CISO Series Podcast David Spark, Mike Johnson, and Andy Ellis

All links and images for this episode can be found on CISO Series.
We’ve heard a lot of talk about the security risks with emerging AI technologies. A lot of these center around employees using large language models. But what about the potential benefits of this technology for cybersecurity? Could we eventually see a de facto AI CISO on the job?
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Rob Duhart, deputy CISO, Walmart. Joining us is our special guest, Aaron Hughes, CISO, Albertsons.
Thanks to our podcast sponsor, KnowBe4

In this episode:
What are the potential benefits of A.I. for cybersecurity? Could we eventually see a de facto AI CISO on the job? How does neurodiversity improve awareness in your security program? Where have you taken advantage of AI for your security program? And specifically so you can do your job better as a CISO, where does AI deliver opportunities?

All links and images for this episode can be found on CISO Series.
In everyday life, it's often clear when to call in the authorities. Someone egging your house might not rise to the occasion, but a break-in gets a call to the cops. It's less clear when it comes to a cyberattack. What constitutes a significant attack and what are the regulatory requirements? Once you make the call, how do they help in your response?
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our special guest, David Ring, section chief at FBI, Cyber Division.
Thanks to our podcast sponsor, Hunters

Hunters SOC Platform is a SIEM alternative, delivering data ingestion, built-in and always up-to-date threat detection, and automating correlation and investigation processes to reduce risk, complexity, and cost for security teams. Learn more at hunters.security.
In this episode:
What constitutes a significant attack and what are the regulatory requirements? Once you make the call, how do they help in your response? How do you approach "skills-and competency-based" hiring? And are there certain positions for which a 4-year degree is necessary?

All links and images for this episode can be found on CISO Series.
Even before the pandemic, we've been increasingly living in online collaboration apps. So why are organizations still making basic security mistakes with them? Is this a case of shadow IT or do these apps present unique challenges?
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest, Rich Dandliker, chief strategist, Veza.
Thanks to our podcast sponsor, Veza

75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment. Learn more at Veza.com.
In this episode:
We've been increasingly living in online collaboration apps. So why are organizations still making basic security mistakes with them? Is this a case of shadow IT or do these apps present unique challenges? Startups are by nature a risky business, most fail. Why do they?

All links and images for this episode can be found on CISO Series.
Every company deals with off-boarding employees. Yet it feels like many organizations make basic security mistakes in this process. Is it just a case of HR and IT being out of sync, or is this an inevitably leaky process?
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our special guest Lorna Koppel, CISO, Tufts University.
Thanks to our podcast sponsor, LimaCharlie

Whether you’re looking for endpoint security, an observability pipeline, detection and response rules, or other underlying security capabilities, LimaCharlie’s SecOps Cloud Platform helps you build a flexible and scalable security program that can evolve as fast as threat actors. Move your SecOps into the modern era. Learn more at limacharlie.io.
In this episode:
What can a vendor do that will actually make a CISO want to respond to a message? What are we doing right and wrong when it comes to hardening our environments? Do you think organizations are still struggling with hardening their environments and if so, why?

All links and images for this episode can be found on CISO Series.
Security vendors want to engage with CISOs. Yet many choose tactics that seem blatantly insulting. It might seem obvious that asking a CISO if they care about security does nothing to ingratiate yourself, but we still have inboxes full of these types of messages. So what can a vendor do that will actually make a CISO want to respond to a message?
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our special guest, Jeff Hudesman, CISO, Pinwheel.
Thanks to our podcast sponsor, Balbix

Balbix is a cyber risk quantification platform that discovers and manages all your cyber assets, identifies and prioritizes vulnerabilities, and delivers a monetary assessment of cyber risk. This enables CISOs to articulate the value of risk to the board and obtain support and budgets for security programs.
In this episode:
What can a vendor do that will actually make a CISO want to respond to a message? What are we doing right and wrong when it comes to hardening our environments? Do you think organizations are still struggling with hardening their environments and if so, why?

All links and images for this episode can be found on CISO Series.
We're seeing increasing recognition that cybersecurity jobs should focus on competency rather than years of experience. But how do you create job posts to encourage that? And how do applicants even show that on a resume?
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us for the episode is our special guest TC Niedzialkowski‌, CISO, Nextdoor.
Thanks to our podcast sponsor, Reqfast

Stop treating your various intelligence and security functions as if they are separate, unrelated activities and, instead, bring them together with Reqfast. Identify what’s needed, identify areas for improvement, and make data-driven decisions with confidence.
In this episode:
Are we finally seeing increasing recognition that cybersecurity jobs should focus on competency rather than years of experience? How do you create job posts to encourage that? How do applicants even show that on a resume?