CISO Series Podcast

Boards Love to Hear Jargon," Says Soon-to-Be-Fired CISO (LIVE in Boston) 16.06.2026 48хв

All links and images can be found on CISO Series This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is Dmitriy Sokolovskiy, senior vice president, information security, Semrush. This episode was recorded in front of a live audience at the offices of Aqueduct Technologies in Canton, MA. See photos from the event. In this episode: A clock on everything The oversight loop Not a better tool, a different one It's not the alerts A huge thanks to our sponsor, Strike48 It's no secret that AI is only as good as the data available to it. Strike48 unifies agentic AI with unmatched log visibility while avoiding the typical hefty price tag. Build and deploy agents for phishing detection, alert triage, threat correlation and more. Queries existing logs where they currently live, so you can keep the technology you already have. Learn more at Strike48.com. A huge thanks to our sponsor, Dropzone AI Dropzone AI delivers a team of AI agents that investigate alerts, hunt threats, and respond to attacks across your full security stack. No playbooks required. No hidden humans in the critical path. Your analysts stay in control, directing strategy while AI agents handle the investigation workload at machine speed. Learn more at dropzone.ai.

There's Nothing an LLM Can Screw Up That the Cloud Didn't Do First 09.06.2026 44хв

All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining is our sponsored guest, Danny Jenkins, CEO, ThreatLocker. In this episode: Permission creep at machine speed The pattern we keep calling a mistake Stop authenticating the human Vibe coded out of existence A huge thanks to our sponsor, ThreatLocker ThreatLocker delivers Zero Trust Network Access and Zero Trust Cloud Access that verifies both user and device before granting access to specific applications. No broad access, nothing exposed, and no reliance on credentials alone. It's a smarter way to control access and reduce risk. Learn more at ThreatLocker.com/CISO.

Our Data Security Policy Is Transparent in That It Doesn't Exist 02.06.2026 37хв

Our Data Security Policy Is Transparent in That It Doesn't Exist All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining is Mike Melo, CISO, TMX Group. In this episode: The weight of old controls Data you can actually see 68 vendors and counting Authority you never had to claim A huge thanks to our sponsor, Vanta Still stuck on the quarterly audit treadmill? Meet Calm-pliance. Vanta combines compliance, risk, and proof on one Agentic Trust Platform—and continuously monitors your controls, keeping you audit-ready all year round. Find your Calm-pliance here.

If You Love Cloud Misconfigurations So Much, Why Don't You Marry Them! 26.05.2026 40хв

All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series, and Andy Ellis, principal of Duha. Joining them is their sponsored guest Amit Megiddo, CEO and founder, Native. In this episode: The CISO you don't need Misconfigurations aren't a cloud problem Secure by design means enforcing it Finding bugs faster isn't the bottleneck A huge thanks to our sponsor, Native Native makes secure-by-design inherent to how the cloud operates. It's the control plane for built-in cloud security, unifying and governing native controls, so security intent is defined once and applied consistently across providers. Learn more at native.security.

Why Be Responsible When We Can Just Blame AI? 19.05.2026 41хв

All links and images can be found on CISO Series This week's CISO Series Podcast features David Spark, producer of CISO Series, and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Jadee Hanson, CISO, Vanta. In this episode: The compliance receipt nobody reads Who signs off on the AI that wrote the code The agent that wouldn't stop The questionnaire that should not exist A huge thanks to our sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.

Can You Please Train the AI on Your Way Out the Door? 12.05.2026 36хв

All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining is Jean-Paul Calabio, vp and CISO, Grainger. In this episode: Scanning the map isn't securing the territory CFOs don't fund faith What your AI inherits Nobody owns the gap Thanks to Jonathan Waldrop, CISO, Acoustic for providing our "What's Worse" scenario. A huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

AI Confidence: It's a Trap! (LIVE in San Francisco) 05.05.2026 43хв

All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining is Sara Madden, CISO, Convera. This episode was recorded live at BSidesSF 2026. In this episode: Playing vendor roulette Confident and wrong Making conferences count The stakes problem in tabletops A huge thanks to our sponsor, QuilrAI Can you tell if an action in your environment was performed by a human — or an AI agent? QuilrAI's Decision Engine evaluates content, context, and intent before actions complete — across browsers, endpoints, SaaS, LLMs, and agents. Not more alerts. Better decisions, in real time. Visit quilr.ai. A huge thanks to our sponsor, Nudge Security Get a full inventory of AI assets on Day One of your free trial, even those introduced before you started using Nudge. Get started. A huge thanks to our sponsor, Zenity Help shape the future of AI agent security. On May 27th, the AI Agent Security Summit returns to San Francisco. Hear from leading researchers and security pioneers, and usher in the new age of secure AI deployment across the enterprise. Register at zenity.io/ai-security-summit.

Step 1: Deploy New AI Tool. Step 2: Discover Security Flaws. Step 3: Repeat. (LIVE in Orlando) 28.04.2026 42хв

All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series and Michelle Wilson, CISO, Movement Mortgage. Joining is sponsored guest Rob Allen, chief product officer, ThreatLocker. This show was recorded in front of a live audience at ThreatLocker's conference, Zero Trust World 2026. In this episode: Risk as a daily habit AI agents talking to AI agents The code on the lock Words that shape decisions A huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

Back in My Day, You Could Get a Cybersecurity Job at the Corner Store 21.04.2026 39хв

All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining is Paul Drapeau, head of global information security, New Balance. In this episode: The logo trap Immunity through exposure The synthesis edge The cost of holding tight A huge thanks to our sponsor, Doppel This episode is sponsored by Doppel, the AI-native social engineering defense platform. Doppel strengthens human risk management by training employees to recognize deception, while our digital risk protection detects and disrupts attacks across every channel. Learn more at doppel.com

Our Theoretical Controls Work Great Against Hypothetical Attacks 14.04.2026 43хв

Our Theoretical Controls Work Great Against Hypothetical Attacks All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining is David Nolan, former CISO, Asurion. In this episode: Influence, not control The initiative gap Skip the framework, patch the server Confident code with no owner A huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

Remember, Every Underappreciated Risk Is Just a Crisis Waiting to Be Discovered 07.04.2026 42хв

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is Hilik Kotler, svp, CISO and IT, Expedia Group. In this episode: The numbers game What makes a vendor worth your time Humanity in the loop Alignment is a prerequisite, not a nice-to-have A huge thanks to our sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.

Do You Think These Compliance Boxes Check Themselves? (LIVE in Clearwater, FL) 31.03.2026 43хв

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Pam Lindemoen, CSO, vp of strategy, Retail and Hospitality-ISAC. Joining them is Jason Mayor, deputy CISO, Raymond James Financial. This episode was recorded in front of a live audience at the National Cybersecurity Alliance's Convene conference in Clearwater, Florida. In this episode: Coaching security Planned security theater Making "nothing bad happened" a compelling story Getting security teams to think like the business A huge thanks to our sponsor, Adaptive Security Sponsored by Adaptive Security – the first security awareness platform built to stop AI-powered social engineering. AI impersonation and deepfakes have made trust the new attack surface. Adaptive runs social-engineering simulations and instantly turns threats, policies, and compliance needs into interactive, multilingual training. Trusted by Fortune 500s. Learn more at adaptivesecurity.com. A huge thanks to our sponsor, Zepo Zepo Intelligence transforms employee behavior into measurable security capability. Moving beyond check-box compliance, our human risk management platform uses hyper-personalized simulations to turn your workforce into a proactive defense layer. We don't just improve human behavior; we enable mastery against modern social engineering threats. Learn more at zepo.ai. A huge thanks to our sponsor, KnowBe4 KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, we help strengthen security culture and manage human risk. Our comprehensive AI-driven HRM+ platform includes modules for awareness and compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity content, tools, and techniques to keep the modern workforce—both humans and AI agents—cybersafe from phishing, vishing, deepfakes, and all forms of social engineering. Learn more at knowbe4.com.

Why Highlight Diversity When We Can Just Hope You Don't Notice? 24.03.2026 38хв

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining is Julie Myerholtz, CISO, Brunswick Corporation. In this episode: Your cloud, your problem Kill your sacred cows AI broke your vendor math Feedback is a gift. Open it. A huge thanks to our sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.

They're Less "Best Practices" and More "Sounds Good on LinkedIn" 17.03.2026 41хв

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is Rebecca Harness, CISO, Deltek. In this episode: Let it fail The CIO seat is empty. Now what? Design for how people actually work "We found 23 issues. That'll be $15,000." Huge thanks to our sponsor, Strike48 Strike48 is the Agentic Log Intelligence Platform that actually puts AI agents to work, combining full log visibility with AI agents that investigate, detect, and respond 24/7. With pre-built agent clusters for security and a no-code agentic workflow builder, it's easy to get started. Learn more at strike48.com/security.

It's Okay to Put All Your Eggs in One Basket as Long as You Really Trust the Basket 10.03.2026 48хв

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: Your best employee is your biggest risk Stop guessing the next attack AI is not a feature Stop blaming the user Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

Our Security Team's Love Language is Buying New Tools 03.03.2026 41хв

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Tim Leehealey, vp of corporate strategy and operations, Strike48. In this episode: Defensible, not perfect Tools aren't going to save you Logs are wasted on the SOC The myth of the lone wolf Huge thanks to our sponsor, Strike48 Strike48 is the Agentic Log Intelligence Platform that actually puts AI agents to work, combining full log visibility with AI agents that investigate, detect, and respond 24/7. With pre-built agent clusters for security and a no-code agentic workflow builder, it's easy to get started. Learn more at strike48.com/security.

If We Can't Do Better, at Least Do It Faster 24.02.2026 41хв

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining them is Vikas Mahajan, vp and CISO, American Red Cross. In this episode: Questionnaires aren't risk management The good old days were worse Buying or building your SOC Start the conversation, not the checklist Huge thanks to our sponsor, Adaptive Security Sponsored by Adaptive Security—the first cybersecurity company backed by OpenAI. AI impersonation and deepfakes have made trust the new attack surface. Adaptive runs realistic social-engineering simulations and instantly turns threats, policies, and compliance needs into interactive, multilingual training. Trusted by Fortune 500s. Learn more at adaptivesecurity.com.

We Gave the CISO Risk and Liability, and Now They Want Authority. The Nerve. 17.02.2026 42хв

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Steve Zalewski. Joining them is Tammy Klotz, CISO, Trinseo. In this episode: Accountability without authority Kill your hacklore Voice is no longer enough Studies that tell us what we already know Huge thanks to our sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.

When We See White Smoke, We Know We Have a New CISO 10.02.2026 42хв

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining them is Russ Ayres, CISO, Principal Financial Group. In this episode: Metrics that matter Tool babysitting problem Automating the brokenness Stay connected intentionally Huge thanks to our sponsor, Strike48 Strike48 is the Agentic Log Intelligence Platform that actually puts AI agents to work, combining full log visibility with AI agents that investigate, detect, and respond 24/7. With pre-built agent clusters for security and a no-code agentic workflow builder, it's easy to get started. Learn more at strike48.com/security.

Take Two-Factor Authentication and Call Me in the Morning 03.02.2026 38хв

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series, and Andy Ellis, principal of Duha. Joining them is Janet Heins, CISO, ChenMed. In this episode: Inbound gets ignored Independence under constraint Methodology means nothing Lives over logins Huge thanks to our sponsor, Guardsquare Guardsquare delivers mobile app security without compromise, providing advanced protections for both Android and iOS apps. From app security testing to code hardening to real-time visibility into the threat landscape, Guardsquare solutions provide enhanced mobile application security from early in the development process through publication. Learn more about how to protect your app at Guardsquare.com.