CISO Series Podcast

In this discussion, Jason Loomis, CISO at Freshworks and expert in IT service management, sheds light on the crucial yet often ignored topic of preventative cybersecurity measures. He emphasizes the cultural buy-in needed for effective security practices within organizations. The conversation also touches on the isolation CISOs face and the importance of peer support in navigating stress. Additionally, they explore the complexities of cybersecurity decisions and the future implications of quantum encryption, all delivered with a good dose of humor.

Jennifer Swann, CISO at Bloomberg Industry Group, dives into the shifting landscape of cybersecurity, highlighting the need to prioritize addressing basic misconfigurations over traditional vulnerability tracking. She discusses trust in open source software and its community validation, underscoring the importance of evaluating quality training data in AI. The conversation also touches on the complexities of managing vulnerabilities and the significant impacts of data poisoning in AI, all while balancing the excitement of innovation with necessary security measures.

All links and images can be found on CISO Series. This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is David Cross, CISO, Atlassian. In this episode: Breaking the Sales Cycle Leadership Under Fire Predicting the Unpredictable Security Startups' Security Paradox A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.  

Gary Chan, CISO at SSM Health and a master of security mentalism, dives into the intricate world of cybersecurity communication. He discusses the challenges CISOs face when transitioning from tech to business dialogue. Gary emphasizes that storytelling is key to articulating cybersecurity's business impact. He also highlights the importance of influence over authority and shares insights on navigating decision-making with incomplete information. Personal anecdotes reveal how effective communication can trump technical skills in leadership.

Kevin Tian, co-founder and CEO of Doppel, discusses the pressing challenges of AI in cybersecurity and the rise of social engineering threats. He emphasizes the need for a security mindset shift in response to AI fraud and the limitations of traditional defenses. Tian shares insights on how to proactively dismantle deception with innovative solutions, highlighting the critical balance between AI capabilities and human oversight. The conversation navigates the evolving landscape of ad fraud, revealing the importance of adaptive strategies to tackle modern threats.

Rajan Kapoor, CEO of Material Security, dives into the complexities of cybersecurity in a rapidly evolving landscape. He discusses the dual-edged sword of AI, where its adoption presents both opportunities and challenges. The conversation highlights the need for user-friendly security measures to maintain productivity without compromising safety. Kapoor emphasizes the importance of automating security in tools like Google Workspace to counteract vulnerabilities, especially against phishing attacks and business process weaknesses. Resilience and adversarial testing emerge as crucial strategies in securing organizations.

All links and images can be found on CISO Series. This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: Large enterprise security demands drive vendor improvements Technical expertise becomes leadership liability without delegation EDR evolution needs prevention focus Career breaks require personal ownership and strategic timing A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Peter Clay, CISO at Aireon, delves into the evolving landscape of cybersecurity. He emphasizes that traditional red and blue teaming concepts may be losing relevance amidst modern threats. Peter advocates for a shift in incident response to examine deeper systemic issues rather than just symptoms. He argues that effective risk management requires business context over mere compliance, and stresses the importance of understanding the balance between performance and process in IT auditing. Listen for fresh insights on navigating complexities in cybersecurity.

Edward Wu, CEO and founder of Dropzone AI, shares insights on enhancing security investigations with AI, bypassing the need for playbooks. He discusses the challenges of user experience in cybersecurity tools and why many designs fail. The conversation dives into the importance of context-aware verification frameworks and how teams can move beyond simple AI replacement narratives. Wu also emphasizes the necessity of building robust systems for crisis situations, showcasing how automation can empower human analysts in Security Operations Centers.

All links and images can be found on CISO Series. This week’s episode is hosted by me, David Spark, producer of CISO Series and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Anthony Candeias, CISO, Weight Watchers. In this episode: AI agents require structured supervision, not autonomy Hiring for potential over credentials in cybersecurity AppSec training effectiveness depends on organizational relevance AI oversight requires purpose-built models, not general solutions A huge thanks to our sponsor, Vanta Vanta’s Trust Management Platform helps 10k+ companies—like Atlassian, Quora, and Chili Piper—start and scale their security programs and build trust with buyers. Vanta saves security teams time and improves program visibility by automating 35+ compliance frameworks, such as SOC 2 and ISO 27001, and GRC workflows, like risk management. Get started at Vanta.com/CISO