The Professional CISO

David Malicoat
  • 4.4 (11)
  • TECHNOLOGY
  • UPDATED WEEKLY

Shaping Cybersecurity Leadership: Today, Tomorrow, Together.

  1. 12/16/2025

    Why CISOs Are Rethinking Managed Security: Check Point’s Open Garden Approach | Lenny Krol

    In this episode of The Professional CISO Show, David Malicoat is joined by Lenny Krol, Head of Services Sales at Check Point Software, recorded live at GPSEC DFW.   Lenny breaks down how Check Point’s services organization supports customers across both Check Point and third-party technologies, why an open ecosystem matters, and how CISOs can realistically scale security operations amid a global talent shortage. From fractional SOC coverage to process maturity and real-world engagement models, this conversation delivers practical insight for security leaders at every stage of their journey.   Sponsors: Check Point Software (Premier Sponsor) (www.checkpoint.com) Guidepoint Security (Associate Sponsor) (www.guidepointsecurity.com)   🎙️ Listen on Spotify and Apple Podcasts 🌐 Learn more at www.thpc.co

    20 min

  2. 12/12/2025

    Practical Zero Trust, Apprenticeships, and Learning to Learn in the Age of AI | Larry Woods

    Episode 93: Practical Zero Trust, Apprenticeships, and Learning to Learn in the Age of AI   Guest: Larry Woods   Every breach has a story. Every leader has a strategy.   In this episode of The Professional CISO Show, host David Malicoat sits down with Larry Woods, a seasoned cybersecurity executive, during the St. Louis stop of the U.S. Tour for a wide-ranging and deeply practical conversation about what it really takes to lead cybersecurity at scale.   This is not a theoretical discussion. It’s a grounded, experience-driven dialogue focused on execution, leadership maturity, and the realities CISOs face every day.   Larry shares his personal journey from early technology exposure through infrastructure leadership and into the CISO role, highlighting how security has quietly become embedded in nearly every aspect of modern IT. From there, the conversation expands into three critical areas shaping the future of the profession.   🔐 Practical Zero Trust — Not the Buzzword Version Zero Trust is often dismissed as unattainable or overly complex. Larry challenges that narrative by reframing Zero Trust as a series of pragmatic, achievable decisions rather than a perfect end state.   He explains how removing users and devices from the traditional network, leveraging secure access paths, and embracing cloud-first and SaaS-first strategies can dramatically reduce breach impact. Rather than chasing perfection, the focus is on measurable risk reduction and resilience — a perspective every modern CISO needs.   👩‍💻 Building Cyber Talent Through Apprenticeships Larry also dives into one of the most actionable talent strategies discussed on the show: cybersecurity apprenticeships.   Instead of short-term internships that rarely deliver meaningful impact, Larry outlines how long-term, part-time apprenticeships allow organizations to develop junior talent over multiple years. The result is stronger technical capability, deeper cultural alignment, and a pipeline of professionals who truly understand the business — not just the tools.   For CISOs struggling with hiring, retention, and entry-level readiness, this segment alone is worth the listen.   🧠 Learning to Learn in the Age of AI One of the most thought-provoking segments of the episode centers on a question few leaders are asking out loud: What happens to critical thinking when AI always has the answer?   Larry and David explore the difference between using AI as a shortcut versus using it as an accelerator for learning. As AI reshapes how work gets done, the ability to learn how to learn becomes a defining leadership skill — especially in cybersecurity, where context, judgment, and reasoning still matter.   This conversation connects AI, education, leadership development, and the future CISO skill set in a way that is both reflective and practical.   🏛️ From Technologist to Executive Leader Larry also shares candid insights on: The moment a CISO truly becomes an executive: the first board presentationWhy leadership teams matter more than company brandsLeading through influence in decentralized organizationsThe value of business education for cybersecurity leadersWhy today’s CISO must be fluent in risk, communication, marketing, legal concepts, and board dynamicsThe episode closes with a personal and revealing “10 Questions” segment that offers a glimpse into Larry’s mindset beyond the title.   🎧 Why You Should Listen If you are: A CISO navigating Zero Trust, cloud, and board expectationsA security leader building teams and future talentAn aspiring CISO trying to understand what the role really demandsA cybersecurity professional thinking about AI’s long-term impactThis episode will resonate.   🔗 Listen, Watch, and Connect 🎥 Watch the episode: http://www.youtube.com/@TheProfessionalCISO🎧 Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673🍎 Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021🌐 Website: https://www.thpc.co🔗 LinkedIn: https://www.linkedin.com/company/the-professional-ciso-show📣 Call to Action Follow The Professional CISO Show on Spotify and Apple Podcasts, subscribe on YouTube, and share this episode with a peer who’s serious about professionalizing the role of the CISO. 🏷️ Hashtags #TheProfessionalCISO #CISOLeadership #ZeroTrust #CybersecurityLeadership #AIandSecurity #CISOJourney #CyberTalent #LearningToLearn #BoardroomSecurity #CyberStrategy

    50 min

  3. 12/10/2025

    HOU.SEC.CON Live: Merging Physical & Cyber Security + The Future of Threat Intelligence

    🔥 Episode Summary Guests: Steve Lupo (Chevron, Retired FBI) & Orlan Streams (RA Infrastructure) Sponsor: CyberOne Security (www.cyberonesecurity.com)   Recorded live at HOU.SEC.CON, this episode brings together two unique perspectives shaping the cybersecurity landscape.   First, David speaks with Steve Lupo, Event Security Advisor at Chevron and a retired FBI agent, about the deep and often overlooked connection between physical security and cyber operations. From the role of InfraGard to counterintelligence insights and the enduring human attack surface, Steve brings clarity on how CISOs must merge both worlds.     Then, Orlan Streams, Cyber Threat Intelligence Analyst at RA Infrastructure, joins to explore the rapidly evolving space of threat intelligence, AI-driven analysis, OT security, mentorship, and communication at the board level. He also shares his own professional development journey—particularly his focus on improving writing and presentation skills to better influence executive decision-making.     🎧 Key Highlights What InfraGard is and why CISOs should engageHow the FBI leverages private-sector intelligenceWhy physical and cyber security must be unifiedHuman risk: the universal vulnerabilityFuture of nation-state adversaries and cyber warfareThreat intelligence challenges in 2025The rise of AI + human judgment in intel analysisWhy OT security is now unavoidableProfessional development: writing, communication & influenceBuilding the next generation of cyber talent through mentorship 🔗 Episode Sponsor: CyberOne Security CyberOne Security delivers custom cybersecurity solutions built around your business strategy using their Defendable Network Framework. Whether you’re designing resilient architecture or strengthening threat readiness, CyberOne drives measurable outcomes aligned to your environment. CyberOne Security — Strategic. Measurable. Built to Defend.   📲 Follow The Professional CISO Show Website: www.thpc.co YouTube: http://www.youtube.com/@TheProfessionalCISO LinkedIn: https://www.linkedin.com/company/the-professional-ciso-show Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673 Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021

    20 min

  4. 12/08/2025

    How CISOs Must Lead the Next Generation | Moses Bulus on AI, Data Security & Hybrid IT (Ep. 91)

    🔥 Episode Summary In this St. Louis tour-stop episode, David Malicoat sits down with cybersecurity leader Moses Bulus to explore what it truly means to evolve into a professional CISO.   Moses shares his journey from early developer to building security programs from scratch, and ultimately into executive leadership — showing how business acumen, networking, and intentional mentorship shape the future of the CISO role.   Together they dive deep into the accelerating impact of AI, the rising urgency of data security, the realities of hybrid cloud environments, and how CISOs can better prepare both themselves and the next generation for what’s coming.     🎙️ What You’ll Learn Why CISOs must be intentional about developing the next generation of cybersecurity leadersHow AI is exposing long-standing data governance gaps inside every organizationThe importance of returning to “Security 101” with access management and visibilityWhy hybrid IT + multi-cloud have expanded the attack surface beyond traditional modelsHow to build influence, trust, and presence across the business — not just ITThe power of networking and why it’s not optional for early-career professionalsMoses’ doctoral research in phishing attacks targeting the manufacturing sectorThe limitations of traditional cybersecurity education and how leaders can fill the gap💡 Key Quotes from This Episode “It’s not about cybersecurity. It’s about the business.” — Moses Bulus“You cannot protect what you don’t know or what you don’t understand.” — Moses Bulus“CISOs must be intentional — not just about their own growth, but about developing the role itself.” — David Malicoat“Networking is your future. Think of it like calling your brother when you need help.” — Moses Bulus“AI has introduced new advantages, but it’s also exposed vulnerabilities we’ve ignored for years.” — Moses Bulus 🧠 Episode Highlights Moses’ origin story: developer → network engineer → first cybersecurity hireThe executive leap: presenting to leadership early and building business fluencyWhy business conferences can matter more than technical onesAI’s dual nature: opportunity + internal risk amplifierCloud governance challenges and API-driven riskWhy security leaders must be present, approachable, and embedded in the businessRethinking hiring: degrees are helpful, but curiosity and problem-solving matter moreMoses’ personal story of pursuing a doctorate for his mother — and how research changes thinking 🤝 Episode Sponsors Premier Sponsor: Check Point (www.checkpoint.com) Associate Sponsors: Armis (www.armis.com), GuidePoint Security (www.guidepointsecurity.com)   📌 Call to Action Follow the show, share this episode with a colleague, and join us as we continue the mission to professionalize the role of the CISO.   🔗 Links & Resources Website:https://www.thpc.co YouTube Channel:http://www.youtube.com/@TheProfessionalCISO LinkedIn Page:https://www.linkedin.com/company/the-professional-ciso-show Spotify:https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673 Apple Podcasts:https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021   🏷️ Keywords CISO, Cybersecurity Leadership, AI Security, Data Security, Cloud Security, Hybrid IT, Cyber Careers, Cyber Education, Moses Bulus, Professional CISO, Cyber Podcast, Cyber Risk Management, CISO Development

    44 min

  5. 11/10/2025

    🎙️ Episode 90 | GPSEC DFW: The Modern CISO, AI, and the OT Frontier

    🎙️ Episode Summary Episode 90 of The Professional CISO Show kicks off the GPSEC DFW series, recorded live in Dallas. Host David Malicoat welcomes Andy Lux, Kendall Reese, and Patrick Gillespie for a dynamic discussion on risk leadership, AI governance, and OT security. Together, they explore how the role of the CISO is evolving — from managing control frameworks to enabling business outcomes through smarter, risk-informed strategies.   🔑 Key Takeaways The CISO’s role continues to mature toward enterprise risk and business alignmentAI adoption is accelerating, but governance and ROI remain top concernsFrameworks and cross-functional cooperation define future-ready security programsOT security is no longer separate — it’s central to national and business resilience  💬 Notable Quotes “You can’t be Fort Knox everywhere — we have to know our risk tolerance.” — Andy Lux“We’re shoulder to shoulder in governance; AI requires collaboration and control.” — Kendall Reese“If your IT and OT teams don’t know each other before an incident, it won’t go well.” — Patrick Gillespie 🎧 Listener Benefits By listening to this episode, you’ll gain insight into: Modern CISO decision frameworksPractical AI integration strategiesGovernance approaches for emerging techThe human and operational side of cybersecurity  📣 Call to Action Subscribe, share, and join the movement to professionalize the role of the CISO. Visit www.thpc.co for upcoming events, recordings, and sponsor opportunities.   🏆 Sponsors Premier Sponsor: Check Point (www.checkpoint.com)Associate Sponsor: GuidePoint Security (www.guidepointsecurity.com)

    25 min

  6. 10/31/2025

    Surviving Ransomware—and the Wilderness—with Zach Lewis

    Brought to you by: Check Point (www.checkpoint.com) Armis (www.armis.com) Guidepoint Security (www.guidepointsecurity.com) 🎙️ Episode Summary During The Professional CISO Show – St. Louis Tour Stop, Zach Lewis joins host David Malicoat to discuss his path from IT support to the executive suite, his experience navigating a real ransomware incident, and his forthcoming book Locked Up (Wiley, 2026). Wiley Books: https://www.wiley.com/en-us/Locked+Up%3A+Cybersecurity+Threat+Mitigation+Lessons+from+A+Real-World+LockBit+Ransomware+Response-p-9781394357048   Zach also explores how wilderness survival parallels cybersecurity—teaching preparedness, adaptability, and mental endurance—and why CISOs must lead with transparency and authenticity.   🔑 Key Takeaways CIO and CISO roles are converging faster than ever in modern enterprises.Sharing real breach stories removes stigma and helps the community grow.Wilderness survival mirrors the mindset needed for effective incident response.Writing a book can transform your professional credibility and brand.Visibility matters: every CISO should cultivate a public voice.💬 Notable Quotes “Being out in the woods is like one giant tabletop exercise.”“No one talks about ransomware because of the stigma—I wanted to change that.”“When you find that unique idea, run with it.”“Everything is bearable—until it’s not, and then you die.”“Build your personal brand so you never have to go job hunting again.” 🎁 Listener Benefits Hear a first-hand ransomware leadership storyLearn how to balance dual CIO and CISO responsibilitiesGain inspiration to publish your own cybersecurity insightsDiscover the surprising connection between wilderness survival and cybersecurity strategy 📣 Call to Action Follow The Professional CISO Show on your favorite platform for conversations that move the cybersecurity profession forward.   🔗 Connect with Us 🌐 www.thpc.co 💼 The Professional CISO Show on LinkedIn 🎥 Watch on YouTube 🎧 Spotify 🍏 Apple Podcasts

    46 min

  7. 10/27/2025

    From GenAI Prompts to OAuth Phishing: The Hidden Browser Risks - with Tommy Perniciaro

    Episode Summary Recorded live at HOU.SEC.CON, The Professional CISO Show welcomes Tommy Perniciaro, Director of Solutions Architecture at LayerX, to explore why the browser has become the least-instrumented layer in the modern security stack — and how CISOs can finally gain visibility and control over it.   David and Tommy discuss everything from malicious browser extensions and OAuth-based phishing to AI prompt leakage and the emergence of “AI browsers.” Listeners will walk away with a new appreciation for the browser as the enforcement point of the future — and practical insights on deploying LayerX to close this growing gap.   Key Takeaways The browser is now a primary attack surface for enterprise users.LayerX gives security teams visibility and control without replacing browsers.GenAI tools and prompts can leak sensitive data if not monitored at the DOM level.OAuth-based phishing is bypassing traditional email and network defenses.Secure enterprise browsers struggle with user adoption — LayerX works inside the browsers you already have.AI browsers are emerging as the next battleground for identity and data protection.Post-quantum cryptography will further challenge network-layer inspection.Notable Quotes “The browser is where all the work is happening — SaaS, AI, identity — but it’s the least instrumented control plane we have.” – Tommy Perniciaro  “Without visibility at the DOM level, you’re flying blind to what extensions, prompts, and identities are doing inside your environment.” – David Malicoat  “Phishing doesn’t need your password anymore. OAuth grants and browser-based attacks are where it’s moving.” – Tommy Perniciaro  “LayerX turns the browsers your people already use into secure browsers — no new deployment, no friction.” – David Malicoat  “Post-quantum encryption will change inspection forever. The browser may become the new enforcement point.” – Tommy Perniciaro  Listener Benefits Understand why browser visibility is critical in today’s SaaS-driven enterprise.Learn how to prepare your organization for the age of GenAI and AI browsers.Get practical deployment and change management insights for LayerX and similar solutions.Discover how browser-level inspection complements your EDR and network security stack.  Call to Action Subscribe to The Professional CISO Show on your favorite platform and join the movement to professionalize the CISO role. 🎧 Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673 🍎 Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021 🌐 Website: www.thpc.co

    20 min

  8. 10/15/2025

    Magic, Mentalism, and the Modern CISO – with Gary Chan

    Episode Summary   In this episode, host David Malicoat sits down in St. Louis, Missouri with Gary Chan, Chief Information Security Officer at SSM Health — and a professional Security Mentalist. Gary blends his background in cybersecurity, engineering, and mentalism to bring a refreshingly human and creative approach to leadership, awareness, and influence in the world of cyber.   From performing mind-reading demonstrations to explaining how storytelling drives executive buy-in, Gary shows us how creativity and communication can transform a CISO’s impact inside and outside the organization.   They dive deep into how CISOs can become better leaders, storytellers, and advocates for security — and why selling the “why” is far more powerful than explaining the “how.”   Key Takeaways 🎩 Magic Meets Cybersecurity: How Gary uses mentalism and showmanship to make security awareness engaging and unforgettable.🧭 The Future of the CISO: Why tomorrow’s security leaders must master storytelling, influence, and emotional intelligence — not just technology.💼 Selling the Business Case: How to translate “reduce risk” into tangible stories that matter to the CFO, board, and business leaders.🧠 Leadership Lessons from the Stage: What performing magic taught Gary about persuasion, empathy, and audience connection.💡 From VAR to Healthcare CISO: Gary’s career journey through consulting, sales, and healthcare leadership — and the lessons he carried forward.Notable Quotes “When you’re a senior leader, it’s all about storytelling — people need to understand how security ties back to why the organization exists.”“Nobody cares about reducing risk. They care about the impact to them — their goals, their reputation, their mission.”“Magic and cybersecurity aren’t that different — both are about understanding people’s perceptions and guiding them toward the right conclusion.”  Listener Benefits Learn how to communicate cybersecurity’s value through stories, not statsDiscover practical ways to make security awareness fun and memorableGain insight into leadership and influence beyond the technical realmHear real-world lessons on career growth from consulting to the CISO seatCall to Action   ✅ Follow The Professional CISO Show on LinkedIn 🎧 Listen and Subscribe on Spotify or Apple Podcasts 🌐 Visit THPC.co for show updates and events   Guest Information Gary Chan Chief Information Security Officer, SSM Health Security Mentalist & Speaker 🔗 Website: gschan2000.com 🔗 Search “Gary Chan Security Mentalist” for more information   Sponsors This episode is made possible by: Check Point – 2025 Workspace Security Insights Roadshow (www.checkpoint.com)Armis – 2025 Cyber Warfare Report (www.armis.com)GuidePoint Security – Trusted cybersecurity expertise across Fortune 500 and government agencies (www.guidepointsecurity.com) Hashtags #TheProfessionalCISO #CybersecurityLeadership #CISO #GaryChan #SecurityAwareness #CyberCulture #SecurityMentalist #LeadershipDevelopment #StorytellingInSecurity #CISOShow #THPCShow

    44 min
See All (95)

Ratings & Reviews

4.4
out of 5
11 Ratings

About

Shaping Cybersecurity Leadership: Today, Tomorrow, Together.

Information

  • Creator
    David Malicoat
  • Years Active
    2024 - 2025
  • Episodes
    95
  • Rating
    Clean
  • Copyright
    © Copyright 2024 All rights reserved.
  • Show Website
    The Professional CISO

You Might Also Like