All links and images for this episode can be found on CISO Series.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and sponsored co-host Jason Sabin, CTO, DigiCert. Joining us is our guest, Alexandra Landegger, executive director of security, Collins Aerospace.

In this episode:

• Are CISOs prepared for the legal surprises that can come in the aftermath of a cyberattack?
• What about the legal fallout that can occur afterward?
• How does a security team work with legal beforehand to address these issues when drawing up incident response?

Thanks to our podcast sponsors, DigiCert

DigiCert is a leading global provider of digital trust, the infrastructure that enables individuals and businesses to have confidence that their digital interactions are secure. DigiCert’s award-winning solutions enable organizations to establish, manage, and extend public and private trust across their digital footprint, securing users, servers, devices, software and content.

All links and images for this episode can be found on CISO Series.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining me is our guest, Kurt Sauer, CISO, Docusign.

We recorded in front of a live audience at Microsoft’s offices in Mountain View, CA as part of the ISSA-Silicon Valley chapter meeting. Check out all the photos from the event.

In this episode:

• Is a high profile cyberattack the best time for salespeople to come out of the woodwork asking if the affected CISO would like to see their product, which would have helped prevent the attack?
• Is there any way for a vendor to positively reach out to victims after a cyberattack?
• Also, what could be some effective ways to invest IP with generative AI to create value for the organization?

Thanks to our podcast sponsors, Veza, Sysdig, and SlashNext

75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment.

For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second.

SlashNext Complete delivers zero-hour protection for how people work today across email, mobile, and browser apps.  With SlashNext’s generative AI to defend against advanced business email compromise, smishing, spear phishing, executive impersonation, and financial fraud, your people are always protected anywhere they work.  Request a demo today.

All links and images for this episode can be found on CISO Series.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is our guest, Arvin Bansal, former CISO for Nissan Americas.

In this episode:

• Why are so many companies unprepared for phone-based social engineering?
• Why do many orgs not give this attack surface the attention it deserves?
• Are we doing enough to support whistleblowers in cybersecurity?

Thanks to our podcast sponsor, Palo Alto Networks

As cloud attacks increase, how should AppSec respond? Hear from Daniel Krivelevich, CTO of AppSec at Palo Alto Networks, as he dives into modern application security strategies that can help teams defend their engineering ecosystems from modern attacks. Watch now to level up your AppSec program.

All links and images for this episode can be found on CISO Series.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Adam Zoller, svp, CISO at Providence. Joining me is our guest Sam Jacques, vp of clinical engineering, McLaren Health Care.

In this episode:

• When should cybersecurity be brought into the discussion when a merger is underway?
• Why is security always going to be an issue in a merger or acquisition?
• If we know it's so important, why does it always feel like we're reinventing the wheel each time?

Thanks to our podcast sponsor, Claroty

Claroty enables varied sectors to protect their cyber-physical systems, known as the Extended IoT. The platform integrates seamlessly, offering comprehensive controls for visibility, risk management, network protection, and more. Trusted by global leaders, Claroty operates in hundreds of organizations worldwide. Headquartered in NYC, it spans Europe, Asia-Pacific, and Latin America.