Episodes
-
All links and images can be found on CISO Series
There are thousands of cybersecurity vendors across categories. If there's a gap in the market, it's likely not for technical reasons. So, how do you actually find vendors that are a good fit rather than one that just meets technical requirements?
Check out this post by Joe Head of REFLEX Solutions for the discussion that is the basis of our conversation on this week's episode, co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Ajit Girn, CIO, Employment Development Department (EDD).
In this episode:
Built for vendors, not users Signal versus noise Priced out The elegance gapA huge thanks to our sponsor, ThreatLocker
ThreatLocker takes a deny-by-default approach to endpoint security — controlling what applications can run, what can access data, and what can elevate privileges. Used by organizations that want to reduce attack surface without relying on detection alone. Learn more at threatlocker.com/ciso.
-
All links and images can be found on CISO Series
Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and George Finney, CISO, University of Texas System. Joining is Sean Walls, CISO, Bob's Discount Furniture.
In this episode:
Asymmetric accounting Sometimes it really is that easy The spirit of the saying The cheapest way inA huge thanks to our sponsor, Native Security
Native is the Cloud Security Control Plane. It helps enterprises enforce secure-by-design architecture across multi-cloud environments by translating security intent into the cloud provider's built-in controls, previewing impact before rollout, and keeping enforcement aligned as the environment changes.
-
Missing episodes?
-
What It Takes To Be Successful in Cyber Media
All links and images can be found on CISO Series
Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Dave Bittner, producer and host, The CyberWire. Joining is Graham Cluley, host of Smashing Security podcast and Leo Laporte, founder of TWiT (This Week in Tech) and host of Security Now podcast.
In this episode:
Format follows function The decision gap Practitioner fingerprints Beyond the news cycleA huge thanks to our sponsor, Palo Alto Networks
Cortex Cloud unifies code, cloud, and SOC on a single data, risk, and control plane — giving teams the context, workflows, and agentic intelligence to turn risk into resolution. Native AI agents investigate and act within enterprise guardrails, delivering real-time protection from workload to network edge. Cloud security that outpaces machine-speed threats. Learn more at paloaltonetworks.com/cortex/cloud/demo.
-
All links and images can be found on CISO Series
Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Howard Holton, CEO, GigaOm. Joining is Tyler King, senior director - threat operations and response, Sinclair.
In this episode:
Career insurance In the trenches together Who are you actually selling to? Common sense, uncommon in salesA huge thanks to our sponsor, Material Security
Legacy email security only watches the door. Material protects your entire cloud workspace—email, files, and accounts—as one ecosystem. It's more coverage for less than the cost of a legacy SEG. One price, no surprises: just security that covers the whole surface area. Learn more at material.security.
-
All links and images can be found on CISO Series
We think of cybersecurity as a discipline. But when do ideas like best practices and NIST frameworks change into a system of belief?
Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Davi Ottenheimer, principal, Flying Penguin. Joining is Joshua Copeland, director of security, Crescendo.
In this episode:
Tools, not religion The case for structured discipline The management problem underneath Fix the damn holesA huge thanks to our sponsor, ThreatLocker
ThreatLocker delivers Zero Trust Network Access and Zero Trust Cloud Access that verifies both user and device before granting access to specific applications. No broad access, nothing exposed, and no reliance on credentials alone. It's a smarter way to control access and reduce risk. Learn more at ThreatLocker.com/CISO.
-
All links and images can be found on CISO Series
We know human-paced security controls can't be applied to autonomous AI agents. So what needs to change with CNAPP and cloud security?
Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Dan Benjamin, vp product - data, identity, and AI security, Palo Alto Networks.
In this episode:
The detection ceiling A category gap, not a feature gap Resilience by design An insider threat with no faceA huge thanks to our sponsor, Palo Alto Networks
Cortex Cloud unifies code, cloud, and SOC on a single data, risk, and control plane — giving teams the context, workflows, and agentic intelligence to turn risk into resolution. Native AI agents investigate and act within enterprise guardrails, delivering real-time protection from workload to network edge. Cloud security that outpaces machine-speed threats. Visit Palo Alto Networks and search cortex cloud.
-
All links and images can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our guest, Paul Guerra.
In this episode:
Read the contract How vendors win before the evaluation ends The fallout The real costA huge thanks to our sponsor, Native Security
Native makes secure-by-design inherent to how the cloud operates. It's the control plane for built-in cloud security, unifying and governing native controls, so security intent is defined once and applied consistently across providers. Learn more at native.security.
-
All links and images can be found on CISO Series
All security startups will tell you they talk to potential customers. The problem is that you limit your development when you only talk to CISOs who might buy. It's not the same guidance you'll get from a CISO who advises.
Check out this post by Val Tsanev of the Cyber Risk Alliance for the discussion that is the basis of our conversation.
This week's episode is co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Steve Jensen, CISO, University of Maine System.
In this episode:
Building for whom? The only feedback loop that matters Valid, but for whom? Rethink the advisor rosterA huge thanks to our sponsor, Material Security
Legacy email security only watches the door. Material protects your entire cloud workspace—email, files, and accounts—as one ecosystem. It's more coverage for less than the cost of a legacy SEG. One price, no surprises: just security that covers the whole surface area. Learn more at material.security.
-
All links and images can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Rob Allen.
In this episode:
The vulnerable stack Changing the structural economics Change the terrain The cost-benefit equationA huge thanks to our sponsor, ThreatLocker
ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.
-
All links and images can be found on CISO Series
Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Heath Renfrow, co-founder, Fenix24.
In this episode:
Knowing which systems to save first Recovery is a business conversation, not an IT ticket Not all systems are created equal Recovery knowledge as a governed assetA huge thanks to our sponsor, Fenix24
Fenix24 is the world's leading breach recovery firm, providing rapid ransomware restoration, full asset visibility, and threat informed hardening. Alongside expert recovery services, Fenix24 delivers ongoing managed protection that secures backups, infrastructure, and critical controls, helping organizations stay resilient, recoverable, and prepared for modern cyber threats. Learn more at fenix24.com.
-
What Makes a Successful Security Vendor Demo?
All links and images can be found on CISO Series.
Check out this post from Adam Palmer for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Geoff Belknap. Joining is Ken Beasley, BISO, Kaiser Permanente.
In this episode:
Show me the problem, not the product Walking in blind Discovery is the demo Define the use case, set the clockA huge thanks to our sponsor, Fenix24
Fenix24 is the world's leading breach recovery firm, providing rapid ransomware restoration, full asset visibility, and threat informed hardening. Alongside expert recovery services, Fenix24 delivers ongoing managed protection that secures backups, infrastructure, and critical controls, helping organizations stay resilient, recoverable, and prepared for modern cyber threats. Learn more at fenix24.com.
-
Should You Use Native or 3rd Party Cloud Management Tools?
All links and images can be found on CISO Series.
Check out this post from Steve Zalewski for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is their sponsored guest, Gal Ordo, co-founder and CPO, Native.
In this episode:
More tools, more problems A gap in design Catching what slips through Competence over complexityA huge thanks to our sponsor, Native Security
Native makes secure-by-design inherent to how the cloud operates. It's the control plane for built-in cloud security, unifying and governing native controls, so security intent is defined once and applied consistently across providers. Learn more at native.security.
-
How Should We Measure the Performance of a CISO?
All links and images can be found on CISO Series.
Check out this post from the cybersecurity subreddit for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is Jason Richards, vp, information security, CHG Healthcare.
In this episode:
Likability as a career strategy The storytelling gap How the math actually gets done The unofficial scorecardA huge thanks to our sponsor, ThreatLocker
ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.
-
All links and images can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Ross Young, co-host, CISO Tradecraft. Joining them is Dan Walsh, CISO, Datavant. Be sure to check out Ross's book Cybersecurity's Dirty Secret: Why Most Budgets Go to Waste.
In this episode:
Patterns hiding in plain sight Activity vs. advancement The human cost Frameworks about frameworksA huge thanks to our sponsor, Fenix24
Fenix24 is the world's leading breach recovery firm, providing rapid ransomware restoration, full asset visibility, and threat informed hardening. Alongside expert recovery services, Fenix24 delivers ongoing managed protection that secures backups, infrastructure, and critical controls, helping organizations stay resilient, recoverable, and prepared for modern cyber threats. Learn more at fenix24.com.
-
All links and images can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is Adam Palmer, CISO, First Hawaiian Bank. Be sure to check out David's book, Three Feet from Seven Figures: One-on-One Engagement Techniques to Qualify More Leads at Trade Shows.
In this episode:
Lead with insight, not persuasion Recognize the opportunity when it arrives Strategy over features Keep it efficientA huge thanks to our sponsor, Endor Labs
Discover how AI coding agents are reshaping software supply chain risk in the State of Dependency Management. Original research from Endor Labs shows 49% of dependency versions have known vulnerabilities (and that 34% don't actually exist). Get the report to see how "shadow AI" is reshaping attack surfaces. Learn more at endorlabs.com.
-
All links and images can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining is their sponsored guest, Matt Brown, solutions architect, Endor Labs.
In this episode:
The development disconnect Functionality first, security second The incentive problem Speed as the common groundA huge thanks to our sponsor, Endor Labs
Discover how AI coding agents are reshaping software supply chain risk in the State of Dependency Management. Original research from Endor Labs shows 49% of dependency versions have known vulnerabilities (and that 34% don't actually exist). Get the report to see how "shadow AI" is reshaping attack surfaces. Learn more at www.endorlabs.com.
-
All links and images can be found on CISO Series.
Check out this post by Caleb Sima for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Evan McHenry, CISO, Robinhood.
In this episode:
The information paradox Setting realistic expectations Prioritization over noise The cart before the horseHuge thanks to our sponsor, Endor Labs
Discover how AI coding agents are reshaping software supply chain risk in the State of Dependency Management. Original research from Endor Labs shows 49% of dependency versions have known vulnerabilities (and that 34% don't actually exist). Get the report to see how "shadow AI" is reshaping attack surfaces.
-
All links and images can be found on CISO Series.
Check out this post, CISO, Upwind Security, for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap, CISO, LinkedIn. Joining us is Octavia Howell, vp and CISO, Equifax Canada.
In this episode:
Beyond the quota The hard truth beats the polished bluff Paying for someone else's mistakes Reducing friction, increasing trustHuge thanks to our sponsor, ThreatLocker
ThreatLocker takes a deny-by-default approach to endpoint security — controlling what applications can run, what can access data, and what can elevate privileges. Used by organizations that want to reduce attack surface without relying on detection alone. Learn more at threatlocker.com/ciso.
-
All links and images can be found on CISO Series.
This week's episode is co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Mark Eggleston, CISO, CSC.
In this episode:
Breaking trust to test it Technical controls over testing The measurement imperative Fire drills, not gotchasHuge thanks to our sponsor, Scanner
All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data lakes, 10x cheaper than SIEMs. Loved by analysts. Built for AI agents. Learn more at scanner.dev.
-
All links and images can be found on CISO Series.
This week's episode is co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Cliff Crosland, co-founder and CEO, Scanner.dev.
In this episode:
Earning autonomy gradually The blast radius question The reality check Today's value, tomorrow's evolutionHuge thanks to our sponsor, Scanner
All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data lakes, 10x cheaper than SIEMs. Loved by analysts. Built for AI agents. Learn more at scanner.dev.
- Show more