All links and images for this episode can be found on CISO Series.

CISOs are common among the Fortune 500. But it remains rare to see them listed in executive leadership. Given that every company says security is of prime importance, why aren’t CISOs named within the top company echelons?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series, and Allan Cockriel, CISO of Shell. Joining us is our special guest, Mary Rose Martinez, CISO, Marathon Petroleum.

Thanks to our podcast sponsor, Censys

Censys is the leading Internet Intelligence Platform for Threat Hunting and Exposure Management. We provide the most comprehensive, accurate, and up-to-date map of the internet, which scans 45x more services than the nearest competitor across the world’s largest certificate database (>10B). Learn more at www.censys.com. 

In this episode:

• Given that every company says security is of prime importance, why aren’t CISOs named within the top company echelons?
• Can you think of a security action that did work at one organization that simply wouldn't work in another because of the culture?
• When it comes to communicating bad news to the board and c-suite, what techniques have worked the best?

All links and images for this episode can be found on CISO Series.

We’ve heard a lot of talk about the security risks with emerging AI technologies. A lot of these center around employees using large language models. But what about the potential benefits of this technology for cybersecurity? Could we eventually see a de facto AI CISO on the job?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Rob Duhart, deputy CISO, Walmart. Joining us is our special guest, Aaron Hughes, CISO, Albertsons.

Thanks to our podcast sponsor, KnowBe4

In this episode:

• What are the potential benefits of A.I. for cybersecurity? Could we eventually see a de facto AI CISO on the job?
• How does neurodiversity improve awareness in your security program?
• Where have you taken advantage of AI for your security program? And specifically so you can do your job better as a CISO, where does AI deliver opportunities?

All links and images for this episode can be found on CISO Series.

In everyday life, it's often clear when to call in the authorities. Someone egging your house might not rise to the occasion, but a break-in gets a call to the cops. It's less clear when it comes to a cyberattack. What constitutes a significant attack and what are the regulatory requirements? Once you make the call, how do they help in your response?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our special guest, David Ring, section chief at FBI, Cyber Division.

Thanks to our podcast sponsor, Hunters

Hunters SOC Platform is a SIEM alternative, delivering data ingestion, built-in and always up-to-date threat detection, and automating correlation and investigation processes to reduce risk, complexity, and cost for security teams. Learn more at hunters.security.

In this episode:

• What constitutes a significant attack and what are the regulatory requirements?
• Once you make the call, how do they help in your response?
• How do you approach "skills-and competency-based" hiring? And are there certain positions for which a 4-year degree is necessary?

All links and images for this episode can be found on CISO Series.

Even before the pandemic, we've been increasingly living in online collaboration apps. So why are organizations still making basic security mistakes with them? Is this a case of shadow IT or do these apps present unique challenges?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest, Rich Dandliker, chief strategist, Veza.

Thanks to our podcast sponsor, Veza

75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment. Learn more at Veza.com.

In this episode:

• We've been increasingly living in online collaboration apps. So why are organizations still making basic security mistakes with them?
• Is this a case of shadow IT or do these apps present unique challenges?
• Startups are by nature a risky business, most fail. Why do they?