The Professional CISO

David Malicoat

Shaping Cybersecurity Leadership: Today, Tomorrow, Together.

  1. 1 DAY AGO

    🎙️ Episode 90 | GPSEC DFW: The Modern CISO, AI, and the OT Frontier

    🎙️ Episode Summary Episode 90 of The Professional CISO Show kicks off the GPSEC DFW series, recorded live in Dallas. Host David Malicoat welcomes Andy Lux, Kendall Reese, and Patrick Gillespie for a dynamic discussion on risk leadership, AI governance, and OT security. Together, they explore how the role of the CISO is evolving — from managing control frameworks to enabling business outcomes through smarter, risk-informed strategies.   🔑 Key Takeaways The CISO’s role continues to mature toward enterprise risk and business alignmentAI adoption is accelerating, but governance and ROI remain top concernsFrameworks and cross-functional cooperation define future-ready security programsOT security is no longer separate — it’s central to national and business resilience  💬 Notable Quotes “You can’t be Fort Knox everywhere — we have to know our risk tolerance.” — Andy Lux“We’re shoulder to shoulder in governance; AI requires collaboration and control.” — Kendall Reese“If your IT and OT teams don’t know each other before an incident, it won’t go well.” — Patrick Gillespie 🎧 Listener Benefits By listening to this episode, you’ll gain insight into: Modern CISO decision frameworksPractical AI integration strategiesGovernance approaches for emerging techThe human and operational side of cybersecurity  📣 Call to Action Subscribe, share, and join the movement to professionalize the role of the CISO. Visit www.thpc.co for upcoming events, recordings, and sponsor opportunities.   🏆 Sponsors Premier Sponsor: Check Point (www.checkpoint.com)Associate Sponsor: GuidePoint Security (www.guidepointsecurity.com)

    25 min

  2. 31 OCT

    Surviving Ransomware—and the Wilderness—with Zach Lewis

    Brought to you by: Check Point (www.checkpoint.com) Armis (www.armis.com) Guidepoint Security (www.guidepointsecurity.com) 🎙️ Episode Summary During The Professional CISO Show – St. Louis Tour Stop, Zach Lewis joins host David Malicoat to discuss his path from IT support to the executive suite, his experience navigating a real ransomware incident, and his forthcoming book Locked Up (Wiley, 2026). Wiley Books: https://www.wiley.com/en-us/Locked+Up%3A+Cybersecurity+Threat+Mitigation+Lessons+from+A+Real-World+LockBit+Ransomware+Response-p-9781394357048   Zach also explores how wilderness survival parallels cybersecurity—teaching preparedness, adaptability, and mental endurance—and why CISOs must lead with transparency and authenticity.   🔑 Key Takeaways CIO and CISO roles are converging faster than ever in modern enterprises.Sharing real breach stories removes stigma and helps the community grow.Wilderness survival mirrors the mindset needed for effective incident response.Writing a book can transform your professional credibility and brand.Visibility matters: every CISO should cultivate a public voice.💬 Notable Quotes “Being out in the woods is like one giant tabletop exercise.”“No one talks about ransomware because of the stigma—I wanted to change that.”“When you find that unique idea, run with it.”“Everything is bearable—until it’s not, and then you die.”“Build your personal brand so you never have to go job hunting again.” 🎁 Listener Benefits Hear a first-hand ransomware leadership storyLearn how to balance dual CIO and CISO responsibilitiesGain inspiration to publish your own cybersecurity insightsDiscover the surprising connection between wilderness survival and cybersecurity strategy 📣 Call to Action Follow The Professional CISO Show on your favorite platform for conversations that move the cybersecurity profession forward.   🔗 Connect with Us 🌐 www.thpc.co 💼 The Professional CISO Show on LinkedIn 🎥 Watch on YouTube 🎧 Spotify 🍏 Apple Podcasts

    46 min

  3. 27 OCT

    From GenAI Prompts to OAuth Phishing: The Hidden Browser Risks - with Tommy Perniciaro

    Episode Summary Recorded live at HOU.SEC.CON, The Professional CISO Show welcomes Tommy Perniciaro, Director of Solutions Architecture at LayerX, to explore why the browser has become the least-instrumented layer in the modern security stack — and how CISOs can finally gain visibility and control over it.   David and Tommy discuss everything from malicious browser extensions and OAuth-based phishing to AI prompt leakage and the emergence of “AI browsers.” Listeners will walk away with a new appreciation for the browser as the enforcement point of the future — and practical insights on deploying LayerX to close this growing gap.   Key Takeaways The browser is now a primary attack surface for enterprise users.LayerX gives security teams visibility and control without replacing browsers.GenAI tools and prompts can leak sensitive data if not monitored at the DOM level.OAuth-based phishing is bypassing traditional email and network defenses.Secure enterprise browsers struggle with user adoption — LayerX works inside the browsers you already have.AI browsers are emerging as the next battleground for identity and data protection.Post-quantum cryptography will further challenge network-layer inspection.Notable Quotes “The browser is where all the work is happening — SaaS, AI, identity — but it’s the least instrumented control plane we have.” – Tommy Perniciaro  “Without visibility at the DOM level, you’re flying blind to what extensions, prompts, and identities are doing inside your environment.” – David Malicoat  “Phishing doesn’t need your password anymore. OAuth grants and browser-based attacks are where it’s moving.” – Tommy Perniciaro  “LayerX turns the browsers your people already use into secure browsers — no new deployment, no friction.” – David Malicoat  “Post-quantum encryption will change inspection forever. The browser may become the new enforcement point.” – Tommy Perniciaro  Listener Benefits Understand why browser visibility is critical in today’s SaaS-driven enterprise.Learn how to prepare your organization for the age of GenAI and AI browsers.Get practical deployment and change management insights for LayerX and similar solutions.Discover how browser-level inspection complements your EDR and network security stack.  Call to Action Subscribe to The Professional CISO Show on your favorite platform and join the movement to professionalize the CISO role. 🎧 Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673 🍎 Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021 🌐 Website: www.thpc.co

    20 min

  4. 15 OCT

    Magic, Mentalism, and the Modern CISO – with Gary Chan

    Episode Summary   In this episode, host David Malicoat sits down in St. Louis, Missouri with Gary Chan, Chief Information Security Officer at SSM Health — and a professional Security Mentalist. Gary blends his background in cybersecurity, engineering, and mentalism to bring a refreshingly human and creative approach to leadership, awareness, and influence in the world of cyber.   From performing mind-reading demonstrations to explaining how storytelling drives executive buy-in, Gary shows us how creativity and communication can transform a CISO’s impact inside and outside the organization.   They dive deep into how CISOs can become better leaders, storytellers, and advocates for security — and why selling the “why” is far more powerful than explaining the “how.”   Key Takeaways 🎩 Magic Meets Cybersecurity: How Gary uses mentalism and showmanship to make security awareness engaging and unforgettable.🧭 The Future of the CISO: Why tomorrow’s security leaders must master storytelling, influence, and emotional intelligence — not just technology.💼 Selling the Business Case: How to translate “reduce risk” into tangible stories that matter to the CFO, board, and business leaders.🧠 Leadership Lessons from the Stage: What performing magic taught Gary about persuasion, empathy, and audience connection.💡 From VAR to Healthcare CISO: Gary’s career journey through consulting, sales, and healthcare leadership — and the lessons he carried forward.Notable Quotes “When you’re a senior leader, it’s all about storytelling — people need to understand how security ties back to why the organization exists.”“Nobody cares about reducing risk. They care about the impact to them — their goals, their reputation, their mission.”“Magic and cybersecurity aren’t that different — both are about understanding people’s perceptions and guiding them toward the right conclusion.”  Listener Benefits Learn how to communicate cybersecurity’s value through stories, not statsDiscover practical ways to make security awareness fun and memorableGain insight into leadership and influence beyond the technical realmHear real-world lessons on career growth from consulting to the CISO seatCall to Action   ✅ Follow The Professional CISO Show on LinkedIn 🎧 Listen and Subscribe on Spotify or Apple Podcasts 🌐 Visit THPC.co for show updates and events   Guest Information Gary Chan Chief Information Security Officer, SSM Health Security Mentalist & Speaker 🔗 Website: gschan2000.com 🔗 Search “Gary Chan Security Mentalist” for more information   Sponsors This episode is made possible by: Check Point – 2025 Workspace Security Insights Roadshow (www.checkpoint.com)Armis – 2025 Cyber Warfare Report (www.armis.com)GuidePoint Security – Trusted cybersecurity expertise across Fortune 500 and government agencies (www.guidepointsecurity.com) Hashtags #TheProfessionalCISO #CybersecurityLeadership #CISO #GaryChan #SecurityAwareness #CyberCulture #SecurityMentalist #LeadershipDevelopment #StorytellingInSecurity #CISOShow #THPCShow

    44 min

  5. 13 OCT

    The Human Operating System: A New Way to Think About Cyber Risk with Kate Goldman

    Episode Summary In this episode, David Malicoat sits down with Kate Goldman, founder and CEO of Cybermaniacs, to challenge one of cybersecurity’s oldest assumptions — that humans are the weakest link. Kate argues it’s time for CISOs to rethink human risk, culture, and resilience in the modern organization.   Together, David and Kate explore the emerging field of Human Risk Management, the idea of the Human Operating System, and how leaders can leverage psychology, culture, and AI to build resilient teams that thrive in the age of digital transformation.   Key Takeaways Why the phrase “humans are the weakest link” needs to be retired.The concept of the Human Operating System — and how to “patch” human vulnerabilities.How to evolve from compliance-based awareness to behavior-based resilience.Why culture, psychology, and norms are the real keys to cybersecurity success.The intersection of AI and human risk — and how workforce roles must evolve.Why the next wave of cyber resilience will require rethinking training, learning, and leadership.  Notable Quotes “Humans aren’t the weakest link — they’re the core operating system of your business.” — Kate Goldman“You can’t compliance people into good behavior. You have to design the culture around it.” — Kate Goldman“We’ve thrown chaos into a system we barely understood — AI has made human risk even more concentrated.” — Kate Goldman“CISOs must learn to use culture and psychology as part of their playbook.” — David Malicoat“The next era of security isn’t just about tech resilience — it’s about human resilience.” — Kate Goldman  Listener Benefits By listening, cybersecurity leaders will gain: A new framework for understanding and managing human risk.Insights into integrating behavioral science and culture into cybersecurity programs.Practical ideas for evolving awareness, resilience, and workforce readiness in the AI era.Call to Action If you believe it’s time to professionalize the role of the CISO, hit Follow on Spotify or Apple Podcasts, and visit us at www.thpc.co for upcoming episodes and tour dates.   Connect with Us LinkedIn: https://www.linkedin.com/company/the-professional-ciso-showYouTube: http://www.youtube.com/@TheProfessionalCISOSpotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021Guest Info Kate Goldman CEO & Founder, Cybermaniacs www.thecybermaniacs.com Follow on LinkedIn: Kate Goldman   Sponsors This episode is made possible by: MagicMirror Security — “The magic happens when security is invisible.” magicmirrorsecurity.com/thpc  Related Episodes Ep. 80 – Stop Rolling Your Eyes: AI Is Your CISO Leadership OpportunityEp. 82 – Responsible AI in Cybersecurity with Alain EspinosaEp. 85 – LLMs vs SLMs: The Future of AI in Cybersecurity  Hashtags #CyberSecurity #CISO #HumanRisk #CyberAwareness #AIinSecurity #CyberCulture #Leadership #CyberResilience #TheProfessionalCISOShow

    41 min

  6. 1 OCT

    Joe Sullivan on Why Now Is the Best Time to Be in Cybersecurity

    Episode Summary: Joe Sullivan returns to The Professional CISO Show for a wide-ranging discussion with host David Malicoat. Together, they unpack the Salesforce hack, SaaS application blind spots, identity and access management, AI noise versus real use cases, and how security teams must evolve. Joe also shares candid lessons from crisis leadership, regulatory scrutiny, and the personal realities of being a CISO under fire.   Key Takeaways: Why SaaS security is still a blind spot — and how attackers exploit itIdentity, cookies, and why current authentication standards fall shortThe fading CIO role and the rise of security leaders managing ITHow AI will reshape both security threats and team structuresAppSec’s critical role in the future of cybersecurityBuilding true organizational resilience in the age of ransomwareJoe’s personal reflections on accountability, recovery, and resilience Notable Quotes: “We can’t buy our way to good identity security yet.” – Joe Sullivan“AI is just a hyper speed version of a human problem.” – Joe Sullivan“Sooner or later, every CISO faces crisis — and we must prepare like firefighters.” – Joe Sullivan“The CEO wants a digital risk leader, not just a security leader.” – Joe Sullivan Listener Benefits: Gain insight into current and emerging cybersecurity risksLearn practical approaches to SaaS and identity securityUnderstand how AI will transform both attacks and defensesHear candid reflections on resilience, leadership, and accountability Call to Action: 🎧 Subscribe and listen: Spotify: The Professional CISO ShowApple Podcasts: The Professional CISO Show💼 Connect on LinkedIn: The Professional CISO Show 🌐 Learn more: www.thpc.co

    1h 28m

  7. 10 SEPT

    Responsible AI or Responsible Marketing? A CISO’s Take

    "I get it. I need to stop banging on the table. This will be fixed in future episodes. Sorry for the poor sound experience." - David   Get your Responsible AI Vendor Due Diligence Checklist here: https://webforms.pipedrive.com/f/ccV6a7kFIWKZpodmLcDbBhKhYnVU5N81A2tM20DGC8gepc0UtzfcqYaHXfzBi8gzuz   Episode Summary: In this episode of The Professional CISO Show, David Malicoat explores whether “Responsible AI” pledges from vendors are genuine safeguards or simply marketing buzz. Using Zscaler’s recent claims as a case study, David walks through vendor promises, compliance implications, audit gaps, and blind spots around explainability, bias, and portability.   The episode introduces a practical CISO Vendor AI Evaluation Sheet across six domains — data handling, AI governance, auditability, liability, transparency, and exit strategy — to help CISOs push beyond assurances and demand evidence.   Key Takeaways: Why “Responsible AI” is often indistinguishable from “Responsible Marketing”The compliance challenges with GDPR, HIPAA, CCPA, SR 11-7, and the EU AI ActHow metadata, audit evidence gaps, and third-party dependencies introduce hidden riskWhy boards must be educated on AI risk vs. AI marketing hypeWhy CISOs must own the Responsible AI conversation before regulators step inNotable Quotes: “Responsible AI should be more than a press release. It must be auditable, enforceable, and defensible in front of a regulator.”“When regulators knock, they won’t call the vendor first. They’ll call you.”“Don’t just take a vendor’s word for it — ask hard questions, demand evidence, and get it in writing.”Listener Benefits: By listening, you’ll gain a sharper lens for evaluating AI vendor claims, practical tools to strengthen your vendor management process, and strategies to get ahead of inevitable regulation.   Call to Action: 👉 Download the free CISO Vendor AI Evaluation Sheet from the show notes. 👉 Share this episode with your peers and comment your perspective on LinkedIn. 👉 Subscribe on Spotify, Apple Podcasts, and YouTube. 🔖 Hashtags #ResponsibleAI #CISO #CybersecurityLeadership #TheProfessionalCISO #AICompliance #VendorRisk #AIGovernance

    48 min

  8. 20 AUG

    AI Adoption vs. Security Reality — Insights from GPSEC STL

    Sponsors: ObservoAI (www.observo.ai) Guidepoint Security (www.guidepointsecurity.com)   Episode Summary: AI isn’t just hype anymore — it’s transforming the way enterprises operate. At GPSEC St. Louis, David Malicoat sits down with Felix Simmons, Principal Security Architect at GuidePoint Security, to cut through the noise around AI adoption, risk, and controls.   Felix explains why AI is unlike past technology waves, how business demand is driving adoption faster than security teams can keep up, and what enterprises can do to prepare. From agentic AI and non-human identities to offline models and emerging security tooling, this conversation offers a practical guide for CISOs navigating AI in the enterprise.   What You’ll Learn in This Episode: The real risks of AI adoption beyond the hypeHow business-driven demand changes the security equationWhy AI controls lag adoption — and what to do about itThe rise of agentic AI and new identity risksOffline models, adversarial risks, and scanning challengesWhat the future of AI-driven enterprise security may look like Guest: Felix Simmons — Principal Security Architect, GuidePoint Security   Links & Resources: 🌐 Website: www.thpc.co📺 Watch More Episodes: http://www.youtube.com/@TheProfessionalCISO 🎧 Listen on https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673 🍏 Listen on https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021 💼 Connect on https://www.linkedin.com/company/the-professional-ciso-show  Hashtags: #Cybersecurity #CISO #AI #EnterpriseSecurity #GPSEC #GuidePointSecurity #ObservoAI

    17 min
See All (91)

About

Shaping Cybersecurity Leadership: Today, Tomorrow, Together.

Information

  • Creator
    David Malicoat
  • Years Active
    2024 - 2025
  • Episodes
    91
  • Rating
    Clean
  • Copyright
    © Copyright 2024 All rights reserved.
  • Show Website
    The Professional CISO

You Might Also Like