Defense in Depth

What Makes a Successful Security Vendor Demo? All links and images can be found on CISO Series. Check out this post from Adam Palmer for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Geoff Belknap. Joining is Ken Beasley, BISO, Kaiser Permanente. In this episode: Show me the problem, not the product Walking in blind Discovery is the demo Define the use case, set the clock A huge thanks to our sponsor, Fenix24 Fenix24 is the world's leading breach recovery firm, providing rapid ransomware restoration, full asset visibility, and threat informed hardening. Alongside expert recovery services, Fenix24 delivers ongoing managed protection that secures backups, infrastructure, and critical controls, helping organizations stay resilient, recoverable, and prepared for modern cyber threats. Learn more at fenix24.com.

How Should We Measure the Performance of a CISO? All links and images can be found on CISO Series. Check out this post from the cybersecurity subreddit for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is Jason Richards, vp, information security, CHG Healthcare. In this episode: Likability as a career strategy The storytelling gap How the math actually gets done The unofficial scorecard A huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is Adam Palmer, CISO, First Hawaiian Bank. Be sure to check out David's book, Three Feet from Seven Figures: One-on-One Engagement Techniques to Qualify More Leads at Trade Shows. In this episode: Lead with insight, not persuasion Recognize the opportunity when it arrives Strategy over features Keep it efficient A huge thanks to our sponsor, Endor Labs Discover how AI coding agents are reshaping software supply chain risk in the State of Dependency Management. Original research from Endor Labs shows 49% of dependency versions have known vulnerabilities (and that 34% don't actually exist). Get the report to see how "shadow AI" is reshaping attack surfaces. Learn more at endorlabs.com.

All links and images can be found on CISO Series. Check out this post by Caleb Sima for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Evan McHenry, CISO, Robinhood. In this episode: The information paradox Setting realistic expectations Prioritization over noise The cart before the horse Huge thanks to our sponsor, Endor Labs Discover how AI coding agents are reshaping software supply chain risk in the State of Dependency Management. Original research from Endor Labs shows 49% of dependency versions have known vulnerabilities (and that 34% don't actually exist). Get the report to see how "shadow AI" is reshaping attack surfaces.

All links and images can be found on CISO Series. This week's episode is co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Mark Eggleston, CISO, CSC. In this episode: Breaking trust to test it Technical controls over testing The measurement imperative Fire drills, not gotchas Huge thanks to our sponsor, Scanner All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data lakes, 10x cheaper than SIEMs. Loved by analysts. Built for AI agents. Learn more at scanner.dev.

All links and images can be found on CISO Series. Check out this post by Dr. Chase Cunningham, CSO at Demo-Force, for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Brett Conlon, CISO, American Century Investments. In this episode: The experience paradox Who benefits from the narrative Kitchen sink job postings The aggregation problem Huge thanks to our sponsor, Scanner All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data lakes, 10x cheaper than SIEMs. Loved by analysts. Built for AI agents. Learn more at scanner.dev

All links and images can be found on CISO Series. Check out this post by Patrick Garrity of VulnCheck for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is Tom Doughty, CISO, Generate:Biomedicines. In this episode: The 3Ms of product clarity Buzzwords work because buyers aren't experts Investor pressures distort messaging Threading the needle Huge thanks to our sponsor, Alteryx Alteryx is a leading AI and data analytics company that powers actionable insights that help organizations drive smarter, faster decisions. Alteryx One helps security, risk, and operations leaders cut hours of manual work to minutes, generate trusted insights at scale, and turn raw data into action faster than ever. Learn more at www.alteryx.com.

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by me, David Spark, the producer of CISO Series, and Jerich Beason, CISO, WM. Their guest is Pam Lindemoen, CSO and vp of strategy, RH-ISAC. In this episode: From loudest to most trusted Letting go of the win Listening over proving Beyond right and wrong Huge thanks to our sponsor, Alteryx Alteryx is a leading AI and data analytics company that powers actionable insights that help organizations drive smarter, faster decisions. Alteryx One helps security, risk, and operations leaders cut hours of manual work to minutes, generate trusted insights at scale, and turn raw data into action faster than ever. Learn more at www.alteryx.com.

All links and images can be found on CISO Series. Check out this post by Binoy Koonammavu of Secusy AI for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is best-selling cybersecurity author Peter Gregory. His upcoming study guide on AI governance can be pre-ordered here. In this episode: Speaking the language of leadership Beyond translation: the trust factor Making risk tangible When translation isn't enough Huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

All links and images can be found on CISO Series. Check out this post by Christofer Hoff of Truist for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Caleb Sima, builder, WhiteRabbit. Joining them is Crystal Chatam, vp of cybersecurity, Speedcast. In this episode: Understanding the fundamentals The grift of superficial expertise Hands-on experience matters A vulnerability at the leadership level Huge thanks to our sponsor, Stellar Cyber By shining a bright light on the darkest corners of security operations, Stellar Cyber empowers organizations to see incoming attacks, know how to fight them, and act decisively – protecting what matters most. Stellar Cyber's award-winning open security operations platform includes AI-driven SIEM, NDR, ITDR, Open XDR, and Multi-Layer AI™ under one unified platform with a single license. With ⅓ of the global top 250 MSSPs and over 14,000 customers worldwide, Stellar Cyber is one of the most trusted leaders in security operations. Learn more at https://stellarcyber.ai/.

All links and images can be found on CISO Series. Check out this post by Kevin Paige, CISO at ConductorOne, for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: When configuration drift becomes operational reality The garden that never stops growing From detection to cultural shift The maturity gap Huge thanks to our sponsor, ThreatLocker ThreatLocker® Defense Against Configurations continuously scans endpoints to uncover misconfigurations, weak firewall rules, and risky settings that weaken defenses. With compliance mapping, daily updates, and actionable remediation in one dashboard, it streamlines hardening, reduces attack surfaces, and strengthens security. Learn more at https://www.threatlocker.com/

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining them is their sponsored guest Bobby Ford, chief strategy and experience officer, Doppel. In this episode: Beyond the click High-risk users demand different metrics Building engagement over punishment Creating a security culture through community Huge thanks to our sponsor, Doppel Doppel is protecting the world's digital integrity. Impersonators adapt fast — but so does Doppel. By pairing AI with expert analysis, we don't just detect deception; we dismantle it. Our platform learns from every attack, expands its reach across digital channels, and disrupts threats before they cause harm. The result? Impersonators lose. Businesses become too costly to attack. And trust stays intact. Learn more at https://www.doppel.com/