
Defense in Depth
Defense in Depth promises clear talk on cybersecurity’s most controversial and confusing debates. Once a week we choose one controversial and popular cybersecurity debate and use the InfoSec community’s insights to lead our discussion.
Latest episodes

Jun 26, 2025 • 28min
Don't Ask "Can" We Secure It, But "How" Can We Secure It
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by David Spark, the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining is Hanan Szwarcbord, vp, CSO and head of infrastructure, Micron Technology. In this episode Embracing growth An urgent need for creativity Get the business context Embrace your inner theater kid Huge thanks to our sponsor, Query.ai Query is a Federated Search and Analytics platform that builds a security data mesh, giving security teams real-time context from all connected sources. Analysts move faster and make better decisions with AI agents and copilots that handle the grunt work and guide each step. Learn more at query.ai

Jun 12, 2025 • 29min
Has the Shared Security Model for SaaS Shifted?
All links and images can be found on CISO Series. Check out this post by Justin Pagano at Klaviyo for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Jesse Webb, CISO and svp information systems, Avalon Healthcare Solutions. In this episode: Align the incentives The feature and enforcement disconnect Putting the right people in the right place A need for transparency Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

6 snips
Jun 5, 2025 • 27min
Improving the Efficiency of Your Threat Intelligence
In this discussion, Jason Steer, CISO at Recorded Future, dives into the intricacies of threat intelligence and cybersecurity. He highlights the overwhelming challenge security teams face in sifting through vast amounts of threat data. Key topics include the necessity of actionable data, the balance between efficiency and effectiveness in identifying threats, and the pivotal role of AI in providing contextual insights. Steer emphasizes the importance of aligning threat intelligence efforts with business needs to strengthen security posture.

May 29, 2025 • 32min
Why Cybersecurity Professionals Lie on Their Resumes
All images and links can be found on CISO Series. Check out this post by Gautam ‘Gotham’ Sharma of AccessCyber for the discussion that is the basis of our conversation on this week’s episode, co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is Krista Arndt, associate CISO, St. Luke’s University Health Network. In this episode: Verify then trust Dishonesty on all sides A lack of flexibility What about integrity? Huge thanks to our sponsor, Formal Formal secures humans, AI agent’s access to MCP servers, infrastructure, and data stores by monitoring and controlling data flows in real time. Using a protocol-aware reverse proxy, Formal enforces least-privilege access to sensitive data and APIs, ensuring AI behavior stays predictable and secure. Visit joinformal.com to learn more or schedule a demo.

May 22, 2025 • 30min
What Should Be in a CISO Job Description?
All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Dennis Pickett, vp, CISO, Westat. In this episode: Stop siloing cybersecurity Leading the charge A culture of ownership Preparing for resilience A huge thanks to our sponsor, Recorded Future Every day, security teams face an impossible challenge: sorting through millions of threats, each potentially critical. But somewhere in that noise are the signals you can’t afford to miss. Recorded Future’s gives you the power to outpace AI-driven threats through intelligence tuned specifically to your needs, enabling you to act with precision. Their advanced AI detects patterns human eyes might miss, while their experts provide context that machines alone cannot. Visit recordedfuture.com to learn more about securing what matters to your business.

May 15, 2025 • 33min
The CISO's Job Is Impossible
Yaron Levi, CISO at Dolby, co-hosts alongside Joey Rachid, CISO at Xerox. They delve into the often impossible expectations placed on CISOs, discussing the need for a fresh perspective on cybersecurity challenges. Key themes include the importance of teamwork and leadership in navigating the complex security landscape. They advocate for effective negotiation between security and business leaders and emphasize resilience in the CISO role, all while sharing insights from their own experiences in attracting and retaining cybersecurity talent.

May 8, 2025 • 29min
Can You Have a Secure Software Environment Without Traditional Vulnerability Management?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Howard Holton, COO, Gigaom. Joining us is our sponsored guest, Rob Allen, chief product officer at ThreatLocker. In this episode: Reinforcing zero trust Focus on effectiveness Understanding zero trust limitations What's next Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

May 1, 2025 • 27min
How Much Should Salespeople Know About Their Product?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is Jay Jay Davey, vp of cyber security operations, Planet. In this episode: Aligning incentives The realities of the job Delivering ROI Holistic cybersecurity Thanks to our sponsor, Backslash Security Backslash offers a new approach to application security by creating a digital twin of your application, modeled into an AI-enabled App Graph. It categorizes security findings by business process, filters “triggerable” vulnerabilities, and simulates the security impact of updates. Backslash dramatically improves AppSec efficiency, eliminating legacy SAST and SCA frustration. Learn more at www.backslash.security.

Apr 24, 2025 • 28min
Why Are We Still Struggling to Fix Application Security?
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Eric Gold, chief evangelist, BackSlash. In this episode: Start with the culture Moving AppSec to a higher level A strategy for security Maturing the basics Thanks to our sponsor, Backslash Security Backslash offers a new approach to application security by creating a digital twin of your application, modeled into an AI-enabled App Graph. It categorizes security findings by business process, filters “triggerable” vulnerabilities, and simulates the security impact of updates. Backslash dramatically improves AppSec efficiency, eliminating legacy SAST and SCA frustration.

Apr 17, 2025 • 26min
What Can Someone with No Experience Do in Cybersecurity?
All links and images for this episode can be found on CISO Series. Check out this post from Jerich Beason, CISO at WM, for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Dan Walsh, CISO, Datavant. Joining us is Rinki Sethi, vp and CISO, BILL. In this episode: You need a solid foundation A lot depends on the role Underappreciated skills Structures and frameworks Huge thanks to our sponsor, Recorded Future Every day, security teams face an impossible challenge: sorting through millions of threats, each potentially critical. But somewhere in that noise are the signals you can't afford to miss. Recorded Future's gives you the power to outpace AI-driven threats through intelligence tuned specifically to your needs, enabling you to act with precision. Their advanced AI detects patterns human eyes might miss, while their experts provide context that machines alone cannot. Visit recordedfuture.com to learn more about securing what matters to your business.