92 episodes

The New CISO is hosted by Exabeam Chief Security Strategist, Steve Moore. A former IT security leader himself, Steve sits down with Chief Information Security Officers to get their take on cybersecurity trends, what it takes to lead security teams and how things are changing in today’s world.

The New CISO Steve Moore

    • Business
    • 4.9 • 34 Ratings

The New CISO is hosted by Exabeam Chief Security Strategist, Steve Moore. A former IT security leader himself, Steve sits down with Chief Information Security Officers to get their take on cybersecurity trends, what it takes to lead security teams and how things are changing in today’s world.

    The Power of Automation: Which Tools Can Help Your Security Team?

    The Power of Automation: Which Tools Can Help Your Security Team?

    In this episode of The New CISO, Steve is joined by guest Peter Frochtenicht, National Manager for Security and Compliance and CISO at NEC Australia.
    A technician by nature, Peter has decades of experience across multiple countries. Today, he joins the podcast to discuss the complexities of AI and the benefits of time-saving tools. Tune into today’s episode to learn more about Peter’s technical journey, the most common security threats, and his advice for new CISOs.
    Listen to Steve and Peter discuss why automation is a critical component of security tools and how the threat landscape has changed globally:
    Meet Peter (1:36)
    Host Steve Moore introduces our guest today, Peter Frochtenicht, who has worked at NEC for nine years.
    Before NEC, Peter started his career as a systems engineer twenty years ago. Peter has worked in Africa and Australia and has worked his way up through different organizations.
    Catching Up (5:21)
    Ten years ago, the CISO role in Australia would be rare. Steve presses Peter as to why.
    Since the Australian population is smaller than the states with fewer big-name organizations, it took Australia longer to catch up in the security industry.
    Australia’s Biggest Threats (9:37)
    From a defense perspective, Australia is doing much business with the states, especially with submarines. From a threat perspective, they border China and some of the eastern countries, which makes a security threat from those countries more imminent.
    Increased Attacks (13:17)
    The most typical security attack that Peter witnesses is phishing, which affects organizations and citizens. According to Peter, it is human nature to be curious about and click on an email link. For outside threats, financial benefits and access to information are to be gained.
    AI has also advanced quickly, which can contribute to increased threats since you can mimic someone's voice. Organizations should be prepared to use AI for good but also be prepared for when there are more insidious reasons for using this new technology.
    The Benefits of AI (18:05)
    Steve presses Peter on what defense benefits he predicts will come from AI.
    Peter shares the automation tools his team uses that help reduce his analysts' headcount and save time. Chat GPT may help you personally, but Peter believes in partnering with known vendors that can help limit human error.
    What To Look For  (21:11)
    Peter shares what CISOs should or should not look for when choosing AI tools. Analytic tools are standard and can save much time and effort. As a result, organizations can save money and trust that there will be an increase in accuracy.
    If tools can help CISOs detect abnormalities with less effort, that would be of service. Of course, abnormal actions may not be malicious but could be a mistake by a well-meaning person. 
    Investing In Employees (28:32)
    Peter believes in training his people to bring the best out of them. People don’t always have the right skills at the right time, but you build a strong team when you invest in your employees and their relationship with your vendors. 
    Adding Skillsets (31:05)
    Steve asks Peter what skillsets he had to add, besides technical abilities, to perform his role. Peter discusses his career journey, including his transition into leadership.
    Peter had to gain a governance mindset and consider policies and when to update said policies. It’s challenging to ask for money to pursue your endeavors, but if you have a budget, you must spend it.
    Sound Advice (38:56)
    Looking up back at his career, Peter wouldn’t change much. But Peter recommends getting training and certifications to keep yourself up to date. You...

    • 45 min
    Taking Extreme Ownership: How 3 Common Excuses Hurt Security Leaders

    Taking Extreme Ownership: How 3 Common Excuses Hurt Security Leaders

    In this episode of The New CISO, Steve is joined by guest Michael Meis, Associate CISO of the University of Kansas Health System.
    Beginning his career in the U.S. Army Signal Corp, Michael eventually transitioned into government consulting and the private sector. Today, he shares his philosophies on leadership and ownership in the cybersecurity field. Listen to the episode to learn more about his extensive technology background, the importance of inter-department friendships, and how he helps fellow service members make their professional transitions.
    Listen to Steve and Adam discuss how to navigate bureaucracy and adapt to corporate environments:
    Meet Michael (1:41)
    Host Steve Moore introduces our guest today, Michael Meis. Michael has been in IT and security for fifteen years and healthcare for two years. Michael met Steve a year ago during a security conference, leading to their connecting around the industry and their philosophies on leadership.
    Michael also reflects on his role in the military, which began with him working with radios and evolved into performing general technology support.
    Getting His Start (6:09)
    Michael was always interested in computers but initially never saw it as a career. He decided to join the military instead. However, his military recruiter encouraged him to take a tech-related job, and his security journey began. 
    This first army signal corps job was less computer-heavy than expected, but Michael still learned a lot.
    Dealing With Corporate Politics (9:07)
    For ten years, Michael worked as a government consultant. This experience taught Michael to navigate complex bureaucratic dynamics to get past red tape.
    Michael highlights the importance of having solid relationships in different departments to get things done. You can determine which workplace rules to bend when you understand how things are and how your organization operates. 
    Finding a Path (14:01)
    Michael expands on the importance of relationships in a corporate setting. You can leverage those relationships when needed to promote your department’s agendas.
    The more you understand your organization’s rules and politics, the less friction you will face, and the more you can build a trusted security culture. 
    Government Challenges (22:44)
    Steve presses Michael on his quote, “Governance is important, but alone won’t solve all of your problems.”
    Anyone who has worked in government understands that there are always challenges within its IT environments. Since the government has total control over its IT, Michael learned early on that more than governance is needed to perfect these systems. Collaboration is needed between parties.
    Excuses, Excuses (28:13)
    Michael shares the security community’s common excuses that tend to irk him. 
    Budget professionals can be challenging to work with from a leadership perspective. He also gets frustrated when people use a lack of training as a reason not to try something. Michael values training, but he understands that sometimes you have to take action before that formal training comes.
    Behavioral Norms (33:50)
    Michael explores the behavioral norms that came out of his military service.
    Learning how to function in a corporate environment is essential for people to know when leaving the military. The benefits of this experience were the rigor and structure, which can provide direction in life. On the flip side, it can be challenging to transition from that structure because you can grow dependent on it.
    Helping Others (39:07)
    As a leader, Michael tries to help other service members remove their need for a manual when making corporate transitions. That way, they can learn to embrace their...

    • 48 min
    How To Build Trust Within Your Team, Your Business, and Yourself

    How To Build Trust Within Your Team, Your Business, and Yourself

    In this episode of The New CISO, Steve is joined by guest Adam Currie, CSO at HCL Software.
    Adam started his career 27 years ago, working the night shift as a main frame operator before working his way up in the security world. Today, he shares how he builds trust within his team, company, and himself. Listen to the episode to learn more about his expansive career journey, when to encourage your team, and dealing with imposter syndrome.
    Listen to Steve and Adam discuss the right time to challenge yourself and when leaders should foster an environment where it is safe to fail:
    Meet Adam (1:38)
    Host Steve Moore introduces our guest today, Adam Currie.
    Adam was first the head of security operations and architecture at HCL before transitioning into the CSO role. When Adam joined HCL, he brought his breadth of technical knowledge and understanding of how their user base consumed their tools. In this business, it's essential to understand how these programs are used while ensuring they are secure, a mentality that helped Adam move into the CSO position.
    The Main Framer (4:41)
    Steve asks Adam about his experience on the main frame.
    When Adam was a student, he worked as a tape librarian. This after-school job led to him taking classes and learning about mainframe operations and basic coding language. 
    Desktop Support (8:26)
    Adam believes that having a desktop support background benefits security professionals because it provides an understanding of how end users operate. Communicating with this community with empathy adds significant value to any security team.
    Unexpected Steps: CISO to Soc to CISO (12:38)
    Adam did end-user support work at Bloomberg before moving into backend enterprise applications. Then he was asked to run Bloomberg's tier one and tier two service desks, a type of work Adam did not plan on returning to. However, this opportunity offered Adam his first management role, and he credits this position as getting him to where he is today.
    Building Trust With Your Team  (20:05)
    Upon reflecting on his job journey at Bloomberg, Adam shares why people seek new opportunities.
    When people leave positions or accept roles, it is for job growth. Most people want to consider how a job will help their families and goals before making a career transition. Adam would rather help his team explore their options than subdue it–though no one wants to lose valuable employees. He wants his team to trust him enough to be honest with him about when they want to make a change.
    A Challenge (25:21)
    For Adam, it is always a struggle to stay out of the weeds of the tech side of the business. He gravitates toward technology but understands that that is different from his role now. 
    For leaders, it is more important to nurture an environment where employees are safe to fail because that is how people learn and grow. You shouldn't be reckless, but being inactive is more risky.
    Owning Failure (29:02)
    Steve presses Adam on how far he will go to own his team's failures. Adam thinks it is his job to communicate with senior management and shield his team from scrutiny.
    No matter what, we must be honest about what we can do to improve and have productive, unemotional conversations.
    Building a Brand (36:13)
    Building a brand comes with trial and error but is critical to success. Often this comes with changing the perception that security is a necessary evil. Demonstrating that security is a value-add partnership that leaders actively want to engage in is essential.
    Putting Yourself Out There (47:54)
    Though Adam is not a fan of public speaking, he believes in pushing himself past his comfort zone. Although...

    • 55 min
    Be Comfortable Being Uncomfortable: Managing New Roles and Next Steps

    Be Comfortable Being Uncomfortable: Managing New Roles and Next Steps

    In this episode of The New CISO, Steve is joined by guest Mike Kelley, CISO of the E.W. Scripps Company.
    Mike worked as an auditor before eventually jumping into cyber security. Reflecting on his past, Mike shares how balancing ambition with transparency is critical to success. Listen to the episode to learn more about Mike’s auditing experience, falling into cyber security, and his advice for CISOs when interviewing.
    Listen to Steve and Mike discuss how leaders should assist their team with career development and why “fake it until you make it” makes for bad career advice:
    Meet Mike (1:44)
    Host Steve Moore introduces our guest today, Mike Kelley.
    Mike shares his role in the enterprise and consumer-based security field and how his duties differ from those in an internal security environment. Although he would say that consumer-based security is not clearly defined, his goal is to keep all things related to the consumer secure, in addition to the typical CISO goals.
    His Start (3:36)
    Before working at E.W. Scripps, Mike worked at KPMG, one of the big four firms. There, Mike performed external audits but also did some compliance consulting as well.
    Although no one wanted an auditor there, especially to answer his questions, Mike had to work on building a rapport with people in difficult situations. Through this role, Mike was exposed to numerous companies, allowing him to learn constantly. He may not have wanted to start in audits if he could do it all again, but this experience prepared him for his cyber security career.
    Adapting With Transparency (9:02)
    Mike has become comfortable with being uncomfortable and transparent when he doesn’t know something. When he got his CISO job, he told HR that this position was new to him and that he had a lot to learn. 
    Being confident enough to say “I don’t know” is Mike’s mental motto because he knows he can adapt to new challenges. Ultimately anything is learnable as long as you push yourself, a mentality he encourages in his team.
    The Burn the Boats Method (17:42)
    After reflecting on his career decisions, including telling a company to fire him if he didn’t succeed as a director, Steve presses Mike on how he would react to someone sharing this approach.
    If one of Mike’s employees wanted to try a position out and see what happens, Mike would like to ease them into that role. He would let them transition through responsibilities first before changing that person’s title. Ultimately, trying and failing is okay, but Mike wants his team to fail soft versus hard.
    Falling Into Cyber Security (21:42)
    After looking for cyber security jobs for three years, Mike eased into this field through a position in compliance. Working side-by-side with security professionals, Mike was able to dip his toes.
    After lunch with his manager, he was offered the CISO role, and Mike immediately said yes. Mike admitted he didn’t know what he was doing but was encouraged to take this job.
    Rolling With It (25:01)
    Steve asks Mike if he ever wishes he said no when offered the CISO job. Mike knew this was the field he wanted to pursue, and he felt comfortable being transparent about his experience.
    Interview Questions (31:18)
    If you are a new CISO wanting to ask good questions in an interview, Mike suggests asking the purpose of that role at that company. Another helpful question concerns the company’s approach to trying new things and handling challenges.
    The Definition of Success (34:13)
    When evaluating a company during an interview, it’s essential to find out what that company’s definition of success is. Mike defines success as being aligned with the business that employs you and being seen beyond the...

    • 47 min
    The Patient Safety Model: Developing a Hospital’s Security Culture

    The Patient Safety Model: Developing a Hospital’s Security Culture

    In this episode of The New CISO, Steve is joined by Martin Fisher, CISO at Northside Hospital.
    An information security veteran, Martin has worked in the commercial aviation, finance, and healthcare industries and was an award-winning podcast host. Today, he shares how to build a unified team and his approach to managing mental health. Listen to the episode to learn more about the value of hobbies, defining company culture, and being an empowering leader.
    Listen to Steve and Martin discusses the importance of shared team culture and how CISOs can balance the stress of the job:
    Meet Martin (1:50)
    Host Steve Moore introduces our guest today, Martin Fisher. Over his decades-long tech career, Martin has worked in several industries. 
    His podcast, Southern Fried Security Podcast, lasted ten years and was an incredible learning experience. While a podcast host, Martin discovered that he used too much jargon for non-security listeners, encouraging him to expand to a larger audience.
    Other Hobbies (5:52)
    Martin considers himself an original nerd, playing Dungeons and Dragons as a kid and an adult. A fan of role-playing tabletop games, Martin has backed many Kickstarters and has a great gaming community within his group of friends.
    Mental Healthcare (8:22)
    A CISO for a hospital, Martin stresses that mental healthcare is healthcare. Martin believes in what his non-profit-based workplace stands for, which is why he has chosen this role.
    The Bad Day Factor (10:27)
    Martin manages his mental health by setting boundaries. People need to separate their work and personal life because it’s essential to have time to decompress. 
    In the IT and security fields, there is a high percentage of neurodivergent employees who may need additional support in dealing with stress. Leaders must have employee assistance programs to help their staff with mental healthcare safely.
    Being Authentic (16:50)
    To build lasting relationships, you have to be your authentic self. When Martin looks for people to promote within his team, he looks for genuine individuals. 
    Growing the Team (18:33)
    When Martin started his current position, he and the company culture aligned.
    Starting as the original security employee, Martin has been able to grow his team. His company understands that security is an investment and helps protect its patients, which has led to its success. Martin hires employees with their personalities in mind and how they fit the company culture.
    Patient Safety  (22:53)
    Confidentiality is paramount to uphold in the medical security field. Since they are a patient-safety-first organization, Martin ensures he hires employees who understand that mentality.
    Defining Work Culture (28:25)
    Northside lists its company culture on job listings to attract the right candidates, which includes kindness. Since Martin focuses on patient safety and quality care with his CISO work, he hires people who match those ideals.
    When you have this approach to hiring, you can create a positive feedback loop while forming a strong team.
    Culture Over Security? (33:35)
    Steve presses Martin on what’s more important: culture or preventing security issues?
    For Martin, security is still, of course, the focus. People are human and make mistakes, but they’ve never had a problem they couldn’t control. 
    Bad Advice (38:43)
    The worst career advice Martin ever received was to work for a hedge fund. This environment was not a good fit for Martin, further emphasizing his point on authenticity's value.
    Military Experience (39:56)
    Martin explores how he has applied his military service...

    • 49 min
    What Would a Breach Cost You? Personal Risk vs. Reward as a CISO

    What Would a Breach Cost You? Personal Risk vs. Reward as a CISO

    In this episode of The New CISO, Steve is joined by guest Jeff Farinich, SVP of Technology Services and CISO at New American Funding.
    First starting his career as a general contractor, Jeff now prides himself on solving security problems. Today, Jeff shares how he makes career decisions and manages his organization’s risks. Listen to the episode to learn more about Jeff’s extensive career journey, his development relationship with vendors, and how CISOs take on a great deal of personal risk.
    Listen to Steve and Jeff discuss the right time to leave a company and the personal and monetary cost of a breach:
    Meet Jeff (1:45)
    Host Steve Moore introduces our guest today, Jeff Farinich.
    In his early twenties, Jeff studied accounting but realized it wasn’t for him. He then became a general contractor, but by his mid-twenties, he was still determining what he wanted to do. He soon took a course that kickstarted his IT career, putting him on the path to becoming a CISO.
    Adjusting To The Job (4:20)
    When Jeff started his first IT job, he was excited by the change of direction. 
    However, Jeff realized he always dabbled in tech because even at his first accounting job, he helped manage PCs.
    Multiple Paths (6:28)
    Jeff reflects on his job at a large property management company and his position as an MS manager at a small movie studio.
    He soon began his path into security management and leadership. Through the movie studio, he also went to the premiere of a Jean-Claude Van Damme movie.
    Advice To His Younger Self (10:45)
    If Jeff could give his younger self advice, he would suggest getting as much tech experience as possible on the VAR side. He also would have stayed in Silicon Valley longer, possibly having an even more explosive career.
    A MacGyver Type (15:38)
    Steve presses Jeff on whether he would ever consider stepping away from the technical side of security to get on the strategy/VAR side.
    Jeff is very open but also likes to fix things. He refers to himself as a MacGyver type “born with a screwdriver in hand.”

    A Development Relationship (19:30)
    Jeff enjoys having a development partnership with partners by trying new, untested tech at a low cost.
    This type of relationship allows both parties to win and allows Jeff to be creative and drive innovation for that vendor.

    Evaluating Vendors (22:13)
    There are fewer IT vendors than security vendors, so there have been fewer decisions for Jeff to make. Evaluating vendors to work with is a process and can leave room for great, collaborative relationships.

    A Small Step (27:35)
    Before jumping into vendor development, Jeff recommends understanding the industry and being knowledgeable about the vendor space you’re interested in. 
    If you are someone who doesn’t always want to contact your VAR but doesn’t know where to start, it’s essential to begin by learning and choosing carefully.

    Moving Up and Out (32:59)
    Steve presses Jeff on clarifying his belief that “the best way to move up is to move out.”
    Jeff is far from a job hopper, but if you wait to the point where you are desperate to leave your company, you probably should have left sooner. If you are not fixing the problems you want to repair, or there are a lot of risks, it’s valid to seek new opportunities.

    Managing Liability (34:51)
    CISOs always need to evaluate how much risk they are taking on. Whether you are an officer or director, you should realize that liability can reach you. Jeff has pushed for ways for CISOs not to be personally liable for breaches.

    Individual Risk...

    • 44 min

Customer Reviews

4.9 out of 5
34 Ratings

34 Ratings

Dww10 ,

Insightful & Practical

One of the best podcast for current and aspiring security leaders.

obacker19 ,

Entertaining, insightful and actionable! 👏👏👏

Whether you’re well established as someone innovating in the CISO role, or just getting started as a catalyst for change within your organization - this is a must-listen podcast for you! Steve does an incredible job leading conversations that cover a huge breadth of topics related to the ins and outs of navigating an ever changing data and compliance environment - from leaders who’ve actually walked the path. Highly recommend listening and subscribing!

Scott Barnhart ,

Useful Podcast for Techs and Non-Techs Alike

I do not consider myself a tech-oriented person. However, I am a lawyer that understands that cyber security risks have become an omnipresent issue in our professional and personal lives. This podcast is an insightful discussion from individuals who clearly understand this space. It is well worth the time.

Top Podcasts In Business

Ramsey Network
Morning Brew
Ed Mylett
Money News Network
Andy Frisella #100to0

You Might Also Like

David Spark, Mike Johnson, and Andy Ellis
CISO Series
Johannes B. Ullrich
N2K Networks
Dr. Eric Cole