Defense in Depth

Sneha Parmar, an Information Security Officer at Lufthansa Group Digital Hangar, discusses the importance of viewing cybersecurity as a collective responsibility. She emphasizes the critical role of foundational practices like asset inventory and maintenance, arguing that overlooking these can lead to vulnerabilities. Sneha highlights how understanding organizational assets and fostering accountability can enhance security measures. The conversation also stresses that prioritizing operational discipline is key to building a resilient cybersecurity posture.

Mike Johnson, CISO of Rivian, and Gaurav Kapil, CISO of Bread Financial, dive deep into the necessity of long-term cybersecurity strategies. They discuss how new CISOs can balance immediate pressures with strategic planning. The conversation highlights the importance of having a flexible vision that adapts to evolving threats. Effective communication with C-suite executives is emphasized as vital for aligning cybersecurity goals. They also stress the indispensable nature of planning, even as strategies must adjust in a dynamic landscape.

All links and images for this episode can be found on CISO Series. Check out this post by Marc Ashworth, CISO at First Bank for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Shawn Bowen, vp, deputy CISO - Gaming, Microsoft. Joining us is Ken Athanasiou, CISO, VF Corporation. In this episode: Frustration is a two-way street Sales is data driven Give customers the tools they need Start a conversation Thanks to our podcast sponsor, Noma Security Secure your entire Data & AI Lifecycle—from development to production and classic data engineering to GenAI. Noma’s full-lifecycle platform delivers seamless protection against risks like misconfigured data pipelines, malicious models, and adversarial AI attacks, empowering AppSec teams with complete visibility, security, and compliance—without disrupting data and AI teams’ workflows.

Rob Allen, Chief Product Officer at ThreatLocker, dives into the intricate dance between AI and cybersecurity. He discusses the promise of large language models, emphasizing their potential to aid defenders while acknowledging the risks they pose when leveraged by attackers. The conversation highlights the necessity of strong security fundamentals, handling AI's dual nature carefully. Allen also addresses how AI can impact trust and the critical need for discernment in an age of deep fakes and misinformation.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Ross Young, CISO-in-residence, Team8, and Jeroen Schipper, CISO, Gemeente Den Haag. In this episode: Creating authority Don’t reinvent the wheel Accountable for quality Make the distinction clear Thanks to our podcast sponsor, Fenix24 You’ve invested in cybersecurity, but can your business recover when it counts? The Securitas Summa program from the Conversant Group combines resistance, managed protection, and rapid recovery to minimize downtime and restore operations faster than anyone else. Resilience isn’t optional. Click to see how it works.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode  co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Itai Tevet, CEO, Intezer. In this episode: Build for what you can handle Rethinking alerts Building trust into your system Seeing the bigger picture Thanks to our podcast sponsor, Intezer Intezer’s AI-driven solution automates alert triage and investigations, cutting through the noise to highlight serious threats. By integrating with your security tools, it escalates only 4% of alerts for fast remediation, helping SOC teams focus on what matters. Learn more at intezer.com today!

Yaron Levi, the CISO of Dolby and an expert in cybersecurity and vulnerability management, dives deep into the distinctions between vulnerability discovery and management. He emphasizes that without knowing what vulnerabilities exist, effective management is impossible. Discussion revolves around the ongoing nature of vulnerability management, the need for prioritization, and the fascinating role of AI in reducing alert fatigue. Levi's insights reveal that context and collaboration are vital for creating a robust cybersecurity strategy.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Dan Walsh, CISO, Paxos. Joining us is Sharon Milz, CISO, Time. In this episode: A vicious cycle Not all training is created equal Don’t forget the human factor We can still define success Thanks to our podcast sponsor, Intezer Intezer’s AI-driven solution automates alert triage and investigations, cutting through the noise to highlight serious threats. By integrating with your security tools, it escalates only 4% of alerts for fast remediation, helping SOC teams focus on what matters. Learn more at intezer.com today!

Ross Halleluk, an expert in cybersecurity startups and author of 'Venture in Security', teams up with Sid Trivedi, a partner at Foundation Capital. They discuss the unique challenges cybersecurity startups face, including issues with customer trust and market oversaturation. The conversation covers the importance of innovation in security solutions, the pitfalls of acquiring tools without implementation, and the need for specialized sales skills. They advocate for more startups in this space to address the pressing security needs of modern technology.

Allan Cockriel, Group CISO at Shell, dives into the impact of new SEC regulations on cybersecurity roles. He discusses the heightened accountability CISOs now face and the complexities of meeting regulatory demands amidst cyber threats. Cockriel highlights the importance of transparency while balancing security risks and the potential for a talent exodus in the field. Additionally, he emphasizes the need for industry collaboration and robust control frameworks to navigate these challenges successfully.