

CISO Series Podcast
David Spark, Mike Johnson, and Andy Ellis
Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.
Episodes
Mentioned books

Aug 12, 2025 • 40min
Impressive! Our AI is Approaching “One 9” of Accuracy.
All links and images can be found on CISO Series. This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining us is our sponsored guest, Kevin Tian, co-founder and CEO, Doppel. In this episode: AI fraud gets on the juice Agentic AI demands a new security mindset The new frontier for social engineering We still need human verification Huge thanks to our sponsor, Doppel Doppel is the first social engineering defense platform built to dismantle deception at the source. It uses AI and infrastructure correlation to detect, link, and disrupt impersonation campaigns before they spread - protecting brands, executives, and employees while turning every threat into action that strengthens defenses across a shared intelligence network.

Aug 5, 2025 • 34min
They Can’t Hack All Our Tools If We Keep Buying New Ones
Rajan Kapoor, CEO of Material Security, dives into the complexities of cybersecurity in a rapidly evolving landscape. He discusses the dual-edged sword of AI, where its adoption presents both opportunities and challenges. The conversation highlights the need for user-friendly security measures to maintain productivity without compromising safety. Kapoor emphasizes the importance of automating security in tools like Google Workspace to counteract vulnerabilities, especially against phishing attacks and business process weaknesses. Resilience and adversarial testing emerge as crucial strategies in securing organizations.

Jul 29, 2025 • 39min
Cosmo Quiz! 23 Ways to Make Your Vendors Obsessed With Your Security Standards
All links and images can be found on CISO Series. This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: Large enterprise security demands drive vendor improvements Technical expertise becomes leadership liability without delegation EDR evolution needs prevention focus Career breaks require personal ownership and strategic timing A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Jul 22, 2025 • 43min
We’ll Worry About Recovering From the Attack Once We Ace This Audit
Peter Clay, CISO at Aireon, delves into the evolving landscape of cybersecurity. He emphasizes that traditional red and blue teaming concepts may be losing relevance amidst modern threats. Peter advocates for a shift in incident response to examine deeper systemic issues rather than just symptoms. He argues that effective risk management requires business context over mere compliance, and stresses the importance of understanding the balance between performance and process in IT auditing. Listen for fresh insights on navigating complexities in cybersecurity.

Jul 15, 2025 • 39min
Once You Memorize the Manual, Our User Interface is Very Intuitive
Edward Wu, CEO and founder of Dropzone AI, shares insights on enhancing security investigations with AI, bypassing the need for playbooks. He discusses the challenges of user experience in cybersecurity tools and why many designs fail. The conversation dives into the importance of context-aware verification frameworks and how teams can move beyond simple AI replacement narratives. Wu also emphasizes the necessity of building robust systems for crisis situations, showcasing how automation can empower human analysts in Security Operations Centers.

Jul 8, 2025 • 36min
Not Enough Hallucinations? Let’s Outfit Your LLM with Another LLM
All links and images can be found on CISO Series. This week’s episode is hosted by me, David Spark, producer of CISO Series and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Anthony Candeias, CISO, Weight Watchers. In this episode: AI agents require structured supervision, not autonomy Hiring for potential over credentials in cybersecurity AppSec training effectiveness depends on organizational relevance AI oversight requires purpose-built models, not general solutions A huge thanks to our sponsor, Vanta Vanta’s Trust Management Platform helps 10k+ companies—like Atlassian, Quora, and Chili Piper—start and scale their security programs and build trust with buyers. Vanta saves security teams time and improves program visibility by automating 35+ compliance frameworks, such as SOC 2 and ISO 27001, and GRC workflows, like risk management. Get started at Vanta.com/CISO

Jul 1, 2025 • 38min
We Require 3-5 Years of Experience to Qualify for the Cyber Skills Shortage
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining us is Anne Marie Zettlemoyer, former vp of security, Activision Blizzard. In this episode SOC automation: Moving beyond alert fatigue The entry-level security talent reality Learning from security incidents without blame Evaluating security vendor viability and partnerships A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Jun 24, 2025 • 38min
We Can Either Build Resilience or Just Always Be Perfect
All links and images can be found on CISO Series. This week’s episode is hosted by me, David Spark, producer of CISO Series and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Ryan Bachman, executive vice president and CISO, GM Financial. In this episode Identity consolidation versus simplification Entry-level pathways into cybersecurity Evolution of the CISO role toward business resilience Applying simplification principles to cybersecurity complexity Huge thanks to our sponsor, Doppel Doppel is the first social engineering defense platform built to dismantle deception at the source. It uses AI and infrastructure correlation to detect, link, and disrupt impersonation campaigns before they spread - protecting brands, executives, and employees while turning every threat into action that strengthens defenses across a shared intelligence network.

Jun 17, 2025 • 41min
We Checked the “Yes” Box for Cybersecurity. What Else Do We Have to Do?
All links and images can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Alex Hall, CISO, Gensler. In this episode: Evaluating secure messaging beyond the app Reframing compliance as a business enabler Incremental security investment vs. crisis response Why culture, not punishment, drives secure behavior Huge thanks to our sponsor, Vanta Automate, centralize, & scale your GRC program with Vanta Vanta’s Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.

Jun 10, 2025 • 47min
Aside From Text, Images, and Videos, GenAI Can’t Fool Me (Live in Boston)
All links and images can be found on CISO Series. This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, partner, YL Ventures. Joining us is our sponsored guest, Sam Curry, global vp, CISO at Zscaler. This episode was recorded at a Zscaler event in Boston, MA. In this episode: Guardrails for decision making under fatigue Preparing for quantum threats Strategic use of generative AI Reassessing outdated knowledge Huge thanks to our sponsor, Zscaler Zscaler is a cloud-based cybersecurity company that provides secure internet access and private application access. Its platform replaces traditional network security by delivering Zero Trust architecture, protecting users, data, and applications regardless of location. Zscaler’s scalable services help organizations modernize IT and reduce risk with seamless, cloud-native security solutions.