CISO Series Podcast

David Spark, Mike Johnson, and Andy Ellis

Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.

  1. Are You Implying This Line Graph Isn't a Compelling Cybersecurity Narrative?

    13H AGO

    Are You Implying This Line Graph Isn't a Compelling Cybersecurity Narrative?

    All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining them is our sponsored guest, Nathan Hunstad, director, security, Vanta. In this episode: Metrics that matter Testing for real AI as an assistant Intelligence without context Huge thanks to our sponsor, Vanta Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get back time to focus on strengthening security and scaling your business at vanta.com/ciso

    41 min
  2. Our CISO Certainly Puts the Tool in Multi-Tool (LIVE in LA)

    NOV 11

    Our CISO Certainly Puts the Tool in Multi-Tool (LIVE in LA)

    All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Jeff Steadman, deputy CISO, Corning Incorporated. Joining them is Quincey Collins, CSO, Sheppard Mullin. This episode was recorded live at the ISSA LA Summit in Santa Monica, California. In this episode:  The foundational debate Strength over breadth Beyond traditional backgrounds Keeping perspective on risk Huge thanks to our sponsors, Adaptive Security and Dropzone AI AI-powered social engineering threats like deepfake voice calls, GenAI phishing, and vishing attacks are evolving fast. Adaptive helps security leaders get ahead with an AI-native platform that simulates realistic genAI attacks, and delivers expert-vetted security awareness training — all in one unified solution. Learn more at adaptivesecurity.com. Dropzone AI autonomously investigates every security alert—no playbooks needed. This AI SOC analyst queries your CrowdStrike, Splunk, threat intel feeds, and 60+ other tools to build complete investigations in 5 minutes. Unlike black-box automation, it shows every query, finding, and decision. See it work yourself—explore the self-guided demo at dropzone.ai.

    45 min
  3. I Don't Just Guess About Effectiveness, I Make Educated Guesses!

    NOV 4

    I Don't Just Guess About Effectiveness, I Make Educated Guesses!

    All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining us is Sara Madden, CISO, Convera. In this episode:  Optimizing for reality, not idealism Engineering governance instead of monitoring compliance When AI finds what humans miss The measurement problem Huge thanks to our sponsor, ThreatLocker Human error remains one of the top cybersecurity threats. Just one wrong click can open the door to ransomware or data loss. With ThreatLocker, unauthorized apps, scripts, and devices are blocked before they can ever run. See how ThreatLocker can help you gain more control over your environment. https://threatlocker.com

    39 min
  4. It's a Little Hard to Evaluate New Solutions When You're Screaming "AI" at Me All the Time (Live in Houston)

    OCT 28

    It's a Little Hard to Evaluate New Solutions When You're Screaming "AI" at Me All the Time (Live in Houston)

    All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Jerich Beason, CISO, WM. Joining them on stage is Jack Leidecker, CISO, Gong. This episode was recorded live at HOU SEC CON 2025. In this episode: The open source sustainability problem AI levels the geopolitical playing field Cutting through AI vendor hype Why the fundamentals still hurt Thanks to Erik Bloch from Illumio for providing our "What's Worse" scenario. Huge thanks to our sponsor, Vorlon Security SaaS data moves fast—Vorlon gives security teams the context to move faster. Vorlon combines posture and secrets management, data flow visibility, and detection and response —
so you can see the full picture: what's connected, what's at risk,
and what needs immediate action. Learn more at https://vorlon.io/

    44 min
  5. Dear Abby: Why Should I Trust a Vendor Selling Me Zero Trust?

    OCT 21

    Dear Abby: Why Should I Trust a Vendor Selling Me Zero Trust?

    All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Dan Walsh, CISO, Datavant. Joining them is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: When EDR gets knocked out Red flags in vendor theater Configuration chaos The sticker problem Huge thanks to our sponsor, ThreatLocker ThreatLocker® Defense Against Configurations continuously scans endpoints to uncover misconfigurations, weak firewall rules, and risky settings that weaken defenses. With compliance mapping, daily updates, and actionable remediation in one dashboard, it streamlines hardening, reduces attack surfaces, and strengthens security. Learn more at threatlocker.com.

    30 min
  6. The Difference with AI Red Teaming is We Added the Word AI

    OCT 14

    The Difference with AI Red Teaming is We Added the Word AI

    All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Khush Kashyap, senior director, GRC, Vanta. In this episode: Skip the Sermon When to coach versus command Making risk quantification useful Recognizing a distinct discipline   Huge thanks to our sponsor, Vanta Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get back time to focus on strengthening security and scaling your business at https://www.vanta.com/landing/demo-grc?utm_campaign=new-way-grc&utm_source=ciso-series-podcast&utm_medium=podcast&utm_content=banner

    38 min

  7. OCT 7

    Don't Worry, We'll Get to Solving Your Problem on Slide 87

    All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining them is Daniel Liber, CISO, Monday.com. In this episode: AI security's blind spot problem Vendors don't understand the assignment Marketing budgets overshadow actual innovation Accuracy versus effectiveness Huge thanks to our sponsor, Material Security Built specifically for Google Workspace, Material is a detection and response platform that protects Gmail, Google Drive, and accounts by proactively eliminating security gaps, stopping misconfigurations, and preventing shadow IT before they turn into costly problems. See Material in action today - https://material.security/providers/google-workspace?utm_source=third-party&utm_medium=website&utm_campaign=20251007-cisoseries

    37 min

  8. SEP 30

    Time to Choose a Security Vendor: Dart Board or Spin the Wheel?

    All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Pavi Ramamurthy, global CISO and CIO, Blackhawk Network. In this episode: We can't promise safe, but we can promise ready Are we accidentally building security nightmares? Being held accountable for things you had no say in The safe space problem in vendor evaluation Huge thanks to our sponsor, Adaptive Security Sponsored by Adaptive Security — the first cybersecurity company backed by OpenAI. Adaptive helps security leaders defend against AI-powered social engineering threats like deepfakes, vishing, and GenAI phishing with advanced phishing simulations and next-generation security awareness training. Adaptive's new AI Content Creator enables teams to instantly convert threat intelligence and compliance updates into interactive, multilingual training — no instructional design required. Trusted by Fortune 500s and backed by Andreessen Horowitz and the OpenAI. Learn more at http://www.adaptivesecurity.com

    44 min
See All (382)

4.8
out of 5
189 Ratings

About

Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.

Information

  • Creator
    David Spark, Mike Johnson, and Andy Ellis
  • Years Active
    2018 - 2025
  • Episodes
    382
  • Rating
    Clean
  • Copyright
    © 2018-2025 CISO Series
  • Show Website
    CISO Series Podcast

You Might Also Like