scaled its “no jerks” value from 50 to 1,200 employees, how he’s navigating generative AI internally and externally, and why peer-to-peer conversations are the secret sauce behind GuidePoint’s events.Key Highlights:– Why the “no jerks” rule is more than just a slogan– How GuidePoint’s decentralized regional model preserves culture at scale– How they’re approaching AI enablement without blocking innovation– The structure and purpose behind GuidePoint’s AI governance committee– Why cross-functional leadership—not just InfoSec—is key to making AI safe and valuable– Tips for other CISOs thinking about AI policy and enablementGuest:👤 Gary Brickhouse, CISO at GuidePoint Security🔗 GuidePointSecurity.com🎧 Listen now on:Spotify → https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673Apple → https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021🌐 More at: www.thpc.co📱 Follow on LinkedIn: The Professional CISO Show

Sponsors:AIM Security (www.aim.security)Guidepoint Security (www.guidepointsecurity.com)What does it take to secure AI in the enterprise—when the threat landscape, technology stack, and business expectations are all evolving in real time?At GPSEC St. Louis, David Malicoat sits down with Dan Anderson, Field CTO of the Americas at AIM Security, to talk about securing the full lifecycle of AI usage across the enterprise. From browser plugins and AI firewalls to shadow AI discovery and agentic AI governance, this candid conversation dives deep into where the risks really lie and what security leaders need to be doing now.You’ll walk away with a grounded view of the AI adoption journey—and why most organizations are already neck-deep in it, whether they know it or not.🔑 Episode HighlightsWhy “saying no” to AI use is no longer an option—and what happens when you tryDefining the real problem space of AI security: shadow usage, data leakage, adversarial LLMsAIM’s product strategy: covering the full lifecycle from browser to firewall to analyticsWhat agentic AI means—and why it’s the next frontierBuilding an AI security program around people, process, and partnershipThe future of AI governance and how AIM is shaping it through real-world customer feedbackWhy there’s no such thing as a fully baked AI security product in 2025🎧 Listen NowSpotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021YouTube: http://www.youtube.com/@TheProfessionalCISO🌐 Connect with The Professional CISO ShowWebsite: www.thpc.coLinkedIn: The Professional CISO Show📢 About AIM SecurityAIM Security helps security leaders enable safe, governed, and productive AI adoption. From LLM usage monitoring to AI firewalls, AIM empowers enterprises to protect their data, enforce compliance, and stay ahead of the AI attack surface. Learn more and book a demo at www.aim.security

Sponsors:Rubrik (www.rubrik.com)Guidepoint Security (www.guidepointsecurity.com)Episode Summary:In this episode, David Malicoat sits down with Drew Russell, leader of Rubrik’s elite “Night Stalkers” team, for a high-speed, no-fluff conversation recorded live at GPSEC STL. Drew unpacks Rubrik’s evolution from a backup company to a full-spectrum data security and identity resilience platform, clarifies the real problem space for modern CISOs, and explains why identity is the next frontier of cyber resilience. They also dig into Rubrik’s deployment models, modular architecture, and how AI is being operationalized to secure enterprise data. This is one of the clearest explanations yet of how Rubrik is reshaping the security conversation—and why CISOs need to pay attention.Key Highlights:How Rubrik evolved beyond “just backup”The Night Stalkers: Inside Rubrik’s special forces-style innovation teamWhy recovery at speed is now a business imperativeWhat CISOs miss about identity resilience and DSPMRubrik’s modular deployment strategy—and why it mattersHow Rubrik is preparing for AI-integrated enterprise environmentsDrew’s leadership style and how it drives innovationSubscribe and listen now on:SpotifyApple Podcasts

What happens when a teenage hacker becomes one of the most respected cybersecurity leaders in the industry? In this high-octane episode of The Professional CISO Show, David Malicoat sits down with Pete Nicoletti, Global CISO of the Americas at Check Point Software, for a brutally honest and wildly entertaining journey through decades of cybersecurity evolution.From running ISP networks and getting hacked, to building MSSPs, leading security for Hertz and Virtustream, and now advising at the frontlines of AI-driven cyber defense—Pete shares real stories, lessons learned, and his vision for what CISOs must become next.We cover physical pen testing war stories, building future leaders, why encryption is non-negotiable, the changing battlefield of AI, and how security professionals must evolve—before it’s too late.Key Highlights:Pete’s origin story as a hacker-turned-security leaderThe case for encryption as a last line of defenseHow physical pen testing helped him build real-world resilienceWhy CISO reporting structure must change—nowLeveraging AI to fight AI (and what happens if we don’t)Building the next generation of cyber leaders from the classroom upWhat it takes to be a professional CISO today🔗 Links:🌐 www.thpc.co▶️ Watch More Episodes on YouTube🎧 Spotify🍎 Apple Podcasts🔗 Follow us on LinkedIn#Cybersecurity #CISO #Leadership #AIinSecurity #Encryption #PenTesting #CareerDevelopment #Checkpoint #ProfessionalCISO

Sponsor: Valence Security (www.valencesecurity.com)EP68 – Live at CISO XC DFW with Valence Security and Combined ArmsIn this live episode from CISO XC DFW, host David Malicoat sits down with Yoni Shohet, CEO and Co-Founder of Valence Security, to unpack the explosive growth of SaaS, the evolving shared responsibility model, and why SSPM (SaaS Security Posture Management) is a security frontier CISOs can’t afford to ignore.Later, David is joined by Mia Garcia, Executive Director of the Texas Veterans Network at Combined Arms, to talk veteran transition, tech industry opportunity, and how her team is helping service members bridge the civilian divide.🔥 Powered by Valence Security, this episode dives deep into SaaS security, organizational alignment, and the future of cybersecurity talent pipelines.Key Highlights:The origin story of Valence Security and the post-SolarWinds security wakeup callWhy SaaS misconfigurations are the new enterprise blind spotManaging security across distributed teams, time zones, and cloud platformsHow Combined Arms is transforming veteran transition and employer engagementCybersecurity as a career path for transitioning service members🔗 www.thpc.co🎧 Listen on Spotify | Apple Podcasts📺 Watch full episodes: YouTube Channel🤝 Follow us on LinkedIn#CISO #SaaSSecurity #VeteransInTech #SSPM #CybersecurityLeadership #ValenceSecurity #CombinedArms

Sponsor: HivePro (www.hivepro.com)EP67: Threat Exposure Clarity, CISO Certification Origins & Startup Security StrategyLive from CISO XC DFW, this episode of The Professional CISO Show features two powerhouse conversations. First, David Malicoat sits down with Critt Golden of Hive Pro to demystify Continuous Threat Exposure Management (CTEM) and explore how Hive Pro helps CISOs move from fragmented assessments to unified risk clarity. Then, we hear from Eric Svetcov, CISO and VP of IT at XCures, co-author of the original CCISO Body of Knowledge, and ISO 27001 pioneer at Salesforce, as he shares candid lessons from shaping certifications and securing SaaS startups.🔐 From understanding attacker-centric threat exposure to the real story behind Salesforce’s first ISO 27001 certification, this episode is packed with actionable insights for CISOs and rising security leaders alike.Key Highlights:Why CTEM is a process, not a productHive Pro’s mission to unify fragmented assessmentsAsset criticality, risk prioritization, and validationThe origin story of the EC-Council’s CCISO certificationISO 27001 at Salesforce: Lessons from the first SaaS certificationSecurity tooling strategy in early-stage startupsReal-world CISO challenges, from certifications to budgetsGuest Info:Critt Golden, Vice President at Hive ProEric Svetcov, CISO & VP of IT at XCures; co-author of EC-Council’s CCISO Body of Knowledge🎙 Hosted by David Malicoat, CISO and founder of The Professional CISO Show.

Sponsor: Infoblox (www.infoblox.com)🎙 EP66: Building CISO Community – Live from CISO XC Austin (Presented by Infoblox)The Professional CISO Show with David MalicoatFrom DFW to Austin and beyond, the CISO XC community is expanding—fueled by genuine connection, trust, and shared purpose. In this live episode from CISO XC ATX, David Malicoat sits down with security leaders Mickey Disabato and John Sapp to explore the future of cybersecurity leadership, AI adoption, and how community-driven initiatives are reshaping how CISOs grow together.Mickey shares why organic, local-led growth is key to protecting the integrity of CISO XC’s mission, while John offers a powerful vision for the secure, responsible use of AI—and how today’s CISOs must evolve into strategic risk managers.🔥 In this episode:Why mid-market firms need better visibility from MSPsExpanding CISO XC into 13+ cities without losing its authenticityThe power of community-led chapters and cross-pollinationCreating vendor-neutral, value-rich eventsResponsible AI adoption and risk-based CISO leadershipWhat it really means to “professionalize the CISO role”🧠 Guests:Mickey Disabato – Advisory Board, CISO XC | CIO, FIDUS Cyber Security SolutionsJohn Sapp – CISO, Texas Mutual | CISO XC Austin Chapter Lead🔗 Presented in partnership with InfobloxVisit infoblox.com to learn how Protective DNS helps secure your organization before threats strike.🎧 Listen, Follow & Share:🔗 Website: www.thpc.co📺 YouTube: @TheProfessionalCISO🔊 Spotify: The Professional CISO Show📱 Apple Podcasts: The Professional CISO Show💼 LinkedIn: The Professional CISO Show#CybersecurityLeadership #CISOXC #ProfessionalCISO #Infoblox #ProtectiveDNS #AIinSecurity #CISOCommunity #CyberResilience #RiskManagement #CISORoleEvolution #TheProfessionalCISOShow

Sponsor: Magic Mirror Security (www.magicmirrorsecurity.com/thpc)🎙 When the Lawyers Come for CISOs — Aravind Swaminathan on Risk, Responsibility & the LawGuest: Aravind Swaminathan, Global Co-Chair, Cybersecurity & Data Privacy, OrrickEpisode SummaryCISOs have always managed risk — but are they ready to manage legal exposure? In this gripping episode, David Malicoat sits down with Aravind Swaminathan, a leading cyber attorney and former federal prosecutor, to unpack the legal landscape threatening CISOs today. Aravind shares behind-the-scenes insights from the Joe Sullivan case, explains the chilling implications of the Ninth Circuit’s decision for bug bounty programs, and delivers straight talk on CISO liability, reputation, and professional protection.Whether you’re a seasoned CISO or an aspiring security leader, this episode will sharpen your understanding of how legal, privacy, and reputational issues intersect with cyber leadership in 2025.What You’ll LearnThe human and legal realities behind the Joe Sullivan caseWhy mission, vision, and values must guide breach responseThe evolving role of legal counsel in cybersecurity crisesWhat every CISO must know about indemnification and D&O coverageWhere cyber and privacy overlap — and why it mattersThe importance of storytelling in incident response and litigationWhy CISOs need to ask the right legal questions during job offersGuest BioAravind Swaminathan is a Partner and Global Co-Chair of the Cybersecurity & Data Privacy practice at Orrick. A former Assistant U.S. Attorney and CHIP prosecutor, he has led responses to hundreds of cybersecurity incidents and represents organizations and executives facing some of the most complex legal issues in cyber today — including serving as the attorney for Joe Sullivan.🎧 Listen & SubscribeWebsite: www.thpc.coSpotify: The Professional CISO ShowApple Podcasts: The Professional CISO ShowYouTube: @TheProfessionalCISOLinkedIn: The Professional CISO ShowRelated EpisodesJoe Sullivan – The Human Cost of ProsecutionDavid Chamberlain – Crisis Communications for CISOs#Hashtags#CISO #CybersecurityLaw #BugBounty #JoeSullivan #LegalRisk #ProfessionalCISO #DataPrivacy #IncidentResponse #CyberLaw #SEC #CyberLeadership

Sponsor: Netskope (www.netskope.com)On Location at CISO XC ATX: www.cisoxc.comTHPC EP64 – CISO XC Austin: Veterans, Mid-Market Cyber & Responsible AIIn this special episode recorded live at CISO XC’s inaugural Austin event, host David Malicoat brings you ground-level conversations with leaders shaping modern cybersecurity—from national defense to mid-market innovation.Lance Taylor (CLEAR) reflects on translating military intelligence into cyber threat strategy and offers advice for transitioning veterans. Royce Marques (RAA) discusses the realities facing growing organizations and how CISO XC is building a thriving security community in Austin. Russell Okoth rounds out the episode with key insights on responsible AI, global data governance, and mentoring the next wave of professionals.In this episode:Cybersecurity lessons from military serviceThreat intelligence as a bridge between intel and opsThe role of frameworks like NIST CSF for growing orgsBuilding grassroots cyber communitiesResponsible AI adoption in real-world orgsData governance & privacy-by-design at scaleWhy mentorship matters more than everGuests:Lance Taylor, Sr. Manager, Cyber Defense – CLEARRoyce Markose, CISO – VistradaRussell Okoth, former CISO – Apex FinTech / SoCal Regional Bank🎧 Listen now on Spotify or Apple Podcasts🔗 Learn more at www.thpc.co

Sponsor: Infoblox (www.infoblox.com)🎙 The Professional CISO Show – Episode 63Live from CISO XC Austin: Real Talk on AI, Data Governance & CISO CareersSponsored by Infoblox🎧 Episode SummaryIn this dynamic episode recorded live at CISO XC Austin, host David Malicoat sits down with cybersecurity thought leader and attorney Shawn Tuma, and former Neiman Marcus cybersecurity leader Louis Morton, for two compelling conversations that hit at the heart of today’s biggest security and career challenges.With Shawn, we dive into the interplay between AI, data governance, and legal collaboration—featuring his viral phrase “data is the hot potato.” With Louis, we get a transparent, real-world look at navigating a sudden job transition, professional reinvention, and the evolving demands of security leadership.🔥 Key HighlightsWhy AI is an exponential multiplier of existing security gapsThe critical connection between legal and cyber leadership“Data is the hot potato”: a sticky metaphor for cyber focusThe power of unscripted, candid panels over rehearsed dramaLouis Morton’s real-time response to being impacted by acquisition layoffsHow to relaunch your career using an omnichannel, proactive job searchWhy MBA programs with cybersecurity focus may shape future CISOsReinvention and resilience: why character matters more than titles👤 GuestsShawn Tuma – Cybersecurity & Data Privacy Attorney, Author of “Cybersecurity Law, Policy, and Practice”Louis Morton – Former Cybersecurity Leader at Neiman Marcus, now seeking his next challenge🎯 Perfect For:CISOs, aspiring security leaders, legal partners in cyber, and anyone facing or supporting job transitions in tech.🎧 Listen & SubscribeYouTubeSpotifyApple Podcasts🌐 Learn more: www.thpc.co💼 Connect on LinkedIn: The Professional CISO Show📣 Hashtags#CybersecurityLeadership #TheProfessionalCISO #CISOXC #DataGovernance #AIinCyber #JobSearch #SecurityCareers #Infoblox #Cyberlaw #HotPotatoData #CISORole #SecurityCommunity #ResilientLeadership

Sponsor: Netskope (www.netskope.com)EP62 | Building Real Cybersecurity Communities + AI Clarity with Dr. Anand Singh (Live from CISO XC ATX)Sponsored by NetskopeWhat happens when a CISO-led community takes root in a new city — and how do you cut through the noise around AI in cybersecurity?In this special episode recorded live from the inaugural CISO XC ATX event in Austin, host David Malicoat sits down with Randy Potts, co-founder of CISO XC, and Dr. Anand Singh, veteran CISO and AI thought leader, for two candid conversations on the future of cybersecurity leadership.🎤 Randy shares how CISO XC is scaling its “community-first” model across cities while staying true to local ownership and peer connection.🤖 Anand breaks down the intersection of AI and cybersecurity into actionable concepts — from AI for security tools to risks around data poisoning and agent-based automation.Whether you’re a seasoned CISO or a rising security leader, this episode offers a front-row seat to where the cybersecurity profession is going — and who’s driving the change.🔑 Topics Covered:Why local cybersecurity communities matter more than everLessons from 3 years of CISO XC and what’s nextAI for cybersecurity vs. security for AI — what CISOs need to knowData governance, regulation, and the risks of “AI hype”The importance of peer-driven content and practitioner-led learningPreview of Dr. Singh’s upcoming book on AI and security🎧 The Professional CISO Show is your front-row seat to the conversations shaping modern cybersecurity leadership — hosted by veteran CISO David Malicoat.🔗 Resources & LinksShow Website: www.thpc.coYouTube Channel: @TheProfessionalCISOFollow on LinkedIn: The Professional CISO ShowGuest: Dr. Anand Singh | Randy PottsSponsor: Netskope#CISO #CybersecurityLeadership #AIandSecurity #Netskope #CISOXC #AustinCyber #CybersecurityCommunity #InfosecPodcast #TheProfessionalCISOShow

🎙️ The Professional CISO Show – Episode 61Guest: Nathan Wright, CISO at TextronHost: David MalicoatSponsor: ArmisCheck out the Armis 2025 Cyberwarfare Report: www.armis.com/cyberwarfareVisit Armis at RSAC, North Hall, Booth N-5457: www. armis.com/rsac2025🎧 Episode Summary:In this episode of The Professional CISO Show, host David Malicoat sits down with Nathan Wright, CISO at Textron, to explore one of the most unconventional — and inspiring — journeys to cybersecurity leadership. From Russian linguist at the FBI to overseeing IT security across a global enterprise, Nathan shares why being open to pivots across functions (including supply chain, engineering, and product security) can supercharge a CISO’s ability to lead.Nathan unpacks the value of translating technical risk into business strategy, why “protecting the revenue” should be at the heart of every cybersecurity program, and how to bridge the ever-present tension between infrastructure and security.🧠 Key Highlights:From linguistics to leadership: Nathan’s unexpected route to CISO.The role of curiosity and discomfort in professional growth.What it really means to professionalize cybersecurity.Why “protect the revenue” should be every CISO’s north star.Advice for early- and mid-career professionals hesitant to pivot.Risk, regulation, and when frameworks help vs. hinder.How translating “cyberese” into business terms creates influence.🛠️ Call to Action:If you enjoyed this episode, be sure to follow us on your favorite podcast platform, leave a 5-star review, and share it with a colleague who’s ready to take their cybersecurity journey to the next level.🔗 Follow The Professional CISO Show:🌐 Website: www.thpc.co📺 YouTube: Watch More Episodes🎧 Spotify: Follow on Spotify🍎 Apple Podcasts: Listen on Apple💼 LinkedIn: The Professional CISO Show🧵 Hashtags:#CybersecurityLeadership #CISOCareer #ProfessionalCISO #CyberResilience #RiskManagement #TranslateCyber #InfosecJourney #Cyberstrategy #SecurityLeadership

Guests: Ryan Rene Rosado & Chris Boykin | Sponsor: Infoblox (www.infoblox.com)Recorded live at CISO XC AustinIn this special on-location episode of The Professional CISO Show, host David Malicoat brings you powerful conversations recorded at CISO XC in Austin, where cybersecurity leaders gathered to tackle today’s most pressing challenges—from career transitions to DNS-layer security.👩‍💼 First, we hear from Ryan Rene Rosado, a dynamic cybersecurity leader, Air Force veteran, and Harvard Extension School TA. Ryan shares candid reflections on consulting vs. in-house security work, why AI isn’t the true endgame, and how job seekers—and employers—need to shift their mindset. Her voice is an authentic, timely perspective for CISOs and aspiring leaders alike.🛡️ Then, we go deep with Chris Boykin, Product Security Specialist at Infoblox, on the power of DNS in security architecture. He breaks down real-world attacker tactics, exfiltration methods, and how Infoblox’s Protective DNS and Universal DDI solutions are helping organizations stop threats before they launch. The episode closes with insights on their AI-powered threat intel, interoperability with other platforms, and where DNS security is heading next.🔑 Key HighlightsWhy Ryan compares consulting to cosmetic surgery—and working in-house to being a primary care physicianLessons from transitioning out of the military into cybersecurity leadershipThe real reason organizations chase AI (hint: it’s not AI)How attackers weaponize DNS queries and domain lookalikesWhat Infoblox is doing to push DNS-based threat detection into the futureWhy collaboration in the cybersecurity ecosystem matters more than ever🎧 Listen Now on Your Favorite Platform🔗 Spotify🔗 Apple Podcasts🌐 Learn more at: www.thpc.co📣 Follow The Professional CISO Show🔗 YouTube🔗 LinkedIn#TheProfessionalCISOShow #CISOXC #CybersecurityLeadership #WomenInCybersecurity #Infoblox #ProtectiveDNS #CyberThreatIntel #CISOcareer #AIsecurity #DNSsecurity #GRC #CyberNetworking

🎙️ Live from Austin: Conversations from the Inaugural CISO XC ATX | Sponsored by NetskopeIn this special event episode, The Professional CISO Show hits the road to Austin, Texas for the inaugural CISO XC ATX Conference, where community, innovation, and leadership take center stage.Host David Malicoat sits down with Rich McCrohan of Andromeda Security and David Elcock, advisor to Netskope, for a candid discussion on the evolving security landscape—from AI-driven identity management to the business-first philosophy behind modern Zero Trust architecture.💡 What You’ll Learn in This Episode:The future of cloud identity and non-human access provisioningWhy Austin’s cyber leadership scene is distinct from DFWHow Netskope combines speed and security without compromiseThe critical role of human behavior, internal threat visibility, and behavioral contextDiversity, veterans, and the “shaved sidewalk” analogy for building inclusive security communities🧠 Whether you’re a CISO, aspiring leader, or part of the cyber vendor ecosystem, this episode delivers powerful insights on technology, culture, and connection—all from the heart of Texas.🎧 Subscribe now and join us as we continue to professionalize the CISO role, one conversation at a time.🔗 Links & ResourcesWebsite: www.thpc.coLinkedIn: The Professional CISO ShowYouTube: Watch More EpisodesHashtags:#Cybersecurity #CISOXC #ZeroTrust #Netskope #CloudSecurity #AustinTech #CyberLeadership #DiversityInTech #VeteransInCyber #AIinSecurity #SASE #TheProfessionalCISO

In this special Industry Series kickoff episode of The Professional CISO Show, host David Malicoat is joined by Mohit Tiwari (CEO & Co-Founder) and Anand Singh (Chief Security and Strategy Officer) of Symmetry Systems for a compelling conversation on the future of data security, the rise of DSPM (Data Security Posture Management), and the emerging intersection of AI, identity, and access.Learn how Symmetry Systems evolved from academic research into a cutting-edge security platform, why Anand made the leap from enterprise CISO to startup executive, and what every security leader needs to understand about managing data in today’s AI-driven world.🔑 Key Topics Covered:Why past data security initiatives failed—and how DSPM changes the gameThe “three-axis” model of modern cybersecurity: Data, Identity, AccessHow AI copilots and agent models reshape the threat landscapePractical use cases: risk reduction, visibility, and complianceWhy CISOs can finally become enablers of business valueHow 2025 is shaping up to be the year of data-centric security👥 Guests:Mohit Tiwari – CEO & Co-Founder, Symmetry SystemsAnand Singh – Chief Security & Strategy Officer, Symmetry Systems | Former CISO at Alkami Technology🔗 Resources & Links:🎥 Watch this episode on YouTube: youtube.com/@TheProfessionalCISO🌐 Visit our website: www.thpc.co🔗 Connect on LinkedIn: The Professional CISO Show📖 Confused Pilot Website: http://confusedpilot.info/📽️ Confused Pilot Presentation: https://confusedpilot.info/ConfusedPilot_Site.pdf👍 Like what you hear? Follow the show, rate the episode, and share it with your network. Let’s professionalize the CISO role—together.#TheProfessionalCISO #DSPM #DataSecurity #CybersecurityLeadership #CISO #AIsecurity #SymmetrySystems #CloudSecurity #IdentitySecurity #AnandSingh #MohitTiwari #IndustrySeries #CybersecurityPodcast

🙄 Stop Rolling Your Eyes: AI Is Your CISO Leadership OpportunityThe Professional CISO Show – Episode 57Hosted by David MalicoatThis episode is brought to you by Symmetry Systems, The Data+AI Security Company. (www.symmetry-systems.com)🎧 Episode Summary:In this solo commentary episode, David Malicoat issues a direct challenge to security leaders everywhere: stop rolling your eyes at AI—it’s your leadership opportunity.Too many CISOs are brushing off artificial intelligence as just another tech trend. But as AI continues to reshape cybersecurity and business strategy in real time, this is the moment for CISOs to lead the charge—not get left behind. David breaks down why AI governance is the new boardroom battleground, how CISOs can build strategic influence, and why now is the time to speak up, show up, and step into a broader leadership role.Whether you’re leading a security program today or preparing for tomorrow, this episode will help you rethink your approach to AI and your value as a cybersecurity executive.🔑 Key Takeaways:• Why AI isn’t “just another hype cycle” for cybersecurity• How to take the lead on AI governance in your organization• Translating AI’s risk and value into business terms• How CISOs can communicate more effectively with non-technical stakeholders• Why sharing your voice publicly is now a leadership expectation📌 Connect & Follow:🌐 Website: www.thpc.co🔗 LinkedIn: The Professional CISO Show🎥 YouTube: @TheProfessionalCISO🎧 Spotify: The Professional CISO on Spotify🍏 Apple: The Professional CISO on Apple Podcasts💬 Let’s Connect:Have feedback or want to be a guest on the show? Reach out via LinkedIn or the website. And don’t forget to rate, review, and follow the podcast to help professionalize the CISO role across the industry.🔖 Tags & Topics:CISO, Cybersecurity Leadership, AI Governance, Boardroom Communication, Risk Management, Strategic Security, Artificial Intelligence, Executive Presence, Infosec Strategy, The Professional CISO

This episode is brought to you by Symmetry Systems (www.symmetry-systems.com)Innovate with Confidence.The Data+AI Security CompanyDiscover, classify, and safeguard data at scale with our leading Data Security Posture Management Platform. Detect and respond to data focused concerns before they impact your business.🎙️ Description:In this powerful episode, host David Malicoat sits down with cybersecurity advisor and former CISO Russell Okoth to explore his remarkable journey—from growing up in Kenya to building award-winning security programs in the U.S. corporate world.Russell shares valuable lessons on leadership, mentorship, the responsible use of AI, and why CISOs must evolve from technical experts into business risk translators. He also opens up about transitioning from a high-level CISO role to running his own cybersecurity advisory firm, Cyber Diligent.Whether you’re an aspiring cybersecurity professional or a seasoned CISO, this episode delivers insights you won’t want to miss.🔑 Key Topics Covered:• Russell’s early tech roots in Kenya and his global cybersecurity journey• Lessons from building security programs at Mr. Cooper and Pacific Premier Bank• The pivot from CISO to cybersecurity consultant• Responsible AI usage and the critical role of data governance• What most leaders get wrong about developing cybersecurity talent• Communicating cybersecurity as business risk, not just technical debt• Leadership, legacy, and staying rooted in purpose👤 Guest:Russell OkothCybersecurity Advisor | Former CISO at Pacific Premier BankFounder, Cyber DiligentConnect: linkedin.com/in/russellokoth🎧 Listen & Subscribe:• Website: www.thpc.co• Spotify: The Professional CISO• Apple Podcasts: The Professional CISO📲 Follow Us:• YouTube: @TheProfessionalCISO• LinkedIn: The Professional CISO Show#Cybersecurity #CISO #ProfessionalCISO #RussellOkoth #CyberLeadership #AIinSecurity #TalentDevelopment #CyberRisk #TheProfessionalCISO #LeadershipInTech

🎙️ Episode SummaryHow can CISOs break into the boardroom and become key players in corporate strategy? In this episode, Debra von Storch, former Ernst & Young (EY) senior partner turned accomplished board director, joins host David Malicoatto reveal what it takes for cybersecurity leaders to elevate their influence at the executive level.With decades of experience advising CEOs, CFOs, and corporate boards, Debra shares a blueprint for CISOs who want to shift from a technical role to a business leadership role. Learn how to build boardroom credibility, understand capital markets, and develop the strategic mindset that corporate boards expect.🎯 Key Takeaways:✅ Why CISOs must go beyond risk management and focus on value creation✅ How to develop business acumen to gain influence with CEOs & CFOs✅ The importance of governance, risk management, and board engagement✅ Why CISOs should get board-certified (NACD, PDA) & join nonprofit boards✅ How the capital markets & economic climate impact cybersecurity strategy✅ Steps to transition from cybersecurity leadership to corporate board member⏳ Time Stamps00:00 – Introduction & Episode Overview02:00 – Debra von Storch’s Journey: From CPA to Board Director05:30 – How CISOs Can Gain Boardroom Visibility10:00 – The Future of CISOs in Corporate Strategy15:00 – Building Key Relationships with CFOs & CEOs20:00 – Board Governance 101: What Every CISO Should Know30:00 – How to Develop Business Acumen for Board Influence40:00 – Leveraging Cyber Insights to Drive Business Value43:00 – 10 Rapid-Fire Questions with Debra von Storch44:00 – Closing Thoughts & Key Takeaways📝 📌 Show References:NASDAQ Newsroom: https://www.nasdaq.com/newsroomNew York Stock Exchange: https://www.nyse.comEY Insights: https://www.ey.com/en_us/insightsPitchbook: https://pitchbook.comNACD: https://www.nacdonline.orgPrivate Directors Association: https://www.privatedirectors.orgVarispace: https://www.varispace.com and Varidesk: https://www.vari.comPearson Partners: https://pearsonpartnersintl.comKorn Ferry: https://www.kornferry.comSpencer Stuart: https://www.spencerstuart.comThe Committee on Foreign Investment in the United States (CFIUS): https://home.treasury.gov/policy-issues/international/the-committee-on-foreign-investment-in-the-united-states-cfius📢 Follow & Subscribe📡 Never miss an episode! Subscribe & Follow:🎧 Spotify: The Professional CISO Show on Spotify🍏 Apple Podcasts: The Professional CISO Show on Apple Podcasts🌐 Website: www.thpc.co📺 YouTube: Watch More Episodes of The Professional CISO Show🔗 LinkedIn: The Professional CISO Show on LinkedIn📢 If you enjoyed this episode, share it with your network!🔍 Related Episodes🎙️ Gary Hayslip on The Future of CISO Leadership🎙️ Live from NTX ISSA CSC12: Conversations with Cybersecurity Experts🎙️ CISO Panel with Sailaja Kotra-Turner, Sonya Hammond & Jessica Nemmers🎯 Connect with Our Guest:👤 Debra von StorchLinkedIn: https://www.linkedin.com/in/debravonstorch• Former Senior Partner at Ernst & Young (EY)• Board Director specializing in corporate governance, risk management, and business strategy🔗 Hashtags & Keywords#CyberSecurity #CISO #BoardGovernance #BusinessStrategy #TheProfessionalCISOShow #DavidMalicoat #DebraVonStorch #Leadership #Technology #CISOCareerDevelopment #BoardroomInsights

🔐 How do CISOs transition from cybersecurity leaders to business executives and board members? In this episode of The Professional CISO Show, I sit down with Alain Espinosa to explore his journey from IT operations to board readiness and leadership. We cover building business acumen, navigating the boardroom, professional development strategies, and the evolving role of CISOs in enterprise risk management.This episode is packed with valuable insights for security leaders looking to elevate their careers beyond technology and into business leadership and governance.🎙 Watch now and learn:✅ How CISOs can become business executives and influence corporate strategy✅ The importance of financial literacy and board governance in cybersecurity leadership✅ Why mentorship and professional development are critical for career growth✅ The biggest misconceptions about cybersecurity leaders joining corporate boards✅ Strategies for building executive presence and credibility at the board level📌 Timestamps:00:00 – Introduction & What’s New on The Professional CISO Show02:00 – Alain Espinosa’s Journey: From IT Operations to Cybersecurity07:00 – Cybersecurity’s Evolution: From Tech to Business Risk Management12:00 – Why CISOs Need to Develop Business Acumen18:00 – How Security Leaders Can Secure a Seat at the Business Table25:00 – The Espinosa 3E’s: Equip, Empower, Encourage30:00 – Board Readiness: What CISOs Need to Know36:00 – Financial Acumen & Business Strategy for Cybersecurity Executives42:00 – 10 Rapid-Fire Questions with Alain Espinosa44:00 – Final Thoughts & Call to Action📣 Enjoyed this episode? Don’t forget to:👍 Like, Subscribe, and Hit the Bell Icon to stay updated on the latest cybersecurity leadership insights!💬 Comment below: What skills do you think CISOs need to succeed in the boardroom?Make sure you check out CISO XC!Register now for the DFW Spring Event:https://www.cisoxc.com/event-details/ciso-xc-dfw-spring-request-for-rsvpThe Professional CISO Show looks forward to seeing you there.🔗 Share this episode with your network!🎧 Listen on the go:🔹 Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673🔹 Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021🌐 Follow The Professional CISO Show:🔗 Website: www.thpc.co🔗 LinkedIn: https://www.linkedin.com/company/the-professional-ciso-show🔗 YouTube: http://www.youtube.com/@TheProfessionalCISO🎥 Related Episodes:▶ EP 53: Gary Hayslip on Cybersecurity Leadership & AI Threats▶ EP 52: Live from ISSA CSC 12: Expert Panel on MDR, XDR, & AI🔎 Hashtags:#CyberSecurity #CISO #BoardroomLeadership #CyberRisk #CISOCareer #BusinessAcumen #Leadership #CyberGovernance #RiskManagement #ProfessionalDevelopment #CISOToBoard

🚀 In this episode of The Professional CISO Show, we sit down with Chris Hetner, seasoned cybersecurity leader and board advisor, to discuss the evolving role of CISOs, cybersecurity risk management at the board level, and the professionalization of the CISO function.Chris brings decades of experience from Wall Street, the U.S. Securities Exchange Commission, and his current advisory role at the National Association of Corporate Directors (NACD). We dive deep into how CISOs must evolve into business executives with a strong foundation in cybersecurity and risk management.🎙️ Episode Highlights:✔️ Chris Hetner’s journey from cybersecurity to boardroom advisory✔️ The NACD’s role in shaping board-level cybersecurity governance✔️ How CISOs can bridge the gap between technical risk and business objectives✔️ The shifting regulatory landscape for security leaders✔️ Trends in AI and cybersecurity risk reporting✔️ Why boards struggle with cyber risk management – and how CISOs can help✔️ The future of cybersecurity leadership and board involvement✔️ Practical steps for CISOs looking to transition into board roles📌 Plus, Chris answers our signature “10 Questions” rapid-fire segment!⏱️ YouTube Timestamps:00:00 – Intro & The Evolution of The Professional CISO Show02:00 – Meet Chris Hetner: Cybersecurity, Wall Street, and Board Advisory10:00 – The CISO’s Role in Board-Level Risk Management15:00 – Tactical vs. Strategic Cybersecurity: Why CISOs Must Speak Business22:00 – How CISOs Can Develop Themselves for Board Roles28:00 – AI, Cybersecurity, and the Future of Risk Management34:00 – What the Next Administration Means for CISOs38:00 – 10 Questions with Chris Hetner42:00 – Final Thoughts & Closing Remarks📢 Call to Action:🔹 Subscribe to The Professional CISO Show for more insights on cybersecurity leadership!🎧 Listen on:• Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673• Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021• Watch more episodes: http://www.youtube.com/@TheProfessionalCISO🔹 Follow us on LinkedIn: https://www.linkedin.com/company/the-professional-ciso-show🌐 Visit our website: www.thpc.co📺 Related Episodes You Might Like:🎙️ Professionalizing the CISO Role with Matt Walker🎙️ Building Cybersecurity Communities with Joey Rachid🎙️ Strategic Cyber Leadership with Gary Hayslip🔖 Hashtags:#Cybersecurity #CISO #CyberRisk #Leadership #BoardGovernance #AI #RiskManagement #TheProfessionalCISOShow

The Professional CISO Show - Episode 52: The Future of Professional Organizations for CISOs🎙️ Hook:Are the current professional organizations truly serving the needs of CISOs, or is it time for a new approach? In this episode of The Professional CISO Show, host David Malicoat takes a deep dive into the evolution of cybersecurity professional associations, weighing the opportunities and challenges of forming a collective that genuinely represents the interests of security leaders.Episode Summary:For years, organizations like ISC², ISACA, and ISSA have been the backbone of cybersecurity certifications and networking. But with the evolving role of the CISO, should our professional organizations change as well? In this thought-provoking commentary, David explores the potential benefits and pitfalls of both revamping existing associations and creating new ones.From advocacy and standardization to ethics and vendor influence, he examines the critical aspects that shape the effectiveness of professional organizations. How do we ensure transparency? How do we prevent bureaucracy and power consolidation? Most importantly, how do we build a professional body that truly advances the role of the CISO?Key Highlights:🔹 The need for CISO advocacy in regulations and policy🔹 Challenges of creating a new professional organization vs. reforming existing ones🔹 Balancing certifications, training, and real-world experience🔹 The role of transparency and ethics in cybersecurity leadership🔹 How professional organizations can influence vendors and drive meaningful change🔹 Addressing bureaucracy, cost barriers, and conflicts of interest💡 This is more than just a discussion—it’s a call for CISOs to critically assess their affiliations and shape the future of our profession.Timestamps:⏳ 00:00 - Introduction: Why This Discussion Matters⏳ 02:00 - The Changing Role of CISOs & Professional Organizations⏳ 06:00 - The Pros and Cons of CISO Advocacy⏳ 10:00 - Standardization & Best Practices: Are We Reinventing the Wheel?⏳ 14:00 - Certifications, Training & Professional Development⏳ 18:00 - Collaborative Threat Intelligence: Can It Work?⏳ 22:00 - Ethics & Transparency: The Foundation of a Trusted Organization⏳ 28:00 - Vendor Influence: The Good, The Bad, The Necessary⏳ 34:00 - Public Awareness & The CISO Role in Business⏳ 40:00 - Overcoming Bureaucracy, Leadership Conflicts & Financial Barriers⏳ 50:00 - Final Thoughts: Building a Future-Proof OrganizationCall to Action:📢 Join the discussion! Drop a comment below or engage with us on LinkedIn. Do you think CISOs need a new professional organization? What standards should we demand? Let’s shape the future of our industry together.✅ Subscribe to The Professional CISO Show:🔗 YouTube: www.youtube.com/@TheProfessionalCISO🔗 Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673🔗 Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021🔗 Follow The Professional CISO Show on LinkedIn:https://www.linkedin.com/company/the-professional-ciso-show🔗 Visit Our Website:www.thpc.co▶️ Live from North Texas ISSA Conference – Conversations with Top CISOs▶️ Matt Walker on Professionalizing the CISO Role & Business Risk▶️ Gary Hayslip on CISO Leadership & SoftBank’s Security StrategyHashtags:#CISO #CyberSecurity #CyberLeadership #ProfessionalCISO #CISOCommunity #InfoSec #SecurityLeadership #RiskManagement #CyberRisk #Leadership #CISOAssociation #CyberSecurityPodcast

👉 Listen Now: A deep dive into the biggest cybersecurity lessons, trends, and leadership insights from 50 episodes of The Professional CISO Show!🔍 Episode SummaryIn this Year in Review episode, host David Malicoat reflects on the biggest cybersecurity trends, challenges, and insights from 50 expert conversations in 2024.🔥 What You’ll Learn:• The Evolution of the CISO Role – From technical expert to business leader• CISO Liability Risks – Insights from the Uber & SolarWinds cases• Building Stronger Cybersecurity Teams – Culture, burnout, and leadership• AI, Automation & Cloud Security – Emerging threats and strategies• Cybersecurity Partnerships & Collaboration – The key to success• Professionalizing the CISO Role – Why industry standards matter• Looking Ahead to 2025 – What’s next for cybersecurity leaders?🚀 Whether you’re a CISO, security executive, or aspiring cybersecurity leader, this episode is packed with valuable insights to help you navigate the future of cybersecurity in 2025 and beyond!⏳ Episode Chapters & Key Takeaways:[00:00] Introduction & Reflections on 50 Episodes[05:00] The Professionalization of the CISO Role[12:00] Lessons from Top Cybersecurity Leaders[22:00] The Growing Liability and Legal Risks for CISOs[30:00] Talent, Leadership, and Team Building in Security[37:00] The Role of Partnerships in Cybersecurity Success[45:00] Emerging Tech: AI, Cloud, and the Changing Threat Landscape[52:00] Looking Ahead to 2025 – Events, Guests, and Initiatives[1:00:00] Final Thoughts & Call to Action🎯 Subscribe & Stay Connected!✅ Follow & Subscribe to The Professional CISO Show for More Cybersecurity Insights:🔗 Spotify: The Professional CISO Show🔗 Apple Podcasts: The Professional CISO Show📌 Connect with Us for More Cybersecurity Leadership Content:🔗 Website: www.thpc.co🔗 LinkedIn: The Professional CISO Show🔗 YouTube: www.youtube.com/@TheProfessionalCISO💡 Have a guest suggestion? Want to share feedback? Drop us a message on LinkedIn or leave a review!🎥 Related Episodes & Resources:📌 Gary Hayslip on Global Cybersecurity Leadership – Listen here📌 Joe Sullivan’s Insights from Uber & the Future of CISO Accountability📌 Ira Winkler on the Realities of Cybersecurity Talent & Workforce Gaps🔥 Relevant Hashtags:#Cybersecurity #CISO #TheProfessionalCISO #InfoSec #CyberRisk #Leadership #AI #ThreatIntelligence #RiskManagement #CISOLiability #CISOCommunity

🎧 Episode Summary:In this episode of The Professional CISO Show, host David Malicoat chats with Paul Reyes, VP and CISO at AccentCare, about his incredible journey from the Air Force to leading critical infrastructure cybersecurity efforts. Paul’s career path is filled with twists, lessons, and actionable insights that every cybersecurity leader can learn from.Discover how Paul transitioned from running infrastructure operations to becoming a CISO, why professionalizing the CISO role is critical, and his advice for new CISOs, military veterans, and anyone passionate about cybersecurity.🔑 Key Topics Discussed:• Paul Reyes’ transition from military service to cybersecurity leadership• The evolution of the CISO role and why it needs to be professionalized• Key focus areas for new CISOs: email security, endpoint protection, and identity access management• Challenges in protecting critical infrastructure from evolving cyber threats• Advice for veterans transitioning into cybersecurity careers🌟 Highlights:• [00:01:30] Paul’s unconventional career path: Air Force to AccentCare• [00:10:45] Starting strong as a new CISO• [00:18:00] How to measure the maturity of your cybersecurity program• [00:26:30] Cybersecurity in critical infrastructure: Trends and solutions• [00:31:00] Insights for transitioning military veterans📣 Call to Action:Enjoying the show? Don’t forget to follow, rate, and review The Professional CISO Show! Share this episode with a friend or colleague and help us grow the community of professional CISOs.🔗 Connect with Us:• Website: www.thpc.co• LinkedIn: The Professional CISO Show• Watch More Episodes: YouTube Channel• Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn• Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021About Our Guest:Paul Reyes• Vice President and Chief Information Security Officer at AccentCare• Air Force veteran with extensive leadership experience at Raytheon, Blockbuster, and more.🎧 Related Episodes You’ll Love:• Professionalizing Cybersecurity with Gary Hayslip• Leadership Lessons from Joey RachidHashtags:#TheProfessionalCISO #CybersecurityPodcast #CISO #CriticalInfrastructure #CyberRisk #AirForceVeteran #ProfessionalCISO

🎙️ Episode Title:Securing the Supply Chain: Insights from Christine Gadsby of BlackBerry🌟 Episode Summary:In this insightful episode of The Professional CISO Show, David Malicoat sits down with Christine Gadsby, VP & Chief Information Security Officer at BlackBerry, to explore the intricacies of application security (AppSec), software supply chain management, and the ongoing professionalization of the CISO role. Christine shares her remarkable journey, from overcoming personal challenges to becoming a cybersecurity leader.Together, they discuss:• The fragility of the software supply chain and its implications.• Government regulations like NIST and secure-by-design initiatives.• Blockchain’s potential in managing supply chain accountability.• Advice for aspiring CISOs interested in AppSec and product security.Christine’s unique perspective as a product security expert offers invaluable insights into navigating the complexities of cybersecurity today.🗝️ Key Highlights:• Christine’s journey into cybersecurity leadership.• Why AppSec and supply chain security are critical in today’s ecosystem.• How regulation and liability are reshaping the CISO role.• Blockchain’s role in securing software and supply chains.• Practical tips for cybersecurity professionals looking to transition into product security.📢 Call to Action:Love what you hear? Help us professionalize the CISO role!💡 Follow The Professional CISO Show on Spotify and Apple Podcasts.📲 Share this episode with your network to spread the word!🔗 Links and Resources:• LinkedIn: The Professional CISO Show• Website: www.thpc.co• Watch on YouTube: @TheProfessionalCISO• Listen on Spotify: The Professional CISO Show on Spotify• Listen on Apple Podcasts: The Professional CISO Show on Apple Podcasts👤 Guest Information:Christine Gadsby, VP & CISO at BlackBerryConnect with Christine on LinkedIn.🎧 Related Episodes:• Episode 48: Gary Hayslip on Global Cybersecurity Leadership• Episode 47: Joey Rachid on CISOs and Organizational Impact🔖 Hashtags:#Cybersecurity #AppSec #SupplyChainSecurity #TheProfessionalCISOShow #BlackBerry #Leadership #ProfessionalCISO

🎉 Hook:Step into the New Year with a reflective journey that celebrates growth, perseverance, and the messy beauty of progress. This special episode dives into the heart of transformation and what it means to truly embrace the grind.✨ Episode Summary:In this reflective and heartfelt episode, David Malicoat shares a deeply personal journal entry written in January 2024. He offers insights into the metaphor of transition, where life’s messes and challenges are reframed as opportunities for growth and transformation. From navigating chaos to finding the courage to press forward, this episode serves as a motivational message for those striving to make a difference, pursue meaningful goals, and embrace the messy, beautiful process of success.🔑 Key Highlights:• Life in Transition: How the messiness of change mirrors personal and professional growth.• Embracing the Grind: The importance of persistence and repetition in achieving success.• Courage and Criticism: Facing obstacles and external judgments with an iron will.• A Personal Challenge: A call to action to live up to your potential and honor your inner voice.🕒 Time-Stamps (YouTube Only):• 0:00 – Introduction: Reflections for the New Year• 1:00 – The Metaphor of Life in Transition• 3:00 – The Courage to Face Chaos• 4:00 – A Personal Call to Action📣 Call-to-Action:🎥 Watch more episodes of The Professional CISO Show: YouTube Channel🎙️ Listen on Spotify: The Professional CISO Show🎧 Tune in on Apple Podcasts: The Professional CISO🌐 Visit our website: The Professional CISO Show📱 Follow Us Online:• LinkedIn: The Professional CISO Show• YouTube: @TheProfessionalCISO🎥 Related Episodes & Videos:• The Courage to Lead: An Interview with Gary Hayslip• Navigating Professional Challenges as a CISO• From Chaos to Clarity: Insights for Cybersecurity Leaders🏷️ Hashtags:#ProfessionalCISO #CybersecurityLeadership #NewYearMotivation #Transformation #GrowthJourney

🎄 The Professional CISO Show - Episode 47: Twas the Night Before Christmas 🎅Hook:This week, we’re celebrating the holiday spirit in a truly special way! Join David Malicoat as he shares a personal family tradition, spreading warmth and joy with a timeless classic.Summary:In this festive episode, David reads Clement C. Moore’s beloved poem, The Night Before Christmas. This heartwarming tradition, cherished by his family for generations, is now brought to you as a gift of holiday cheer. Gather your loved ones, relax by the fire, and let this enchanting tale bring the magic of Christmas to life.Key Highlights:• A personal and heartfelt reading of The Night Before Christmas• Insights into a family tradition shared with listeners• Holiday wishes from The Professional CISO Show teamCall to Action:🎧 Enjoy the episode? Like, share, and subscribe to bring more holiday joy to your network!👉 Don’t forget to explore past episodes for more insights and inspiration.Social Media & Related Links:• Website: www.thpc.co• Spotify: Listen on Spotify• Apple Podcasts: Listen on Apple Podcasts• LinkedIn: Follow us on LinkedIn• Watch More Episodes: YouTube ChannelHashtags:#TheProfessionalCISO #CybersecurityLeadership #TwasTheNightBeforeChristmas #HolidaySpecial #MerryChristmas

🎧 Episode Summary:In this episode of The Professional CISO Show, host David Malicoat sits down with David Chamberlin, Managing Director of Strategic Communications Advisory at Orrick, Herrington & Sutcliffe LLP. With a career spanning journalism, corporate communications, PR, and legal advisory, David brings a unique perspective on how CISOs can navigate crises, build trust, and manage reputational risks.David shares why CISOs must move beyond “bits and bytes” to become business-first leaders, how to prepare for high-stakes moments, and why relationships with legal, communications, and investor relations teams are critical to success.🔑 What You’ll Learn in This Episode:• The three-legged stool of crisis management: Business operations, legal risks, and reputational risks.• Why trust and relationships are central to a CISO’s role during incidents.• How to leverage mission, vision, and values to guide crisis communications.• Practical strategies for CISOs to build relationships with GCs, CMOs, and IR teams.• Why boards of directors need reputational risk expertise alongside cyber and legal advisors.• Insights on professionalizing the CISO role to gain credibility and leadership influence.⏰ Episode Highlights:• [00:02:00] David Chamberlin’s journey from journalism to cybersecurity crisis communications.• [00:10:00] Why professionalizing the CISO role is critical for success.• [00:15:00] Understanding the intersection of legal and reputational risks.• [00:23:00] The value of having reputational risk experts on the board.• [00:33:00] Tactical advice: How CISOs can build key relationships before a crisis hits.• [00:36:00] Effective communication during incidents: Truth, trust, and managing expectations.• [00:41:00] Rapid-Fire Round: 10 Questions with David Chamberlin.🎯 Call to Action:If you enjoyed this episode, please subscribe to The Professional CISO Show on your favorite platform. Don’t forget to rate us, leave a review, and share this episode with your colleagues! Together, we can professionalize the role of the CISO.🔗 Connect with Us:• Website: www.thpc.co• Spotify: The Professional CISO Show• Apple Podcasts: The Professional CISO Show• LinkedIn: The Professional CISO Show• YouTube: Watch More Episodes🎙️ Guest Information:David Chamberlin• Managing Director, Strategic Communications Advisory• Orrick, Herrington & Sutcliffe LLP🔍 Related Episodes You’ll Love:• Gary Hayslip: Global CISO at SoftBank Investment Advisors• Joey Rachid: CISO at Xerox• Matt Walker: Managing Director of Security and Compliance at Goosehead Insurance🔖 Hashtags:#TheProfessionalCISO #CrisisCommunications #ReputationManagement #CybersecurityLeadership #CISO #CyberResilience #ProfessionalizeTheCISO

In this episode of The Professional CISO Show, host David Malicoat welcomes back cybersecurity attorney Shawn Tuma for a deep dive into the legal challenges facing CISOs. Shawn shares his journey of writing a comprehensive book on cybersecurity law, offers practical advice on navigating liability risks, and emphasizes the importance of building stronger partnerships between CISOs and General Counsels (GCs).This episode is a must-listen for anyone in cybersecurity leadership who wants to professionalize their approach to legal and operational challenges.What You’ll Learn in This Episode• Why CISO liability insurance is no longer optional.• How to foster collaboration between CISOs and GCs.• The essentials of building an incident response plan.• Differentiating routine incidents from critical ones.• Insights on SEC materiality reporting and its impact on CISOs.About Shawn TumaShawn Tuma is a cybersecurity attorney with decades of experience in cybersecurity law, incident response, and breach management. Known for his practical insights and strategic thinking, Shawn advises organizations on navigating the complex intersection of legal and technical challenges.🔗 Connect with Shawn on LinkedIn: Shawn TumaLet’s Connect!💻 Website: www.thpc.co📺 YouTube Channel: The Professional CISO Show📱 LinkedIn: The Professional CISO Show🏷️ Hashtags#Cybersecurity #CISO #IncidentResponse #LegalRisks #CyberLiability #ShawnTuma #ProfessionalCISO #CyberInsurance