The New CISO

Epizodes

• Rogue Agents: The New Era of AI Insider Threats (part 2) 04.06.2026 43min

  What happens when an AI agent inside your company starts behaving like an insider threat? In part two, Steve Moore picks the thread back up with former FBI operative Eric O'Neill to explore how agentic AI is rewriting cybersecurity, the legal traps that follow a breach, and why the modern CISO must think like a spy hunter.Eric opens with a sobering reality: ransomware victims who decline to pay are re-attacked at staggering rates. He explains why criminals treat cybercrime as a business, invest weeks in reconnaissance—mapping SharePoint, harvesting file trees, and studying access patterns—and why a botched recovery hands them the same door twice.The conversation turns to the new insider threat hiding in plain sight: rogue AI agents. Eric shares a real case in which one executive's casual query exposed the next round of layoffs and triggered coordinated lawsuits. They unpack how agents inherit excessive access, how attackers hijack them once inside, and why organizations are now building insider-threat programs to monitor AI behavior.Eric argues AI is an accelerant on every unresolved problem—weak identity management, entitlement drift, missing asset inventories, and absent data classification. They debate whether IT and security should be unified under the CISO, why the CISO needs a direct line to the board, and the legal landmines that follow a breach, from cyber insurance to the “reasonable steps” standard.The episode closes with Eric's advice for any new CISO: put “spy hunter” on your resume. Counterintelligence, not perimeter defense, is the discipline that wins today. Tune in for part two of a story-driven conversation on why preparation, mindset, and threat hunting beat any single technology.Key Topics• Why ransomware victims who decline to pay get re-attacked• How attackers map SharePoint, file trees, and access patterns• The new insider threat: rogue and hijacked AI agents• A real case of an AI agent exposing an HR layoff list• Shadow IT and the cost of banning AI outright• Permission structures and second-level reviews for agent actions• Why AI exposes gaps in identity, asset, and data classification• Unifying IT and security under the CISO• Why the CISO needs a direct line to the board• Legal traps: cyber insurance, reasonable steps, and missed alerts• The CISO as counterintelligence officer and spy hunterGuest BioEric O'Neill is a former FBI counterintelligence operative, attorney, and bestselling author who helped bring down Robert Hanssen—the most damaging spy in FBI history. He is the founder of NeXasure AI and co-founder of The Georgetown Group, and his undercover work was dramatized in the film Breach. Eric is the author of Gray Day and Spies, Lies, and Cybercrime.Connect with Eric on LinkedIn or at ericoneill.net.GET A DEMO:👉 Get a hands-on demo of the Exabeam products: https://www.exabeam.com/dem🔔 Subscribe for more product demos and cybersecurity insights!ABOUT EXABEAM:Exabeam is the leader in behavior intelligence for the agentic enterprise. As organizations deploy digital workers and confront machine-speed adversaries, Exabeam applies agent-powered analytics to understand and govern the behavior of both human and non-human insiders. With integrated Exabeam Nova cybersecurity agents, Exabeam delivers flexible, industry-proven solutions for insider threat coverage of humans and agents and faster, more accurate threat detection, investigation, and response (TDIR). As the pioneer of user and entity behavior analytics (UEBA) and the innovator behind Agent Behavior Analytics (ABA), Exabeam is trusted by more than 3,000 enterprises worldwide to reduce risk, secure the digital workforce, and accelerate security operations. Learn more at www.exabeam.com.Exabeam: Real Intelligence. Real Security. Real Fast.CONNECT WITH US:X: https://x.com/exabeamLinkedIn: https://www.linkedin.com/company/exabeam/Blog: https://www.exabeam.com/blog/
• Lessons From a Spy Hunter: The Real Cost of a Breach (Part 1) 14.05.2026 34min

  What does it feel like to stand in the smoking ruin of a ransomware attack? In this episode, Steve Moore is joined by former FBI undercover operative Eric O'Neill—the man who helped capture Robert Hanssen—to explain why modern cybercrime is just traditional espionage repackaged, and why the dark web has quietly become the world's third-largest economy.Eric traces his path from the FBI's counterintelligence trenches to founding NeXasure AI and writing cybersecurity books that read like spy thrillers. He and Steve unpack the staggering scale of cybercrime, which Eric predicts could reach $20 trillion in global GDP within years—a marketplace selling everything from ransomware kits to stolen credentials.They dismantle the “it won't happen to me” mindset that still lingers in boardrooms. Eric describes how attackers use AI agents to scan for vulnerable systems, walks through how Scattered Spider socially engineered MGM in a ten-minute phone call, and explains why disabled MFA remains the leading point of failure for small and mid-size businesses.Eric then unpacks the painful calculus of paying a ransom. He explains why the FBI says never pay, when OFAC sanctions make payment a federal crime, and why—even after paying—an organization must still do the same forensic, legal, and architectural work. Steve and Eric also detail how attackers resell access and treat victims as repeat customers. The episode closes with a candid look at recovery. Eric and Steve explore why most companies fail at restoration, why rolling back to “before the attack” leaves the original flaw wide open, and why preparation always beats panic. Tune in for a part-one masterclass for any leader who thinks their organization is too small to be a target.Key Topics• How traditional espionage evolved into modern cybercrime• The dark web as the world's third-largest economy• Why every organization is a target, regardless of size• The MGM ransomware attack and Scattered Spider's playbook• Disabled MFA as the leading cause of SMB compromise• Vulnerability assessments versus fire-time remediation costs• The pay-versus-don't-pay ransomware calculus• OFAC sanctions and the legal risks of paying• Why restoring backups is not the same as recovery• The how, where, why, what, and when of breach forensicsGuest BioEric O'Neill is a former FBI counterintelligence operative, attorney, and bestselling author who helped bring down Robert Hanssen—the most damaging spy in FBI history. He is the founder of NeXasure AI and co-founder of The Georgetown Group, and his undercover work was dramatized in the film Breach. Eric is the author of Gray Day and Spies, Lies, and Cybercrime.Connect with Eric on LinkedIn or at ericoneill.net.GET A DEMO:👉 Get a hands-on demo of the Exabeam products: https://www.exabeam.com/dem🔔 Subscribe for more product demos and cybersecurity insights!ABOUT EXABEAM:Exabeam is the leader in behavior intelligence for the agentic enterprise. As organizations deploy digital workers and confront machine-speed adversaries, Exabeam applies agent-powered analytics to understand and govern the behavior of both human and non-human insiders. With integrated Exabeam Nova cybersecurity agents, Exabeam delivers flexible, industry-proven solutions for insider threat coverage of humans and agents and faster, more accurate threat detection, investigation, and response (TDIR). As the pioneer of user and entity behavior analytics (UEBA) and the innovator behind Agent Behavior Analytics (ABA), Exabeam is trusted by more than 3,000 enterprises worldwide to reduce risk, secure the digital workforce, and accelerate security operations. Learn more at www.exabeam.com. Exabeam: Real Intelligence. Real Security. Real Fast.CONNECT WITH US:X: https://x.com/exabeamLinkedIn: https://www.linkedin.com/company/exabeam/Blog: https://www.exabeam.com/blog/
• Your Most Valuable Skills Aren’t Technical 23.04.2026 52min

  Cybersecurity debates tend to center on tools, frameworks, and threats. But Rob Knoblauch has built a 25-year career in global security leadership by focusing on the soft skills that determine whether a CISO survives, thrives, or burns out. In this episode of The New CISO, Rob joins Steve Moore to trace the through-line from running a multi-node BBS as a kid to serving as Deputy CISO of one of the world’s largest banks — and the career lessons he’s carried through every chapter.Rob’s path wasn’t engineered. It began with a VIC-20, a love of video games, and a side passion for DJing that eventually clinched his first big bank interview. Running a BBS taught him identity management, patching, and infrastructure long before those were industry terms, and responding to the Melissa and “I Love You” outbreaks as a twenty-something Toronto Stock Exchange analyst launched his pivot into information security.The conversation turns to leading at scale. Rob walks through the three mentors who shaped him — “the teacher” who grounded him in fundamentals at Bank of Montreal, “the coach” who taught him the collaborative nature of global operations at Scotiabank, and “the general” who sharpened his leadership edge. He frames these not as phases but as lenses he still applies situationally today.Rob and Steve dig into incident response — from taking down Canada’s first phishing site with no playbook to running tabletop exercises at the board, C-suite, and technical levels. Rob argues every organization needs a breach coach and that communications is the biggest make-or-break factor in a breach. He also offers a candid take on CISO politics — short tenures, CIO friction, and why trust with your boss matters more than being right.The episode closes with Rob’s take on why this may be the best time in history to be a new CISO. AI is stripping away the commodity work that defined earlier generations of the role, leaving more room for strategy, leadership, and real influence. For anyone stepping into the seat, Rob’s message is simple: the most valuable skills aren’t technical at all.Key Topics• Rob’s path from a VIC-20 and a grade-school BBS to the CISO seat• How DJing as “Robbie Knobs” clinched his first big bank interview — and why “notables” matter on a resume• Taking down the first phishing website in Canada with no playbook and a lot of cold calls• The three mentors who shaped his leadership: the teacher, the coach, and the general• Why tabletop exercises at the board, C-suite, and technical levels each matter — and how they differ• The case for engaging a breach coach before a breach happens, not during one• Why communications is the single biggest make-or-break factor in incident response• How AI is reshaping the CISO role by stripping away commodity workGuestRob Knoblauch — Chief Information Security OfficerRob Knoblauch is a seasoned CISO with 25+ years of global information security leadership. He began his career at the Toronto Stock Exchange during the Y2K era and later held increasingly senior roles at Bank of Montreal and Scotiabank, where he spent years as Deputy CISO and VP of Global Security Services. Rob is also a startup advisor and longtime house music DJ performing as “Robbie Knobs.” Connect with Rob on LinkedIn.GET A DEMO:👉 Get a hands-on demo of the Exabeam products: https://www.exabeam.com/demo🔔 Subscribe for more product demos and cybersecurity insights!ABOUT EXABEAM:Exabeam is the leader in behavior intelligence for the agentic enterprise. As organizations deploy digital workers and confront machine-speed adversaries, Exabeam applies agent-powered analytics to understand and govern the behavior of both human and non-human insiders. With integrated Exabeam Nova cybersecurity agents, Exabeam delivers flexible, industry-proven solutions for insider threat coverage of humans and agents and faster, more accurate threat detection, investigation, and response (TDIR). As the pioneer of user and entity behavior analytics (UEBA) and the innovator behind Agent Behavior Analytics (ABA), Exabeam is trusted by more than 3,000 enterprises worldwide to reduce risk, secure the digital workforce, and accelerate security operations. Learn more at www.exabeam.com.Exabeam: Real Intelligence. Real Security. Real Fast.CONNECT WITH US:X: https://x.com/exabeamLinkedIn: https://www.linkedin.com/company/exabeam/Blog: https://www.exabeam.com/blog/
• From Chef to CISO: Unlocking the Recipe to Security Leadership 02.04.2026 44min

  What does sharpening a knife over a case of onions have to do with incident response? For Myke Lyons, CISO at Cribl, the answer is everything. Myke trained at the Culinary Institute of America — learning speed and accuracy under the clock of a professional kitchen — before a summer IT job in Manhattan set him on an entirely different path. In this episode of The New CISO, host Steve Moore traces that journey and the surprising parallels between culinary craft and security leadership.The conversation moves through a career that evolved organically: a summer job moving refrigerator-sized printers in a Manhattan ad agency, a crash course in executive white-glove IT support, a breakthrough moment finally cracking subnetting, and a slow expansion from NOC operator to global security leader. Myke credits the kitchen — its insistence on precision and calm under fire — for instilling an operator's mindset that still defines how he leads through incidents today.Mentorship, both formal and accidental, threads through Myke's story. A curmudgeonly colleague who threatened to "replace him with a script" taught him the value of continuous improvement. A trusted mentor reframed the CISO's role with a single line about house fires and lock changes. And years in executive IT support gave Myke an early education in empathy and knowing when not to fix what wasn't asked.Myke and Steve examine a vendor incident where a product leader's dismissive response to a forensics question destroyed credibility with hundreds of customers. The lesson: saying "I don't know, but we'll find out" is not a weakness — it is the most powerful tool a leader has. The same insight applies to M&A due diligence, where reframing technical conversations as expectation-setting exercises turns adversarial interviews into collaborative ones.For Myke, the new CISO is defined by empathy and culture. Know your audience. Think like your customers. Communicate policy changes as explanations, not mandates. Find your internal advocates and invest in them before you need them. The recipe for great security leadership is less about technology than it is about people — and that lesson translates perfectly from the kitchen to the boardroom.Key Topics• Career pivots: from culinary school to IT and cybersecurity• Speed, accuracy, and craft — what kitchen discipline teaches security professionals• Building an operator's mindset and staying calm during security incidents• White-glove executive IT support and the patience, precision, and empathy it develops• Mentorship — formal and accidental — and the lessons that only land in retrospect• The dangers of filling silence with false confidence vs. the power of saying "I don't know"• Crisis communication best practices and what not to do during a vendor incident call• Managing M&A security due diligence with low-emotion, expectation-setting conversations• Building security culture through empathy, clear communication, and internal advocates• Telemetry, log management, and Cribl's role as the data engine for IT and security Guest BioMyke Lyons is the Chief Information Security Officer at Cribl, the AI platform for telemetry trusted by organizations worldwide — including half of the Fortune 100 — to manage IT and security data at any scale.He trained at the Culinary Institute of America with aspirations of becoming a food critic — until a summer IT job in Manhattan set him on an entirely different course. Myke went on to build expertise across networking, NOC operations, and log management, holding CISO positions at Snyk and Collibra before joining Cribl in 2024.Connect with Myke on LinkedIn and learn more about Cribl at cribl.io.GET A DEMO:👉 Get a hands-on demo of the Exabeam products: https://www.exabeam.com/demo🔔 Subscribe for more product demos and cybersecurity insights!ABOUT EXABEAM:Exabeam is the leader in behavior intelligence for the agentic enterprise. As organizations deploy digital workers and confront machine-speed adversaries, Exabeam applies agent-powered analytics to understand and govern the behavior of both human and non-human insiders. With integrated Exabeam Nova cybersecurity agents, Exabeam delivers flexible, industry-proven solutions for insider threat coverage of humans and agents and faster, more accurate threat detection, investigation, and response (TDIR). As the pioneer of user and entity behavior analytics (UEBA) and the innovator behind Agent Behavior Analytics (ABA), Exabeam is trusted by more than 3,000 enterprises worldwide to reduce risk, secure the digital workforce, and accelerate security operations. Learn more at www.exabeam.com. Exabeam: Real Intelligence. Real Security. Real Fast.CONNECT WITH US:X: https://x.com/exabeamLinkedIn: https://www.linkedin.com/company/exabeam/Blog: https://www.exabeam.com/blog/
• Architect and Firefighter: How a Modern CISO Leads in Crisis 12.03.2026 48min

  Alan Lucas always wanted to be an architect or a firefighter — as CISO of Worldstream and Greenhouse Datacenters, he has become both. In this episode, he joins host Steve Moore to explore leading cybersecurity at the intersection of design and crisis response.Alan traces his path from Fox-IT through a Dutch cryptocurrency exchange where he arrived post-breach to an organization under near-constant attack from nation-state threat actors. Leading a technically sophisticated but security-anxious leadership team, he learned the lasting power of transparency and directness — and his most memorable measure of success was not a technical control, but a CTO who finally slept through the night.The conversation goes deep into crisis communication. Alan and Steve discuss how the industry has matured from reflexive silence around breaches to embracing transparency as a trust-building tool, the danger of well-meaning legal edits that send customers chasing the wrong narrative, and why the CISO should hold final review over all public incident communications. He also shares his Security Champions Program, tabletop exercise design, and why knowing who to call in a crisis must be mapped out before that crisis arrives.Alan also covers his volunteer work with the DIVD, coaching ethical hackers and supporting responsible disclosure worldwide — an extension of his belief that security, done well, creates trust and enables growth for everyone.The episode closes on "bouncing forward" — the idea that true resilience means using every incident as a forcing function for improvement, not just a return to baseline. Alan frames lessons learned as the most important resilience KPI a security team can own. A masterclass in leading through both calm and chaos. Key Topics• The architect-and-firefighter mindset: building security programs while fighting live fires• Alan's career path from Fox-IT (MSSP) to post-breach CISO at a cryptocurrency exchange• Leading security post-breach — and what "sleeping well again" actually means• The unique threat landscape facing cryptocurrency companies, including nation-state adversaries• The Dutch Institute for Vulnerability Disclosure (DIVD): coordinated, ethical vulnerability disclosure worldwide• Mentoring young ethical hackers: communication, confidence, and responsible disclosure process• Crisis communication: balancing transparency with operational security during active incidents• Why legal edits to breach notifications can mislead customers and create dangerous distractions• The CISO's role as final reviewer of all incident communications• Security Champions Programs: bridging the gap between security and non-technical departments• Tabletop exercise design: running effective simulations in under an hour with non-technical staff• Writing the breach notification letter before the breach happens• Bouncing forward, not bouncing back: using lessons learned as a resilience KPI• Security as a business enabler: positioning the CISO role for organizational growth and confidenceGuest BioAlan Lucas is CISO at Worldstream and Greenhouse Datacenters, two of the Netherlands' leading cloud and data center infrastructure providers. With over a decade of cybersecurity experience, he leads security strategy for mission-critical IT and cloud environments. Prior roles include Fox-IT (MSSP) and LiteBit, a Dutch cryptocurrency exchange where he served as CISO post-breach. Alan also volunteers as a coach at the Dutch Institute for Vulnerability Disclosure (DIVD), mentoring ethical hackers and supporting responsible disclosure globally. He is passionate about security as a catalyst for innovation — and about building a safer digital society, one step at a time.LEARN MORE:👉 Connect with Alan on LinkedIn.GET A DEMO:👉 Get a hands-on demo of the Exabeam products: https://www.exabeam.com/demo🔔 Subscribe for more product demos and cybersecurity insights!ABOUT EXABEAM:Exabeam is a leader in intelligence and automation that powers security operations for the world’s smartest companies. As a global cybersecurity innovator, Exabeam provides industry-proven, security-focused, and flexible solutions for faster, more accurate threat detection, investigation, and response (TDIR). Cutting-edge technology enhances security operations center performance, optimizing workflows and accelerating time to resolution. With consistent leadership in AI innovation and a proven track record in security information and event management (SIEM) and user behavior analytics, Exabeam empowers global security teams to combat cyberthreats, mitigate risk, and streamline operations.Real Intelligence. Real Security. Real Fast. Learn more at: https://www.exabeam.com/CONNECT WITH US:X/Twitter: https://x.com/exabeamInstagram: https://www.instagram.com/exabeam/LinkedIn: https://www.linkedin.com/company/exabeam/Facebook: https://www.facebook.com/Exabeam/Blog: https://www.exabeam.com/blog/
• Six Steps for Better Communication as a CISO 19.02.2026 48min

  In this episode of The New CISO, host Steve Moore speaks with Dean Sapp, CISO and Data Protection Officer at Filevine, about one of security's most critical yet overlooked skills—written communication. Drawing from a brutal college English class that failed students for a single typo and over 20 years building security programs in the legal tech industry, Dean reveals why the ability to articulate security findings clearly separates average professionals from exceptional leaders who drive real business impact.After abandoning architecture when he learned it would take six years to become licensed, Dean leveraged his dual skills in computer-aided drafting and IT to launch a career at Novell, eventually earning nine certifications in two years and a master's degree from SANS Institute. His background in design thinking shapes how he approaches security program development—viewing it like building a structure that requires solid foundations, functional systems, and even window dressing like SOC 2 compliance.After interviewing over 100 candidates for SOC positions, Dean identifies the biggest missing skill as the inability to translate security findings into business language executives understand and act upon. He introduces the BLUF (Bottom Line Up Front) principle from military communications, explaining why security professionals have roughly eight seconds to capture executive attention. Dean champions radical transparency through simple frameworks—using stoplight systems or report card grades to communicate security posture, deliberately giving his own program failing marks in areas needing improvement to build trust.Dean tackles operational communication breakdowns that create real security risk, emphasizing mandatory peer review before escalating incidents. This two-person rule dramatically improves report quality while reducing false positives that waste senior leadership time. He shares how this high-standards approach helped Filevine achieve best-in-class cyber insurance rates, with underwriters calling their security program superior to any SaaS provider they'd evaluated. Drawing on Erik Durschmied's "The Hinge Factor," he illustrates how small communication failures doom missions—just as cavalry troops charging cannons failed because not one rider carried the nails and hammer needed to disable them.Throughout the discussion, Dean emphasizes holding yourself to impossibly high standards so that external auditors find you excellent. He advocates for brutal honesty about program gaps, documenting accepted risks clearly, and using tools like Grammarly Premium to improve writing quality. His philosophy combines military precision, architectural thinking, and pedagogical discipline—all in service of making security programs that actually work rather than just looking good on paper.Key Topics Discussed:* Why written communication is security's most critical missing skill* BLUF (Bottom Line Up Front): Capturing executive attention in 8 seconds* Using stoplight or report card systems for transparent board reporting* Giving your security program honest grades to build executive trust* Mandatory peer review before escalation to reduce false positives* How Filevine achieved best-in-class cyber insurance rates* The two-person rule for improving incident report quality* Lessons from "The Hinge Factor" about preparation and tools* Holding impossibly high standards so external auditors find you excellent* Translating technical findings into business impact languageLEARN MORE: 👉 LinkedIn: https://www.linkedin.com/in/deansappCompany Website: https://www.filevine.comGET A DEMO:👉 Get a hands-on demo of the Exabeam products: https://www.exabeam.com/demo🔔 Subscribe for more product demos and cybersecurity insights!ABOUT EXABEAM:Exabeam is a leader in intelligence and automation that powers security operations for the world’s smartest companies. As a global cybersecurity innovator, Exabeam provides industry-proven, security-focused, and flexible solutions for faster, more accurate threat detection, investigation, and response (TDIR). Cutting-edge technology enhances security operations center performance, optimizing workflows and accelerating time to resolution. With consistent leadership in AI innovation and a proven track record in security information and event management (SIEM) and user behavior analytics, Exabeam empowers global security teams to combat cyberthreats, mitigate risk, and streamline operations. Real Intelligence. Real Security. Real Fast. Learn more at: https://www.exabeam.com/CONNECT WITH US:X/Twitter: https://x.com/exabeamInstagram: https://www.instagram.com/exabeam/LinkedIn: https://www.linkedin.com/company/exabeam/Facebook: https://www.facebook.com/Exabeam/Blog: https://www.exabeam.com/blog/
• The Four Cs: Why a Schoolteacher Makes a Great CISO 29.01.2026 54min

  In this episode of The New CISO, host Steve Moore speaks with Manuel "Manu" Ressel, CISO at SAUTER Group, about his unconventional journey from classroom teacher to cybersecurity leader—and why the "Four Cs" of modern education provide a powerful framework for building effective security programs. Drawing from years as both a teacher and school principal in Germany, Manu introduces Critical Thinking, Communication, Collaboration, and Creativity as essential leadership skills that fundamentally challenge how the industry approaches awareness training and incident response.After growing frustrated with Germany's outdated education system that prioritized memorization over critical thinking, Manu left his position as principal and reinvented himself as a digital transformation consultant. Working with schools and mid-sized companies to adopt cloud technologies, he eventually landed the CISO role at SAUTER, an international building automation company with 4,000 employees across multiple countries.The conversation tackles security's most persistent failure: awareness training that doesn't work. Manu reveals that 37% of security incidents in Germany could be prevented if users made better decisions, yet most organizations rely on boring click-through programs. He advocates for scenario-based, role-specific training—an approach now mandated by Europe's NIS 2 regulation—that treats people as the biggest opportunity in cybersecurity rather than the weakest link.One of the episode's most practical frameworks is Manu's Observation-Description-Interpretation method for analyzing security incidents. He explains how humans naturally jump from observation directly to interpretation, skipping the crucial middle step of accurately describing what actually happened. This leads to finger-pointing, misdiagnosis, and hasty decisions. By training security analysts to pause and describe incidents factually first, teams make better decisions and build trust with the business.Manu challenges the punitive approach many organizations take toward security failures, particularly companies that fire employees for repeatedly clicking phishing simulations. He champions building positive fault cultures where employees feel safe reporting mistakes. His three crisis questions—Is anyone dying? Major financial impact? Will someone be hurt?—provide a simple framework for staying calm and deciding when immediate action is necessary versus taking time to think strategically.Key Topics Discussed:Why the "Four Cs" (Critical Thinking, Communication, Collaboration, Creativity) define effective security leadershipThe Observation-Description-Interpretation framework for incident analysis without biasTransforming ineffective awareness training into engaging, scenario-based programsBuilding positive security cultures where employees report issues without fearNIS 2's mandate for role-specific cybersecurity training across organizational levelsWhy Germany and European mid-market companies lag in cloud adoptionThree critical crisis questions: Is anyone dying? Financial impact? Risk of harm?Why punitive phishing training destroys trust and cultural engagementApplying teacher skills to security leadership and de-escalation techniquesStaying calm as a CISO's most important superpower during incidentsLEARN MORE: 👉 Guest LinkedIn: https://www.linkedin.com/in/manuel-ressel-9279b997/Company website: https://www.sauter-controls.com/GET A DEMO:👉 Get a hands-on demo of the Exabeam products: https://www.exabeam.com/demo🔔 Subscribe for more product demos and cybersecurity insights!ABOUT EXABEAM:Exabeam is a leader in intelligence and automation that powers security operations for the world’s smartest companies. As a global cybersecurity innovator, Exabeam provides industry-proven, security-focused, and flexible solutions for faster, more accurate threat detection, investigation, and response (TDIR). Cutting-edge technology enhances security operations center performance, optimizing workflows and accelerating time to resolution. With consistent leadership in AI innovation and a proven track record in security information and event management (SIEM) and user behavior analytics, Exabeam empowers global security teams to combat cyberthreats, mitigate risk, and streamline operations.Real Intelligence. Real Security. Real Fast. Learn more at: https://www.exabeam.com/CONNECT WITH US:X/Twitter: https://x.com/exabeamInstagram: https://www.instagram.com/exabeam/LinkedIn: https://www.linkedin.com/company/exabeam/Facebook: https://www.facebook.com/Exabeam/Blog: https://www.exabeam.com/blog/
• Safety Third: Why Security Shouldn't Be Your Top Priority 08.01.2026 1h 6min

  In this episode of The New CISO, host Steve Moore speaks with Alex Rice, Founder, CTO, and CISO at HackerOne, about challenging one of cybersecurity's most deeply held beliefs—that security should be the top priority. Drawing from his journey building security programs at Facebook and founding HackerOne, Alex introduces the "safety third" philosophy and explains why accepting that security is never first can actually make you more effective as a leader.Alex shares his unconventional path into cybersecurity, starting as a 14-year-old programmer in rural Florida and eventually leading product security at Facebook during its explosive growth. He reveals how Facebook ran 70+ penetration tests annually with top-tier vendors and still wasn't finding enough vulnerabilities—until they opened the doors to the hacker community and received over 300 valid findings in a single weekend. This experience became the foundation for HackerOne's bug bounty platform.The conversation tackles critical leadership challenges facing modern CISOs, including the toxic tendency toward victim blaming when breaches occur, why security teams struggle with customer-centric design, and how to avoid becoming the team everyone knows only for blocking work and sending phishing tests. Alex argues that security professionals must stop drinking their own Kool-Aid and recognize that usability and business outcomes will always take precedence over security controls.In the episode's second half, Alex addresses AI's role in security operations with refreshing pragmatism. Rather than chasing grandiose AI visions, he advocates for starting with narrow, well-defined tasks where agents can replace security toil—like automated CVSS scoring or vulnerability triage—building trust and expertise before tackling more ambitious projects. He warns against the current trend of AI tools that find more problems when security teams desperately need help fixing the mountain of issues they already know about.Alex also challenges CISOs to stop over-owning problems like asset inventory management that rightfully belong to other executives, emphasizing the importance of cross-functional collaboration over building security-owned solutions that ultimately fail. Throughout the discussion, he champions a philosophy of empathy, customer-centricity, and accepting hard truths about security's actual place in business priorities—a mindset shift that paradoxically makes security leaders far more effective.Key Topics Discussed:Why "safety third" should be every CISO's operating philosophyThe problem with victim blaming in cybersecurity incidentsBuilding customer-centric security programs that enable rather than blockLessons from scaling Facebook's security program with 70 pen tests per yearThe origin story of HackerOne and crowdsourced security testingHow to avoid becoming the security team everyone resentsPractical AI implementation: Starting with toil elimination, not transformationWhy CISOs over-own asset management and other problemsThe importance of process mapping before deploying AI agentsAligning security teams closely with AI and software development
• Just Starting in Security? Here’s What You Need to Succeed 04.12.2025 49min

  In this episode of The New CISO, host Steve Moore speaks with Iain Paterson, Chief Information Security Officer at Well Health Technologies, about his unconventional path into cybersecurity and the lessons learned from building programs across industries—from banking and healthcare to breach response and beyond.From skipping college to take an eight-month technical boot camp to leading enterprise security programs, Iain shares how curiosity, hands-on experience, and communication skills shaped his journey. He opens up about the realities of hiring in cybersecurity, why foundational IT work still matters, and how soft skills like empathy and composure are essential for effective leadership. Iain also reflects on leading through high-stress incidents, including the Ashley Madison breach, and explains why staying calm, communicating clearly, and maintaining emotional intelligence define the “new CISO.”Key Topics Covered:A nontraditional start: skipping college for certifications and hands-on learningWhy technical foundations—servers, networks, and support—still matterThe problem with “boilerplate” resumes and lack of real-world experienceWhy soft skills are a security superpower: communication, patience, and empathyTransitioning from technician to business enabler in cybersecurityHow early help desk experience builds composure and problem-solving abilityLessons from running vulnerability management in large-scale bankingLearning resilience and resourcefulness as a one-person security team in healthcareBehind the scenes of the Ashley Madison breach: stress, responsibility, and empathyWhy composure, calm communication, and credibility matter in crisis responseThe leadership evolution from technical expert to executive decision-makerBuilding peer networks and finding mentorship to combat isolation as a CISOIain’s story highlights how real experience, emotional intelligence, and community support transform good technologists into exceptional leaders. His insights remind us that cybersecurity isn’t just about defense—it’s about communication, composure, and connection.
• Think Outside the Job: How to Shift Your Career Mindset 13.11.2025 52min

  In this episode of The New CISO (Episode 137), host Steve Moore speaks with Gideon Knocke, CISO at Visage Imaging, about rethinking how we grow in our careers and why learning to “think outside the job” is key to long-term success.From studying cybersecurity when the field was still new to leading security for millions of patient records in healthcare, Gideon shares how his early curiosity and “career accidents” helped shape his mindset as a modern CISO. He reflects on shifting from technical problem-solving to people-centric leadership, learning how visibility and credibility shape opportunity, and why networking—inside and outside your company—is essential for resilience and growth. Gideon also explains why risk quantification isn’t just about numbers, but about decision-making, communication, and understanding what your organization truly values.Key Topics Covered:Early lessons from studying cybersecurity before it went mainstreamWhy some of the best careers evolve through “happy accidents” and curiosityHow to build visibility and relevance beyond doing good workThe difference between being seen as an asset versus a personHow networking and outreach can transform your mindset and open new doorsTurning fear of public speaking into confidence through preparation and iterationThe leadership balance between taking accountability and fostering team candorWhy large-organization politics can hinder honest communicationThe art of quantifying risk for better decision-making, not just reportingWhy the new CISO must start with company beliefs and build security on shared valuesGideon’s journey reveals that career success often comes from stepping outside your comfort zone—whether that’s reaching out to 100 strangers on LinkedIn, giving your first talk, or reframing how you communicate risk. His insights remind leaders that growth begins when you stop thinking only about your job and start thinking about your impact.
• Pick Your Pain: A Methodical Approach to Career Growth 23.10.2025 45min

  In this episode of The New CISO (Episode 136), host Steve Moore speaks with Carl Cahill, CISO, about a deliberate, methodical approach to career growth—and why every leader must “pick their pain” to progress.From combat arms in the U.S. Army to Active Directory engineering and large-enterprise incident response, Carl shares the pivotal choices that shaped his leadership. He opens up about moving from certifications to business fluency, using a personal gap analysis to chart his path to the C-suite, and how feedback like being called a “propeller head” pushed him to translate geek speak into the language of finance, law, and strategy. Carl also explains his five-phase 100-day plan, why IR readiness comes first, and how “radical collaboration” defines the modern CISO.Key Topics Covered:Early career pivots: Army leadership, perseverance, and precision → IT foundationsCertifications as a fast track (then) vs. blended learning and passion projects (now)The “pick your pain” decision: staying comfortable vs. returning to school to advanceBuilding a CISO gap analysis from job reqs and targeting stretch assignmentsUpgrading the lexicon: finance, legal, and general management (e.g., Wharton GMP)Turning tough feedback into growth: from geek speak to boardroom dialogueConsulting variety vs. ownership: when to switch for long-term impactThe 100-day plan: assess → plan → act → measure → adjust (with IR first)Stakeholder mapping, team SWOTs, and making strategy stick beyond 90 daysMetrics as a “health language” and why today’s CISO must be a radical collaboratorCarl’s story shows how intentional trade-offs—education, language, and leadership style—compound into career momentum. His roadmap helps CISOs and aspiring leaders navigate transitions with discipline, communicate across the business, and build resilient teams that lead with clarity.
• From Breach to BISO: Becoming a Security Influencer 02.10.2025 41min

  Most security professionals know what a CISO does. But what about a BISO? And why are Fortune 500 companies increasingly creating this executive role?In this episode of The New CISO Podcast, host Steve Moore sits down with Evan Ferree, Staff Vice President and Business Information Security Officer at a Fortune 50 company, to decode one of cybersecurity's most misunderstood leadership positions.What You'll Learn:Understanding the BISO Role:What a Business Information Security Officer actually does (and how it differs from a Deputy CISO)When organizations need a BISO - the size, industry, and complexity indicatorsWhy the BISO serves as a "force multiplier" for the security organizationHow to measure and defend BISO value during organizational changeThe Career Journey:Evan's unconventional path from IT infrastructure to executive security leadershipHow a major cybersecurity breach became his "MBA in cybersecurity" in six monthsWhy volunteering for uncomfortable work during crisis creates career opportunitiesThe progression from vulnerability analyst to SOC leadership to Staff VPThe 90% Influence Principle:Why the BISO role is about influence, not authorityHow to navigate multiple business units with different security needsMastering the "why" behind security initiatives for non-technical audiencesBuilding relationships and organizational awareness over timeExecutive Skills That Matter:The "log lines" storytelling framework from Deloitte CISO AcademyDeveloping executive presence through failure and self-awarenessWhen to end a meeting and start over (and why that's okay)Speaking plain English vs. technical jargon with business leadersPractical Career Advice:Transitioning from tactical security operations to strategic leadership rolesWhy getting uncomfortable is essential for growthBuilding business acumen alongside technical expertiseWhy Evan's best security hires came from outside cybersecurityKey Insight: "You are 90% an influencer in this role. Unlike tactical security work where authority and urgency create credibility, the BISO must master explaining why security matters to the business - in terms the business understands."Whether you're a security professional planning your path to executive leadership, a CISO considering adding a BISO function, or a business leader trying to understand how security enables business outcomes, this episode delivers actionable insights from someone who's lived the journey.Guest: Evan Ferree, Staff Vice President & Business Information Security Officer at a Fortune 50 company, with 11 years of progressive security leadership experience spanning Security Operations, threat management, vulnerability management, and business information security.Hosted by: Steve Moore | Produced in partnership with: Exabeam
• Are You Relying on the Right Tools? 11.09.2025 44min

  In this episode of The New CISO, host Steve Moore speaks with Dr. Timo Wandhöfer, Group CISO and Head of Information Security & Business Continuity Management at Klöckner & Co, about the evolving responsibilities of modern CISOs and why influencing—not just convincing—stakeholders is essential for success.From his early career as a researcher in computer science to leading global security and resiliency efforts in the steel industry, Timo shares how critical thinking, skepticism, and cross-functional collaboration shaped his leadership style. He reflects on the dangers of overconfidence in detection, the risks of over-relying on tools, and the lessons learned from merging information security with business continuity. Timo also explores how AI can both accelerate remediation and introduce new risks, and why resilience planning and transparent communication are at the core of effective leadership.Key Topics Covered:The evolving role of the CISO: from protection to resilience and adaptabilityHow research skills translate into critical thinking and cross-functional collaborationWhy overconfidence and lack of visibility remain major pitfalls in security programsThe importance of transparency, maturity, and asset inventory for strong defensesResiliency planning: ransomware recovery, crisis management, and operating modelsInsider threat investigations and the role of HR, Legal, and IT in responseThe shift from convincing to influencing stakeholders through dialogueThe promise and risks of AI and automation in remediation and decision-makingWhy today’s CISO must be a communicator, storyteller, and business leaderTimo’s journey highlights how resilience, adaptability, and influence define the “new CISO.” His insights provide a roadmap for leaders who want to strengthen security programs, build trust with stakeholders, and guide their organizations with both technical and business acumen.
• Teachable Moments: How to Learn from Career Challenges 21.08.2025 41min

  In this episode of The New CISO, host Steve Moore speaks with Steve Lodin, VP of Information Security at Sallie Mae, about the career challenges that shaped his leadership style and the lessons he’s learned across decades in cybersecurity.From breaking into his high school to experiment with Apple II computers to leading global security teams in Europe, Steve shares the pivotal experiences that defined his career. He opens up about career missteps, the importance of asking the right questions before accepting a new role, and how succession planning and crisis preparation are critical for every security leader. Steve also reflects on how medical emergencies, breach response, and shifting industries—from automotive to healthcare to financial services—taught him resilience, adaptability, and perspective.Key Topics Covered:Early career pivots, from engineering to cybersecurity leadershipLessons learned from career missteps and short-lived rolesThe five factors Steve now evaluates before taking a new jobSuccession planning and preparing teams to lead during emergenciesWhy tabletop exercises and exposure to executives matter for resilienceManaging stress, staying calm, and keeping perspective in high-pressure rolesThe long-tail business impact of breaches beyond immediate costsWhy financial services foster collaboration and innovation in securityThe importance of mentoring and introducing students to cybersecurity careersSteve’s story reveals why the most valuable lessons often come from challenges, not successes. His insights provide a roadmap for CISOs and aspiring leaders who want to navigate setbacks, lead with composure, and build stronger teams for the future.
• How to Score a Security Role — Without Collecting Certifications 24.07.2025 51min

  In this episode of The New CISO, host Steve Moore speaks with Marius Poskus, Chief Information Security Officer at Glow Financial Services and creator of the Cyber Diaries podcast. Marius shares his journey from physical security into cybersecurity leadership—and how he did it without relying on traditional certifications.Marius reflects on how self-directed learning, mentorship, and a strong personal brand helped him pivot careers and thrive in the FinTech space. He explains why the security industry needs to stop glorifying certifications, how to break in through SOC roles, and what truly makes a candidate stand out in interviews. From coaching new talent to advising startups on go-to-market strategies, Marius emphasizes that attitude and aptitude matter far more than credentials.Key Topics Covered:Why Marius walked away from a career in physical security—and how that experience shaped his cyber pathThe critical difference between certification collecting and real-world skill developmentWhy most entry-level cybersecurity roles are in SOCs—and how to leverage thatHow sharing your learning journey online builds credibility and unlocks job opportunitiesThe two A’s that matter most when hiring: attitude and aptitudeCommon mistakes startups make when targeting CISOs and building security toolsThe growing risks of “AI-washing” and what real AI innovation should look likeWhy mentorship only works when mentees are willing to put in the workHow to shift from security awareness “stick” tactics to culture-based collaborationWhat it means to build a personal brand that outlasts your job titleMarius’ story proves that cybersecurity success doesn’t come from certificates—it comes from curiosity, consistency, and community. Whether you’re just starting your career or leading a security team, this episode will inspire you to focus on what really moves the needle.Marius Poskus Podcast - Cyber Diaries Podcast
• Ask the Right Questions: How Building Trust Brings Value 03.07.2025 50min

  In this episode of The New CISO, host Steve Moore speaks with Aleksandar Radosavljevic, Global CISO at Global Fashion Group, about building trust, measuring resilience, and the evolving role of the security leader.Aleksandar shares how his unexpected pivot from electrical engineering to cybersecurity sparked a passion for protecting systems and solving problems. With over two decades of experience across pharma, manufacturing, and tech, he offers insights into how security leaders can establish trust, drive business value, and focus on what really matters.The conversation covers the art of starting strong in a new CISO role, navigating interviews with curiosity and care, and avoiding common traps like overcomplicating metrics or chasing the latest tools without mastering the basics.Key Topics Covered:Why pharma’s mission-driven work made a lasting impact on AleksandarCareer advice for cybersecurity newcomers: follow learning, not just industryHow CISOs can build early trust by listening and understanding the businessRed flags and green lights during the CISO interview processWhy being challenged in an interview signals a healthy security cultureThe problem with vanity metrics—and what to track insteadAleksandar’s favorite KPIs: time to detect, respond, and contain incidentsThe role of situational awareness in building cyber resilienceHow simplifying language helps CISOs align with executive teamsWhy mandate and mindset matter more than reporting linesAleksandar’s story is a reminder that cybersecurity leadership is about more than tools and tactics—it’s about trust, transparency, and transforming security from a blocker into a true business enabler.
• The Challenge of Securing Critical Infrastructure 12.06.2025 1h

  In this episode of The New CISO, host Steve Moore speaks with Keith Price, Chief Security Officer at National Highways, about the evolving responsibilities of modern security leaders and the critical role of convergence between cyber, physical, and people security.Keith shares real-world stories from his work protecting England’s strategic road network—used by over four million people daily—and explains why understanding both legacy infrastructure and cutting-edge technology is essential for building a resilient security strategy. From managing insider threats and recovering stolen radar equipment to championing mental health and developing junior talent, Keith offers a holistic approach to leadership in critical infrastructure.Key Topics Covered:How converging physical, cyber, and personnel security leads to stronger protectionReal-life insider threat examples—and how sensors helped prevent major damageThe challenge of managing decades-old asset tracking systems across regionsWhy availability and integrity of data now outweigh confidentiality in certain sectorsHow Keith’s team detected stolen highway radar for sale on eBayThe importance of empathetic leadership and supporting mental health in security teamsHow "Cyber Coffee" sessions create safe spaces for vulnerability and connectionUpskilling IT staff into cybersecurity roles through “pay-it-forward” learningThe case for offering security-as-a-service to small but critical supply chain partnersKeith’s insights reveal why successful security leadership requires more than just technical knowledge—it demands communication, humility, and a deep understanding of human behavior. This conversation is a must-listen for any security professional working to bridge silos and lead with impact.
• Is Done Better Than Perfect? Self-Awareness as a CISO 22.05.2025 47min

  In this episode of The New CISO, host Steve Moore speaks with Ben, Director of Group Security and Architecture at Bilfinger, about the role of self-awareness, confidence, and communication in effective cybersecurity leadership.Ben shares his unconventional path to becoming a CISO, how he applies the “done is better than perfect” philosophy, and why embracing vulnerability, curiosity, and creativity is key to building strong teams. From baking sourdough to producing his own podcast, Ben highlights how personal passions can shape professional growth.Key Topics Covered:Why done is better than perfect can be a strength—not a flaw—in cybersecurityThe surprising connection between baking sourdough and fostering security cultureHow Ben’s podcast, Infosec Theater, educates non-technical audiences using humor and storytellingThe creative interview question he uses to gauge mindset: “If cybersecurity were an animal, what would it be?”Why hiring for attitude and resilience beats hiring for experience aloneHow podcasting sharpened his ability to listen, simplify, and leadBen also emphasizes the importance of recognizing your own strengths and surrounding yourself with people who balance them out. His perspective offers actionable takeaways for CISOs and security professionals seeking to grow into thoughtful, human-centered leaders.🔗 Listen to Ben’s podcast, Infosec Theater: https://www.infosec.theater/
• Classroom to Boardroom: How Teaching Makes Leaders Better 01.05.2025 51min

  In this episode of The New CISO, host Steve Moore talks with Nithin Reddy, Global VP of Cybersecurity at Dayforce, about how his dual roles in cybersecurity leadership and education shape his approach to building stronger, smarter teams.Nithin reveals how teaching cybersecurity not only amplifies his impact but also sharpens his communication and leadership skills. From protecting millions of users’ data to mentoring students and influencing curriculum design, he shares why simplifying complex ideas is the key to inspiring both executives and future security professionals.The conversation explores:The link between teaching and leadership growthHow to manage stress in high-stakes security operations—and tell the difference between “good” and “bad” stressDayforce’s in-house employee risk scoring model and the power of just-in-time access controlsThe impact of generative AI on phishing threats and how awareness training must evolveA real-life story of using a fake $200 gift card to teach conference-goers a lesson on social engineeringWhether you’re leading a SOC or standing at the front of a classroom, this episode is a masterclass in turning knowledge into influence—and purpose into performance.
• What Can Cutting Cake Teach a CISO? 10.04.2025 45min

  In this episode of The New CISO, host Steve Moore speaks with Rich Durost, Chief Information Security Officer at Froedtert ThedaCare Health, about his journey from West Point cadet to cybersecurity leader—and what slicing cake has to do with building effective security programs.Drawing from 23 years in the military and over 15 years in cybersecurity, Rich shares how discipline, preparation, and teamwork—skills first sharpened during plebe year dessert duty—translate directly into the responsibilities of a CISO. He reflects on the shift from tactical to strategic thinking, the value of mentoring deputies, and why authentic leadership and relationship-building are vital in today’s remote work environment.Rich also explores the unique challenges of healthcare cybersecurity, the importance of aligning with clinical goals, and how CISOs can move from being the "department of no" to strategic business enablers by simply asking “how” instead of “no.”Whether you're a rising security professional or a seasoned executive, you’ll gain practical leadership takeaways—and maybe a new appreciation for cake.