CISO Series Podcast

Quincey Collins, CSO at Sheppard Mullin, and Jeff Steadman, Deputy CISO at Corning Inc., dive into the multifaceted world of cybersecurity. They debate whether AI will eclipse entry-level roles while stressing the necessity of foundational IT skills. The duo also discusses hiring practices, advocating for a focus on strengths and creativity in candidates. Incident response insights, including staying calm under pressure, are shared alongside the pressing question of whether cybersecurity is genuinely existential for businesses today.

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining us is Sara Madden, CISO, Convera. In this episode: Optimizing for reality, not idealism Engineering governance instead of monitoring compliance When AI finds what humans miss The measurement problem Huge thanks to our sponsor, ThreatLocker Human error remains one of the top cybersecurity threats. Just one wrong click can open the door to ransomware or data loss. With ThreatLocker, unauthorized apps, scripts, and devices are blocked before they can ever run. See how ThreatLocker can help you gain more control over your environment. https://threatlocker.com

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Jerich Beason, CISO, WM. Joining them on stage is Jack Leidecker, CISO, Gong. This episode was recorded live at HOU SEC CON 2025. In this episode: The open source sustainability problem AI levels the geopolitical playing field Cutting through AI vendor hype Why the fundamentals still hurt Thanks to Erik Bloch from Illumio for providing our "What's Worse" scenario. Huge thanks to our sponsor, Vorlon Security SaaS data moves fast—Vorlon gives security teams the context to move faster. Vorlon combines posture and secrets management, data flow visibility, and detection and response — so you can see the full picture: what's connected, what's at risk, and what needs immediate action. Learn more at https://vorlon.io/

In this discussion, Dan Walsh, CISO at Datavant, and Rob Allen, Chief Product Officer at ThreatLocker, dive into crucial security topics. They explore the intricacies of zero trust and the challenges of vendor claims. Dan critiques the issue of misconfigurations and demands better vendor support, while Rob showcases ThreatLocker's Defense Against Configurations tool, highlighting its ability to detect risky settings. The duo also debates the effectiveness of compliance theater versus the reality of actionable security measures, providing listeners with thought-provoking insights.

Kush Kashyap, Senior Director for GRC at Vanta, discusses pivotal topics around executive communication and risk quantification. She emphasizes when to coach versus command, advocating for a balance in leadership approaches. Kush critiques traditional risk models, suggesting practical business applications instead. The conversation also dives into the distinctiveness of AI red teaming, exploring its necessity for continuous testing and understanding model biases. This insightful exchange highlights the importance of effective communication and actionable risk strategies.

Daniel Liber, CISO at Monday.com, shares insights on navigating the security landscape with a practical approach. He tackles the AI security blind spot, emphasizing the importance of understanding customer problems in vendor pitches. The discussion also critiques the disconnect between cybersecurity marketing hype and real innovation. Liber advises on structuring AI security workstreams and highlights his unique vendor evaluation process, advocating for transparency and honest communication in the tech sales world.

Pavi Ramamurthy, the Global CISO and CIO at Blackhawk Network, brings a wealth of experience in security leadership. In this conversation, he discusses the challenges of communicating security risks to business leaders and how to manage rapid AI integrations while safeguarding data. They also tackle the pressures CISOs face from executives demanding perfection, the burnout factors leading many to leave their roles, and practical methods for evaluating security vendors amidst rising complexity.

This week, Erwin Lopez, CISO at SLAC National Accelerator Laboratory, shares his insights on AI experimentation and security challenges. He emphasizes that AI isn't just a trend; it demands practical testing in safe environments. Erwin also discusses the burnout faced by CISOs while navigating the complexities of selling security to organizations. He highlights the need for modern playbooks, including zero trust and behavioral detection, while evaluating when to replace custom security tools with managed solutions. A truly enlightening conversation!

In this discussion, Brian Long, CEO of Adaptive Security, delves into the alarming evolution of AI-powered cyber threats like deepfake voice calls and genAI phishing. He highlights the shocking challenges of hiring practices in a virtual world, particularly with North Korean operatives who struggled during video interviews. Long emphasizes the inadequacies of SMS for two-factor authentication, raising concerns about security vulnerabilities. The conversation wraps up with insights into Adaptive's innovative platform that simulates realistic cyber threats for better security training.

In this discussion, Jason Loomis, CISO at Freshworks and expert in IT service management, sheds light on the crucial yet often ignored topic of preventative cybersecurity measures. He emphasizes the cultural buy-in needed for effective security practices within organizations. The conversation also touches on the isolation CISOs face and the importance of peer support in navigating stress. Additionally, they explore the complexities of cybersecurity decisions and the future implications of quantum encryption, all delivered with a good dose of humor.