109 episodes

The New CISO is hosted by Exabeam Chief Security Strategist, Steve Moore. A former IT security leader himself, Steve sits down with Chief Information Security Officers to get their take on cybersecurity trends, what it takes to lead security teams and how things are changing in today’s world.

The New CISO Steve Moore

    • Business
    • 4.9 • 36 Ratings

The New CISO is hosted by Exabeam Chief Security Strategist, Steve Moore. A former IT security leader himself, Steve sits down with Chief Information Security Officers to get their take on cybersecurity trends, what it takes to lead security teams and how things are changing in today’s world.

    Public-Private Partnership: How to Punish Bad Actors, Not Organizations

    Public-Private Partnership: How to Punish Bad Actors, Not Organizations

    In this episode of The New CISO, host Steve is joined by guest Ron Banks, CISO at Toyota Financial Services.
    In part one of his two-part interview, Ron shares how he transitioned from a fighter pilot to a cybersecurity leader. He also digs into what is required for a joint government, private industry, cyber offensive response. Listen to the episode to learn more about Ron’s years as a combat veteran, how the government can improve security strategies, and the necessity of political will.
    Listen to Steve and Ron discuss the importance of public-private partnerships and the challenges of posing consequences on adversaries:
    Meet Ron (1:35)
    Steve introduces guest Ron Banks, a CISO, author, veteran, and academic. Ron details his duties as a fighter pilot and how he transitioned to education and then cyber security.
    What He Misses Most (5:17)
    Ron shares that what he misses most about his fighter pilot days is the rush from flying. However, he found the transition into cyber security simple because he gets to evaluate offensive and defensive security strategies reminiscent of his time serving.
    Possible Friction (8:10)
    Steve presses Ron on whether there is friction between cyber teams, their capabilities, and the grounds they are trying to defend on the private side.
    Ron explains that the virtual defense of the United States contains over 200 government organizations, each controlling a different lane. The cyber camp mainly covers the DOD, which comes with problems. 
    On the Private Side (12:07)
    When discussing the lack of consequences for bad actors, Ron shares the great strides the FBI has made to improve their relationships with law enforcement in other countries. Despite these efforts, the behavior of cyber criminals has not changed enough, demonstrating that there is more our government can do.
    Things to Work On (17:54)
    Ron shares some advice for new security leaders working within the government. He suggests focusing on public/private partnerships because sharing information is critical.
    How Breach’s Occur (21:54)
    Ron discusses his tips for dealing with a breach and why they occur. There is a strategy where they can impose consequences on cyber criminals, which his team has accomplished by focusing on counter-terrorism.
    Ultimately, no more money needs to be invested, the relationships are built, and the technology is there, but there has to be the political will to defeat threat actors effectively.
    Advice to Lobby (29:01)
    Steve presses Ron on what it would take to lobby the government and get the necessary resources. Since the capability is there, Ron reaffirms that change is in the president’s control.
    Links:
    Linkedin

    • 35 min
    Why CISOs Need to be Champions of AI

    Why CISOs Need to be Champions of AI

    In this episode of The New CISO, host Steve is joined by guest Mani Masood, Head of Information Security and Applied AI at a prominent healthcare MSP.
    Also a professor and family man, Mani’s various life experiences shaped his impressive decades-long career. Today, he shares his insight on balancing education with experience and embracing AI as a security leader. Listen to the episode to learn more about Mani’s career and education journey, the importance of having real-world skills, and what inspired Mani to write a book.
    Listen to Steve and Mani discuss how to adapt to new technology advancements and if InfoSec professionals should champion AI:
    Meet Mani (1:35)
    Steve introduces guest Mani Masood, who has worked in the security industry for two decades. First, Mani started in IT before transitioning into Information Security. Now, AI has quickly become a significant component of his role.
    Mani shares a story when a college professor saw his nervousness before an exam and suggested he get a job. His professor assured him that getting real-world experience would be extremely valuable.
    Real World Expertise (6:49)
    Mani reflects on how getting a degree is not the be-all-end-all of getting a job. Often, employers want to know what you’re capable of, which comes from having tangible skills applicable to your field.
    He also explains to Steve why it took him six years to finish his education instead of four: because he was gaining real-world experience.
    Times Have Changed  (18:18)
    Steve asks Mani about his perspective on the famous quote, “For those who can’t do, teach.” As technology has changed, Mani shares that nowadays, what you can do is more important than doing things right or following the status quo. 
    The Time For AI (24:28)
    Like the tech boom, the AI era allows professionals to adjust to new advancements. Mani reveals that they have been trying to use artificial intelligence to solve InfoSec problems for some time, and this will become increasingly more possible as the tech matures. 
    Defending The Tech (28:49)
    Mani discusses why security leaders should support AI and champion the technology within their organizations. Since InfoSec professionals have been working with AI for years, they should inspire others to believe there is a way to interact safely with this tech.
    Mani’s Recommendations (32:18)
    Steve presses Mani on his recommendations for security leaders when supporting artificial intelligence. Mani suggests that these leaders become comfortable with the tech themselves.
    Every InfoSec tool now has some AI faction, so security leaders should learn as much as possible about its benefits before championing it. Ultimately, CISOs must do their homework to ease their organization’s worries and create the necessary safeguards.
    Writing A Book (41:32)
    Mani shares why he is writing a book and what drives this project. He was first inspired to do so by a conversation with his wife. He initially sought to write a guide for his children, which led him to write a guide for other professionals.
    The New CISO (48:23)
    To Mani, being a new CISO means dealing with a new crossroads with technology. Whether you’ve been in the business for a long time or are new to the role, you must adjust quickly, pivot, and learn with your team.

    • 51 min
    A CISO’s Advice On Learning, Earning, and Dodging Burnout

    A CISO’s Advice On Learning, Earning, and Dodging Burnout

    In this episode of The New CISO, Steve is joined by returning guest Dr. Adrian Mayers, VP and CISO at Premera Blue Cross.
    As a veteran CISO, Dr. Adrian reveals his stress management and career tips. He also shares his thoughts on AI and its effect on the current threat landscape. Tune in to this week’s episode to learn more about determining your next career move, giving yourself grace, and why we shouldn’t vilify artificial intelligence.
    Listen to Steve and Dr. Adrian discuss evolving technology and approaching the research part of the job:
    Welcome Back, Dr. Adrian (1:32)
    Dr. Adrian reintroduces himself and his current CISO role to the audience. Steve also reveals why Dr. Adrian is a pleasure to have as a guest and his appreciation for the spark he brings to the conversation.
    Cutting CISOs Slack (5:40)
    Dr. Adrian unpacks why CISOs deserve grace as the role evolves and the stresses change. Detecting threat actors is a lot of responsibility, which creates tremendous pressure and leads to burnout.
    You can do better in your role long-term by understanding your limits and providing accurate expectations for the role.
    Working Together (12:33)
    Nowadays, taking criminal entities down requires foreign governments and the FBI to work together. Dr. Adrian shares his thoughts on this dynamic and how it takes a village to cover the defensive and offensive bases needed in the digital space.
    The Right Research (19:28)
    Steve presses Dr. Adrian on how he conducts research related to the job. Dr. Adrian has taken MIT classes and uses many online resources to obtain information. 
    There are many sources to pull from, but you must use common sense to determine your gaps on various security topics, including AI. 
    The Benefits of AI (25:02)
    Dr. Adrian discusses the benefits of artificial intelligence and how it is a technology that will open up the possibilities of what cybersecurity professionals can do. Although people fear this new tech will replace jobs, it fits the natural order of human progress.
    What Comes Next? (28:10)
    Steve and Dr. Adrian contemplate the off-ramps of what can come after being a CISO. To move up, you must understand the industry's business side or have enough knowledge to transition into teaching. 
    Sponsorship is another aspect that CISOs can gain to determine their next career move. Ultimately, Dr. Adrian would like to redefine the work environment to support CISOs on their professional journey.
    Keeping Your Eyes Open (36:56)
    Steve asks Dr. Adrian how he knows when a CISO should seek new opportunities. How does he manage that internally?
    Dr. Adrian believes people should be self-aware enough to understand if they want to move on based on interest or if they want a new professional environment. It is an individual decision.
    Do CISOs Need Sports Agents? (45:46)
    Steve presses Dr. Adrian on his quote about how CISOs need sports agents. Dr. Adrian means by that quote that security professionals, like many others, need management to guide them and help them find new opportunities.
    Links mentioned:
    LinkedIn

    • 52 min
    How to Respond When You Don’t Get the Job

    How to Respond When You Don’t Get the Job

    In this episode of The New CISO, guest Chris Fredrick, Deputy CISO at Baxter International, returns for the final part of his interview series with host Steve.
    In parts one and two, Chris shared his background and the lessons he’s learned during a breach. Today, Chris joins host Steve to discuss maintaining a productive outlook while looking for a new position. Listen to the episode to learn more about the lessons you can learn at every role, the importance of perception, and job-hunting challenges.
    Listen to Steve and Chris discuss the best time to leave a position post-breach and how to stay positive in the face of rejection:
    A New Job (1:40)
    After working on the SOC with Steve, Chris felt ready for a new challenge. He then saw a role that scared him, making him believe that that was the right position. This decision set him down his CISO path.
    However, this new position was temporary because when he threw his hat in the ring for the permanent role, it didn’t work out. Ultimately, this rejection caused Chris to reflect on his career journey.
    Doing Things Differently (6:03)
    Steve asks Chris if he would have done things differently in his interview, knowing what he knows now. Chris would make the same decisions, especially since his time there had many challenges. 
    Even though that role didn’t pan out, Chris learned a lot during this time. He built confidence in his presentation skills and had the opportunity to meet more established CISOs. By networking with other CISOs, Chris realized he truly belonged in the security world.
    The Value of Stoicism (10:05)
    Chris advises on how to handle job rejection. He refers to Stoicism, which states we cannot control the outcome but can control our perception.
    When bad things happen, we can perceive it as a positive that will set us on the right path.
    Looking For Work (15:35)
    Despite Chris’ impressive career history, it took him months to find his next role. After evaluating his many interviews, Chris recommends that security recruiters learn more about the field to better choose candidates. 
    Chris and Steve then discuss the other lessons Chris learned during the job-hunting process, including what questions interviewers should or shouldn’t ask. Referring to Stoicism again, Chris also recommends structuring a routine around job hunting, including doing a positive hobby you enjoy.
    The New CISO (28:32)
    To Chris, being a new CISO means understanding that we are tasked with the impossible. Therefore, it’s essential to build an environment where people never feel like they are being asked to do the impossible for the ungrateful.
    Links:
    Linkedin

    • 30 min
    Great Leaders Make Leaders — Especially During a Breach

    Great Leaders Make Leaders — Especially During a Breach

    In this episode of The New CISO, guest Chris Fredrick, Deputy CISO at Baxter International, returns for the second part of his interview series with host Steve.
    In part one, Chris shared his background and the beginning of his professional journey. Today, Chris joins host Steve to discuss a pivotal moment in their careers: a significant breach. Listen to the episode to learn more about how Chris transitioned into a managerial role and stepped up during a crisis.
    Listen to Steve and Chris discuss who managers really work for and the mark of a great leader:
    Welcome Back, Chris (1:52)
    Steve and Chris discuss where they left off in the last episode when they left their security team for a new opportunity.
    Focusing on insider threats, Chris shares his daily work for this specific role. During this time, Chris focused less on operations and built a program instead. He also researched what would be in an insider program.
    Vulnerability Management (4:10)
    Chris reflects on the lessons he learned while doing vulnerability management that made him the leader he is today. Chris believes this time taught him how to tell a good story and have clear metrics to back himself up.
    Network Security (9:28)
    After working in vulnerability management, Chris moved into network security with Steve and created a Soc. Chris initially came in as an individual contributor until he became a team lead before eventually becoming the manager.
    When he was a manager, Chris realized his role now was to worry about his team and less about himself. It was a profound moment for Chris when he discovered this truth.
    The Breach Itself (15:14)
    Chris shares what lessons he learned from a significant security breach. Chris and his team noticed for a while that there were warning signs of the breach but were initially ignored.
    However, when the event happened, they could take what they knew and move forward. Because Chris had working partnerships with other teams, he was able to get the help they needed, showcasing the importance of building your relationships before a crisis.
    Client Management (20:48)
    Steve presses Chris on what he remembers regarding the client management side of this time. Chris recalls dealing with many calls from clients who were understandably concerned. 
    Many of these calls became heated, but one client assured Chris he understood what he was going through. As a result, Chris tries to be empathetic with others since they could be having a bad day, which could affect their behavior.
    Pride In Their Team (28:25)
    Steve reflects on how working with this incredible team was one of the best memories of his career. He has immense pride in this group, which Chris shares.
    Chris loved building something from nothing and seeing the great things their colleagues have done since. Forming a great team requires a healthy culture that brings people together.
    Stepping Up (31:38)
    After Steve left, Chris had to step up into a higher leadership role. This change became a pivotal moment in Chris’s career, coinciding with the birth of his first child.
    Links:
    Linkedin

    • 36 min
    How One Job Taught Five Important Leadership Lessons

    How One Job Taught Five Important Leadership Lessons

    In this episode of The New CISO, Steve is kicking off the first part of a three-part series with guest Chris Fredrick, Deputy CISO at Baxter International.
    Chris began his career as a technician and met Steve on a small security team managing a large network. Now, Chris joins today to share key lessons from his early career and set the stage for the next upcoming episodes. Listen to the episode to learn more about Steve and Chris’ time working together, the process of changing companies, and learning to be a better leader.
    Listen to Steve and Chris discuss how to deliver the news you’re leaving a company and how managers should accept said news:
    Meet Chris (1:46)
    Chris has worked in IT security for over twenty years and knew since college that this area of the industry was his passion. Since starting a leadership role, he has found his new calling: becoming the best leader he can be.
    Infosec Memory Lane (5:04)
    Chris shares the memories of his time working with Steve on their small infosec security team. Chris remembers feeling overwhelmed initially but learned to handle the scope of his many responsibilities. 
    Steve and Chris reminisce about the positives of this experience and the challenges. The best part was the camaraderie they felt as a team.
    Lessons Learned (9:43)
    Steve presses Chris on the lessons he learned during their time on the infosec team. This experience taught Chris the importance of curiosity and building credibility.
    Another valuable lesson was learning to have respectful conversations when colleagues disagree.
    Changing Companies (18:23)
    While working together, Steve and Chris had the opportunity to change companies after their CISO left. 
    Chris walks through what occurred and the communication lessons it taught him. He wishes he had done some things differently since multiple people leaving put his manager in a tough spot, but he also learned valuable leadership skills.
    Links:
    Linkedin

    • 28 min

Customer Reviews

4.9 out of 5
36 Ratings

36 Ratings

BLTS11 ,

One of the best cyber resources

Love this content. Steve does a great job facilitating content that cuts thru the fluff and gets to real talk.

Dww10 ,

Insightful & Practical

One of the best podcast for current and aspiring security leaders.

obacker19 ,

Entertaining, insightful and actionable! 👏👏👏

Whether you’re well established as someone innovating in the CISO role, or just getting started as a catalyst for change within your organization - this is a must-listen podcast for you! Steve does an incredible job leading conversations that cover a huge breadth of topics related to the ins and outs of navigating an ever changing data and compliance environment - from leaders who’ve actually walked the path. Highly recommend listening and subscribing!

Top Podcasts In Business

The Ramsey Show
Ramsey Network
Money Rehab with Nicole Lapin
Money News Network
The Diary Of A CEO with Steven Bartlett
DOAC
NerdWallet's Smart Money Podcast
NerdWallet Personal Finance
Planet Money
NPR
The Money Mondays
Dan Fleyshman

You Might Also Like

CISO Series Podcast
David Spark, Mike Johnson, and Andy Ellis
Life of a CISO with Dr. Eric Cole
Dr. Eric Cole
Cyber Security Headlines
CISO Series
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
CISO Tradecraft®
G Mark Hardy & Ross Young
CyberWire Daily
N2K Networks