In a lively conversation, Ty Sbano, the CISO at Vercel, shares his journey in cybersecurity and how taking on the CIO role helped improve relationships within the organization. He emphasizes the significance of employee well-being in managing insider threats and suggests coaching instead of shaming to foster a positive workplace culture. The discussion includes the value of phishing simulations and the evolving dynamics between CISOs and CIOs, alongside a cultural shift needed for integrating security practices into DevOps.

Fredrick Lee, the Chief Information Security Officer at Reddit, shares his insights on the evolving role of CISOs in tech-lead organizations. He discusses the importance of technical proficiency for effective communication and risk management. The conversation highlights challenges in cybersecurity hiring and the necessity for clear job descriptions. Lee also emphasizes using open source solutions to enhance organizational capabilities and navigating cybersecurity hurdles in municipal settings.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is Justin Somaini, partner, YL Ventures. In this episode: The startup balancing act Giving back is its own reward When to pen test Getting ahead with generative AI policy Thanks to our podcast sponsor, Vanta! Whether you’re starting or scaling your security program, Vanta helps you automate compliance across SOC 2, ISO 27001, and more. Streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies use Vanta to manage risk and prove security.

Patti Titus, the CISO of Booking Holdings, shares her expertise in resilience and communication within cybersecurity. She emphasizes the shift from traditional defense to embracing cyber resilience, focusing on recovery post-incident. Patti discusses the essential role of effective communication and cross-department cooperation in incident response planning. The conversation also dives into the implications of quantum computing for cybersecurity, advocating for diverse teams to foster innovation and address systemic issues in the field.

Amir Khayat, CEO and co-founder of Vorlon Security, dives into the critical landscape of incident response. He discusses the complexities and evolving challenges organizations face, emphasizing the importance of human intervention alongside automation. The conversation touches on insider threats versus data leaks, advocating for better employee communication during phishing incidents. Khayat also highlights the significance of managing third-party API security to maintain data integrity and proactive risk management in a rapidly shifting cybersecurity environment.

Danny Jenkins, CEO of ThreatLocker, shares his insights on Zero Trust endpoint security, emphasizing its importance in combatting cyber threats. He discusses the challenges of implementing a Zero Trust model within legacy systems and the need for effective penetration testing strategies. Jenkins highlights the balance between strong security measures and business functionality, particularly for remote logins. Finally, he underscores the vital skills for cybersecurity professionals, stressing the significance of authentic communication in fostering trust.

Abhishek Agrawal, CEO and co-founder of Material Security, dives into the complexities of cybersecurity in cloud environments. He discusses the shift from traditional Defense in Depth to Zero Trust principles, emphasizing the need for collaboration with HR to manage insider risks. The conversation touches on email security, particularly as both a target and vector for attacks. Agrawal also explores the heightened security challenges that arise when companies go public, highlighting the importance of governance and risk management in a rapidly evolving threat landscape.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is Jana Moore, CISO, Belron. In this episode: SEC disclosure rules require cyber readiness Breaking up the “boys club” Building a threat intelligence ecosystem Blending InfoSec communities and careers Thanks to our podcast sponsor, Vanta! Whether you’re starting or scaling your security program, Vanta helps you automate compliance across SOC 2, ISO 27001, and more. Streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies use Vanta to manage risk and prove security.

Jason Clark, the Chief Strategy Officer at Cyera, dives into the hot topic of AI risk management. He discusses whether AI demands new security protocols and how organizations can meet emerging SEC requirements. The conversation includes the importance of data security for empowerment and the need for upskilling through generative AI. Clark emphasizes the complexities around cybersecurity regulations and the vital role of effective data classification in safeguarding sensitive information.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our guest and winner of Season 2 of Capture the CISO, Russell Spitler, CEO and co-founder, Nudge Security. In this episode: The Gordian knot of EDR Can we keep up with patching? Making AI practical Standardization or granularity? Thanks to our podcast sponsor, ThreatLocker! ThreatLocker® is a global leader in Zero Trust endpoint security offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.