App Store

Google Play

is Device Banner Block 894x1036

Stígðu inn í heim af óteljandi sögum

Hlustaðu og lestu

Mike Johnson

David Spark

and Andy Ellis

Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.

CISO Series Podcast

All links and images can be found on CISO Series.
 
This week’s episode is hosted by David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining them is Daniel Liber, CISO, Monday.com.
 
In this episode:
 
 • AI security's blind spot problem
 • Vendors don't understand the assignment
 • Marketing budgets overshadow actual innovation
 • Accuracy versus effectiveness
 
Huge thanks to our sponsor, Material Security
 
 
 
Built specifically for Google Workspace, Material is a detection and response platform that protects Gmail, Google Drive, and accounts by proactively eliminating security gaps, stopping misconfigurations, and preventing shadow IT before they turn into costly problems. See Material in action today - https://material.security/providers/google-workspace?utm_source=third-party&utm_medium=website&utm_campaign=20251007-cisoseries

Don’t Worry, We’ll Get to Solving Your Problem on Slide 87

All links and images can be found on CISO Series.
 
This week’s episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Pavi Ramamurthy, global CISO and CIO, Blackhawk Network.
 
In this episode:
 
 • We can't promise safe, but we can promise ready
 • Are we accidentally building security nightmares?
 • Being held accountable for things you had no say in
 • The safe space problem in vendor evaluation
 
Huge thanks to our sponsor, Adaptive Security
 

 
Sponsored by Adaptive Security — the first cybersecurity company backed by OpenAI. Adaptive helps security leaders defend against AI-powered social engineering threats like deepfakes, vishing, and GenAI phishing with advanced phishing simulations and next-generation security awareness training. Adaptive’s new AI Content Creator enables teams to instantly convert threat intelligence and compliance updates into interactive, multilingual training — no instructional design required. Trusted by Fortune 500s and backed by Andreessen Horowitz and the OpenAI. Learn more at http://www.adaptivesecurity.com

Time to Choose a Security Vendor: Dart Board or Spin the Wheel?

All links and images can be found on CISO Series.
 
This week’s episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Erwin Lopez, CISO, SLAC National Accelerator Laboratory.
 
In this episode:
 
 • The AI experimentation phase isn't optional
 • When selling security becomes the hardest part of the job
 • Threat actors aren't hacking in anymore
 • We build, we bond, and we can't bear to let go
 
Huge thanks to our sponsor, ThreatLocker
 
 
 
Human error remains one of the top cybersecurity threats. Just one wrong click can open the door to ransomware or data loss. With ThreatLocker, unauthorized apps, scripts, and devices are blocked before they can ever run. See how ThreatLocker can help you gain more control over your environment. Learn more at Threatlocker.com/CISO

Now That You Mention It I HAVE Heard Some Hype Around These AI Tools

All links and images can be found on CISO Series.
 
This week’s episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Brian Long, CEO, Adaptive Security.
 
In this episode:
 
 • Hiring North Korean operatives on a Tuesday
 • AI coding and the death of specifications
 • Deepfake personas beyond video calls
 • The middleman problem with SMS
 
Huge thanks to our sponsor, Adaptive Security
 

 AI-powered social engineering threats like deepfake voice calls, GenAI phishing, and vishing attacks are evolving fast. Adaptive helps security leaders get ahead with an AI-native platform that simulates realistic genAI attacks, and delivers expert-vetted security awareness training — all in one unified solution. And now, with Adaptive’s new AI Content Creator, security teams can instantly transform breaking threat intel or updated policy docs into interactive, multilingual training — no instructional design needed. That means faster compliance, better engagement, and less risk. Trusted by Fortune 500s and backed by Andreessen Horowitz and the OpenAI Startup Fund, Adaptive is helping security teams prepare for the next generation of cyber threats. Learn more at adaptivesecurity.com.

Wait, SMS Doesn’t Stand for “Super Mega Secure?”

All links and images can be found on CISO Series.
 
This week’s episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is Jason Loomis, CISO, Freshworks.
 
In this episode:
 
 • Making organizations take their security medicine
 • Building CISO support systems
 • Holding the door for humans
 • Underappreciated risks: beyond the headlines
 
Huge thanks to our sponsor, Safe Security
 

 
SAFE is the category leader in Cyber Risk Quantification (CRQ) and the first vendor to deliver fully autonomous Third-Party Risk Management.We help CISOs, GRC, and TPRM leaders continuously and efficiently quantify, prioritize, and mitigate cyber risks across their entire attack surface — enabling digital growth and resilience. Learn more at tprmdemo.safe.security.

We All Agree That Prevention Is the Best Advice We're Never Going to Follow

All links and images can be found on CISO Series.
 
This week’s episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Jennifer Swann, CISO, Bloomberg Industry Group.
 
In this episode:
 
 • Vulnerability management vs. configuration control
 • Open source security and supply chain trust
 • Building security leadership presence
 • AI governance and enterprise risk
 
Huge thanks to our sponsor, Vanta
 

 
Vanta’s Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started today at Vanta.com/CISO.

We're All for a Responsible AI Rollout as Long as It Goes as Fast as Possible

All links and images can be found on CISO Series.
 
This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is David Cross, CISO, Atlassian.
 
In this episode:
 
 • Breaking the Sales Cycle
 • Leadership Under Fire
 • Predicting the Unpredictable
 • Security Startups' Security Paradox
 
A huge thanks to our sponsor, ThreatLocker
 

 
ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

New Study Finds No Email Has Ever “Found You Well”

All links and images can be found on CISO Series.
 
This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining us is Gary Chan, CISO, SSM Health. Be sure to check out Gary's security mentalism website: https://www.gschan2000.com.
 
In this episode:
 
 • Decision-making with incomplete information
 • Translation beats technical expertise
 • Influence trumps authority for CISOs
 • Technical prowess creates adversaries
 
Huge thanks to our sponsor, Vanta
 
 
 Automate, centralize, & scale your GRC program with Vanta. Vanta’s Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.

I Just Can’t Communicate With the Business. I’ve Tried Condescension AND Derision.

All links and images can be found on CISO Series.
 
This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining us is our sponsored guest, Kevin Tian, co-founder and CEO, Doppel.
 
In this episode: 
 
 • AI fraud gets on the juice
 • Agentic AI demands a new security mindset
 • The new frontier for social engineering
 • We still need human verification
 
Huge thanks to our sponsor, Doppel
 

 
Doppel is the first social engineering defense platform built to dismantle deception at the source. It uses AI and infrastructure correlation to detect, link, and disrupt impersonation campaigns before they spread - protecting brands, executives, and employees while turning every threat into action that strengthens defenses across a shared intelligence network.

Impressive! Our AI is Approaching “One 9” of Accuracy.

All links and images can be found on CISO Series.
 
This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is their sponsored guest, Rajan Kapoor, CEO of Material Security.
 
In this episode:
 
 • AI creates security's catch-22
 • Delegation without abandonment
 • Google's security gaps demand better tools
 • Trust beats sophistication every time
 
A huge thanks to our sponsor, Material Security
 
 
 
What if you could get a view of security across Google Workspace–email, documents, and accounts–all in one place? Material Security unifies your Google Workspace security operations, simplifying and strengthening security with continuous monitoring and automatic issue resolution. See how Material Security simplifies your security for GMail, GDrive and Google accounts. Learn more at https://material.security.

They Can’t Hack All Our Tools If We Keep Buying New Ones

All links and images for this episode can be found on CISO Series.
 
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining me is our sponsored guest, Aaron Shaha, CISO, CyberMaxx.
 
In this episode:
 
 • 

Is technical debt an inevitability in any organization?
 • 
 • 

How do you go about "paying it down?"
 • 
 • 

How do you decide when you need a systematic refresh and when can you kick the can down the road a little longer?
 • 
 
Thanks to our podcast sponsor, CyberMaxx
 

 
CyberMaxx offers MaxxMDR, our next-generation managed detection and response (MDR) solution that helps customers assess, monitor, and manage their cyber risks. MaxxMDR fuels defensive capabilities with insights from offensive security, DFIR, and threat hunting, on top of a technology-agnostic deployment model. We think like an adversary but defend like a guardian.

I Really Shouldn’t Have Agreed to Variable Rate Technical Debt

Hlustaðu og lestu

Other podcasts you might like ...