CISO Series Podcast

In this discussion, Dan Walsh, CISO at Datavant, and Rob Allen, Chief Product Officer at ThreatLocker, dive into crucial security topics. They explore the intricacies of zero trust and the challenges of vendor claims. Dan critiques the issue of misconfigurations and demands better vendor support, while Rob showcases ThreatLocker's Defense Against Configurations tool, highlighting its ability to detect risky settings. The duo also debates the effectiveness of compliance theater versus the reality of actionable security measures, providing listeners with thought-provoking insights.

Kush Kashyap, Senior Director for GRC at Vanta, discusses pivotal topics around executive communication and risk quantification. She emphasizes when to coach versus command, advocating for a balance in leadership approaches. Kush critiques traditional risk models, suggesting practical business applications instead. The conversation also dives into the distinctiveness of AI red teaming, exploring its necessity for continuous testing and understanding model biases. This insightful exchange highlights the importance of effective communication and actionable risk strategies.

Daniel Liber, CISO at Monday.com, shares insights on navigating the security landscape with a practical approach. He tackles the AI security blind spot, emphasizing the importance of understanding customer problems in vendor pitches. The discussion also critiques the disconnect between cybersecurity marketing hype and real innovation. Liber advises on structuring AI security workstreams and highlights his unique vendor evaluation process, advocating for transparency and honest communication in the tech sales world.

Pavi Ramamurthy, the Global CISO and CIO at Blackhawk Network, brings a wealth of experience in security leadership. In this conversation, he discusses the challenges of communicating security risks to business leaders and how to manage rapid AI integrations while safeguarding data. They also tackle the pressures CISOs face from executives demanding perfection, the burnout factors leading many to leave their roles, and practical methods for evaluating security vendors amidst rising complexity.

This week, Erwin Lopez, CISO at SLAC National Accelerator Laboratory, shares his insights on AI experimentation and security challenges. He emphasizes that AI isn't just a trend; it demands practical testing in safe environments. Erwin also discusses the burnout faced by CISOs while navigating the complexities of selling security to organizations. He highlights the need for modern playbooks, including zero trust and behavioral detection, while evaluating when to replace custom security tools with managed solutions. A truly enlightening conversation!

In this discussion, Brian Long, CEO of Adaptive Security, delves into the alarming evolution of AI-powered cyber threats like deepfake voice calls and genAI phishing. He highlights the shocking challenges of hiring practices in a virtual world, particularly with North Korean operatives who struggled during video interviews. Long emphasizes the inadequacies of SMS for two-factor authentication, raising concerns about security vulnerabilities. The conversation wraps up with insights into Adaptive's innovative platform that simulates realistic cyber threats for better security training.

In this discussion, Jason Loomis, CISO at Freshworks and expert in IT service management, sheds light on the crucial yet often ignored topic of preventative cybersecurity measures. He emphasizes the cultural buy-in needed for effective security practices within organizations. The conversation also touches on the isolation CISOs face and the importance of peer support in navigating stress. Additionally, they explore the complexities of cybersecurity decisions and the future implications of quantum encryption, all delivered with a good dose of humor.

Jennifer Swann, CISO at Bloomberg Industry Group, dives into the shifting landscape of cybersecurity, highlighting the need to prioritize addressing basic misconfigurations over traditional vulnerability tracking. She discusses trust in open source software and its community validation, underscoring the importance of evaluating quality training data in AI. The conversation also touches on the complexities of managing vulnerabilities and the significant impacts of data poisoning in AI, all while balancing the excitement of innovation with necessary security measures.

All links and images can be found on CISO Series. This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is David Cross, CISO, Atlassian. In this episode: Breaking the Sales Cycle Leadership Under Fire Predicting the Unpredictable Security Startups' Security Paradox A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.  

Gary Chan, CISO at SSM Health and a master of security mentalism, dives into the intricate world of cybersecurity communication. He discusses the challenges CISOs face when transitioning from tech to business dialogue. Gary emphasizes that storytelling is key to articulating cybersecurity's business impact. He also highlights the importance of influence over authority and shares insights on navigating decision-making with incomplete information. Personal anecdotes reveal how effective communication can trump technical skills in leadership.