App Store

Google Play

is Device Banner Block 894x1036

Stígðu inn í heim af óteljandi sögum

Hlustaðu og lestu

Mike Johnson

David Spark

and Andy Ellis

Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.

CISO Series Podcast

All links and images can be found on CISO Series.
 
This week’s episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Pavi Ramamurthy, global CISO and CIO, Blackhawk Network.
 
In this episode:
 
 • We can't promise safe, but we can promise ready
 • Are we accidentally building security nightmares?
 • Being held accountable for things you had no say in
 • The safe space problem in vendor evaluation
 
Huge thanks to our sponsor, Adaptive Security
 

 
Sponsored by Adaptive Security — the first cybersecurity company backed by OpenAI. Adaptive helps security leaders defend against AI-powered social engineering threats like deepfakes, vishing, and GenAI phishing with advanced phishing simulations and next-generation security awareness training. Adaptive’s new AI Content Creator enables teams to instantly convert threat intelligence and compliance updates into interactive, multilingual training — no instructional design required. Trusted by Fortune 500s and backed by Andreessen Horowitz and the OpenAI. Learn more at http://www.adaptivesecurity.com

Time to Choose a Security Vendor: Dart Board or Spin the Wheel?

All links and images can be found on CISO Series.
 
This week’s episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Erwin Lopez, CISO, SLAC National Accelerator Laboratory.
 
In this episode:
 
 • The AI experimentation phase isn't optional
 • When selling security becomes the hardest part of the job
 • Threat actors aren't hacking in anymore
 • We build, we bond, and we can't bear to let go
 
Huge thanks to our sponsor, ThreatLocker
 
 
 
Human error remains one of the top cybersecurity threats. Just one wrong click can open the door to ransomware or data loss. With ThreatLocker, unauthorized apps, scripts, and devices are blocked before they can ever run. See how ThreatLocker can help you gain more control over your environment. Learn more at Threatlocker.com/CISO

Now That You Mention It I HAVE Heard Some Hype Around These AI Tools

All links and images can be found on CISO Series.
 
This week’s episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Brian Long, CEO, Adaptive Security.
 
In this episode:
 
 • Hiring North Korean operatives on a Tuesday
 • AI coding and the death of specifications
 • Deepfake personas beyond video calls
 • The middleman problem with SMS
 
Huge thanks to our sponsor, Adaptive Security
 

 AI-powered social engineering threats like deepfake voice calls, GenAI phishing, and vishing attacks are evolving fast. Adaptive helps security leaders get ahead with an AI-native platform that simulates realistic genAI attacks, and delivers expert-vetted security awareness training — all in one unified solution. And now, with Adaptive’s new AI Content Creator, security teams can instantly transform breaking threat intel or updated policy docs into interactive, multilingual training — no instructional design needed. That means faster compliance, better engagement, and less risk. Trusted by Fortune 500s and backed by Andreessen Horowitz and the OpenAI Startup Fund, Adaptive is helping security teams prepare for the next generation of cyber threats. Learn more at adaptivesecurity.com.

Wait, SMS Doesn’t Stand for “Super Mega Secure?”

All links and images can be found on CISO Series.
 
This week’s episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is Jason Loomis, CISO, Freshworks.
 
In this episode:
 
 • Making organizations take their security medicine
 • Building CISO support systems
 • Holding the door for humans
 • Underappreciated risks: beyond the headlines
 
Huge thanks to our sponsor, Safe Security
 

 
SAFE is the category leader in Cyber Risk Quantification (CRQ) and the first vendor to deliver fully autonomous Third-Party Risk Management.We help CISOs, GRC, and TPRM leaders continuously and efficiently quantify, prioritize, and mitigate cyber risks across their entire attack surface — enabling digital growth and resilience. Learn more at tprmdemo.safe.security.

We All Agree That Prevention Is the Best Advice We're Never Going to Follow

All links and images can be found on CISO Series.
 
This week’s episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Jennifer Swann, CISO, Bloomberg Industry Group.
 
In this episode:
 
 • Vulnerability management vs. configuration control
 • Open source security and supply chain trust
 • Building security leadership presence
 • AI governance and enterprise risk
 
Huge thanks to our sponsor, Vanta
 

 
Vanta’s Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started today at Vanta.com/CISO.

We're All for a Responsible AI Rollout as Long as It Goes as Fast as Possible

All links and images can be found on CISO Series.
 
This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is David Cross, CISO, Atlassian.
 
In this episode:
 
 • Breaking the Sales Cycle
 • Leadership Under Fire
 • Predicting the Unpredictable
 • Security Startups' Security Paradox
 
A huge thanks to our sponsor, ThreatLocker
 

 
ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

New Study Finds No Email Has Ever “Found You Well”

All links and images can be found on CISO Series.
 
This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining us is Gary Chan, CISO, SSM Health. Be sure to check out Gary's security mentalism website: https://www.gschan2000.com.
 
In this episode:
 
 • Decision-making with incomplete information
 • Translation beats technical expertise
 • Influence trumps authority for CISOs
 • Technical prowess creates adversaries
 
Huge thanks to our sponsor, Vanta
 
 
 Automate, centralize, & scale your GRC program with Vanta. Vanta’s Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.

I Just Can’t Communicate With the Business. I’ve Tried Condescension AND Derision.

All links and images can be found on CISO Series.
 
This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining us is our sponsored guest, Kevin Tian, co-founder and CEO, Doppel.
 
In this episode: 
 
 • AI fraud gets on the juice
 • Agentic AI demands a new security mindset
 • The new frontier for social engineering
 • We still need human verification
 
Huge thanks to our sponsor, Doppel
 

 
Doppel is the first social engineering defense platform built to dismantle deception at the source. It uses AI and infrastructure correlation to detect, link, and disrupt impersonation campaigns before they spread - protecting brands, executives, and employees while turning every threat into action that strengthens defenses across a shared intelligence network.

Impressive! Our AI is Approaching “One 9” of Accuracy.

All links and images can be found on CISO Series.
 
This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is their sponsored guest, Rajan Kapoor, CEO of Material Security.
 
In this episode:
 
 • AI creates security's catch-22
 • Delegation without abandonment
 • Google's security gaps demand better tools
 • Trust beats sophistication every time
 
A huge thanks to our sponsor, Material Security
 
 
 
What if you could get a view of security across Google Workspace–email, documents, and accounts–all in one place? Material Security unifies your Google Workspace security operations, simplifying and strengthening security with continuous monitoring and automatic issue resolution. See how Material Security simplifies your security for GMail, GDrive and Google accounts. Learn more at https://material.security.

They Can’t Hack All Our Tools If We Keep Buying New Ones

All links and images can be found on CISO Series.
 
This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker.
 
In this episode:
 
 • Large enterprise security demands drive vendor improvements
 • Technical expertise becomes leadership liability without delegation
 • EDR evolution needs prevention focus
 • Career breaks require personal ownership and strategic timing
 
A huge thanks to our sponsor, ThreatLocker
 

 
ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Cosmo Quiz! 23 Ways to Make Your Vendors Obsessed With Your Security Standards

All links and images for this episode can be found on CISO Series.
 
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is our sponsored guest, Jay Trinckes, director of compliance, Thoropass.
 
In this episode:
 
 • 

Why do credential stuffing attacks put organizations in such a tricky spot?
 • 
 • 

Why is blaming the victim rarely the right move?
 • 
 • 

What kind of reasonable expectations can companies have about how much users will do to protect themselves?
 • 
 
Thanks to our podcast sponsor, Thoropass
 

 
Still spending time collecting evidence and worrying about breaking free of an infinite audit loop? Relax! We fixed audits. Thoropass provides complete infosec compliance management, continuous monitoring, and security audits through AI-infused software and expert guidance – allowing you to do business with confidence. Learn more at www.thoropass.com.

I’m Stuffed, I Just Couldn’t Take Another Credential

Hlustaðu og lestu

Other podcasts you might like ...