

CISO Series Podcast
David Spark, Mike Johnson, and Andy Ellis
Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.
Episodes
Mentioned books

Sep 30, 2025 • 44min
Time to Choose a Security Vendor: Dart Board or Spin the Wheel?
All links and images can be found on CISO Series. This week’s episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Pavi Ramamurthy, global CISO and CIO, Blackhawk Network. In this episode: We can't promise safe, but we can promise ready Are we accidentally building security nightmares? Being held accountable for things you had no say in The safe space problem in vendor evaluation Huge thanks to our sponsor, Adaptive Security Sponsored by Adaptive Security — the first cybersecurity company backed by OpenAI. Adaptive helps security leaders defend against AI-powered social engineering threats like deepfakes, vishing, and GenAI phishing with advanced phishing simulations and next-generation security awareness training. Adaptive’s new AI Content Creator enables teams to instantly convert threat intelligence and compliance updates into interactive, multilingual training — no instructional design required. Trusted by Fortune 500s and backed by Andreessen Horowitz and the OpenAI. Learn more at http://www.adaptivesecurity.com

4 snips
Sep 23, 2025 • 34min
Now That You Mention It I HAVE Heard Some Hype Around These AI Tools
This week, Erwin Lopez, CISO at SLAC National Accelerator Laboratory, shares his insights on AI experimentation and security challenges. He emphasizes that AI isn't just a trend; it demands practical testing in safe environments. Erwin also discusses the burnout faced by CISOs while navigating the complexities of selling security to organizations. He highlights the need for modern playbooks, including zero trust and behavioral detection, while evaluating when to replace custom security tools with managed solutions. A truly enlightening conversation!

Sep 16, 2025 • 43min
Wait, SMS Doesn’t Stand for “Super Mega Secure?”
In this discussion, Brian Long, CEO of Adaptive Security, delves into the alarming evolution of AI-powered cyber threats like deepfake voice calls and genAI phishing. He highlights the shocking challenges of hiring practices in a virtual world, particularly with North Korean operatives who struggled during video interviews. Long emphasizes the inadequacies of SMS for two-factor authentication, raising concerns about security vulnerabilities. The conversation wraps up with insights into Adaptive's innovative platform that simulates realistic cyber threats for better security training.

Sep 9, 2025 • 44min
We All Agree That Prevention Is the Best Advice We're Never Going to Follow
In this discussion, Jason Loomis, CISO at Freshworks and expert in IT service management, sheds light on the crucial yet often ignored topic of preventative cybersecurity measures. He emphasizes the cultural buy-in needed for effective security practices within organizations. The conversation also touches on the isolation CISOs face and the importance of peer support in navigating stress. Additionally, they explore the complexities of cybersecurity decisions and the future implications of quantum encryption, all delivered with a good dose of humor.

Sep 2, 2025 • 40min
We're All for a Responsible AI Rollout as Long as It Goes as Fast as Possible
Jennifer Swann, CISO at Bloomberg Industry Group, dives into the shifting landscape of cybersecurity, highlighting the need to prioritize addressing basic misconfigurations over traditional vulnerability tracking. She discusses trust in open source software and its community validation, underscoring the importance of evaluating quality training data in AI. The conversation also touches on the complexities of managing vulnerabilities and the significant impacts of data poisoning in AI, all while balancing the excitement of innovation with necessary security measures.

Aug 26, 2025 • 34min
New Study Finds No Email Has Ever “Found You Well”
All links and images can be found on CISO Series. This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is David Cross, CISO, Atlassian. In this episode: Breaking the Sales Cycle Leadership Under Fire Predicting the Unpredictable Security Startups' Security Paradox A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Aug 19, 2025 • 36min
I Just Can’t Communicate With the Business. I’ve Tried Condescension AND Derision.
Gary Chan, CISO at SSM Health and a master of security mentalism, dives into the intricate world of cybersecurity communication. He discusses the challenges CISOs face when transitioning from tech to business dialogue. Gary emphasizes that storytelling is key to articulating cybersecurity's business impact. He also highlights the importance of influence over authority and shares insights on navigating decision-making with incomplete information. Personal anecdotes reveal how effective communication can trump technical skills in leadership.

Aug 12, 2025 • 40min
Impressive! Our AI is Approaching “One 9” of Accuracy.
Kevin Tian, co-founder and CEO of Doppel, discusses the pressing challenges of AI in cybersecurity and the rise of social engineering threats. He emphasizes the need for a security mindset shift in response to AI fraud and the limitations of traditional defenses. Tian shares insights on how to proactively dismantle deception with innovative solutions, highlighting the critical balance between AI capabilities and human oversight. The conversation navigates the evolving landscape of ad fraud, revealing the importance of adaptive strategies to tackle modern threats.

Aug 5, 2025 • 34min
They Can’t Hack All Our Tools If We Keep Buying New Ones
Rajan Kapoor, CEO of Material Security, dives into the complexities of cybersecurity in a rapidly evolving landscape. He discusses the dual-edged sword of AI, where its adoption presents both opportunities and challenges. The conversation highlights the need for user-friendly security measures to maintain productivity without compromising safety. Kapoor emphasizes the importance of automating security in tools like Google Workspace to counteract vulnerabilities, especially against phishing attacks and business process weaknesses. Resilience and adversarial testing emerge as crucial strategies in securing organizations.

Jul 29, 2025 • 39min
Cosmo Quiz! 23 Ways to Make Your Vendors Obsessed With Your Security Standards
All links and images can be found on CISO Series. This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: Large enterprise security demands drive vendor improvements Technical expertise becomes leadership liability without delegation EDR evolution needs prevention focus Career breaks require personal ownership and strategic timing A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.