App Store

Google Play

Details page - Device banner - 894x1036

Step into an infinite world of stories

Listen and read

David Spark

Geoff Belknap

Steve Zalewski

Defense in Depth promises clear talk on cybersecurity’s most controversial and confusing debates. Once a week we choose one controversial and popular cybersecurity debate and use the InfoSec community’s insights to lead our discussion.

Defense in Depth

All links and images can be found on CISO Series.
 
Check out this post by Evgeniy Kharam for the discussion that is the basis of our conversation on this week’s episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is Ryan Dunn, Leader of Product and Supply Chain Technology, Specialized Bicycle Components. 
 
And check out "Architecting Success: The Art of Soft Skills in Technical Sales: Connect to Sell More" by Evgeniy Kharam we referenced in this episode.
 
In this episode:
 
 • Beyond the technical playbook
 • Influencing without authority
 • Partnering, not just selling
 • The deliberate work of connection
 
Thanks to our sponsor, HackerOne
 
 
 
Discover how AI innovators like Adobe, Anthropic, and Snap are using AI to find and fix vulnerabilities across the software development lifecycle. HackerOne, the global leader in offensive security solutions, reveals all in the CISOs’ guide to securing the future of AI. Download it now to see how AI can strengthen your security posture. https://www.hackerone.com/report/future-of-ai?utm_medium=Paid-Newsletter&utm_source=cisoseries&utm_campaign=Parent-FY25-AIAwarenessCampaign-GL

What Soft Skills Do You Need in Cyber?

All links and images can be found on CISO Series.
 
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by David Spark, the producer of CISO Series, and Bil Harmer, security advisor, Craft Ventures. Joining them is James Bruce, business security services director, WPP.
 
In this episode:
 
 • Turning visibility into actionable intelligence
 • Pure visibility still provides an essential security foundation
 • Finding strategic value
 • The risk of gaps in identity management
 
Huge thanks to our sponsor, ThreatLocker
 Human error remains one of the top cybersecurity threats. Just one wrong click can open the door to ransomware or data loss. With ThreatLocker, unauthorized apps, scripts, and devices are blocked before they can ever run. See how ThreatLocker can help you gain more control over your environment. Threatlocker.com/CISO

What is the Visibility That Security Teams Need?

All links and images can be found on CISO Series.
 
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by David Spark, the producer of CISO Series, and Dan Walsh, CISO, Datavant. Joining them is their sponsored guest, Ash Hunt, vp, strategy, EMEA, Cyera.
 
In this episode:
 
 • The access creep challenge
 • Bridging intent and execution
 • Looking for integrity
 • Racing against exponential complexity
 
Huge thanks to our sponsor, Cyera
 
 
 

 
 
 AI is moving fast - can your security keep up? Join the leaders shaping the future of data and AI security at DataSecAI Conference 2025, hosted by Cyera, Nov 12–13 in Dallas. Register now at https://www.cyera.com/?utm_source=cisoseries

Data Governance in the Age of AI

All links and images can be found on CISO Series.
 
Check out this post by David Mundy of Tuskira for the discussion that is the basis of our conversation on this week’s episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is Jason Taule, CISO, Luminis Health.
 
In this episode:
 
 • ROI challenges 
 • Venture capital saturation
 • Risk aversion and organizational politics
 • A GTM transformation
 
Huge thanks to our sponsor, Doppel
 

 
Doppel is the first social engineering defense platform built to dismantle deception at the source. It uses AI and infrastructure correlation to detect, link, and disrupt impersonation campaigns before they spread - protecting brands, executives, and employees while turning every threat into action that strengthens defenses across a shared intelligence network. Learn more at https://www.doppel.com/platform

How Can Security Vendors Better Stand Out?

All links and images can be found on CISO Series.
 
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is our sponsored guest, Kara Sprague, CEO, HackerOne.
 
In this episode:
 
 • Shadow AI as a control problem
 • Rethinking identity for autonomous agents
 • When process meets momentum
 • Beyond blocking: channeling AI usage
 
Huge thanks to our sponsor, HackerOne
 

 
 Discover how AI innovators like Adobe, Anthropic, and Snap are using AI to find and fix vulnerabilities across the software development lifecycle. HackerOne, the global leader in offensive security solutions, reveals all in the CISOs’ guide to securing the future of AI. Download it now to see how AI can strengthen your security posture. Learn more at https://www.hackerone.com/

What New Risks Does AI Introduce?

All links and images can be found on CISO Series.
 
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is CISO Series reporter and CISO herself, Hadas Cassorla.
 
In this episode:
 
 • Security poverty line excludes SMBs 
 • Skills gap and channel dynamics slow SMB security adoption
 • The startup disadvantage cycle
 • Technology adoption flows from enterprise complexity to market simplification
 
Huge thanks to our sponsor, ThreatLocker
 

 
ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

The Pattern of Early Adoption of Security Tools

All links and images can be found on CISO Series.
 
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is our sponsored guest Mokhtar Bacha, founder and CEO, Formal.
 
In this episode:
 
 • Access management faces transformation 
 • AI agents demand new authentication paradigms
 • AI complexity demands simplified governance approaches
 • Data-centric identity management replaces role-based approaches
 
Huge thanks to our sponsor, Formal
 

 
Formal secures humans, AI agent’s access to MCP servers, infrastructure, and data stores by monitoring and controlling data flows in real time. Using a protocol-aware reverse proxy, Formal enforces least-privilege access to sensitive data and APIs, ensuring AI behavior stays predictable and secure. Visit joinformal.com to learn more or schedule a demo.

How Are You Managing the Flow of AI Data

All links and images can be found on CISO Series.
 
Check out this post by Geoff Belknap, co-host of Defense in Depth, for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and John Overbaugh, CISO, Alpine Investors. Joining us is our sponsored guest, Pukar Hamal, founder and CEO at SecurityPal.
 
In this episode: 
 
 • When business moves faster than security
 • Turning obstacles into opportunities
 • The art of saying "not like that"
 • Know your regulatory landscape
 
Huge thanks to our sponsor, SecurityPal AI
 
 
 
 SecurityPal is the leader in Customer Assurance, helping companies accelerate security assurance without compromising accuracy. Their AI + human expertise approach, dynamic Trust Center, and modern TPRM solution eliminate manual work and streamline vendor security at scale. To learn more, visit securitypal.ai.

How to Deal with Last Minute Compliance Requirements

All links and images can be found on CISO Series.
 
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Justin Berman, formerly vp of platform engineering and CISO at Thirty Madison Health.
 
In this episode: 
 
 • Maps without transportation
 • The untouchable employee problem
 • Attestation theater
 • The lightbulb moment
 
Huge thanks to our sponsor, SecurityPal
 
 
 
SecurityPal is the leader in Customer Assurance, helping companies accelerate security assurance without compromising accuracy. Their AI + human expertise approach, dynamic Trust Center, and modern TPRM solution eliminate manual work and streamline vendor security at scale. To learn more, visit securitypal.ai.

Do You Have a Functional Policy or Did You Just Write One?

All links and images can be found on CISO Series.
 
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker.
 
In this episode: 
 
 • Legacy infrastructure creates the biggest hurdles
 • More marketing than methodology
 • Implementation complexity makes zero trust a Sisyphean task
 • Don't ignore human factors
 
Huge thanks to our sponsor, ThreatLocker
 
 
 
ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit Threatlocker.com/CISO

Where are We Struggling with Zero Trust

All links and images for this episode can be found on CISO Series
 
You're starting a security program from scratch and you're trying to figure out where to start, what to prioritize, and how to architect it so it grows naturally and not a series of random patches over time.
 
Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO. Our guest is Mark Bruns, CISO, First Bank.
 
Thanks to our podcast sponsor, Keyavi
 
 
 
Myth: Data can’t protect itself. Fact: Now it does! You control where your data goes in the world, who can access it and when. On any device. Anytime. Anywhere. FOREVER. Learn more at Keyavi.com.
 
In this episode:
 
 • Have you ever had a purely greenfield situation?
 • When starting a security program from scratch, how do you figure out where to start and what to prioritize?
 • What are the top five actions if you were going to implement a brand new/greenfield security program?
 • How do you architect a security program so that it grows naturally and not a series of random patches over time?

How to Build a Greenfield Security Program

Listen and read

Other podcasts you might like ...