CISO Series Podcast

Join John Barrow, CISO of JB Poindexter & Co., as he navigates the realm of AI security and discusses the importance of training existing talent over hiring externally. He emphasizes the value of building long-term vendor relationships and the need for businesses to shift from reactive to strategic security practices. John also addresses the balance between usability and strict authentication, alongside creative approaches to vendor negotiations with startups. His insights redefine how security leaders can advance their capabilities in a rapidly evolving landscape.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining them is Richard Rushing, CISO, Motorola Mobility. In this episode Mindset over tools When hygiene becomes risk Systems for actual humans Conversations over compliance Huge thanks to our sponsor, ThreatLocker ThreatLocker® Defense Against Configurations continuously scans endpoints to uncover misconfigurations, weak firewall rules, and risky settings that weaken defenses. With compliance mapping, daily updates, and actionable remediation in one dashboard, it streamlines hardening, reduces attack surfaces, and strengthens security. Learn more at threatlocker.com.

Nathan Hunstad, Director of Security at Vanta, shares insights on impactful security metrics tied to business objectives. He discusses the importance of effective pen testing, advocating for scope definition and valid testing collaboration. The conversation also delves into the real-world implications of customer trust in the face of scam sites versus malware. Hunstad emphasizes the practical applications of AI, stating it won't replace staff but can enhance operations through automation and knowledge sharing, ensuring threat intelligence remains actionable.

Quincey Collins, CSO at Sheppard Mullin, and Jeff Steadman, Deputy CISO at Corning Inc., dive into the multifaceted world of cybersecurity. They debate whether AI will eclipse entry-level roles while stressing the necessity of foundational IT skills. The duo also discusses hiring practices, advocating for a focus on strengths and creativity in candidates. Incident response insights, including staying calm under pressure, are shared alongside the pressing question of whether cybersecurity is genuinely existential for businesses today.

Explore the balance between practical security measures and idealism in tech design. Discover how AI is revolutionizing governance and compliance in cloud environments. Hear insights on discarding legacy systems during mergers and acquisitions. Delve into the debate on effective security awareness training without disruptive tactics. Learn how AI can enhance vulnerability management and automate tasks traditionally requiring penetration testing. Lastly, understand the complex challenges of measuring security effectiveness and control.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Jerich Beason, CISO, WM. Joining them on stage is Jack Leidecker, CISO, Gong. This episode was recorded live at HOU SEC CON 2025. In this episode: The open source sustainability problem AI levels the geopolitical playing field Cutting through AI vendor hype Why the fundamentals still hurt Thanks to Erik Bloch from Illumio for providing our "What's Worse" scenario. Huge thanks to our sponsor, Vorlon Security SaaS data moves fast—Vorlon gives security teams the context to move faster. Vorlon combines posture and secrets management, data flow visibility, and detection and response — so you can see the full picture: what's connected, what's at risk, and what needs immediate action. Learn more at https://vorlon.io/

In this discussion, Dan Walsh, CISO at Datavant, and Rob Allen, Chief Product Officer at ThreatLocker, dive into crucial security topics. They explore the intricacies of zero trust and the challenges of vendor claims. Dan critiques the issue of misconfigurations and demands better vendor support, while Rob showcases ThreatLocker's Defense Against Configurations tool, highlighting its ability to detect risky settings. The duo also debates the effectiveness of compliance theater versus the reality of actionable security measures, providing listeners with thought-provoking insights.

Kush Kashyap, Senior Director for GRC at Vanta, discusses pivotal topics around executive communication and risk quantification. She emphasizes when to coach versus command, advocating for a balance in leadership approaches. Kush critiques traditional risk models, suggesting practical business applications instead. The conversation also dives into the distinctiveness of AI red teaming, exploring its necessity for continuous testing and understanding model biases. This insightful exchange highlights the importance of effective communication and actionable risk strategies.

Daniel Liber, CISO at Monday.com, shares insights on navigating the security landscape with a practical approach. He tackles the AI security blind spot, emphasizing the importance of understanding customer problems in vendor pitches. The discussion also critiques the disconnect between cybersecurity marketing hype and real innovation. Liber advises on structuring AI security workstreams and highlights his unique vendor evaluation process, advocating for transparency and honest communication in the tech sales world.

Pavi Ramamurthy, the Global CISO and CIO at Blackhawk Network, brings a wealth of experience in security leadership. In this conversation, he discusses the challenges of communicating security risks to business leaders and how to manage rapid AI integrations while safeguarding data. They also tackle the pressures CISOs face from executives demanding perfection, the burnout factors leading many to leave their roles, and practical methods for evaluating security vendors amidst rising complexity.