CISO Series Podcast

Mical Solomon, CISO at Port Authority of NY and NJ, discusses the challenges of securing generative AI tools and how they compare to SaaS and shadow IT. The episode delves into strategies to prevent falling victim to AI scam calls and the importance of analyzing successful phishing emails. The hosts also discuss serious IT failings, cybersecurity predictions, and the changes being made to policies and security concerns.

Guest Shyama Rose, CISO and head of IT, Affirm, discusses the impact of burnout on security teams and how stress can endanger security missions. They explore the importance of incident response, navigating different cases, and managing stress levels within the team.

Trina Ford, CISO at iHeartMedia, discusses the challenges and demands faced by CISOs, including negotiating for demands and the impact of imposter syndrome. The episode also tackles the importance of educating business partners about cybersecurity threats and risks, as well as setting boundaries for work-life balance.

Guest Bob Schuetter, CISO of Ashland, talks about dealing with fake breach claims and the importance of assuming breach scenarios. They also discuss investing in cybersecurity, evaluating technology, and the impact of ransomware.

Guest, Joshua Barons, head of information security at San Diego Zoo Wildlife Alliance, discusses the challenges and limitations of single sign-on, the importance of communication and understanding business in cybersecurity, and the risks and opportunities for CISOs. Also, the speakers highlight the importance of behavioral economics in cybersecurity and share 'What's Worse' scenarios related to risk management.

Mike Kelley, CISO of EW Scrips, discusses why security professionals feel unheard, managing security pros during a crisis, airport security in comparison to cybersecurity, reinforcing agendas and effective communication, data center availability versus privacy/security issues, the importance of business acumen for a CISO, and the need for cybersecurity expertise on boards.

Richard Ford, CTO, Praetorian, joins the hosts to discuss topics including relying on heroes versus building scalable processes in cybersecurity, AI's influence on attack models and dark business models, the importance of transparency in security incidents, continuous assessment and fixing vulnerabilities, and the value of data in making informed cybersecurity decisions.

In this episode, the hosts and guest discuss the future employment landscape with Generative AI, the connection between a pinball machine and the CISO series, SEC disclosure rules impacting CISOs on company boards, the monoculture debate and importance of diversification with cloud providers, embracing the security community, and exploring AI and identifying use cases.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and sponsored co-host Jason Sabin, CTO, DigiCert. Joining us is our guest, Alexandra Landegger, executive director of security, Collins Aerospace. In this episode: Are CISOs prepared for the legal surprises that can come in the aftermath of a cyberattack? What about the legal fallout that can occur afterward? How does a security team work with legal beforehand to address these issues when drawing up incident response? Thanks to our podcast sponsors, DigiCert DigiCert is a leading global provider of digital trust, the infrastructure that enables individuals and businesses to have confidence that their digital interactions are secure. DigiCert’s award-winning solutions enable organizations to establish, manage, and extend public and private trust across their digital footprint, securing users, servers, devices, software and content.

Kurt Sauer, CISO at Docusign, discusses the appropriateness of vendors reaching out to CISOs after a cyberattack. The podcast also explores investing IP with generative AI and enhancing security. Other topics include dealing with known vs unknown vulnerabilities, the risks of sharing passwords, building a culture of reporting, and presenting data to board members.