app_store_button

google_play_button

is Device Banner Block 894x1036

Stígðu inn í heim af óteljandi sögum

Hlustaðu og lestu

Mike Johnson

David Spark

and Andy Ellis

Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.

CISO Series Podcast

All links and images can be found on CISO Series.
 
This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining them is our sponsored guest, Nathan Hunstad, director, security, Vanta.
 
In this episode:
 
 • Metrics that matter
 • Testing for real
 • AI as an assistant
 • Intelligence without context
 
Huge thanks to our sponsor, Vanta
 

 
Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get back time to focus on strengthening security and scaling your business at vanta.com/ciso

Are You Implying This Line Graph Isn't a Compelling Cybersecurity Narrative?

All links and images can be found on CISO Series.
 
This week's episode is hosted by David Spark, producer of CISO Series and Jeff Steadman, deputy CISO, Corning Incorporated. Joining them is Quincey Collins, CSO, Sheppard Mullin. This episode was recorded live at the ISSA LA Summit in Santa Monica, California.
 
In this episode: 
 
 • The foundational debate
 • Strength over breadth
 • Beyond traditional backgrounds
 • Keeping perspective on risk
 
Huge thanks to our sponsors, Adaptive Security and Dropzone AI
 

 
AI-powered social engineering threats like deepfake voice calls, GenAI phishing, and vishing attacks are evolving fast. Adaptive helps security leaders get ahead with an AI-native platform that simulates realistic genAI attacks, and delivers expert-vetted security awareness training — all in one unified solution. Learn more at adaptivesecurity.com.
 

 
 Dropzone AI autonomously investigates every security alert—no playbooks needed. This AI SOC analyst queries your CrowdStrike, Splunk, threat intel feeds, and 60+ other tools to build complete investigations in 5 minutes. Unlike black-box automation, it shows every query, finding, and decision. See it work yourself—explore the self-guided demo at dropzone.ai.

Our CISO Certainly Puts the Tool in Multi-Tool (LIVE in LA)

All links and images can be found on CISO Series.
 
This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining us is Sara Madden, CISO, Convera.
 
In this episode: 
 
 • Optimizing for reality, not idealism
 • Engineering governance instead of monitoring compliance
 • When AI finds what humans miss
 • The measurement problem
 
Huge thanks to our sponsor, ThreatLocker
 

 Human error remains one of the top cybersecurity threats. Just one wrong click can open the door to ransomware or data loss. With ThreatLocker, unauthorized apps, scripts, and devices are blocked before they can ever run. See how ThreatLocker can help you gain more control over your environment. https://threatlocker.com

I Don't Just Guess About Effectiveness, I Make Educated Guesses!

All links and images can be found on CISO Series.
 
This week's episode is hosted by David Spark, producer of CISO Series and Jerich Beason, CISO, WM. Joining them on stage is Jack Leidecker, CISO, Gong. This episode was recorded live at HOU SEC CON 2025.
 
In this episode:
 
 • The open source sustainability problem
 • AI levels the geopolitical playing field
 • Cutting through AI vendor hype
 • Why the fundamentals still hurt
 
Thanks to Erik Bloch from Illumio for providing our "What's Worse" scenario.
 
Huge thanks to our sponsor, Vorlon Security
 

 
SaaS data moves fast—Vorlon gives security teams the context to move faster. Vorlon combines posture and secrets management, data flow visibility, and detection and response —
so you can see the full picture: what's connected, what's at risk,
and what needs immediate action. Learn more at https://vorlon.io/

It's a Little Hard to Evaluate New Solutions When You're Screaming "AI" at Me All the Time (Live in Houston)

All links and images can be found on CISO Series.
 
This week's episode is hosted by David Spark, producer of CISO Series and Dan Walsh, CISO, Datavant. Joining them is our sponsored guest, Rob Allen, chief product officer, ThreatLocker.
 
In this episode:
 
 • When EDR gets knocked out
 • Red flags in vendor theater
 • Configuration chaos
 • The sticker problem
 
Huge thanks to our sponsor, ThreatLocker
 
 
 
ThreatLocker® Defense Against Configurations continuously scans endpoints to uncover misconfigurations, weak firewall rules, and risky settings that weaken defenses. With compliance mapping, daily updates, and actionable remediation in one dashboard, it streamlines hardening, reduces attack surfaces, and strengthens security. Learn more at threatlocker.com.

Dear Abby: Why Should I Trust a Vendor Selling Me Zero Trust?

All links and images can be found on CISO Series.
 
This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Khush Kashyap, senior director, GRC, Vanta.
 
In this episode:
 
 • 

Skip the Sermon
 • 
 • 

When to coach versus command
 • 
 • 

Making risk quantification useful
 • 
 • 

Recognizing a distinct discipline
 • 

 
 • 
 
Huge thanks to our sponsor, Vanta
 

 Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get back time to focus on strengthening security and scaling your business at https://www.vanta.com/landing/demo-grc?utm_campaign=new-way-grc&utm_source=ciso-series-podcast&utm_medium=podcast&utm_content=banner

The Difference with AI Red Teaming is We Added the Word AI

All links and images can be found on CISO Series.
 
This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining them is Daniel Liber, CISO, Monday.com.
 
In this episode:
 
 • AI security's blind spot problem
 • Vendors don't understand the assignment
 • Marketing budgets overshadow actual innovation
 • Accuracy versus effectiveness
 
Huge thanks to our sponsor, Material Security
 
 
 
Built specifically for Google Workspace, Material is a detection and response platform that protects Gmail, Google Drive, and accounts by proactively eliminating security gaps, stopping misconfigurations, and preventing shadow IT before they turn into costly problems. See Material in action today - https://material.security/providers/google-workspace?utm_source=third-party&utm_medium=website&utm_campaign=20251007-cisoseries

Don't Worry, We'll Get to Solving Your Problem on Slide 87

All links and images can be found on CISO Series.
 
This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Pavi Ramamurthy, global CISO and CIO, Blackhawk Network.
 
In this episode:
 
 • We can't promise safe, but we can promise ready
 • Are we accidentally building security nightmares?
 • Being held accountable for things you had no say in
 • The safe space problem in vendor evaluation
 
Huge thanks to our sponsor, Adaptive Security
 

 
Sponsored by Adaptive Security — the first cybersecurity company backed by OpenAI. Adaptive helps security leaders defend against AI-powered social engineering threats like deepfakes, vishing, and GenAI phishing with advanced phishing simulations and next-generation security awareness training. Adaptive's new AI Content Creator enables teams to instantly convert threat intelligence and compliance updates into interactive, multilingual training — no instructional design required. Trusted by Fortune 500s and backed by Andreessen Horowitz and the OpenAI. Learn more at http://www.adaptivesecurity.com

Time to Choose a Security Vendor: Dart Board or Spin the Wheel?

All links and images can be found on CISO Series.
 
This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Erwin Lopez, CISO, SLAC National Accelerator Laboratory.
 
In this episode:
 
 • The AI experimentation phase isn't optional
 • When selling security becomes the hardest part of the job
 • Threat actors aren't hacking in anymore
 • We build, we bond, and we can't bear to let go
 
Huge thanks to our sponsor, ThreatLocker
 
 
 
Human error remains one of the top cybersecurity threats. Just one wrong click can open the door to ransomware or data loss. With ThreatLocker, unauthorized apps, scripts, and devices are blocked before they can ever run. See how ThreatLocker can help you gain more control over your environment. Learn more at Threatlocker.com/CISO

Now That You Mention It I HAVE Heard Some Hype Around These AI Tools

All links and images can be found on CISO Series.
 
This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Brian Long, CEO, Adaptive Security.
 
In this episode:
 
 • Hiring North Korean operatives on a Tuesday
 • AI coding and the death of specifications
 • Deepfake personas beyond video calls
 • The middleman problem with SMS
 
Huge thanks to our sponsor, Adaptive Security
 

 AI-powered social engineering threats like deepfake voice calls, GenAI phishing, and vishing attacks are evolving fast. Adaptive helps security leaders get ahead with an AI-native platform that simulates realistic genAI attacks, and delivers expert-vetted security awareness training — all in one unified solution. And now, with Adaptive's new AI Content Creator, security teams can instantly transform breaking threat intel or updated policy docs into interactive, multilingual training — no instructional design needed. That means faster compliance, better engagement, and less risk. Trusted by Fortune 500s and backed by Andreessen Horowitz and the OpenAI Startup Fund, Adaptive is helping security teams prepare for the next generation of cyber threats. Learn more at adaptivesecurity.com.

Wait, SMS Doesn't Stand for "Super Mega Secure?"

All links and images for this episode can be found on CISO Series.
 
This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our guest and winner of Season 2 of Capture the CISO, Russell Spitler, CEO and co-founder, Nudge Security.
 
In this episode:
 
 • The Gordian knot of EDR
 • Can we keep up with patching?
 • Making AI practical
 • Standardization or granularity?
 
Thanks to our podcast sponsor, ThreatLocker!
 

 
ThreatLocker® is a global leader in Zero Trust endpoint security offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

How About This? Only Attack the Endpoints We Configured

Hlustaðu og lestu

Other podcasts you might like ...