The Professional CISO

Sponsors:ObservoAI (www.observo.ai)Guidepoint Security (www.guidepointsecurity.com) Episode Summary:AI isn’t just hype anymore — it’s transforming the way enterprises operate. At GPSEC St. Louis, David Malicoat sits down with Felix Simmons, Principal Security Architect at GuidePoint Security, to cut through the noise around AI adoption, risk, and controls. Felix explains why AI is unlike past technology waves, how business demand is driving adoption faster than security teams can keep up, and what enterprises can do to prepare. From agentic AI and non-human identities to offline models and emerging security tooling, this conversation offers a practical guide for CISOs navigating AI in the enterprise. What You’ll Learn in This Episode:The real risks of AI adoption beyond the hypeHow business-driven demand changes the security equationWhy AI controls lag adoption — and what to do about itThe rise of agentic AI and new identity risksOffline models, adversarial risks, and scanning challengesWhat the future of AI-driven enterprise security may look likeGuest:Felix Simmons — Principal Security Architect, GuidePoint Security Links & Resources:🌐 Website: www.thpc.co📺 Watch More Episodes: http://www.youtube.com/@TheProfessionalCISO 🎧 Listen on https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673 🍏 Listen on https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021 💼 Connect on https://www.linkedin.com/company/the-professional-ciso-show Hashtags:#Cybersecurity #CISO #AI #EnterpriseSecurity #GPSEC #GuidePointSecurity #ObservoAI

SponsorsAIM Security (www.aim.security)Guidepoint Security (www.guidepointsecurity.com) Kristi Cook, Head of Cybersecurity at Peabody Energy, joins David Malicoat live from GPSEC St. Louis — with AIM Security as our midday sponsor — to discuss how she’s leading her team through AI adoption, data governance, and talent development.From leveraging conferences as both morale boosters and strategic accelerators, to building a sustainable talent pipeline through the CyberUp apprenticeship program, Kristi offers actionable insights for CISOs facing rapid technological change. We also dive into the unique trust and collaboration in the St. Louis cybersecurity community, and why AI may finally give security leaders the leverage to fix long-standing data governance challenges. Key Topics Covered:Leadership panel insights: AI, SaaS security, hiring, and retentionUsing conferences for team building and strategy alignmentJustifying training investments to executive leadershipFoundations for AI security: IAM and data protectionSolving the talent gap with apprenticeship programsWhy local community trust matters in cybersecurityPreparing for the next wave of rapid tech change Resources & Links:AIM Security: www.aimsecurity.aiCyberUp Apprenticeship Program: wecyberup.orgThe Professional CISO Show Website: www.thpc.coWatch on YouTube: @TheProfessionalCISOListen on Spotify: Click HereListen on Apple Podcasts: Click HereConnect on LinkedIn: The Professional CISO Show #️⃣ Hashtags#Cybersecurity #CISO #TheProfessionalCISOShow #DataGovernance #AIsecurity #Leadership #TeamBuilding #CyberTalent #IdentityAccessManagement #StLouisCybersecurity #GPSEC #PeabodyEnergy #CyberUp

In this special RSA Conference edition of The Professional CISO Show, host David Malicoat sits down with Rob T. Lee—Chief of Research at SANS Institute and a foundational figure in cybersecurity. With nearly three decades of experience spanning the Air Force, Mandiant, and SANS, Rob shares his insights on the evolving challenges of the CISO role, the toxicity of today’s security environments, and the urgent need for AI literacy across the industry.Rob dives deep into the accelerating threat landscape, the need for cyber safe harbors, and why he believes we’re on the verge of normalizing breaches as the cost of doing business. He also makes the case for rewarding defenders and rethinking how we define cybersecurity success.Key Highlights:Why most CISOs say “never again”—and what needs to changeWhy Rob coined DFIR and CTI (and the story behind it)The CISO “zero-sum game” and how toxic cultures persistRob’s 4-part personal health mantra: Sleep, Diet, Exercise… and AIA call to “Learn AI daily”—for security pros and business leaders alikeWhat boards should be doing—and why every board needs a cyber voiceRob’s RSA keynote preview: cyber safe harbors and AI velocity imbalanceGuest:👤 Rob T. Lee – Chief of Research, SANS Institute🔗 https://www.sans.org/profiles/rob-t-lee/Host:🎙️ David Malicoat, The Professional CISO Show🌐 www.thpc.coListen & Subscribe:🔊 Spotify: The Professional CISO Show on Spotify🍎 Apple Podcasts: The Professional CISO Show on Apple📣 Hashtags: #Cybersecurity #TheProfessionalCISO #RSA2025 #RobTLee #SANS #DFIR #AIinSecurity #CyberRisk #CISOLeadership #CTI #CyberSafeHarbor #LearnAIDaily #IncidentResponse #AIThreats #CyberCulture

🔹 Live from CISO XC DFW (www.cisoxc.com) | Sponsored by Valence Security (www.valencesecurity.com)In this field-recorded episode of The Professional CISO Show, host David Malicoat returns to CISO XC DFW for another round of dynamic, on-the-ground conversations with three influential cybersecurity leaders — each offering a unique and grounded perspective on today’s real-world risks and tomorrow’s security frontiers.Cyber attorney and governance thought leader Shawn Tuma returns to discuss the resurgence of business email compromise (BEC), the importance of humility in cyber defense, and why AI governance is rapidly becoming a core CISO responsibility. Maritime security executive Glen Vickers walks us through the harsh realities of securing satellite-connected vessels, dealing with Starlink, and the challenges of maritime connectivity. Then, longtime friend of the show and security visionary Chris Cochran reveals his newest venture: Commandant, an AI-powered incident response co-pilot designed to fundamentally change how organizations respond to crisis events — complete with its own assistant, Lucy.Throughout the episode, we also explore the challenges of securing SaaS ecosystems, managing identity at scale, and the rising importance of proactive vendor evaluation and tabletop readiness.Whether you’re a field-hardened CISO or just starting your executive security journey, this episode brings you into the heart of cybersecurity’s most pressing conversations — unfiltered, insightful, and straight from the source.🔑 What You’ll Learn in This EpisodeThe dangerous re-emergence of BEC as a top threat vector — and why AI may be amplifying the riskWhy CISOs must lead the charge on AI governance and strategy — or risk being sidelinedHow FIDO and identity modernization can reduce exposure to targeted fraudInsights on satellite cybersecurity, Starlink limitations, and maritime network vulnerabilitiesA behind-the-scenes preview of “Commandant,” an AI co-pilot for incident response — designed to help IR teams with note-taking, SLA tracking, notification workflows, and continuous tabletop exercisesHow vendor selection, tabletop simulations, and small supplier coordination can make or break your organization during a crisisWhy humility, not hubris, is the most underrated leadership trait in cybersecurity💬 Notable Quotes“Just because you can’t think of how the attacker got in doesn’t mean they didn’t. That’s why we need more humility in this industry.” —Shawn Tuma“AI isn’t just a buzzword. It’s a once-in-a-generation shift — and CISOs have a chance to shape it from the start.” —David Malicoat“Lucy is designed to help you during your worst day — capturing context, notes, contracts, timelines, and guiding you through the fog of war.” —Chris Cochran“We’re securing vessels in the middle of the ocean using tech that was old when we got it — Starlink’s changed the game, but it’s brought new challenges too.” —Glen Vickers“A $5M cyber insurance policy might only cover $250K of social engineering fraud. The rest is on you.” —Shawn Tuma🎧 Listen & Subscribe📍 Available now on all major platforms:🔗 Spotify🔗 Apple Podcasts🌐 Full episodes and show resources at www.thpc.co📣 Stay Connected with The Professional CISO Show📺 Watch on YouTube💼 Follow on LinkedIn🧠 Guest InfoShawn Tuma – Partner at Spencer Fane, co-author of GC + CISO ConnectionGlen Vickers – CISO at ABS WavesightChris Cochran – Co-founder, Commandant AI | Formerly of Netflix, NSA, Mandiant📚 Related EpisodesEP 71 – CISO Culture & AI StrategyEP 63 – AI Governance and the Role of the CISOEP 45 – Shawn Tuma on Legal Risk, AI, and Cyber Insurance🔖 Hashtags#CISO #CyberSecurity #TheProfessionalCISOShow #BusinessEmailCompromise #AIinSecurity #IncidentResponse #MaritimeCyber #StarlinkSecurity #ValenceSecurity #CommandantAI #LeadershipInCyber #FIDO #SupplyChainRisk #CyberInsurance #SaaSVisibility #RealWorldSecurity

Sponsors:AIM Security (www.aim.security)Guidepoint Security (www.guidepointsecurity.com)In this special on-location episode, David Malicoat returns to The Professional CISO Show from the heart of the St. Louis cybersecurity scene—GPSEC STL—presented by GuidePoint Security and AIM Security.He’s joined by two standout guests:🔹 Andrew Wilder, CISO at VetCor and unofficial “cruise director” of the vibrant St. Louis CISO community🔹 Carole Sharp, Lead Security Governance Analyst at Centene and a seasoned expert in GRC and risk quantificationFrom grassroots cybersecurity culture to the future of AI and post-quantum threats, this episode is a powerful snapshot of where security leadership is going—and who’s leading the charge.🧠 Topics CoveredThe legendary St. Louis CISO community (“don’t mess with the family”)AI + DSPM in the real world: what’s workingAgentic AI and the evolution of SOC workRisk quantification, FAIR, and practical GRC strategyThe future of cybersecurity beyond AI: quantum readinessSt. Louis as a cybersecurity hub with soul🛠 Sponsored by AIM SecurityAIM Security helps CISOs safely adopt AI across the enterprise—govern shadow AI, secure LLMs, and stop adversarial threats before they happen. Learn more at aimsecurity.ai🔗 Subscribe & Follow the Show:www.thpc.coLinkedInSpotifyApple Podcasts#cybersecurity #CISO #AIsecurity #GPSEC #quantumcomputing #GRC #DSPM #TheProfessionalCISO #riskmanagement #infosec

Sponsors:HivePro (www.hivepro.com)CISO XC: (www.cisoxc.com)In this on-site episode from CISO XC DFW, David Malicoat sits down with Matt Walker (Goosehead Insurance) and Allen Rountree (IBM Public Cloud) for candid conversations on today’s biggest challenges and opportunities in cybersecurity leadership.💡 Topics CoveredApplying Zero Trust principles to AI use casesSaaS data leakage and the evolving DLP strategyContinuous Threat Exposure Management (CTEM) and Hive Pro’s roleSelling security risk to the board and executive teamEnabling business value through classification and risk reductionThe evolving edge and why exposure is the new perimeterWhat it means to “take off the badge” as a CISOHolistic data protection in fragmented environments💬 “Don’t just be the department of no. Enable the business with intelligence and insight.”

Sponsors:AIM Security (www.aim.security)Guidepoint Security (www.guidepointsecurity.com)What does it take to secure AI in the enterprise—when the threat landscape, technology stack, and business expectations are all evolving in real time?At GPSEC St. Louis, David Malicoat sits down with Dan Anderson, Field CTO of the Americas at AIM Security, to talk about securing the full lifecycle of AI usage across the enterprise. From browser plugins and AI firewalls to shadow AI discovery and agentic AI governance, this candid conversation dives deep into where the risks really lie and what security leaders need to be doing now.You’ll walk away with a grounded view of the AI adoption journey—and why most organizations are already neck-deep in it, whether they know it or not.🔑 Episode HighlightsWhy “saying no” to AI use is no longer an option—and what happens when you tryDefining the real problem space of AI security: shadow usage, data leakage, adversarial LLMsAIM’s product strategy: covering the full lifecycle from browser to firewall to analyticsWhat agentic AI means—and why it’s the next frontierBuilding an AI security program around people, process, and partnershipThe future of AI governance and how AIM is shaping it through real-world customer feedbackWhy there’s no such thing as a fully baked AI security product in 2025🎧 Listen NowSpotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021YouTube: http://www.youtube.com/@TheProfessionalCISO🌐 Connect with The Professional CISO ShowWebsite: www.thpc.coLinkedIn: The Professional CISO Show📢 About AIM SecurityAIM Security helps security leaders enable safe, governed, and productive AI adoption. From LLM usage monitoring to AI firewalls, AIM empowers enterprises to protect their data, enforce compliance, and stay ahead of the AI attack surface. Learn more and book a demo at www.aim.security