CISO Series Podcast

Saket Modi, CEO of Safe Security and a pioneer in cyber risk quantification, shares his insights on autonomous cyber risk management. He discusses the importance of integrating AI with human oversight and the need to rethink governance in cybersecurity. Saket emphasizes the unpredictable nature of AI and the necessity for businesses to prioritize people in risk programs. He highlights that business owners bear the risk responsibility, while CISOs should guide them in minimizing threats. Their engaging conversation offers fresh perspectives on modernizing cyber risk strategies.

Leslie Nielsen, CISO at Mimecast, shares his insights on managing the complexities of security leadership. He discusses how automating bad processes can amplify dysfunction and stresses the importance of understanding AI risks. The conversation touches on improving team dynamics, managing high-performers, and using targeted awareness programs to combat deepfakes. Additionally, Leslie explores effective ways to handle persistent phishing challenges and identifies which tasks are ideal for AI automation, all while maintaining necessary safeguards.

Ryan Barris, CISO at Mount Sinai Medical Center, and Brett Conlon, CISO at American Century Investments, dive into the crucial role of communication in cybersecurity. They emphasize the importance of aligning security with business impact and building relationships with leadership. The duo debates industry issues, shares humorous games like 'What's Worse', and highlights how CISOs should effectively communicate with CEOs. Their insights focus on making cybersecurity relatable and actionable, ensuring that organizational risk is clearly understood.

Danny Jenkins, CEO of ThreatLocker and a champion of practical security models, dives into the pressing concerns surrounding AI in cybersecurity. He warns against building AI solutions without clear problems, advocating for a shift from ROI to risk reduction in security discussions. Jenkins emphasizes the importance of fundamental controls over complex systems, arguing that many breaches stem from basic misconfigurations. He also highlights the need for default-deny strategies and effective communication to build stronger security teams, blending technical skills with clear communication.

Join John Barrow, CISO of JB Poindexter & Co., as he navigates the realm of AI security and discusses the importance of training existing talent over hiring externally. He emphasizes the value of building long-term vendor relationships and the need for businesses to shift from reactive to strategic security practices. John also addresses the balance between usability and strict authentication, alongside creative approaches to vendor negotiations with startups. His insights redefine how security leaders can advance their capabilities in a rapidly evolving landscape.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining them is Richard Rushing, CISO, Motorola Mobility. In this episode Mindset over tools When hygiene becomes risk Systems for actual humans Conversations over compliance Huge thanks to our sponsor, ThreatLocker ThreatLocker® Defense Against Configurations continuously scans endpoints to uncover misconfigurations, weak firewall rules, and risky settings that weaken defenses. With compliance mapping, daily updates, and actionable remediation in one dashboard, it streamlines hardening, reduces attack surfaces, and strengthens security. Learn more at threatlocker.com.

Nathan Hunstad, Director of Security at Vanta, shares insights on impactful security metrics tied to business objectives. He discusses the importance of effective pen testing, advocating for scope definition and valid testing collaboration. The conversation also delves into the real-world implications of customer trust in the face of scam sites versus malware. Hunstad emphasizes the practical applications of AI, stating it won't replace staff but can enhance operations through automation and knowledge sharing, ensuring threat intelligence remains actionable.

Quincey Collins, CSO at Sheppard Mullin, and Jeff Steadman, Deputy CISO at Corning Inc., dive into the multifaceted world of cybersecurity. They debate whether AI will eclipse entry-level roles while stressing the necessity of foundational IT skills. The duo also discusses hiring practices, advocating for a focus on strengths and creativity in candidates. Incident response insights, including staying calm under pressure, are shared alongside the pressing question of whether cybersecurity is genuinely existential for businesses today.

Explore the balance between practical security measures and idealism in tech design. Discover how AI is revolutionizing governance and compliance in cloud environments. Hear insights on discarding legacy systems during mergers and acquisitions. Delve into the debate on effective security awareness training without disruptive tactics. Learn how AI can enhance vulnerability management and automate tasks traditionally requiring penetration testing. Lastly, understand the complex challenges of measuring security effectiveness and control.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Jerich Beason, CISO, WM. Joining them on stage is Jack Leidecker, CISO, Gong. This episode was recorded live at HOU SEC CON 2025. In this episode: The open source sustainability problem AI levels the geopolitical playing field Cutting through AI vendor hype Why the fundamentals still hurt Thanks to Erik Bloch from Illumio for providing our "What's Worse" scenario. Huge thanks to our sponsor, Vorlon Security SaaS data moves fast—Vorlon gives security teams the context to move faster. Vorlon combines posture and secrets management, data flow visibility, and detection and response — so you can see the full picture: what's connected, what's at risk, and what needs immediate action. Learn more at https://vorlon.io/