CISO Series Podcast

Ryan Barris, CISO at Mount Sinai Medical Center, and Brett Conlon, CISO at American Century Investments, dive into the crucial role of communication in cybersecurity. They emphasize the importance of aligning security with business impact and building relationships with leadership. The duo debates industry issues, shares humorous games like 'What's Worse', and highlights how CISOs should effectively communicate with CEOs. Their insights focus on making cybersecurity relatable and actionable, ensuring that organizational risk is clearly understood.

Danny Jenkins, CEO of ThreatLocker and a champion of practical security models, dives into the pressing concerns surrounding AI in cybersecurity. He warns against building AI solutions without clear problems, advocating for a shift from ROI to risk reduction in security discussions. Jenkins emphasizes the importance of fundamental controls over complex systems, arguing that many breaches stem from basic misconfigurations. He also highlights the need for default-deny strategies and effective communication to build stronger security teams, blending technical skills with clear communication.

Join John Barrow, CISO of JB Poindexter & Co., as he navigates the realm of AI security and discusses the importance of training existing talent over hiring externally. He emphasizes the value of building long-term vendor relationships and the need for businesses to shift from reactive to strategic security practices. John also addresses the balance between usability and strict authentication, alongside creative approaches to vendor negotiations with startups. His insights redefine how security leaders can advance their capabilities in a rapidly evolving landscape.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining them is Richard Rushing, CISO, Motorola Mobility. In this episode Mindset over tools When hygiene becomes risk Systems for actual humans Conversations over compliance Huge thanks to our sponsor, ThreatLocker ThreatLocker® Defense Against Configurations continuously scans endpoints to uncover misconfigurations, weak firewall rules, and risky settings that weaken defenses. With compliance mapping, daily updates, and actionable remediation in one dashboard, it streamlines hardening, reduces attack surfaces, and strengthens security. Learn more at threatlocker.com.

Nathan Hunstad, Director of Security at Vanta, shares insights on impactful security metrics tied to business objectives. He discusses the importance of effective pen testing, advocating for scope definition and valid testing collaboration. The conversation also delves into the real-world implications of customer trust in the face of scam sites versus malware. Hunstad emphasizes the practical applications of AI, stating it won't replace staff but can enhance operations through automation and knowledge sharing, ensuring threat intelligence remains actionable.

Quincey Collins, CSO at Sheppard Mullin, and Jeff Steadman, Deputy CISO at Corning Inc., dive into the multifaceted world of cybersecurity. They debate whether AI will eclipse entry-level roles while stressing the necessity of foundational IT skills. The duo also discusses hiring practices, advocating for a focus on strengths and creativity in candidates. Incident response insights, including staying calm under pressure, are shared alongside the pressing question of whether cybersecurity is genuinely existential for businesses today.

Explore the balance between practical security measures and idealism in tech design. Discover how AI is revolutionizing governance and compliance in cloud environments. Hear insights on discarding legacy systems during mergers and acquisitions. Delve into the debate on effective security awareness training without disruptive tactics. Learn how AI can enhance vulnerability management and automate tasks traditionally requiring penetration testing. Lastly, understand the complex challenges of measuring security effectiveness and control.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Jerich Beason, CISO, WM. Joining them on stage is Jack Leidecker, CISO, Gong. This episode was recorded live at HOU SEC CON 2025. In this episode: The open source sustainability problem AI levels the geopolitical playing field Cutting through AI vendor hype Why the fundamentals still hurt Thanks to Erik Bloch from Illumio for providing our "What's Worse" scenario. Huge thanks to our sponsor, Vorlon Security SaaS data moves fast—Vorlon gives security teams the context to move faster. Vorlon combines posture and secrets management, data flow visibility, and detection and response — so you can see the full picture: what's connected, what's at risk, and what needs immediate action. Learn more at https://vorlon.io/

In this discussion, Dan Walsh, CISO at Datavant, and Rob Allen, Chief Product Officer at ThreatLocker, dive into crucial security topics. They explore the intricacies of zero trust and the challenges of vendor claims. Dan critiques the issue of misconfigurations and demands better vendor support, while Rob showcases ThreatLocker's Defense Against Configurations tool, highlighting its ability to detect risky settings. The duo also debates the effectiveness of compliance theater versus the reality of actionable security measures, providing listeners with thought-provoking insights.

Kush Kashyap, Senior Director for GRC at Vanta, discusses pivotal topics around executive communication and risk quantification. She emphasizes when to coach versus command, advocating for a balance in leadership approaches. Kush critiques traditional risk models, suggesting practical business applications instead. The conversation also dives into the distinctiveness of AI red teaming, exploring its necessity for continuous testing and understanding model biases. This insightful exchange highlights the importance of effective communication and actionable risk strategies.