Security You Should Know

CISO Series
  • 4.3 (9)
  • TECHNOLOGY

What if you could get a no-nonsense look at security solutions in just 15 minutes? Security You Should Know, the latest podcast from the CISO Series, does just that. Hosted by Rich Stroffolino, each episode brings together one security vendor and two security leaders to break down a real-world problem and the solution trying to fix it. Expect straight answers on: How to explain the issue to your CEO What the solution actually does (and doesn't do) How the pricing model works Then, our security leaders ask the tough questions to see what sets this vendor apart. Subscribe now and and stay ahead of the latest security solutions. Visit CISOseries.com for more details. Security You Should Know: Connecting security solutions with security leaders.

  1. 1D AGO

    Securing Mobile Apps with Guardsquare

    In this episode, Ryan Lloyd, Chief Product Officer at Guardsquare, explains how the platform combines code obfuscation, runtime integrity checks, and real-time threat monitoring to secure mobile apps at the binary level, integrated directly into the CI/CD pipeline. Joining him are TC Niedzialkowski, Head of IT & Security at Opendoor, and Montez Fitzpatrick, CISO at Navvis. Want to know: Why does organizational apathy around mobile app security persist even as mobile becomes the primary customer channel? What's the difference between app integrity and code integrity, and why does it matter for defending against repackaging attacks? How does obfuscation function as a real security control rather than just security through obscurity? How does Guardsquare fit into the CI/CD pipeline, and what does the actual build overhead look like for development teams? What API and webhook capabilities exist for routing threat monitoring data into your existing security stack? How does Guardsquare's mobile app attestation model bind server-side APIs to verified legitimate app instances — and why does that matter for stopping bots and credential theft? Huge thanks to our sponsor, Guardsquare Guardsquare delivers mobile app security without compromise, providing advanced protections for both Android and iOS apps. From app security testing to code hardening to real-time visibility into the threat landscape, Guardsquare solutions provide enhanced mobile application security from early in the development process through publication. Learn more about how to protect your app at Guardsquare.com.

    17 min

  2. MAY 4

    Verifying Identities with Trusona

    In this episode, Ori Eisen, founder and CEO at Trusona, makes a case for getting out of the AI detection arms race entirely. He argues that trying to catch AI-generated fakes with AI detection is the antivirus playbook, and we know how that ends. Trusona instead anchors verification to authoritative sources, DMV records and physical-world signals, things AI can mimic on screen but can't actually own. No pre-registered devices required. And it works in both directions: attackers calling your help desk, and attackers calling your employees while pretending to be IT. Joining him are Eduardo Ortiz, VP and Global Head of Cybersecurity at Techtronic Industries, and Mandy Huth, SVP and CISO at Ultra Clean Technology. Want to know: Why do MFA and SSO still leave gaps attackers walk right through? How Trusona verifies identity with no pre-registered devices or tokens? Why building AI detection on top of AI fakes is a losing strategy? How is a false rejection rate of zero achievable without locking out real employees? What deployment actually looks like, and how fast you can be live? Which departments beyond IT need identity verification, and where do you start? How to measure the business value of this beyond just counting blocked account takeovers? Why is a solid help desk protocol still not enough on its own? Huge thanks to our sponsor, Trusona GenAI supercharges identity impersonation and social engineering attacks – rendering legacy identity verification methods obsolete, especially in high-risk workflows like IT Help Desk password/MFA resets, vendor payment changes, remote employee hiring, or customer account access. Trusona ATO Protect empowers your team to thwart these attacks across business units and channels. GenAI supercharges identity impersonation and social engineering. It's rapidly eroding traditional authentication, especially in high-risk workflows like help desk password or MFA resets, vendor payment changes, remote employee hiring, and customer account access.   Trusona's ATO Protect addresses deepfakes and social engineering directly—without adding friction or relying on legacy MFA.

    20 min

  3. MAR 16

    Transitioning to Quantum-Safe Encryption with enQase

    All links and images can be found on CISO Series. In this episode, Raj Patil, CTO at enQase, explains how enQase's full-stack platform helps enterprises implement quantum-safe security through a structured, integrated approach. This covers everything from cryptographic asset discovery and governance to out-of-band key generation for network appliances, without requiring organizations to rip and replace existing infrastructure. Joining him are Ross Young, co-host at CISO Tradecraft, and Adam Palmer, CISO at First Hawaiian Bank. Want to know: Why is the post-quantum cryptography transition harder than simply implementing new standards? What three factors should frame every CEO conversation about quantum risk? Where should a highly regulated enterprise start, and what can reasonably wait three to five years? Why should we be planning for "harvest now, decrypt later" attacks right now? How do you build and track a cryptographic bill of materials across hundreds of applications and devices? Why is crypto agility more important than picking the perfect algorithm? Huge thanks to our sponsor, enQase The enQase Platform empowers enterprises, defense organizations, cloud providers, and critical infrastructure operators to seamlessly adopt quantum-safe technologies while achieving crypto agility across their ecosystems.  By combining quantum-grade hardware with software-defined control and interoperability, enQase ensures alignment with NIST standards, delivers unmatched flexibility and compliance readiness, and reduces risk across data, network, and compute layers, all while maintaining business continuity and operational resilience in an evolving cryptographic landscape. Learn more at enqase.com.

    18 min

  4. FEB 23

    Solving GRC Complexity with Anecdotes

    Security You Should Know

    19 min

  5. FEB 9

    Operationalizing Threat Intelligence with Recorded Future

    All links and images can be found on CISO Series. In this episode, Jamie Zajac, Chief Product Officer at Recorded Future, explains how autonomous threat operations can close this gap by automatically deploying intelligence across security controls at machine speed. Joining him are Dan Holden, CISO at Commerce, and Arvin Bansal, CISO at C&S Wholesale Grocers. Want to know: Why do organizations still struggle to operationalize threat intelligence despite massive investments? How does threat intelligence translate into board-level metrics that demonstrate business impact? What do autonomous threat operations mean and how do they differ from traditional threat intelligence? How can intelligence drive faster incident response and more efficient SOC operations? Why third-party risk intelligence matters more than vendor questionnaire scores? How AI is changing the threat landscape and what defenders should prioritize? What does the future of threat intelligence look like in two years? How to use intelligence for policy decisions and budget building, not just tactical blocking? A huge thanks to our sponsor, Recorded Future Recorded Future is the world's largest threat intelligence company, serving 1,900+ organizations across 80 countries. Its Intelligence Graph® contains 200+ billion nodes of threat data, combining AI analytics with autonomous capabilities to transform manual threat intelligence into automated Intelligence Operations across security ecosystems. Recorded Future was acquired by Mastercard (NYSE: MA) in 2024. Learn more at https://pages.recordedfutureext.com/

    21 min

  6. FEB 2

    Getting Visibility into AI Usage with Harmonic Security

    All links and images can be found on CISO Series. In this episode, Alastair Paterson, CEO and co-founder at Harmonic Security, explains how Harmonic Protect addresses these challenges by securing workforce AI adoption through browser-based visibility, endpoint agents, and MCP gateways. Joining him are Ross Young, co-host at CISO Tradecraft, and Johna Till Johnson, CEO and founder at Nemertes. Want to know: Why are enterprises still struggling with AI governance despite years of motivation to solve it? How does Harmonic keep pace with 50,000+ AI products when the landscape changes monthly? What's the difference between visibility, coaching, and blocking in AI governance? How do you implement AI controls without creating thousands of new alerts for security teams? Where does Harmonic fit in the multi-step process of setting policy, monitoring compliance, and enforcement? How can CISOs measure the ROI of AI governance tools and benchmark against industry peers? What's Harmonic's strategy with secure AI browsers? Why should AI browsers be blocked by default in the enterprise? What should CISOs prioritize for AI security in 2026? Huge thanks to our sponsor, Harmonic Security As every employee adopts AI in their work, organizations need control and visibility. Harmonic Security delivers AI Governance and Control, the intelligent control layer that secures and enables the AI-First workforce. By understanding user intent and data context in real time, Harmonic gives security leaders all they need to help their companies innovate at pace. Learn more at www.harmonic.security.

    22 min

  7. JAN 26

    Unifying Detection and Response with Athena Security

    In this episode, Peter Worth, founder, president, and CEO at Athena Security, explains how their security operations platform addresses these challenges through unified detection and response. Joining him are Jason Taule, CISO at Luminous Health, and Will Gregorian, head of security at Galileo Medical. Want to know: Why are security teams still struggling with alert fatigue despite decades of awareness? How does security product fragmentation create blind spots in enterprise defense? What's the difference between indicators of compromise and indicators of attack? How do AI anomaly detection systems avoid declaring malicious activity "normal"? What strategies prevent model drift and adversarial poisoning in AI-based threat detection? Why does each client need their own behavioral baseline model? How do open source foundations impact enterprise security platform reliability? Why are CISOs increasingly held personally accountable for security incidents? Huge thanks to our episode sponsor, Athena Security Group   Athena Security Group delivers a best in class, AI enabled, Cyber Defense solution (SIEM, EDR, XDR & MDR) on top of Wazuh's award winning open-source SIEM/EDR platform, synthesizing and consolidating cyber security alert management and response across the entire security operations landscape, facilitating intelligent and efficient cybersecurity decision making and response for the modern enterprise, table stakes in the age of AI.

    22 min

  8. JAN 12

    Bridging the Cloud Security Gap with Trend Micro

    In this episode, Franz Fiorim, field CTO at Trend Micro, explains how Trend Vision One consolidates multiple cloud security tools across AWS, GCP, Azure, Oracle Cloud, and Alibaba Cloud to streamline management, automate controls, and reduce integration overhead. Joining him are Nick Espinosa, host of the Deep Dive Radio Show, and Jason Shockey, CSO at Cenlar FSB. Want to know: Why do organizations still struggle with cloud visibility despite years of cloud adoption? How does Trend Micro reconcile security visibility with privacy laws across different jurisdictions? What security frameworks does Trend Micro use to measure and define acceptable risk? How does cyber risk quantification tie technical security metrics to business impact analysis? What questions help determine the financial impact of potential security incidents? How long does implementation take for fully cloud versus hybrid environments? What safeguards prevent overdependence on a single security vendor? Where does Trend Micro draw the line between automated decision-making and human oversight? How does Trend Micro protect AI infrastructure and prevent sensitive data exposure in prompts? Huge thanks to our sponsor, Trend Micro   Cloud risk never sleeps. That's why there's Trend Vision One™ Cloud Security. Gain comprehensive visibility and control over your multi-cloud and hybrid environments. Streamline compliance, manage risks proactively, and enhance operational efficiency with real-time risk assessments, automated vulnerability management, and centralized dashboards. Ensure robust protection and peace of mind for your cloud assets with the trusted leader in CNAPP.

    18 min
See All (48)

Ratings & Reviews

4.3
out of 5
9 Ratings

About

What if you could get a no-nonsense look at security solutions in just 15 minutes? Security You Should Know, the latest podcast from the CISO Series, does just that. Hosted by Rich Stroffolino, each episode brings together one security vendor and two security leaders to break down a real-world problem and the solution trying to fix it. Expect straight answers on: How to explain the issue to your CEO What the solution actually does (and doesn't do) How the pricing model works Then, our security leaders ask the tough questions to see what sets this vendor apart. Subscribe now and and stay ahead of the latest security solutions. Visit CISOseries.com for more details. Security You Should Know: Connecting security solutions with security leaders.

Information

  • Creator
    CISO Series
  • Years Active
    2025 - 2026
  • Episodes
    48
  • Rating
    Clean
  • Copyright
    © 2018-2025 CISO Series
  • Show Website
    Security You Should Know

You Might Also Like