app_store_button

google_play_button

Details page - Device banner - 894x1036

Step into an infinite world of stories

Listen and read

David Spark

Geoff Belknap

Steve Zalewski

Defense in Depth promises clear talk on cybersecurity's most controversial and confusing debates. Once a week we choose one controversial and popular cybersecurity debate and use the InfoSec community's insights to lead our discussion.

Defense in Depth

All links and images can be found on CISO Series.
 
Check out this post by Binoy Koonammavu of Secusy AI for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is best-selling cybersecurity author Peter Gregory. His upcoming study guide on AI governance can be pre-ordered here.
 
In this episode:
 
 • Speaking the language of leadership
 • Beyond translation: the trust factor
 • Making risk tangible
 • When translation isn't enough
 
Huge thanks to our sponsor, ThreatLocker
 

 
ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

How Should CISOs Talk to the Business

All links and images can be found on CISO Series.
 
Check out this post by Nick Nolen of Redpoint Cyber for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Erika Dean, former CSO, Robinhood.
 
In this episode:
 
 • Delegation requires accountability
 • The reality of daily decision-making
 • The gap between theory and practice
 • Beyond the advisory role
 
Huge thanks to our sponsor, ThreatLocker
 

 
ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO

How Much Cyber Risk Should a CISO Own?

All links and images can be found on CISO Series.
 
Check out this post by Christofer Hoff of Truist for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Caleb Sima, builder, WhiteRabbit. Joining them is Crystal Chatam, vp of cybersecurity, Speedcast.
 
In this episode:
 
 • Understanding the fundamentals
 • The grift of superficial expertise
 • Hands-on experience matters 
 • A vulnerability at the leadership level
 
Huge thanks to our sponsor, Stellar Cyber
 
 
 By shining a bright light on the darkest corners of security operations, Stellar Cyber empowers organizations to see incoming attacks, know how to fight them, and act decisively – protecting what matters most. Stellar Cyber's award-winning open security operations platform includes AI-driven SIEM, NDR, ITDR, Open XDR, and Multi-Layer AI™ under one unified platform with a single license. With ⅓ of the global top 250 MSSPs and over 14,000 customers worldwide, Stellar Cyber is one of the most trusted leaders in security operations. Learn more at https://stellarcyber.ai/.

How To Tell When a Vendor is Selling AI Snake Oil

All links and images can be found on CISO Series.
 
Check out this post by Ross Haleliuk of Venture in Security for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Davi Ottenheimer, vp, trust and digital ethics, Inrupt.
 
In this episode:
 
 • Network security isn't dying—it's evolving
 • The observability layer that can't be replaced
 • What's old is new again
 • The innovation gap
 
Huge thanks to our sponsor, HackerOne
 
 
 Discover how AI innovators like Adobe, Anthropic, and Snap are using AI to find and fix vulnerabilities across the software development lifecycle. HackerOne, the global leader in offensive security solutions, reveals all in the CISOs' guide to securing the future of AI. Download it now to see how AI can strengthen your security posture. Learn more at https://www.hackerone.com/

In the Age of Identity, is Network Security Dead?

All links and images can be found on CISO Series.
 
Check out this post by Kevin Paige, CISO at ConductorOne, for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker.
 
In this episode:
 
 • When configuration drift becomes operational reality
 • The garden that never stops growing
 • From detection to cultural shift
 • The maturity gap
 
Huge thanks to our sponsor, ThreatLocker
 

 
ThreatLocker® Defense Against Configurations continuously scans endpoints to uncover misconfigurations, weak firewall rules, and risky settings that weaken defenses. With compliance mapping, daily updates, and actionable remediation in one dashboard, it streamlines hardening, reduces attack surfaces, and strengthens security. Learn more at https://www.threatlocker.com/

How to Manage Configuration Drift

All links and images can be found on CISO Series.
 
Check out this post by Kevin Paige, CISO at ConductorOne, for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is Julie Tsai, CISO-in-Residence, Ballistic Ventures.
 
In this episode:
 
 • Is least privilege dead?
 • Modern tactics, timeless principle
 • Implementation over ideology
 • Pragmatism over purity
 
Huge thanks to our sponsor, Cyera
 

 AI is moving fast - can your security keep up? Join the leaders shaping the future of data and AI security at DataSecAI Conference 2025, hosted by Cyera, Nov 12–13 in Dallas. Register now at https://datasecai2025.com/did.

Is Least Privilege Dead?

All links and images can be found on CISO Series.
 
Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining them is their sponsored guest Bobby Ford, chief strategy and experience officer, Doppel.
 
In this episode:
 
 • Beyond the click
 • High-risk users demand different metrics
 • Building engagement over punishment
 • Creating a security culture through community
 
Huge thanks to our sponsor, Doppel
 

 
Doppel is protecting the world's digital integrity. Impersonators adapt fast — but so does Doppel. By pairing AI with expert analysis, we don't just detect deception; we dismantle it. Our platform learns from every attack, expands its reach across digital channels, and disrupts threats before they cause harm. The result? Impersonators lose. Businesses become too costly to attack. And trust stays intact. Learn more at https://www.doppel.com/

How Do We Measure Our Defenses Against Social Engineering Attacks?

All links and images can be found on CISO Series.
 
Check out this post by Mike Gallardo for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Geoff Belknap. Joining them is Alex Guilday, BISO, Royal Caribbean Group.
 

 
In this episode:
 
 • Timing the approach
 • When persistence becomes harassment
 • Playing the long game
 • The necessity argument
 
Huge thanks to our sponsor, Cyera
 

 
AI is moving fast - can your security keep up? Join the leaders shaping the future of data and AI security at DataSecAI Conference 2025, hosted by Cyera, Nov 12–13 in Dallas. Register now at https://datasecai2025.com/did.

Sales Follow Up Sequences: What Works Best in Cyber?

All links and images can be found on CISO Series.
 
Check out this post by Evgeniy Kharam for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is Ryan Dunn, Leader of Product and Supply Chain Technology, Specialized Bicycle Components. 
 
And check out "Architecting Success: The Art of Soft Skills in Technical Sales: Connect to Sell More" by Evgeniy Kharam we referenced in this episode.
 
In this episode:
 
 • Beyond the technical playbook
 • Influencing without authority
 • Partnering, not just selling
 • The deliberate work of connection
 
Thanks to our sponsor, HackerOne
 

 
Built on 580,000+ validated vulnerabilities, $81M in payouts this year, and insights from 1,950 enterprise programs, the 2025 Hacker-Powered Security Report shows how leading organizations reduce risk and prove outcomes. Get practical guidance on attacker focus, response patterns, and board-ready metrics. Watch the Q&A, then download the report to operationalize what works for you.
 https://www.hackerone.com/report/future-of-ai?utm_medium=Paid-Newsletter&utm_source=cisoseries&utm_campaign=Parent-FY25-AIAwarenessCampaign-GL

What Soft Skills Do You Need in Cyber?

All links and images can be found on CISO Series.
 
Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Bil Harmer, security advisor, Craft Ventures. Joining them is James Bruce, business security services director, WPP.
 
In this episode:
 
 • Turning visibility into actionable intelligence
 • Pure visibility still provides an essential security foundation
 • Finding strategic value
 • The risk of gaps in identity management
 
Huge thanks to our sponsor, ThreatLocker
 Human error remains one of the top cybersecurity threats. Just one wrong click can open the door to ransomware or data loss. With ThreatLocker, unauthorized apps, scripts, and devices are blocked before they can ever run. See how ThreatLocker can help you gain more control over your environment. Threatlocker.com/CISO

What is the Visibility That Security Teams Need?

All links and images for this episode can be found on CISO Series
 
A 500+ person company doesn't have a security department. They need one and they need to convince the CEO they need one. How do you build a cybersecurity team and program from scratch?
 
Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Rishi Tripathi (@ris12hi), CISO, Mount Sinai Health System.
 
Thanks to our podcast sponsor, Tines
 
 
 
 Tines was founded by experienced security practitioners who cared about their teams. When they couldn't find an automation platform that delivered, they founded a company and built their own. A few years later, customers like Coinbase, McKesson, and GitLab run their most important security workflows on Tines – everything from phishing response to employee onboarding. To learn more, visit tines.com.
 
In this episode:
 
 How to go about measuring risk? Leveraging compliance to get the point across. What needs to be considered to make a program uniquely geared to your company's needs?

Start a Cybersecurity Department from Scratch

Listen and read

Other podcasts you might like ...