App Store

Google Play

Device Banner Block-copy 894x1036

Astu lugude lõputusse maailma

Loe ja kuula

Mike Johnson

David Spark

and Andy Ellis

Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.

CISO Series Podcast

All links and images can be found on CISO Series.
 
This week’s episode is hosted by David Spark, producer of CISO Series and Dan Walsh, CISO, Datavant. Joining them is our sponsored guest, Rob Allen, chief product officer, ThreatLocker.
 
In this episode:
 
 • When EDR gets knocked out
 • Red flags in vendor theater
 • Configuration chaos
 • The sticker problem
 
Huge thanks to our sponsor, ThreatLocker
 
 
 
ThreatLocker® Defense Against Configurations continuously scans endpoints to uncover misconfigurations, weak firewall rules, and risky settings that weaken defenses. With compliance mapping, daily updates, and actionable remediation in one dashboard, it streamlines hardening, reduces attack surfaces, and strengthens security. Learn more at threatlocker.com.

Dear Abby: Why Should I Trust a Vendor Selling Me Zero Trust?

All links and images can be found on CISO Series.
 
This week’s episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Khush Kashyap, senior director, GRC, Vanta.
 
In this episode:
 
 • 

Skip the Sermon
 • 
 • 

When to coach versus command
 • 
 • 

Making risk quantification useful
 • 
 • 

Recognizing a distinct discipline
 • 

 
 • 
 
Huge thanks to our sponsor, Vanta
 

 Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get back time to focus on strengthening security and scaling your business at https://www.vanta.com/landing/demo-grc?utm_campaign=new-way-grc&utm_source=ciso-series-podcast&utm_medium=podcast&utm_content=banner

The Difference with AI Red Teaming is We Added the Word AI

All links and images can be found on CISO Series.
 
This week’s episode is hosted by David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining them is Daniel Liber, CISO, Monday.com.
 
In this episode:
 
 • AI security's blind spot problem
 • Vendors don't understand the assignment
 • Marketing budgets overshadow actual innovation
 • Accuracy versus effectiveness
 
Huge thanks to our sponsor, Material Security
 
 
 
Built specifically for Google Workspace, Material is a detection and response platform that protects Gmail, Google Drive, and accounts by proactively eliminating security gaps, stopping misconfigurations, and preventing shadow IT before they turn into costly problems. See Material in action today - https://material.security/providers/google-workspace?utm_source=third-party&utm_medium=website&utm_campaign=20251007-cisoseries

Don’t Worry, We’ll Get to Solving Your Problem on Slide 87

All links and images can be found on CISO Series.
 
This week’s episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Pavi Ramamurthy, global CISO and CIO, Blackhawk Network.
 
In this episode:
 
 • We can't promise safe, but we can promise ready
 • Are we accidentally building security nightmares?
 • Being held accountable for things you had no say in
 • The safe space problem in vendor evaluation
 
Huge thanks to our sponsor, Adaptive Security
 

 
Sponsored by Adaptive Security — the first cybersecurity company backed by OpenAI. Adaptive helps security leaders defend against AI-powered social engineering threats like deepfakes, vishing, and GenAI phishing with advanced phishing simulations and next-generation security awareness training. Adaptive’s new AI Content Creator enables teams to instantly convert threat intelligence and compliance updates into interactive, multilingual training — no instructional design required. Trusted by Fortune 500s and backed by Andreessen Horowitz and the OpenAI. Learn more at http://www.adaptivesecurity.com

Time to Choose a Security Vendor: Dart Board or Spin the Wheel?

All links and images can be found on CISO Series.
 
This week’s episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Erwin Lopez, CISO, SLAC National Accelerator Laboratory.
 
In this episode:
 
 • The AI experimentation phase isn't optional
 • When selling security becomes the hardest part of the job
 • Threat actors aren't hacking in anymore
 • We build, we bond, and we can't bear to let go
 
Huge thanks to our sponsor, ThreatLocker
 
 
 
Human error remains one of the top cybersecurity threats. Just one wrong click can open the door to ransomware or data loss. With ThreatLocker, unauthorized apps, scripts, and devices are blocked before they can ever run. See how ThreatLocker can help you gain more control over your environment. Learn more at Threatlocker.com/CISO

Now That You Mention It I HAVE Heard Some Hype Around These AI Tools

All links and images can be found on CISO Series.
 
This week’s episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Brian Long, CEO, Adaptive Security.
 
In this episode:
 
 • Hiring North Korean operatives on a Tuesday
 • AI coding and the death of specifications
 • Deepfake personas beyond video calls
 • The middleman problem with SMS
 
Huge thanks to our sponsor, Adaptive Security
 

 AI-powered social engineering threats like deepfake voice calls, GenAI phishing, and vishing attacks are evolving fast. Adaptive helps security leaders get ahead with an AI-native platform that simulates realistic genAI attacks, and delivers expert-vetted security awareness training — all in one unified solution. And now, with Adaptive’s new AI Content Creator, security teams can instantly transform breaking threat intel or updated policy docs into interactive, multilingual training — no instructional design needed. That means faster compliance, better engagement, and less risk. Trusted by Fortune 500s and backed by Andreessen Horowitz and the OpenAI Startup Fund, Adaptive is helping security teams prepare for the next generation of cyber threats. Learn more at adaptivesecurity.com.

Wait, SMS Doesn’t Stand for “Super Mega Secure?”

All links and images can be found on CISO Series.
 
This week’s episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is Jason Loomis, CISO, Freshworks.
 
In this episode:
 
 • Making organizations take their security medicine
 • Building CISO support systems
 • Holding the door for humans
 • Underappreciated risks: beyond the headlines
 
Huge thanks to our sponsor, Safe Security
 

 
SAFE is the category leader in Cyber Risk Quantification (CRQ) and the first vendor to deliver fully autonomous Third-Party Risk Management.We help CISOs, GRC, and TPRM leaders continuously and efficiently quantify, prioritize, and mitigate cyber risks across their entire attack surface — enabling digital growth and resilience. Learn more at tprmdemo.safe.security.

We All Agree That Prevention Is the Best Advice We're Never Going to Follow

All links and images can be found on CISO Series.
 
This week’s episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Jennifer Swann, CISO, Bloomberg Industry Group.
 
In this episode:
 
 • Vulnerability management vs. configuration control
 • Open source security and supply chain trust
 • Building security leadership presence
 • AI governance and enterprise risk
 
Huge thanks to our sponsor, Vanta
 

 
Vanta’s Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started today at Vanta.com/CISO.

We're All for a Responsible AI Rollout as Long as It Goes as Fast as Possible

All links and images can be found on CISO Series.
 
This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is David Cross, CISO, Atlassian.
 
In this episode:
 
 • Breaking the Sales Cycle
 • Leadership Under Fire
 • Predicting the Unpredictable
 • Security Startups' Security Paradox
 
A huge thanks to our sponsor, ThreatLocker
 

 
ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

New Study Finds No Email Has Ever “Found You Well”

All links and images can be found on CISO Series.
 
This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining us is Gary Chan, CISO, SSM Health. Be sure to check out Gary's security mentalism website: https://www.gschan2000.com.
 
In this episode:
 
 • Decision-making with incomplete information
 • Translation beats technical expertise
 • Influence trumps authority for CISOs
 • Technical prowess creates adversaries
 
Huge thanks to our sponsor, Vanta
 
 
 Automate, centralize, & scale your GRC program with Vanta. Vanta’s Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.

I Just Can’t Communicate With the Business. I’ve Tried Condescension AND Derision.

All links and images for this episode can be found on CISO Series.
 
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is our sponsored guest, Yoav Nathaniel, co-founder and CEO, Silk Security.
 
In this episode:
 
 • 

Why does it seem like securing APIs is so hard? Is it just a matter of complexity? 
 • 
 • 

Why does it seem like we can’t go a week without hearing reports of a data leak caused by a failure in API security?
 • 
 • 

Why do organizations struggle with API security?
 • 
 
Thanks to our podcast sponsor, Silk
 

 
Silk makes it easy for security teams to resolve more critical cyber risks in a fraction of the time. Instead of toiling over spreadsheets, and watching alert backlog graphs go up, Silk helps security teams contextualize, prioritize and collaborate with stakeholders in IT to regain control over their risk posture.

We Can’t Fail at API Security If We Never Even Try

Loe ja kuula

Muud podcastid, mis võivad sulle meeldida ...