

CISO Series Podcast
David Spark, Mike Johnson, and Andy Ellis
Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.
Episodes
Mentioned books

Oct 21, 2025 • 30min
Dear Abby: Why Should I Trust a Vendor Selling Me Zero Trust?
In this discussion, Dan Walsh, CISO at Datavant, and Rob Allen, Chief Product Officer at ThreatLocker, dive into crucial security topics. They explore the intricacies of zero trust and the challenges of vendor claims. Dan critiques the issue of misconfigurations and demands better vendor support, while Rob showcases ThreatLocker's Defense Against Configurations tool, highlighting its ability to detect risky settings. The duo also debates the effectiveness of compliance theater versus the reality of actionable security measures, providing listeners with thought-provoking insights.

Oct 14, 2025 • 38min
The Difference with AI Red Teaming is We Added the Word AI
Kush Kashyap, Senior Director for GRC at Vanta, discusses pivotal topics around executive communication and risk quantification. She emphasizes when to coach versus command, advocating for a balance in leadership approaches. Kush critiques traditional risk models, suggesting practical business applications instead. The conversation also dives into the distinctiveness of AI red teaming, exploring its necessity for continuous testing and understanding model biases. This insightful exchange highlights the importance of effective communication and actionable risk strategies.

Oct 7, 2025 • 37min
Don’t Worry, We’ll Get to Solving Your Problem on Slide 87
Daniel Liber, CISO at Monday.com, shares insights on navigating the security landscape with a practical approach. He tackles the AI security blind spot, emphasizing the importance of understanding customer problems in vendor pitches. The discussion also critiques the disconnect between cybersecurity marketing hype and real innovation. Liber advises on structuring AI security workstreams and highlights his unique vendor evaluation process, advocating for transparency and honest communication in the tech sales world.

Sep 30, 2025 • 44min
Time to Choose a Security Vendor: Dart Board or Spin the Wheel?
Pavi Ramamurthy, the Global CISO and CIO at Blackhawk Network, brings a wealth of experience in security leadership. In this conversation, he discusses the challenges of communicating security risks to business leaders and how to manage rapid AI integrations while safeguarding data. They also tackle the pressures CISOs face from executives demanding perfection, the burnout factors leading many to leave their roles, and practical methods for evaluating security vendors amidst rising complexity.

4 snips
Sep 23, 2025 • 34min
Now That You Mention It I HAVE Heard Some Hype Around These AI Tools
This week, Erwin Lopez, CISO at SLAC National Accelerator Laboratory, shares his insights on AI experimentation and security challenges. He emphasizes that AI isn't just a trend; it demands practical testing in safe environments. Erwin also discusses the burnout faced by CISOs while navigating the complexities of selling security to organizations. He highlights the need for modern playbooks, including zero trust and behavioral detection, while evaluating when to replace custom security tools with managed solutions. A truly enlightening conversation!

Sep 16, 2025 • 43min
Wait, SMS Doesn’t Stand for “Super Mega Secure?”
In this discussion, Brian Long, CEO of Adaptive Security, delves into the alarming evolution of AI-powered cyber threats like deepfake voice calls and genAI phishing. He highlights the shocking challenges of hiring practices in a virtual world, particularly with North Korean operatives who struggled during video interviews. Long emphasizes the inadequacies of SMS for two-factor authentication, raising concerns about security vulnerabilities. The conversation wraps up with insights into Adaptive's innovative platform that simulates realistic cyber threats for better security training.

Sep 9, 2025 • 44min
We All Agree That Prevention Is the Best Advice We're Never Going to Follow
In this discussion, Jason Loomis, CISO at Freshworks and expert in IT service management, sheds light on the crucial yet often ignored topic of preventative cybersecurity measures. He emphasizes the cultural buy-in needed for effective security practices within organizations. The conversation also touches on the isolation CISOs face and the importance of peer support in navigating stress. Additionally, they explore the complexities of cybersecurity decisions and the future implications of quantum encryption, all delivered with a good dose of humor.

Sep 2, 2025 • 40min
We're All for a Responsible AI Rollout as Long as It Goes as Fast as Possible
Jennifer Swann, CISO at Bloomberg Industry Group, dives into the shifting landscape of cybersecurity, highlighting the need to prioritize addressing basic misconfigurations over traditional vulnerability tracking. She discusses trust in open source software and its community validation, underscoring the importance of evaluating quality training data in AI. The conversation also touches on the complexities of managing vulnerabilities and the significant impacts of data poisoning in AI, all while balancing the excitement of innovation with necessary security measures.

Aug 26, 2025 • 34min
New Study Finds No Email Has Ever “Found You Well”
All links and images can be found on CISO Series. This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is David Cross, CISO, Atlassian. In this episode: Breaking the Sales Cycle Leadership Under Fire Predicting the Unpredictable Security Startups' Security Paradox A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Aug 19, 2025 • 36min
I Just Can’t Communicate With the Business. I’ve Tried Condescension AND Derision.
Gary Chan, CISO at SSM Health and a master of security mentalism, dives into the intricate world of cybersecurity communication. He discusses the challenges CISOs face when transitioning from tech to business dialogue. Gary emphasizes that storytelling is key to articulating cybersecurity's business impact. He also highlights the importance of influence over authority and shares insights on navigating decision-making with incomplete information. Personal anecdotes reveal how effective communication can trump technical skills in leadership.


