The Professional CISO

Why CISOs Are Rethinking Managed Security: Check Point’s Open Garden Approach | Lenny Krol

David Malicoat — Tue, 16 Dec 2025 05:00:00 -0600

In this episode of The Professional CISO Show, David Malicoat is joined by Lenny Krol, Head of Services Sales at Check Point Software, recorded live at GPSEC DFW.

Lenny breaks down how Check Point’s services organization supports customers across both Check Point and third-party technologies, why an open ecosystem matters, and how CISOs can realistically scale security operations amid a global talent shortage. From fractional SOC coverage to process maturity and real-world engagement models, this conversation delivers practical insight for security leaders at every stage of their journey.

Sponsors:

Check Point Software (Premier Sponsor) (www.checkpoint.com)

Guidepoint Security (Associate Sponsor) (www.guidepointsecurity.com)

🎙️ Listen on Spotify and Apple Podcasts

🌐 Learn more at www.thpc.co

Practical Zero Trust, Apprenticeships, and Learning to Learn in the Age of AI | Larry Woods

David Malicoat — Fri, 12 Dec 2025 10:51:57 -0600

Episode 93: Practical Zero Trust, Apprenticeships, and Learning to Learn in the Age of AI

Guest: Larry Woods

Every breach has a story. Every leader has a strategy.

In this episode of The Professional CISO Show, host David Malicoat sits down with Larry Woods, a seasoned cybersecurity executive, during the St. Louis stop of the U.S. Tour for a wide-ranging and deeply practical conversation about what it really takes to lead cybersecurity at scale.

This is not a theoretical discussion. It’s a grounded, experience-driven dialogue focused on execution, leadership maturity, and the realities CISOs face every day.

Larry shares his personal journey from early technology exposure through infrastructure leadership and into the CISO role, highlighting how security has quietly become embedded in nearly every aspect of modern IT. From there, the conversation expands into three critical areas shaping the future of the profession.

🔐 Practical Zero Trust — Not the Buzzword Version

Zero Trust is often dismissed as unattainable or overly complex. Larry challenges that narrative by reframing Zero Trust as a series of pragmatic, achievable decisions rather than a perfect end state.

He explains how removing users and devices from the traditional network, leveraging secure access paths, and embracing cloud-first and SaaS-first strategies can dramatically reduce breach impact. Rather than chasing perfection, the focus is on measurable risk reduction and resilience — a perspective every modern CISO needs.

👩‍💻 Building Cyber Talent Through Apprenticeships

Larry also dives into one of the most actionable talent strategies discussed on the show: cybersecurity apprenticeships.

Instead of short-term internships that rarely deliver meaningful impact, Larry outlines how long-term, part-time apprenticeships allow organizations to develop junior talent over multiple years. The result is stronger technical capability, deeper cultural alignment, and a pipeline of professionals who truly understand the business — not just the tools.

For CISOs struggling with hiring, retention, and entry-level readiness, this segment alone is worth the listen.

🧠 Learning to Learn in the Age of AI

One of the most thought-provoking segments of the episode centers on a question few leaders are asking out loud:

What happens to critical thinking when AI always has the answer?

Larry and David explore the difference between using AI as a shortcut versus using it as an accelerator for learning. As AI reshapes how work gets done, the ability to learn how to learn becomes a defining leadership skill — especially in cybersecurity, where context, judgment, and reasoning still matter.

This conversation connects AI, education, leadership development, and the future CISO skill set in a way that is both reflective and practical.

🏛️ From Technologist to Executive Leader

Larry also shares candid insights on:

The moment a CISO truly becomes an executive: the first board presentation
Why leadership teams matter more than company brands
Leading through influence in decentralized organizations
The value of business education for cybersecurity leaders
Why today’s CISO must be fluent in risk, communication, marketing, legal concepts, and board dynamics

The episode closes with a personal and revealing “10 Questions” segment that offers a glimpse into Larry’s mindset beyond the title.

🎧 Why You Should Listen

If you are:

A CISO navigating Zero Trust, cloud, and board expectations
A security leader building teams and future talent
An aspiring CISO trying to understand what the role really demands
A cybersecurity professional thinking about AI’s long-term impact

This episode will resonate.

🔗 Listen, Watch, and Connect

🎥 Watch the episode: http://www.youtube.com/@TheProfessionalCISO
🎧 Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673
🍎 Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021
🌐 Website: https://www.thpc.co
🔗 LinkedIn: https://www.linkedin.com/company/the-professional-ciso-show

📣 Call to Action

Follow The Professional CISO Show on Spotify and Apple Podcasts, subscribe on YouTube, and share this episode with a peer who’s serious about professionalizing the role of the CISO.

🏷️ Hashtags

#TheProfessionalCISO #CISOLeadership #ZeroTrust #CybersecurityLeadership #AIandSecurity #CISOJourney #CyberTalent #LearningToLearn #BoardroomSecurity #CyberStrategy

HOU.SEC.CON Live: Merging Physical & Cyber Security + The Future of Threat Intelligence

David Malicoat — Wed, 10 Dec 2025 05:00:00 -0600

🔥 Episode Summary

Guests: Steve Lupo (Chevron, Retired FBI) & Orlan Streams (RA Infrastructure)

Sponsor: CyberOne Security (www.cyberonesecurity.com)

Recorded live at HOU.SEC.CON, this episode brings together two unique perspectives shaping the cybersecurity landscape.

First, David speaks with Steve Lupo, Event Security Advisor at Chevron and a retired FBI agent, about the deep and often overlooked connection between physical security and cyber operations. From the role of InfraGard to counterintelligence insights and the enduring human attack surface, Steve brings clarity on how CISOs must merge both worlds.

Then, Orlan Streams, Cyber Threat Intelligence Analyst at RA Infrastructure, joins to explore the rapidly evolving space of threat intelligence, AI-driven analysis, OT security, mentorship, and communication at the board level. He also shares his own professional development journey—particularly his focus on improving writing and presentation skills to better influence executive decision-making.

🎧 Key Highlights

What InfraGard is and why CISOs should engage
How the FBI leverages private-sector intelligence
Why physical and cyber security must be unified
Human risk: the universal vulnerability
Future of nation-state adversaries and cyber warfare
Threat intelligence challenges in 2025
The rise of AI + human judgment in intel analysis
Why OT security is now unavoidable
Professional development: writing, communication & influence
Building the next generation of cyber talent through mentorship

🔗 Episode Sponsor: CyberOne Security

CyberOne Security delivers custom cybersecurity solutions built around your business strategy using their Defendable Network Framework. Whether you’re designing resilient architecture or strengthening threat readiness, CyberOne drives measurable outcomes aligned to your environment. CyberOne Security — Strategic. Measurable. Built to Defend.

📲 Follow The Professional CISO Show

Website: www.thpc.co

YouTube: http://www.youtube.com/@TheProfessionalCISO

LinkedIn: https://www.linkedin.com/company/the-professional-ciso-show

Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673

Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021

How CISOs Must Lead the Next Generation | Moses Bulus on AI, Data Security & Hybrid IT (Ep. 91)

David Malicoat — Mon, 08 Dec 2025 05:00:00 -0600

🔥 Episode Summary

In this St. Louis tour-stop episode, David Malicoat sits down with cybersecurity leader Moses Bulus to explore what it truly means to evolve into a professional CISO.

Moses shares his journey from early developer to building security programs from scratch, and ultimately into executive leadership — showing how business acumen, networking, and intentional mentorship shape the future of the CISO role.

Together they dive deep into the accelerating impact of AI, the rising urgency of data security, the realities of hybrid cloud environments, and how CISOs can better prepare both themselves and the next generation for what’s coming.

🎙️ What You’ll Learn

Why CISOs must be intentional about developing the next generation of cybersecurity leaders
How AI is exposing long-standing data governance gaps inside every organization
The importance of returning to “Security 101” with access management and visibility
Why hybrid IT + multi-cloud have expanded the attack surface beyond traditional models
How to build influence, trust, and presence across the business — not just IT
The power of networking and why it’s not optional for early-career professionals
Moses’ doctoral research in phishing attacks targeting the manufacturing sector
The limitations of traditional cybersecurity education and how leaders can fill the gap

💡 Key Quotes from This Episode

“It’s not about cybersecurity. It’s about the business.” — Moses Bulus
“You cannot protect what you don’t know or what you don’t understand.” — Moses Bulus
“CISOs must be intentional — not just about their own growth, but about developing the role itself.” — David Malicoat
“Networking is your future. Think of it like calling your brother when you need help.” — Moses Bulus
“AI has introduced new advantages, but it’s also exposed vulnerabilities we’ve ignored for years.” — Moses Bulus

🧠 Episode Highlights

Moses’ origin story: developer → network engineer → first cybersecurity hire
The executive leap: presenting to leadership early and building business fluency
Why business conferences can matter more than technical ones
AI’s dual nature: opportunity + internal risk amplifier
Cloud governance challenges and API-driven risk
Why security leaders must be present, approachable, and embedded in the business
Rethinking hiring: degrees are helpful, but curiosity and problem-solving matter more
Moses’ personal story of pursuing a doctorate for his mother — and how research changes thinking

🤝 Episode Sponsors

Premier Sponsor: Check Point (www.checkpoint.com)

Associate Sponsors: Armis (www.armis.com), GuidePoint Security (www.guidepointsecurity.com)

📌 Call to Action

Follow the show, share this episode with a colleague, and join us as we continue the mission to professionalize the role of the CISO.

🔗 Links & Resources

Website:https://www.thpc.co

YouTube Channel:http://www.youtube.com/@TheProfessionalCISO

LinkedIn Page:https://www.linkedin.com/company/the-professional-ciso-show

Spotify:https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673

Apple Podcasts:https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021

🏷️ Keywords

CISO, Cybersecurity Leadership, AI Security, Data Security, Cloud Security, Hybrid IT, Cyber Careers, Cyber Education, Moses Bulus, Professional CISO, Cyber Podcast, Cyber Risk Management, CISO Development

🎙️ Episode 90 | GPSEC DFW: The Modern CISO, AI, and the OT Frontier

David Malicoat — Mon, 10 Nov 2025 05:00:00 -0600

🎙️ Episode Summary

Episode 90 of The Professional CISO Show kicks off the GPSEC DFW series, recorded live in Dallas. Host David Malicoat welcomes Andy Lux, Kendall Reese, and Patrick Gillespie for a dynamic discussion on risk leadership, AI governance, and OT security. Together, they explore how the role of the CISO is evolving — from managing control frameworks to enabling business outcomes through smarter, risk-informed strategies.

🔑 Key Takeaways

The CISO’s role continues to mature toward enterprise risk and business alignment
AI adoption is accelerating, but governance and ROI remain top concerns
Frameworks and cross-functional cooperation define future-ready security programs
OT security is no longer separate — it’s central to national and business resilience

💬 Notable Quotes

“You can’t be Fort Knox everywhere — we have to know our risk tolerance.” — Andy Lux

“We’re shoulder to shoulder in governance; AI requires collaboration and control.” — Kendall Reese

“If your IT and OT teams don’t know each other before an incident, it won’t go well.” — Patrick Gillespie

🎧 Listener Benefits

By listening to this episode, you’ll gain insight into:

Modern CISO decision frameworks
Practical AI integration strategies
Governance approaches for emerging tech
The human and operational side of cybersecurity

📣 Call to Action

Subscribe, share, and join the movement to professionalize the role of the CISO.

Visit www.thpc.co for upcoming events, recordings, and sponsor opportunities.

🏆 Sponsors

Premier Sponsor: Check Point (www.checkpoint.com)
Associate Sponsor: GuidePoint Security (www.guidepointsecurity.com)

Surviving Ransomware—and the Wilderness—with Zach Lewis

David Malicoat — Fri, 31 Oct 2025 12:43:21 -0500

Brought to you by:

Check Point (www.checkpoint.com)

Armis (www.armis.com)

Guidepoint Security (www.guidepointsecurity.com)

🎙️ Episode Summary

During The Professional CISO Show – St. Louis Tour Stop, Zach Lewis joins host David Malicoat to discuss his path from IT support to the executive suite, his experience navigating a real ransomware incident, and his forthcoming book Locked Up (Wiley, 2026).

Wiley Books: https://www.wiley.com/en-us/Locked+Up%3A+Cybersecurity+Threat+Mitigation+Lessons+from+A+Real-World+LockBit+Ransomware+Response-p-9781394357048

Zach also explores how wilderness survival parallels cybersecurity—teaching preparedness, adaptability, and mental endurance—and why CISOs must lead with transparency and authenticity.

🔑 Key Takeaways

CIO and CISO roles are converging faster than ever in modern enterprises.
Sharing real breach stories removes stigma and helps the community grow.
Wilderness survival mirrors the mindset needed for effective incident response.
Writing a book can transform your professional credibility and brand.
Visibility matters: every CISO should cultivate a public voice.

💬 Notable Quotes

“Being out in the woods is like one giant tabletop exercise.”“No one talks about ransomware because of the stigma—I wanted to change that.”“When you find that unique idea, run with it.”“Everything is bearable—until it’s not, and then you die.”“Build your personal brand so you never have to go job hunting again.”

🎁 Listener Benefits

Hear a first-hand ransomware leadership story
Learn how to balance dual CIO and CISO responsibilities
Gain inspiration to publish your own cybersecurity insights
Discover the surprising connection between wilderness survival and cybersecurity strategy

📣 Call to Action

Follow The Professional CISO Show on your favorite platform for conversations that move the cybersecurity profession forward.

🔗 Connect with Us

🌐 www.thpc.co

💼 The Professional CISO Show on LinkedIn

🎥 Watch on YouTube

🎧 Spotify

🍏 Apple Podcasts

From GenAI Prompts to OAuth Phishing: The Hidden Browser Risks - with Tommy Perniciaro

David Malicoat — Mon, 27 Oct 2025 13:58:34 -0500

Episode Summary

Recorded live at HOU.SEC.CON, The Professional CISO Show welcomes Tommy Perniciaro, Director of Solutions Architecture at LayerX, to explore why the browser has become the least-instrumented layer in the modern security stack — and how CISOs can finally gain visibility and control over it.

David and Tommy discuss everything from malicious browser extensions and OAuth-based phishing to AI prompt leakage and the emergence of “AI browsers.” Listeners will walk away with a new appreciation for the browser as the enforcement point of the future — and practical insights on deploying LayerX to close this growing gap.

Key Takeaways

The browser is now a primary attack surface for enterprise users.
LayerX gives security teams visibility and control without replacing browsers.
GenAI tools and prompts can leak sensitive data if not monitored at the DOM level.
OAuth-based phishing is bypassing traditional email and network defenses.
Secure enterprise browsers struggle with user adoption — LayerX works inside the browsers you already have.
AI browsers are emerging as the next battleground for identity and data protection.
Post-quantum cryptography will further challenge network-layer inspection.

Notable Quotes

“The browser is where all the work is happening — SaaS, AI, identity — but it’s the least instrumented control plane we have.” – Tommy Perniciaro

“Without visibility at the DOM level, you’re flying blind to what extensions, prompts, and identities are doing inside your environment.” – David Malicoat

“Phishing doesn’t need your password anymore. OAuth grants and browser-based attacks are where it’s moving.” – Tommy Perniciaro

“LayerX turns the browsers your people already use into secure browsers — no new deployment, no friction.” – David Malicoat

“Post-quantum encryption will change inspection forever. The browser may become the new enforcement point.” – Tommy Perniciaro

Listener Benefits

Understand why browser visibility is critical in today’s SaaS-driven enterprise.
Learn how to prepare your organization for the age of GenAI and AI browsers.
Get practical deployment and change management insights for LayerX and similar solutions.
Discover how browser-level inspection complements your EDR and network security stack.

Call to Action

Subscribe to The Professional CISO Show on your favorite platform and join the movement to professionalize the CISO role.

🎧 Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673

🍎 Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021

🌐 Website: www.thpc.co

Magic, Mentalism, and the Modern CISO – with Gary Chan

David Malicoat — Wed, 15 Oct 2025 05:00:00 -0500

Episode Summary

In this episode, host David Malicoat sits down in St. Louis, Missouri with Gary Chan, Chief Information Security Officer at SSM Health — and a professional Security Mentalist. Gary blends his background in cybersecurity, engineering, and mentalism to bring a refreshingly human and creative approach to leadership, awareness, and influence in the world of cyber.

From performing mind-reading demonstrations to explaining how storytelling drives executive buy-in, Gary shows us how creativity and communication can transform a CISO’s impact inside and outside the organization.

They dive deep into how CISOs can become better leaders, storytellers, and advocates for security — and why selling the “why” is far more powerful than explaining the “how.”

Key Takeaways

🎩 Magic Meets Cybersecurity: How Gary uses mentalism and showmanship to make security awareness engaging and unforgettable.
🧭 The Future of the CISO: Why tomorrow’s security leaders must master storytelling, influence, and emotional intelligence — not just technology.
💼 Selling the Business Case: How to translate “reduce risk” into tangible stories that matter to the CFO, board, and business leaders.
🧠 Leadership Lessons from the Stage: What performing magic taught Gary about persuasion, empathy, and audience connection.
💡 From VAR to Healthcare CISO: Gary’s career journey through consulting, sales, and healthcare leadership — and the lessons he carried forward.

Notable Quotes

“When you’re a senior leader, it’s all about storytelling — people need to understand how security ties back to why the organization exists.”“Nobody cares about reducing risk. They care about the impact to them — their goals, their reputation, their mission.”
“Magic and cybersecurity aren’t that different — both are about understanding people’s perceptions and guiding them toward the right conclusion.”

Listener Benefits

Learn how to communicate cybersecurity’s value through stories, not stats
Discover practical ways to make security awareness fun and memorable
Gain insight into leadership and influence beyond the technical realm
Hear real-world lessons on career growth from consulting to the CISO seat

Call to Action

✅ Follow The Professional CISO Show on LinkedIn

🎧 Listen and Subscribe on Spotify or Apple Podcasts

🌐 Visit THPC.co for show updates and events

Guest Information

Gary Chan

Chief Information Security Officer, SSM Health

Security Mentalist & Speaker

🔗 Website: gschan2000.com

🔗 Search “Gary Chan Security Mentalist” for more information

Sponsors

This episode is made possible by:

Check Point – 2025 Workspace Security Insights Roadshow (www.checkpoint.com)
Armis – 2025 Cyber Warfare Report (www.armis.com)
GuidePoint Security – Trusted cybersecurity expertise across Fortune 500 and government agencies (www.guidepointsecurity.com)

Hashtags

#TheProfessionalCISO #CybersecurityLeadership #CISO #GaryChan #SecurityAwareness #CyberCulture #SecurityMentalist #LeadershipDevelopment #StorytellingInSecurity #CISOShow #THPCShow

The Human Operating System: A New Way to Think About Cyber Risk with Kate Goldman

David Malicoat — Mon, 13 Oct 2025 06:41:05 -0500

Episode Summary

In this episode, David Malicoat sits down with Kate Goldman, founder and CEO of Cybermaniacs, to challenge one of cybersecurity’s oldest assumptions — that humans are the weakest link. Kate argues it’s time for CISOs to rethink human risk, culture, and resilience in the modern organization.

Together, David and Kate explore the emerging field of Human Risk Management, the idea of the Human Operating System, and how leaders can leverage psychology, culture, and AI to build resilient teams that thrive in the age of digital transformation.

Key Takeaways

Why the phrase “humans are the weakest link” needs to be retired.
The concept of the Human Operating System — and how to “patch” human vulnerabilities.
How to evolve from compliance-based awareness to behavior-based resilience.
Why culture, psychology, and norms are the real keys to cybersecurity success.
The intersection of AI and human risk — and how workforce roles must evolve.
Why the next wave of cyber resilience will require rethinking training, learning, and leadership.

Notable Quotes

“Humans aren’t the weakest link — they’re the core operating system of your business.” — Kate Goldman

“You can’t compliance people into good behavior. You have to design the culture around it.” — Kate Goldman

“We’ve thrown chaos into a system we barely understood — AI has made human risk even more concentrated.” — Kate Goldman

“CISOs must learn to use culture and psychology as part of their playbook.” — David Malicoat

“The next era of security isn’t just about tech resilience — it’s about human resilience.” — Kate Goldman

Listener Benefits

By listening, cybersecurity leaders will gain:

A new framework for understanding and managing human risk.
Insights into integrating behavioral science and culture into cybersecurity programs.
Practical ideas for evolving awareness, resilience, and workforce readiness in the AI era.

Call to Action

If you believe it’s time to professionalize the role of the CISO, hit Follow on Spotify or Apple Podcasts, and visit us at www.thpc.co for upcoming episodes and tour dates.

Connect with Us

LinkedIn: https://www.linkedin.com/company/the-professional-ciso-show
YouTube: http://www.youtube.com/@TheProfessionalCISO
Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673
Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021

Guest Info

Kate Goldman

CEO & Founder, Cybermaniacs

www.thecybermaniacs.com

Follow on LinkedIn: Kate Goldman

Sponsors

This episode is made possible by:

MagicMirror Security — “The magic happens when security is invisible.” magicmirrorsecurity.com/thpc

Related Episodes

Ep. 80 – Stop Rolling Your Eyes: AI Is Your CISO Leadership Opportunity
Ep. 82 – Responsible AI in Cybersecurity with Alain Espinosa
Ep. 85 – LLMs vs SLMs: The Future of AI in Cybersecurity

Hashtags

#CyberSecurity #CISO #HumanRisk #CyberAwareness #AIinSecurity #CyberCulture #Leadership #CyberResilience #TheProfessionalCISOShow

Joe Sullivan on Why Now Is the Best Time to Be in Cybersecurity

David Malicoat — Wed, 01 Oct 2025 11:11:07 -0500

Episode Summary:

Joe Sullivan returns to The Professional CISO Show for a wide-ranging discussion with host David Malicoat. Together, they unpack the Salesforce hack, SaaS application blind spots, identity and access management, AI noise versus real use cases, and how security teams must evolve. Joe also shares candid lessons from crisis leadership, regulatory scrutiny, and the personal realities of being a CISO under fire.

Key Takeaways:

Why SaaS security is still a blind spot — and how attackers exploit it
Identity, cookies, and why current authentication standards fall short
The fading CIO role and the rise of security leaders managing IT
How AI will reshape both security threats and team structures
AppSec’s critical role in the future of cybersecurity
Building true organizational resilience in the age of ransomware
Joe’s personal reflections on accountability, recovery, and resilience

Notable Quotes:

“We can’t buy our way to good identity security yet.” – Joe Sullivan
“AI is just a hyper speed version of a human problem.” – Joe Sullivan
“Sooner or later, every CISO faces crisis — and we must prepare like firefighters.” – Joe Sullivan
“The CEO wants a digital risk leader, not just a security leader.” – Joe Sullivan

Listener Benefits:

Gain insight into current and emerging cybersecurity risks
Learn practical approaches to SaaS and identity security
Understand how AI will transform both attacks and defenses
Hear candid reflections on resilience, leadership, and accountability

Call to Action:

🎧 Subscribe and listen:

Spotify: The Professional CISO Show
Apple Podcasts: The Professional CISO Show

💼 Connect on LinkedIn: The Professional CISO Show

🌐 Learn more: www.thpc.co

Responsible AI or Responsible Marketing? A CISO’s Take

David Malicoat — Wed, 10 Sep 2025 05:00:00 -0500

"I get it. I need to stop banging on the table. This will be fixed in future episodes. Sorry for the poor sound experience." - David

Get your Responsible AI Vendor Due Diligence Checklist here: https://webforms.pipedrive.com/f/ccV6a7kFIWKZpodmLcDbBhKhYnVU5N81A2tM20DGC8gepc0UtzfcqYaHXfzBi8gzuz

Episode Summary:

In this episode of The Professional CISO Show, David Malicoat explores whether “Responsible AI” pledges from vendors are genuine safeguards or simply marketing buzz. Using Zscaler’s recent claims as a case study, David walks through vendor promises, compliance implications, audit gaps, and blind spots around explainability, bias, and portability.

The episode introduces a practical CISO Vendor AI Evaluation Sheet across six domains — data handling, AI governance, auditability, liability, transparency, and exit strategy — to help CISOs push beyond assurances and demand evidence.

Key Takeaways:

Why “Responsible AI” is often indistinguishable from “Responsible Marketing”
The compliance challenges with GDPR, HIPAA, CCPA, SR 11-7, and the EU AI Act
How metadata, audit evidence gaps, and third-party dependencies introduce hidden risk
Why boards must be educated on AI risk vs. AI marketing hype
Why CISOs must own the Responsible AI conversation before regulators step in

Notable Quotes:

“Responsible AI should be more than a press release. It must be auditable, enforceable, and defensible in front of a regulator.”
“When regulators knock, they won’t call the vendor first. They’ll call you.”
“Don’t just take a vendor’s word for it — ask hard questions, demand evidence, and get it in writing.”

Listener Benefits:

By listening, you’ll gain a sharper lens for evaluating AI vendor claims, practical tools to strengthen your vendor management process, and strategies to get ahead of inevitable regulation.

Call to Action:

👉 Download the free CISO Vendor AI Evaluation Sheet from the show notes.

👉 Share this episode with your peers and comment your perspective on LinkedIn.

👉 Subscribe on Spotify, Apple Podcasts, and YouTube.

🔖 Hashtags

#ResponsibleAI #CISO #CybersecurityLeadership #TheProfessionalCISO #AICompliance #VendorRisk #AIGovernance

AI Adoption vs. Security Reality — Insights from GPSEC STL

David Malicoat — Wed, 20 Aug 2025 05:00:00 -0500

Sponsors:

ObservoAI (www.observo.ai)

Guidepoint Security (www.guidepointsecurity.com)

Episode Summary:

AI isn’t just hype anymore — it’s transforming the way enterprises operate. At GPSEC St. Louis, David Malicoat sits down with Felix Simmons, Principal Security Architect at GuidePoint Security, to cut through the noise around AI adoption, risk, and controls.

Felix explains why AI is unlike past technology waves, how business demand is driving adoption faster than security teams can keep up, and what enterprises can do to prepare. From agentic AI and non-human identities to offline models and emerging security tooling, this conversation offers a practical guide for CISOs navigating AI in the enterprise.

What You’ll Learn in This Episode:

The real risks of AI adoption beyond the hype
How business-driven demand changes the security equation
Why AI controls lag adoption — and what to do about it
The rise of agentic AI and new identity risks
Offline models, adversarial risks, and scanning challenges
What the future of AI-driven enterprise security may look like

Guest:

Felix Simmons — Principal Security Architect, GuidePoint Security

Links & Resources:

🌐 Website: www.thpc.co
📺 Watch More Episodes: http://www.youtube.com/@TheProfessionalCISO
🎧 Listen on https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673
🍏 Listen on https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021
💼 Connect on https://www.linkedin.com/company/the-professional-ciso-show

Hashtags:

#Cybersecurity #CISO #AI #EnterpriseSecurity #GPSEC #GuidePointSecurity #ObservoAI

EP82: Lessons from CISO XC DFW: Leadership, Risk & Real-World Security

David Malicoat — Wed, 13 Aug 2025 05:00:00 -0500

Summary:

Recorded live at CISO XC DFW, this episode of The Professional CISO Show features three powerful conversations from leaders shaping the future of cybersecurity.

First, Sonya Wickel shares her 24-year career journey from IT generalist to CISO & CIO, offering insights on fourth-party risk, the value of empathy in leadership, and the importance of staying sharp in both IT and cybersecurity.

Then, Eric Bowerman takes us inside the complex task of securing Dallas Fort Worth International Airport — from operational technology and stakeholder management to implementing passwordless authentication and preparing for global events like FIFA.

Finally, Tera Davis explains how CyberOne has built a true community partnership with CISO XC, scaling professional services, preparing organizations for AI adoption, and fostering the next generation of security talent.

Sponsors

Valence Security (www.valencesecurity.com)

CISO XC (www.cisoxc.com)

Key Topics Covered:

CISO/CIO dual-role challenges & strategies
Third & fourth-party risk management best practices
Critical infrastructure & OT security challenges
Building trust and stakeholder alignment in high-impact environments
Passwordless authentication for operational teams
Authentic sponsor–community relationships
Scaling professional services & AI readiness

Links & Resources:

🌐 Website: www.thpc.co

📺 Watch More Episodes:

http://www.youtube.com/@TheProfessionalCISO

🎧 Listen on Spotify: Open on Spotify

🍏 Listen on Apple Podcasts: Open on Apple Podcasts

💼 LinkedIn: Follow on LinkedIn

Hashtags:

#CyberSecurity #CISO #TheProfessionalCISO #CISOXC #CyberLeadership #RiskManagement #OTSecurity #ThirdPartyRisk #AirportSecurity #Passwordless #CyberCommunity #CyberOne #ValenceSecurity

From Data Governance to AI Security: Kristi Cook on Building Resilient Teams

David Malicoat — Wed, 06 Aug 2025 05:00:00 -0500

CISO XC Live: Conversations on Innovation and Threats

David Malicoat — Tue, 29 Jul 2025 05:00:00 -0500

Sponsored by HivePro (www.hivepro.com) and CISO XC (www.cisoxc.com).

EP80 – CISO XC DFW | Hive Pro Special: AI, Identity & The Future of Cyber Roles

Live from CISO XC DFW, The Professional CISO Show dives into the intersection of innovation, leadership, and cyber resilience. Host David Malicoat sits down with:

Ted Sanders, BISO and cybersecurity educator, to discuss embedding cyber strategy at scale and why the BISO role is the next great proving ground for future CISOs.
Jon Brickey, SVP & Cybersecurity Evangelist at Mastercard, as he unpacks his unique career journey from NSA to Mastercard and explains how cyber innovation, threatcasting, and AI will reshape the landscape.
Travis Farral, CISO at RK Energy, who shares actionable insights on session token hijacking, third-party risks, and his strategic push for FIDO2 adoption in a hybrid environment.

Sponsored by Hive Pro, a leader in Continuous Threat Exposure Management. Learn more at

https://hivepro.com

Key Takeaways:

The BISO role as a critical extension of CISO leadership
Why threat translation is a core skill for cyber leaders
How AI will augment, not replace, cybersecurity roles
Jon Brickey’s “Forrest Gump” career across the evolution of cyber defense
Identity strategy as a cornerstone of modern resilience

🎯 Perfect for: CISOs, aspiring cyber leaders, SOC managers, and innovators thinking about the future of security and strategy.

🔗 Links & CTAs

🌐 Website: www.thpc.co

📺 Watch More Episodes: YouTube

🎧 Listen on Spotify | Apple Podcasts

🔗 Follow us on LinkedIn

👤 Guest Info

Ted Sanders – BISO in financial services, Cybersecurity Instructor at Collin College
Jon Brickey – SVP & Cybersecurity Evangelist, Mastercard
Travis Farral – CISO, RK Energy

📌 Related Episodes

🔖 Hashtags

#Cybersecurity #CISO #BISO #AIinSecurity #CyberInnovation #MastercardSecurity #FIDO2 #ThreatExposure #HivePro #TheProfessionalCISO #CISOStrategy #CyberEvangelism #CyberLeadership #CyberPodcast

From DFIR Godfather to AI Risk Advocate: Rob T. Lee on Cybersecurity’s Crossroads | RSA 2025

David Malicoat — Wed, 23 Jul 2025 05:00:00 -0500

In this special RSA Conference edition of The Professional CISO Show, host David Malicoat sits down with Rob T. Lee—Chief of Research at SANS Institute and a foundational figure in cybersecurity. With nearly three decades of experience spanning the Air Force, Mandiant, and SANS, Rob shares his insights on the evolving challenges of the CISO role, the toxicity of today’s security environments, and the urgent need for AI literacy across the industry.

Rob dives deep into the accelerating threat landscape, the need for cyber safe harbors, and why he believes we’re on the verge of normalizing breaches as the cost of doing business. He also makes the case for rewarding defenders and rethinking how we define cybersecurity success.

Key Highlights:

Why most CISOs say “never again”—and what needs to change
Why Rob coined DFIR and CTI (and the story behind it)
The CISO “zero-sum game” and how toxic cultures persist
Rob’s 4-part personal health mantra: Sleep, Diet, Exercise… and AI
A call to “Learn AI daily”—for security pros and business leaders alike
What boards should be doing—and why every board needs a cyber voice
Rob’s RSA keynote preview: cyber safe harbors and AI velocity imbalance

Guest:

👤 Rob T. Lee – Chief of Research, SANS Institute

🔗 https://www.sans.org/profiles/rob-t-lee/

Host:

🎙️ David Malicoat, The Professional CISO Show

🌐 www.thpc.co

Listen & Subscribe:

🔊 Spotify: The Professional CISO Show on Spotify

🍎 Apple Podcasts: The Professional CISO Show on Apple

📣 Hashtags: #Cybersecurity #TheProfessionalCISO #RSA2025 #RobTLee #SANS #DFIR #AIinSecurity #CyberRisk #CISOLeadership #CTI #CyberSafeHarbor #LearnAIDaily #IncidentResponse #AIThreats #CyberCulture

Event Series EP 78: AI, Data, and Talent: CISO Lessons from GPSEC STL

David Malicoat — Wed, 16 Jul 2025 05:00:00 -0500

Sponsors:

Rubrik (www.rubrik.com)

Guidepoint Security (www.guidepointsecurity.com)

In this episode of The Professional CISO Show, David Malicoat hosts a special two-part discussion live from GPSEC STL in St. Louis. First up is Marc Ashworth, CISO of First Bank and host of The Cyber Executive Podcast, who discusses leadership development, AI, mentorship, and why he started podcasting as a CISO. Then, Michael Evans, Head of Information Security at Energizer, shares his grounded take on data governance, foundational AI readiness, and why security conversations at live events are vital for industry growth.

Key Highlights:

Marc Ashworth on AI maturity, team building, and starting a CISO podcast
Michael Evans on AI implementation and why data governance must come first
Live insights on talent retention, vendor risk, and security leadership
A look ahead: quantum-safe encryption and what CISOs should watch next

Call to Action:

Subscribe to The Professional CISO Show for unfiltered conversations with the leaders shaping cybersecurity.

🎧 Listen on Spotify: The Professional CISO Show

📱 Listen on Apple Podcasts: The Professional CISO Show

🌐 More Episodes + Info: www.thpc.co

🔗 Follow us on LinkedIn: The Professional CISO Show

Hashtags:

#CyberSecurity #CISO #AI #DataGovernance #Leadership #TheProfessionalCISO #CyberPodcast #GPSEC #CyberTalent #QuantumSecurity #MarcAshworth #MichaelEvans

🎙 Episode 77 – CISO XC DFW 4: Securing the Real World

David Malicoat — Mon, 14 Jul 2025 05:00:00 -0500

🔹 Live from CISO XC DFW (www.cisoxc.com) | Sponsored by Valence Security (www.valencesecurity.com)

In this field-recorded episode of The Professional CISO Show, host David Malicoat returns to CISO XC DFW for another round of dynamic, on-the-ground conversations with three influential cybersecurity leaders — each offering a unique and grounded perspective on today’s real-world risks and tomorrow’s security frontiers.

Cyber attorney and governance thought leader Shawn Tuma returns to discuss the resurgence of business email compromise (BEC), the importance of humility in cyber defense, and why AI governance is rapidly becoming a core CISO responsibility. Maritime security executive Glen Vickers walks us through the harsh realities of securing satellite-connected vessels, dealing with Starlink, and the challenges of maritime connectivity. Then, longtime friend of the show and security visionary Chris Cochran reveals his newest venture: Commandant, an AI-powered incident response co-pilot designed to fundamentally change how organizations respond to crisis events — complete with its own assistant, Lucy.

Throughout the episode, we also explore the challenges of securing SaaS ecosystems, managing identity at scale, and the rising importance of proactive vendor evaluation and tabletop readiness.

Whether you’re a field-hardened CISO or just starting your executive security journey, this episode brings you into the heart of cybersecurity’s most pressing conversations — unfiltered, insightful, and straight from the source.

🔑 What You’ll Learn in This Episode

The dangerous re-emergence of BEC as a top threat vector — and why AI may be amplifying the risk
Why CISOs must lead the charge on AI governance and strategy — or risk being sidelined
How FIDO and identity modernization can reduce exposure to targeted fraud
Insights on satellite cybersecurity, Starlink limitations, and maritime network vulnerabilities
A behind-the-scenes preview of “Commandant,” an AI co-pilot for incident response — designed to help IR teams with note-taking, SLA tracking, notification workflows, and continuous tabletop exercises
How vendor selection, tabletop simulations, and small supplier coordination can make or break your organization during a crisis
Why humility, not hubris, is the most underrated leadership trait in cybersecurity

💬 Notable Quotes

“Just because you can’t think of how the attacker got in doesn’t mean they didn’t. That’s why we need more humility in this industry.” —Shawn Tuma

“AI isn’t just a buzzword. It’s a once-in-a-generation shift — and CISOs have a chance to shape it from the start.” —David Malicoat

“Lucy is designed to help you during your worst day — capturing context, notes, contracts, timelines, and guiding you through the fog of war.” —Chris Cochran

“We’re securing vessels in the middle of the ocean using tech that was old when we got it — Starlink’s changed the game, but it’s brought new challenges too.” —Glen Vickers

“A $5M cyber insurance policy might only cover $250K of social engineering fraud. The rest is on you.” —Shawn Tuma

🎧 Listen & Subscribe

📍 Available now on all major platforms:

🔗 Spotify

🔗 Apple Podcasts

🌐 Full episodes and show resources at www.thpc.co

📣 Stay Connected with The Professional CISO Show

📺 Watch on YouTube

💼 Follow on LinkedIn

🧠 Guest Info

Shawn Tuma – Partner at Spencer Fane, co-author of GC + CISO Connection
Glen Vickers – CISO at ABS Wavesight
Chris Cochran – Co-founder, Commandant AI | Formerly of Netflix, NSA, Mandiant

📚 Related Episodes

🔖 Hashtags

#CISO #CyberSecurity #TheProfessionalCISOShow #BusinessEmailCompromise #AIinSecurity #IncidentResponse #MaritimeCyber #StarlinkSecurity #ValenceSecurity #CommandantAI #LeadershipInCyber #FIDO #SupplyChainRisk #CyberInsurance #SaaSVisibility #RealWorldSecurity

Fix Your Data Pipeline or Drown: David Young on Cost, Complexity & AI in Security

David Malicoat — Fri, 11 Jul 2025 07:39:10 -0500

Sponsors:

ObservoAI (www.observo.ai)

Guidepoint Security (www.guidepointsecurity.com)

In this episode of The Professional CISO Show, recorded live at GuidePoint Security’s GPSEC STL event, host David Malicoat sits down with David Young, Chief Revenue Officer at ObservoAI. Together, they unpack the explosive growth of security data, the hidden costs of legacy pipelines, and why modern SOCs are hitting a breaking point. David shares Observo AI’s origin story from within Rubrik, and how their AI-native platform helps security teams stop drowning in data, reduce costs, and uncover real threats faster. It’s a must-listen for CISOs, SOC leaders, and anyone dealing with the complexity of modern security data environments.

What You’ll Learn:

Why traditional SIM and log management approaches are failing
The origin of ObservoAI inside Rubrik’s massive 20PB security lake
How AI and open-box ML models are transforming SOC operations
Real-world cost reductions and productivity gains from major enterprises
Where the future of data pipelines, SOAR, and AI in security is headed

Guest:

🎙 David Young, CRO at Observo AI

🔗 Connect: https://www.linkedin.com/in/davidmyoung/

Host:

🎤 David Malicoat, Host of The Professional CISO Show

🌐 www.thpc.co | LinkedIn

Listen + Subscribe:

🟢 Spotify

🍎 Apple Podcasts

Hashtags:

#Cybersecurity #CISO #SecurityData #AIinSecurity #SOAR #SecurityOps #ObservoAI #Rubrik #TheProfessionalCISOShow

🎙 Episode 75 — GPSEC STL: Community, AI & Quantum Readiness

David Malicoat — Wed, 09 Jul 2025 05:00:00 -0500

Sponsors:

AIM Security (www.aim.security)

Guidepoint Security (www.guidepointsecurity.com)

In this special on-location episode, David Malicoat returns to The Professional CISO Show from the heart of the St. Louis cybersecurity scene—GPSEC STL—presented by GuidePoint Security and AIM Security.

He’s joined by two standout guests:

🔹 Andrew Wilder, CISO at VetCor and unofficial “cruise director” of the vibrant St. Louis CISO community

🔹 Carole Sharp, Lead Security Governance Analyst at Centene and a seasoned expert in GRC and risk quantification

From grassroots cybersecurity culture to the future of AI and post-quantum threats, this episode is a powerful snapshot of where security leadership is going—and who’s leading the charge.

🧠 Topics Covered

The legendary St. Louis CISO community (“don’t mess with the family”)
AI + DSPM in the real world: what’s working
Agentic AI and the evolution of SOC work
Risk quantification, FAIR, and practical GRC strategy
The future of cybersecurity beyond AI: quantum readiness
St. Louis as a cybersecurity hub with soul

🛠 Sponsored by AIM Security

AIM Security helps CISOs safely adopt AI across the enterprise—govern shadow AI, secure LLMs, and stop adversarial threats before they happen. Learn more at aimsecurity.ai

🔗 Subscribe & Follow the Show:

www.thpc.co

Spotify

Apple Podcasts

#cybersecurity #CISO #AIsecurity #GPSEC #quantumcomputing #GRC #DSPM #TheProfessionalCISO #riskmanagement #infosec

✈️ EP74: Inside GPSEC STL: AI, Red Team Ops & Human-Centered Security

David Malicoat — Tue, 01 Jul 2025 05:00:00 -0500

Sponsors:

Rubrik (www.rubrik.com)

Guidepoint Security (www.guidepointsecurity.com)

In this live GPSEC St. Louis episode of The Professional CISO Show, host David Malicoat dives deep into cybersecurity leadership with two powerhouse guests: Victor Wieczorek, SVP of Offensive Security at GuidePoint Security, and Wayne Fajerski, Deputy CISO of Edward Jones.

Victor shares real-world offensive security insights, including a jaw-dropping AI chatbot exploitation story from a red team engagement. He also unpacks how GuidePoint balances professional services and tech enablement while navigating the AI transformation in ethical, human-centered ways.

Wayne, fresh off a panel, breaks down key takeaways around CISO leadership, AI maturity, and how Edward Jones has successfully developed internal cyber talent over his 25-year career. The two guests reflect on AI as a mirror to organizational gaps and explore how GPSEC events bring practitioners and communities closer together through real conversations—not ivory-tower thought leadership.

Key Topics:

Offensive security trends and AI augmentation
Real-world exploitation of insecure chatbots
GPSEC’s role in localized cyber collaboration
Building and retaining cybersecurity talent
AI’s exposure of poor data governance
Cultivating next-gen CISOs from within

🔒 EP 73 — CISO XC DFW Part 3: From Threat Exposure to Business Enablement (ft. Matt Walker & Allen Rountree)

David Malicoat — Wed, 25 Jun 2025 05:00:00 -0500

Sponsors:

HivePro (www.hivepro.com)

CISO XC: (www.cisoxc.com)

In this on-site episode from CISO XC DFW, David Malicoat sits down with Matt Walker (Goosehead Insurance) and Allen Rountree (IBM Public Cloud) for candid conversations on today’s biggest challenges and opportunities in cybersecurity leadership.

💡 Topics Covered

Applying Zero Trust principles to AI use cases
SaaS data leakage and the evolving DLP strategy
Continuous Threat Exposure Management (CTEM) and Hive Pro’s role
Selling security risk to the board and executive team
Enabling business value through classification and risk reduction
The evolving edge and why exposure is the new perimeter
What it means to “take off the badge” as a CISO
Holistic data protection in fragmented environments

💬 “Don’t just be the department of no. Enable the business with intelligence and insight.”

CISO Culture, AI Governance, and “No Jerks” with Gary Brickhouse of GuidePoint Security

David Malicoat — Fri, 20 Jun 2025 05:00:00 -0500

Sponsors:

ObservoAI (www.observo.ai)

Guidepoint Security (www.guidepointsecurity.com)

Episode Summary:

Live from GPSEC St. Louis, David Malicoat sits down with Gary Brickhouse, CISO of GuidePoint Security, for a wide-ranging discussion on company culture, cybersecurity leadership, and AI governance. Gary shares how GuidePoint scaled its “no jerks” value from 50 to 1,200 employees, how he’s navigating generative AI internally and externally, and why peer-to-peer conversations are the secret sauce behind GuidePoint’s events.

Key Highlights:

– Why the “no jerks” rule is more than just a slogan

– How GuidePoint’s decentralized regional model preserves culture at scale

– How they’re approaching AI enablement without blocking innovation

– The structure and purpose behind GuidePoint’s AI governance committee

– Why cross-functional leadership—not just InfoSec—is key to making AI safe and valuable

– Tips for other CISOs thinking about AI policy and enablement

Guest:

👤 Gary Brickhouse, CISO at GuidePoint Security

🔗 GuidePointSecurity.com

🎧 Listen now on:

Spotify → https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673

Apple → https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021

🌐 More at: www.thpc.co

📱 Follow on LinkedIn: The Professional CISO Show

🎙️ EPISODE 71 — Security for AI: AIM Security’s Approach to Shadow AI, Governance, and the Real AI Risk

David Malicoat — Wed, 18 Jun 2025 05:00:00 -0500

Sponsors:

AIM Security (www.aim.security)

Guidepoint Security (www.guidepointsecurity.com)

What does it take to secure AI in the enterprise—when the threat landscape, technology stack, and business expectations are all evolving in real time?

At GPSEC St. Louis, David Malicoat sits down with Dan Anderson, Field CTO of the Americas at AIM Security, to talk about securing the full lifecycle of AI usage across the enterprise. From browser plugins and AI firewalls to shadow AI discovery and agentic AI governance, this candid conversation dives deep into where the risks really lie and what security leaders need to be doing now.

You’ll walk away with a grounded view of the AI adoption journey—and why most organizations are already neck-deep in it, whether they know it or not.

🔑 Episode Highlights

Why “saying no” to AI use is no longer an option—and what happens when you try
Defining the real problem space of AI security: shadow usage, data leakage, adversarial LLMs
AIM’s product strategy: covering the full lifecycle from browser to firewall to analytics
What agentic AI means—and why it’s the next frontier
Building an AI security program around people, process, and partnership
The future of AI governance and how AIM is shaping it through real-world customer feedback
Why there’s no such thing as a fully baked AI security product in 2025

🎧 Listen Now

Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673

Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021

YouTube: http://www.youtube.com/@TheProfessionalCISO

🌐 Connect with The Professional CISO Show

Website: www.thpc.co

LinkedIn: The Professional CISO Show

📢 About AIM Security

AIM Security helps security leaders enable safe, governed, and productive AI adoption. From LLM usage monitoring to AI firewalls, AIM empowers enterprises to protect their data, enforce compliance, and stay ahead of the AI attack surface. Learn more and book a demo at www.aim.security

From Backup to Cyber Resilience: Rubrik’s Vision with Drew Russell

David Malicoat — Mon, 16 Jun 2025 14:38:55 -0500

Sponsors:

Rubrik (www.rubrik.com)

Guidepoint Security (www.guidepointsecurity.com)

Episode Summary:

In this episode, David Malicoat sits down with Drew Russell, leader of Rubrik’s elite “Night Stalkers” team, for a high-speed, no-fluff conversation recorded live at GPSEC STL. Drew unpacks Rubrik’s evolution from a backup company to a full-spectrum data security and identity resilience platform, clarifies the real problem space for modern CISOs, and explains why identity is the next frontier of cyber resilience. They also dig into Rubrik’s deployment models, modular architecture, and how AI is being operationalized to secure enterprise data. This is one of the clearest explanations yet of how Rubrik is reshaping the security conversation—and why CISOs need to pay attention.

Key Highlights:

How Rubrik evolved beyond “just backup”
The Night Stalkers: Inside Rubrik’s special forces-style innovation team
Why recovery at speed is now a business imperative
What CISOs miss about identity resilience and DSPM
Rubrik’s modular deployment strategy—and why it matters
How Rubrik is preparing for AI-integrated enterprise environments
Drew’s leadership style and how it drives innovation

Subscribe and listen now on:

From Hacker to CISO: Pete Nicoletti’s Wild Ride Through Security Leadership

David Malicoat — Mon, 09 Jun 2025 05:00:00 -0500

What happens when a teenage hacker becomes one of the most respected cybersecurity leaders in the industry? In this high-octane episode of The Professional CISO Show, David Malicoat sits down with Pete Nicoletti, Global CISO of the Americas at Check Point Software, for a brutally honest and wildly entertaining journey through decades of cybersecurity evolution.

From running ISP networks and getting hacked, to building MSSPs, leading security for Hertz and Virtustream, and now advising at the frontlines of AI-driven cyber defense—Pete shares real stories, lessons learned, and his vision for what CISOs must become next.

We cover physical pen testing war stories, building future leaders, why encryption is non-negotiable, the changing battlefield of AI, and how security professionals must evolve—before it’s too late.

Key Highlights:

Pete’s origin story as a hacker-turned-security leader
The case for encryption as a last line of defense
How physical pen testing helped him build real-world resilience
Why CISO reporting structure must change—now
Leveraging AI to fight AI (and what happens if we don’t)
Building the next generation of cyber leaders from the classroom up
What it takes to be a professional CISO today

🔗 Links:

🌐 www.thpc.co

▶️ Watch More Episodes on YouTube

🎧 Spotify

🍎 Apple Podcasts

🔗 Follow us on LinkedIn

#Cybersecurity #CISO #Leadership #AIinSecurity #Encryption #PenTesting #CareerDevelopment #Checkpoint #ProfessionalCISO

SaaS Risk, Shared Responsibility, and Veteran Cyber Talent | Live from CISO XC DFW

David Malicoat — Wed, 04 Jun 2025 05:00:00 -0500

Sponsor: Valence Security (www.valencesecurity.com)

EP68 – Live at CISO XC DFW with Valence Security and Combined Arms

In this live episode from CISO XC DFW, host David Malicoat sits down with Yoni Shohet, CEO and Co-Founder of Valence Security, to unpack the explosive growth of SaaS, the evolving shared responsibility model, and why SSPM (SaaS Security Posture Management) is a security frontier CISOs can’t afford to ignore.

Later, David is joined by Mia Garcia, Executive Director of the Texas Veterans Network at Combined Arms, to talk veteran transition, tech industry opportunity, and how her team is helping service members bridge the civilian divide.

🔥 Powered by Valence Security, this episode dives deep into SaaS security, organizational alignment, and the future of cybersecurity talent pipelines.

Key Highlights:

The origin story of Valence Security and the post-SolarWinds security wakeup call
Why SaaS misconfigurations are the new enterprise blind spot
Managing security across distributed teams, time zones, and cloud platforms
How Combined Arms is transforming veteran transition and employer engagement
Cybersecurity as a career path for transitioning service members

🔗 www.thpc.co

🎧 Listen on Spotify | Apple Podcasts

📺 Watch full episodes: YouTube Channel

🤝 Follow us on LinkedIn

#CISO #SaaSSecurity #VeteransInTech #SSPM #CybersecurityLeadership #ValenceSecurity #CombinedArms

Live from CISO XC DFW: Unfiltered Lessons in Modern Cybersecurity

David Malicoat — Thu, 29 May 2025 05:00:00 -0500

Sponsor: HivePro (www.hivepro.com)

EP67: Threat Exposure Clarity, CISO Certification Origins & Startup Security Strategy

Live from CISO XC DFW, this episode of The Professional CISO Show features two powerhouse conversations. First, David Malicoat sits down with Critt Golden of Hive Pro to demystify Continuous Threat Exposure Management (CTEM) and explore how Hive Pro helps CISOs move from fragmented assessments to unified risk clarity. Then, we hear from Eric Svetcov, CISO and VP of IT at XCures, co-author of the original CCISO Body of Knowledge, and ISO 27001 pioneer at Salesforce, as he shares candid lessons from shaping certifications and securing SaaS startups.

🔐 From understanding attacker-centric threat exposure to the real story behind Salesforce’s first ISO 27001 certification, this episode is packed with actionable insights for CISOs and rising security leaders alike.

Key Highlights:

Why CTEM is a process, not a product
Hive Pro’s mission to unify fragmented assessments
Asset criticality, risk prioritization, and validation
The origin story of the EC-Council’s CCISO certification
ISO 27001 at Salesforce: Lessons from the first SaaS certification
Security tooling strategy in early-stage startups
Real-world CISO challenges, from certifications to budgets

Guest Info:

Critt Golden, Vice President at Hive Pro
Eric Svetcov, CISO & VP of IT at XCures; co-author of EC-Council’s CCISO Body of Knowledge

🎙 Hosted by David Malicoat, CISO and founder of The Professional CISO Show.

The CISO Role Is Changing—Are You Ready to Lead? (at CISO XC ATX)

David Malicoat — Fri, 23 May 2025 05:00:00 -0500

Sponsor: Infoblox (www.infoblox.com)

🎙 EP66: Building CISO Community – Live from CISO XC Austin (Presented by Infoblox)

The Professional CISO Show with David Malicoat

From DFW to Austin and beyond, the CISO XC community is expanding—fueled by genuine connection, trust, and shared purpose. In this live episode from CISO XC ATX, David Malicoat sits down with security leaders Mickey Disabato and John Sapp to explore the future of cybersecurity leadership, AI adoption, and how community-driven initiatives are reshaping how CISOs grow together.

Mickey shares why organic, local-led growth is key to protecting the integrity of CISO XC’s mission, while John offers a powerful vision for the secure, responsible use of AI—and how today’s CISOs must evolve into strategic risk managers.

🔥 In this episode:

Why mid-market firms need better visibility from MSPs
Expanding CISO XC into 13+ cities without losing its authenticity
The power of community-led chapters and cross-pollination
Creating vendor-neutral, value-rich events
Responsible AI adoption and risk-based CISO leadership
What it really means to “professionalize the CISO role”

🧠 Guests:

Mickey Disabato – Advisory Board, CISO XC | CIO, FIDUS Cyber Security Solutions
John Sapp – CISO, Texas Mutual | CISO XC Austin Chapter Lead

🔗 Presented in partnership with Infoblox

Visit infoblox.com to learn how Protective DNS helps secure your organization before threats strike.

🎧 Listen, Follow & Share:

🔗 Website: www.thpc.co

📺 YouTube: @TheProfessionalCISO

🔊 Spotify: The Professional CISO Show

📱 Apple Podcasts: The Professional CISO Show

💼 LinkedIn: The Professional CISO Show

#CybersecurityLeadership #CISOXC #ProfessionalCISO #Infoblox #ProtectiveDNS #AIinSecurity #CISOCommunity #CyberResilience #RiskManagement #CISORoleEvolution #TheProfessionalCISOShow

Joe Sullivan, Bug Bounties & CISO Liability: The Legal View with Aravind Swaminathan

David Malicoat — Wed, 21 May 2025 05:00:00 -0500

Sponsor: Magic Mirror Security (www.magicmirrorsecurity.com/thpc)

🎙 When the Lawyers Come for CISOs — Aravind Swaminathan on Risk, Responsibility & the Law

Guest: Aravind Swaminathan, Global Co-Chair, Cybersecurity & Data Privacy, Orrick

Episode Summary

CISOs have always managed risk — but are they ready to manage legal exposure? In this gripping episode, David Malicoat sits down with Aravind Swaminathan, a leading cyber attorney and former federal prosecutor, to unpack the legal landscape threatening CISOs today. Aravind shares behind-the-scenes insights from the Joe Sullivan case, explains the chilling implications of the Ninth Circuit’s decision for bug bounty programs, and delivers straight talk on CISO liability, reputation, and professional protection.

Whether you’re a seasoned CISO or an aspiring security leader, this episode will sharpen your understanding of how legal, privacy, and reputational issues intersect with cyber leadership in 2025.

What You’ll Learn

The human and legal realities behind the Joe Sullivan case
Why mission, vision, and values must guide breach response
The evolving role of legal counsel in cybersecurity crises
What every CISO must know about indemnification and D&O coverage
Where cyber and privacy overlap — and why it matters
The importance of storytelling in incident response and litigation
Why CISOs need to ask the right legal questions during job offers

Guest Bio

Aravind Swaminathan is a Partner and Global Co-Chair of the Cybersecurity & Data Privacy practice at Orrick. A former Assistant U.S. Attorney and CHIP prosecutor, he has led responses to hundreds of cybersecurity incidents and represents organizations and executives facing some of the most complex legal issues in cyber today — including serving as the attorney for Joe Sullivan.

🎧 Listen & Subscribe

Website: www.thpc.co
Spotify: The Professional CISO Show
Apple Podcasts: The Professional CISO Show
YouTube: @TheProfessionalCISO
LinkedIn: The Professional CISO Show

Related Episodes

Joe Sullivan – The Human Cost of Prosecution
David Chamberlain – Crisis Communications for CISOs

#Hashtags

#CISO #CybersecurityLaw #BugBounty #JoeSullivan #LegalRisk #ProfessionalCISO #DataPrivacy #IncidentResponse #CyberLaw #SEC #CyberLeadership

THPC EP64 – CISO XC Austin: Veterans, Mid-Market Cyber & Responsible AI

David Malicoat — Mon, 19 May 2025 05:00:00 -0500

Sponsor: Netskope (www.netskope.com)

On Location at CISO XC ATX: www.cisoxc.com

THPC EP64 – CISO XC Austin: Veterans, Mid-Market Cyber & Responsible AI

In this special episode recorded live at CISO XC’s inaugural Austin event, host David Malicoat brings you ground-level conversations with leaders shaping modern cybersecurity—from national defense to mid-market innovation.

Lance Taylor (CLEAR) reflects on translating military intelligence into cyber threat strategy and offers advice for transitioning veterans. Royce Marques (RAA) discusses the realities facing growing organizations and how CISO XC is building a thriving security community in Austin. Russell Okoth rounds out the episode with key insights on responsible AI, global data governance, and mentoring the next wave of professionals.

In this episode:

Cybersecurity lessons from military service
Threat intelligence as a bridge between intel and ops
The role of frameworks like NIST CSF for growing orgs
Building grassroots cyber communities
Responsible AI adoption in real-world orgs
Data governance & privacy-by-design at scale
Why mentorship matters more than ever

Guests:

Lance Taylor, Sr. Manager, Cyber Defense – CLEAR
Royce Markose, CISO – Vistrada
Russell Okoth, former CISO – Apex FinTech / SoCal Regional Bank

🎧 Listen now on Spotify or Apple Podcasts

🔗 Learn more at www.thpc.co

"Data Is the Hot Potato”: CISO XC Austin Gets Real on AI & Governance

David Malicoat — Mon, 12 May 2025 05:00:00 -0500

Sponsor: Infoblox (www.infoblox.com)

🎙 The Professional CISO Show – Episode 63

Live from CISO XC Austin: Real Talk on AI, Data Governance & CISO Careers

Sponsored by Infoblox

🎧 Episode Summary

In this dynamic episode recorded live at CISO XC Austin, host David Malicoat sits down with cybersecurity thought leader and attorney Shawn Tuma, and former Neiman Marcus cybersecurity leader Louis Morton, for two compelling conversations that hit at the heart of today’s biggest security and career challenges.

With Shawn, we dive into the interplay between AI, data governance, and legal collaboration—featuring his viral phrase “data is the hot potato.” With Louis, we get a transparent, real-world look at navigating a sudden job transition, professional reinvention, and the evolving demands of security leadership.

🔥 Key Highlights

Why AI is an exponential multiplier of existing security gaps
The critical connection between legal and cyber leadership
“Data is the hot potato”: a sticky metaphor for cyber focus
The power of unscripted, candid panels over rehearsed drama
Louis Morton’s real-time response to being impacted by acquisition layoffs
How to relaunch your career using an omnichannel, proactive job search
Why MBA programs with cybersecurity focus may shape future CISOs
Reinvention and resilience: why character matters more than titles

👤 Guests

Shawn Tuma – Cybersecurity & Data Privacy Attorney, Author of “Cybersecurity Law, Policy, and Practice”
Louis Morton – Former Cybersecurity Leader at Neiman Marcus, now seeking his next challenge

🎯 Perfect For:

CISOs, aspiring security leaders, legal partners in cyber, and anyone facing or supporting job transitions in tech.

🎧 Listen & Subscribe

🌐 Learn more: www.thpc.co

💼 Connect on LinkedIn: The Professional CISO Show

📣 Hashtags

#CybersecurityLeadership #TheProfessionalCISO #CISOXC #DataGovernance #AIinCyber #JobSearch #SecurityCareers #Infoblox #Cyberlaw #HotPotatoData #CISORole #SecurityCommunity #ResilientLeadership

AI, Risk, and Reality: The CISO’s Guide to What’s Coming Next

David Malicoat — Tue, 29 Apr 2025 18:56:47 -0500

Sponsor: Netskope (www.netskope.com)

EP62 | Building Real Cybersecurity Communities + AI Clarity with Dr. Anand Singh (Live from CISO XC ATX)

Sponsored by Netskope

What happens when a CISO-led community takes root in a new city — and how do you cut through the noise around AI in cybersecurity?

In this special episode recorded live from the inaugural CISO XC ATX event in Austin, host David Malicoat sits down with Randy Potts, co-founder of CISO XC, and Dr. Anand Singh, veteran CISO and AI thought leader, for two candid conversations on the future of cybersecurity leadership.

🎤 Randy shares how CISO XC is scaling its “community-first” model across cities while staying true to local ownership and peer connection.

🤖 Anand breaks down the intersection of AI and cybersecurity into actionable concepts — from AI for security tools to risks around data poisoning and agent-based automation.

Whether you’re a seasoned CISO or a rising security leader, this episode offers a front-row seat to where the cybersecurity profession is going — and who’s driving the change.

🔑 Topics Covered:

Why local cybersecurity communities matter more than ever
Lessons from 3 years of CISO XC and what’s next
AI for cybersecurity vs. security for AI — what CISOs need to know
Data governance, regulation, and the risks of “AI hype”
The importance of peer-driven content and practitioner-led learning
Preview of Dr. Singh’s upcoming book on AI and security

🎧 The Professional CISO Show is your front-row seat to the conversations shaping modern cybersecurity leadership — hosted by veteran CISO David Malicoat.

🔗 Resources & Links

Show Website: www.thpc.co
YouTube Channel: @TheProfessionalCISO
Follow on LinkedIn: The Professional CISO Show
Guest: Dr. Anand Singh | Randy Potts
Sponsor: Netskope

#CISO #CybersecurityLeadership #AIandSecurity #Netskope #CISOXC #AustinCyber #CybersecurityCommunity #InfosecPodcast #TheProfessionalCISOShow

Don’t Chase Titles — Build These 3 Things Instead (CISO Advice) with Nathan Wright

David Malicoat — Thu, 24 Apr 2025 05:00:00 -0500

🎙️ The Professional CISO Show – Episode 61

Guest: Nathan Wright, CISO at Textron

Host: David Malicoat

Sponsor: Armis
Check out the Armis 2025 Cyberwarfare Report: www.armis.com/cyberwarfare
Visit Armis at RSAC, North Hall, Booth N-5457: www. armis.com/rsac2025

🎧 Episode Summary:

In this episode of The Professional CISO Show, host David Malicoat sits down with Nathan Wright, CISO at Textron, to explore one of the most unconventional — and inspiring — journeys to cybersecurity leadership. From Russian linguist at the FBI to overseeing IT security across a global enterprise, Nathan shares why being open to pivots across functions (including supply chain, engineering, and product security) can supercharge a CISO’s ability to lead.

Nathan unpacks the value of translating technical risk into business strategy, why “protecting the revenue” should be at the heart of every cybersecurity program, and how to bridge the ever-present tension between infrastructure and security.

🧠 Key Highlights:

From linguistics to leadership: Nathan’s unexpected route to CISO.
The role of curiosity and discomfort in professional growth.
What it really means to professionalize cybersecurity.
Why “protect the revenue” should be every CISO’s north star.
Advice for early- and mid-career professionals hesitant to pivot.
Risk, regulation, and when frameworks help vs. hinder.
How translating “cyberese” into business terms creates influence.

🛠️ Call to Action:

If you enjoyed this episode, be sure to follow us on your favorite podcast platform, leave a 5-star review, and share it with a colleague who’s ready to take their cybersecurity journey to the next level.

🔗 Follow The Professional CISO Show:

🌐 Website: www.thpc.co
📺 YouTube: Watch More Episodes
🎧 Spotify: Follow on Spotify
🍎 Apple Podcasts: Listen on Apple
💼 LinkedIn: The Professional CISO Show

🧵 Hashtags:

#CybersecurityLeadership #CISOCareer #ProfessionalCISO #CyberResilience #RiskManagement #TranslateCyber #InfosecJourney #Cyberstrategy #SecurityLeadership

🔐 From DNS to AI: Insights from CISO XC Austin | The Professional CISO Show EP60 sponsored by Infoblox

David Malicoat — Mon, 21 Apr 2025 08:37:22 -0500

Guests: Ryan Rene Rosado & Chris Boykin | Sponsor: Infoblox (www.infoblox.com)

Recorded live at CISO XC Austin

In this special on-location episode of The Professional CISO Show, host David Malicoat brings you powerful conversations recorded at CISO XC in Austin, where cybersecurity leaders gathered to tackle today’s most pressing challenges—from career transitions to DNS-layer security.

👩‍💼 First, we hear from Ryan Rene Rosado, a dynamic cybersecurity leader, Air Force veteran, and Harvard Extension School TA. Ryan shares candid reflections on consulting vs. in-house security work, why AI isn’t the true endgame, and how job seekers—and employers—need to shift their mindset. Her voice is an authentic, timely perspective for CISOs and aspiring leaders alike.

🛡️ Then, we go deep with Chris Boykin, Product Security Specialist at Infoblox, on the power of DNS in security architecture. He breaks down real-world attacker tactics, exfiltration methods, and how Infoblox’s Protective DNS and Universal DDI solutions are helping organizations stop threats before they launch. The episode closes with insights on their AI-powered threat intel, interoperability with other platforms, and where DNS security is heading next.

🔑 Key Highlights

Why Ryan compares consulting to cosmetic surgery—and working in-house to being a primary care physician
Lessons from transitioning out of the military into cybersecurity leadership
The real reason organizations chase AI (hint: it’s not AI)
How attackers weaponize DNS queries and domain lookalikes
What Infoblox is doing to push DNS-based threat detection into the future
Why collaboration in the cybersecurity ecosystem matters more than ever

🎧 Listen Now on Your Favorite Platform

🔗 Spotify

🔗 Apple Podcasts

🌐 Learn more at: www.thpc.co

📣 Follow The Professional CISO Show

🔗 YouTube

🔗 LinkedIn

#TheProfessionalCISOShow #CISOXC #CybersecurityLeadership #WomenInCybersecurity #Infoblox #ProtectiveDNS #CyberThreatIntel #CISOcareer #AIsecurity #DNSsecurity #GRC #CyberNetworking

Voices of CISO XC: Austin’s Cybersecurity Leaders Take the Mic sponsored by Netskope

David Malicoat — Wed, 16 Apr 2025 15:07:17 -0500

🎙️ Live from Austin: Conversations from the Inaugural CISO XC ATX | Sponsored by Netskope

In this special event episode, The Professional CISO Show hits the road to Austin, Texas for the inaugural CISO XC ATX Conference, where community, innovation, and leadership take center stage.

Host David Malicoat sits down with Rich McCrohan of Andromeda Security and David Elcock, advisor to Netskope, for a candid discussion on the evolving security landscape—from AI-driven identity management to the business-first philosophy behind modern Zero Trust architecture.

💡 What You’ll Learn in This Episode:

The future of cloud identity and non-human access provisioning
Why Austin’s cyber leadership scene is distinct from DFW
How Netskope combines speed and security without compromise
The critical role of human behavior, internal threat visibility, and behavioral context
Diversity, veterans, and the “shaved sidewalk” analogy for building inclusive security communities

🧠 Whether you’re a CISO, aspiring leader, or part of the cyber vendor ecosystem, this episode delivers powerful insights on technology, culture, and connection—all from the heart of Texas.

🎧 Subscribe now and join us as we continue to professionalize the CISO role, one conversation at a time.

🔗 Links & Resources

Website: www.thpc.co

LinkedIn: The Professional CISO Show

YouTube: Watch More Episodes

Hashtags:

#Cybersecurity #CISOXC #ZeroTrust #Netskope #CloudSecurity #AustinTech #CyberLeadership #DiversityInTech #VeteransInCyber #AIinSecurity #SASE #TheProfessionalCISO

Inside the DSPM Revolution: Data, Identity & the Future of Security w/ Mohit Tiwari and Anand Singh

David Malicoat — Wed, 09 Apr 2025 05:00:00 -0500

In this special Industry Series kickoff episode of The Professional CISO Show, host David Malicoat is joined by Mohit Tiwari (CEO & Co-Founder) and Anand Singh (Chief Security and Strategy Officer) of Symmetry Systems for a compelling conversation on the future of data security, the rise of DSPM (Data Security Posture Management), and the emerging intersection of AI, identity, and access.

Learn how Symmetry Systems evolved from academic research into a cutting-edge security platform, why Anand made the leap from enterprise CISO to startup executive, and what every security leader needs to understand about managing data in today’s AI-driven world.

🔑 Key Topics Covered:

Why past data security initiatives failed—and how DSPM changes the game
The “three-axis” model of modern cybersecurity: Data, Identity, Access
How AI copilots and agent models reshape the threat landscape
Practical use cases: risk reduction, visibility, and compliance
Why CISOs can finally become enablers of business value
How 2025 is shaping up to be the year of data-centric security

👥 Guests:

Mohit Tiwari – CEO & Co-Founder, Symmetry Systems
Anand Singh – Chief Security & Strategy Officer, Symmetry Systems | Former CISO at Alkami Technology

🔗 Resources & Links:

🎥 Watch this episode on YouTube: youtube.com/@TheProfessionalCISO

🌐 Visit our website: www.thpc.co

🔗 Connect on LinkedIn: The Professional CISO Show

📖 Confused Pilot Website: http://confusedpilot.info/

📽️ Confused Pilot Presentation: https://confusedpilot.info/ConfusedPilot_Site.pdf

👍 Like what you hear? Follow the show, rate the episode, and share it with your network. Let’s professionalize the CISO role—together.

#TheProfessionalCISO #DSPM #DataSecurity #CybersecurityLeadership #CISO #AIsecurity #SymmetrySystems #CloudSecurity #IdentitySecurity #AnandSingh #MohitTiwari #IndustrySeries #CybersecurityPodcast

👀 Stop Rolling Your Eyes: AI Is Your CISO Leadership Opportunity 🙄

David Malicoat — Wed, 02 Apr 2025 05:00:00 -0500

🙄 Stop Rolling Your Eyes: AI Is Your CISO Leadership Opportunity

The Professional CISO Show – Episode 57

Hosted by David Malicoat

This episode is brought to you by Symmetry Systems, The Data+AI Security Company. (www.symmetry-systems.com)

🎧 Episode Summary:

In this solo commentary episode, David Malicoat issues a direct challenge to security leaders everywhere: stop rolling your eyes at AI—it’s your leadership opportunity.

Too many CISOs are brushing off artificial intelligence as just another tech trend. But as AI continues to reshape cybersecurity and business strategy in real time, this is the moment for CISOs to lead the charge—not get left behind. David breaks down why AI governance is the new boardroom battleground, how CISOs can build strategic influence, and why now is the time to speak up, show up, and step into a broader leadership role.

Whether you’re leading a security program today or preparing for tomorrow, this episode will help you rethink your approach to AI and your value as a cybersecurity executive.

🔑 Key Takeaways:

• Why AI isn’t “just another hype cycle” for cybersecurity

• How to take the lead on AI governance in your organization

• Translating AI’s risk and value into business terms

• How CISOs can communicate more effectively with non-technical stakeholders

• Why sharing your voice publicly is now a leadership expectation

📌 Connect & Follow:

🌐 Website: www.thpc.co

🔗 LinkedIn: The Professional CISO Show

🎥 YouTube: @TheProfessionalCISO

🎧 Spotify: The Professional CISO on Spotify

🍏 Apple: The Professional CISO on Apple Podcasts

💬 Let’s Connect:

Have feedback or want to be a guest on the show? Reach out via LinkedIn or the website. And don’t forget to rate, review, and follow the podcast to help professionalize the CISO role across the industry.

🔖 Tags & Topics:

CISO, Cybersecurity Leadership, AI Governance, Boardroom Communication, Risk Management, Strategic Security, Artificial Intelligence, Executive Presence, Infosec Strategy, The Professional CISO

The CISO’s Dilemma: Influence, Impact, and Leaving the Seat with Russell Okoth

David Malicoat — Wed, 26 Mar 2025 05:00:00 -0500

This episode is brought to you by Symmetry Systems (www.symmetry-systems.com)
Innovate with Confidence.
The Data+AI Security Company
Discover, classify, and safeguard data at scale with our leading Data Security Posture Management Platform. Detect and respond to data focused concerns before they impact your business.

🎙️ Description:

In this powerful episode, host David Malicoat sits down with cybersecurity advisor and former CISO Russell Okoth to explore his remarkable journey—from growing up in Kenya to building award-winning security programs in the U.S. corporate world.

Russell shares valuable lessons on leadership, mentorship, the responsible use of AI, and why CISOs must evolve from technical experts into business risk translators. He also opens up about transitioning from a high-level CISO role to running his own cybersecurity advisory firm, Cyber Diligent.

Whether you’re an aspiring cybersecurity professional or a seasoned CISO, this episode delivers insights you won’t want to miss.

🔑 Key Topics Covered:

• Russell’s early tech roots in Kenya and his global cybersecurity journey

• Lessons from building security programs at Mr. Cooper and Pacific Premier Bank

• The pivot from CISO to cybersecurity consultant

• Responsible AI usage and the critical role of data governance

• What most leaders get wrong about developing cybersecurity talent

• Communicating cybersecurity as business risk, not just technical debt

• Leadership, legacy, and staying rooted in purpose

👤 Guest:

Russell Okoth

Cybersecurity Advisor | Former CISO at Pacific Premier Bank

Founder, Cyber Diligent

Connect: linkedin.com/in/russellokoth

🎧 Listen & Subscribe:

• Website: www.thpc.co

• Spotify: The Professional CISO

• Apple Podcasts: The Professional CISO

📲 Follow Us:

• YouTube: @TheProfessionalCISO

• LinkedIn: The Professional CISO Show

#Cybersecurity #CISO #ProfessionalCISO #RussellOkoth #CyberLeadership #AIinSecurity #TalentDevelopment #CyberRisk #TheProfessionalCISO #LeadershipInTech

CISOs & The Board: Lessons from Corporate Governance Expert Debra von Storch

David Malicoat — Wed, 19 Mar 2025 05:00:00 -0500

🎙️ Episode Summary

How can CISOs break into the boardroom and become key players in corporate strategy? In this episode, Debra von Storch, former Ernst & Young (EY) senior partner turned accomplished board director, joins host David Malicoatto reveal what it takes for cybersecurity leaders to elevate their influence at the executive level.

With decades of experience advising CEOs, CFOs, and corporate boards, Debra shares a blueprint for CISOs who want to shift from a technical role to a business leadership role. Learn how to build boardroom credibility, understand capital markets, and develop the strategic mindset that corporate boards expect.

🎯 Key Takeaways:

✅ Why CISOs must go beyond risk management and focus on value creation

✅ How to develop business acumen to gain influence with CEOs & CFOs

✅ The importance of governance, risk management, and board engagement

✅ Why CISOs should get board-certified (NACD, PDA) & join nonprofit boards

✅ How the capital markets & economic climate impact cybersecurity strategy

✅ Steps to transition from cybersecurity leadership to corporate board member

⏳ Time Stamps

00:00 – Introduction & Episode Overview

02:00 – Debra von Storch’s Journey: From CPA to Board Director

05:30 – How CISOs Can Gain Boardroom Visibility

10:00 – The Future of CISOs in Corporate Strategy

15:00 – Building Key Relationships with CFOs & CEOs

20:00 – Board Governance 101: What Every CISO Should Know

30:00 – How to Develop Business Acumen for Board Influence

40:00 – Leveraging Cyber Insights to Drive Business Value

43:00 – 10 Rapid-Fire Questions with Debra von Storch

44:00 – Closing Thoughts & Key Takeaways

📝 📌 Show References:

NASDAQ Newsroom: https://www.nasdaq.com/newsroom

New York Stock Exchange: https://www.nyse.com

EY Insights: https://www.ey.com/en_us/insights

Pitchbook: https://pitchbook.com

NACD: https://www.nacdonline.org

Private Directors Association: https://www.privatedirectors.org

Varispace: https://www.varispace.com and Varidesk: https://www.vari.com

Pearson Partners: https://pearsonpartnersintl.com

Korn Ferry: https://www.kornferry.com

Spencer Stuart: https://www.spencerstuart.com

The Committee on Foreign Investment in the United States (CFIUS): https://home.treasury.gov/policy-issues/international/the-committee-on-foreign-investment-in-the-united-states-cfius

📢 Follow & Subscribe

📡 Never miss an episode! Subscribe & Follow:

🎧 Spotify: The Professional CISO Show on Spotify

🍏 Apple Podcasts: The Professional CISO Show on Apple Podcasts

🌐 Website: www.thpc.co

📺 YouTube: Watch More Episodes of The Professional CISO Show

🔗 LinkedIn: The Professional CISO Show on LinkedIn

📢 If you enjoyed this episode, share it with your network!

🔍 Related Episodes

🎙️ Gary Hayslip on The Future of CISO Leadership

🎙️ Live from NTX ISSA CSC12: Conversations with Cybersecurity Experts

🎙️ CISO Panel with Sailaja Kotra-Turner, Sonya Hammond & Jessica Nemmers

🎯 Connect with Our Guest:

👤 Debra von Storch
LinkedIn: https://www.linkedin.com/in/debravonstorch

• Former Senior Partner at Ernst & Young (EY)

• Board Director specializing in corporate governance, risk management, and business strategy

🔗 Hashtags & Keywords

#CyberSecurity #CISO #BoardGovernance #BusinessStrategy #TheProfessionalCISOShow #DavidMalicoat #DebraVonStorch #Leadership #Technology #CISOCareerDevelopment #BoardroomInsights

The CISO's New Secret Weapon: Business Acumen w/ Alain Espinosa

David Malicoat — Wed, 12 Mar 2025 05:00:00 -0500

🔐 How do CISOs transition from cybersecurity leaders to business executives and board members?
In this episode of The Professional CISO Show, I sit down with Alain Espinosa to explore his journey from IT operations to board readiness and leadership. We cover building business acumen, navigating the boardroom, professional development strategies, and the evolving role of CISOs in enterprise risk management.

This episode is packed with valuable insights for security leaders looking to elevate their careers beyond technology and into business leadership and governance.

🎙 Watch now and learn:

✅ How CISOs can become business executives and influence corporate strategy

✅ The importance of financial literacy and board governance in cybersecurity leadership

✅ Why mentorship and professional development are critical for career growth

✅ The biggest misconceptions about cybersecurity leaders joining corporate boards

✅ Strategies for building executive presence and credibility at the board level

📌 Timestamps:

00:00 – Introduction & What’s New on The Professional CISO Show

02:00 – Alain Espinosa’s Journey: From IT Operations to Cybersecurity

07:00 – Cybersecurity’s Evolution: From Tech to Business Risk Management

12:00 – Why CISOs Need to Develop Business Acumen

18:00 – How Security Leaders Can Secure a Seat at the Business Table

25:00 – The Espinosa 3E’s: Equip, Empower, Encourage

30:00 – Board Readiness: What CISOs Need to Know

36:00 – Financial Acumen & Business Strategy for Cybersecurity Executives

42:00 – 10 Rapid-Fire Questions with Alain Espinosa

44:00 – Final Thoughts & Call to Action

📣 Enjoyed this episode? Don’t forget to:

👍 Like, Subscribe, and Hit the Bell Icon to stay updated on the latest cybersecurity leadership insights!

💬 Comment below: What skills do you think CISOs need to succeed in the boardroom?

Make sure you check out CISO XC!

https://www.cisoxc.com/event-details/ciso-xc-dfw-spring-request-for-rsvp

The Professional CISO Show looks forward to seeing you there.

🔗 Share this episode with your network!

🎧 Listen on the go:

🔹 Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673

🔹 Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021

🌐 Follow The Professional CISO Show:

🔗 Website: www.thpc.co

🔗 LinkedIn: https://www.linkedin.com/company/the-professional-ciso-show

🔗 YouTube: http://www.youtube.com/@TheProfessionalCISO

🎥 Related Episodes:

▶ EP 53: Gary Hayslip on Cybersecurity Leadership & AI Threats

▶ EP 52: Live from ISSA CSC 12: Expert Panel on MDR, XDR, & AI

🔎 Hashtags:

#CyberSecurity #CISO #BoardroomLeadership #CyberRisk #CISOCareer #BusinessAcumen #Leadership #CyberGovernance #RiskManagement #ProfessionalDevelopment #CISOToBoard

Cyber Risk at the Board Level: A CISO’s Guide with NACD’s Chris Hetner

David Malicoat — Wed, 19 Feb 2025 05:00:00 -0600

🚀 In this episode of The Professional CISO Show, we sit down with Chris Hetner, seasoned cybersecurity leader and board advisor, to discuss the evolving role of CISOs, cybersecurity risk management at the board level, and the professionalization of the CISO function.

Chris brings decades of experience from Wall Street, the U.S. Securities Exchange Commission, and his current advisory role at the National Association of Corporate Directors (NACD). We dive deep into how CISOs must evolve into business executives with a strong foundation in cybersecurity and risk management.

🎙️ Episode Highlights:

✔️ Chris Hetner’s journey from cybersecurity to boardroom advisory

✔️ The NACD’s role in shaping board-level cybersecurity governance

✔️ How CISOs can bridge the gap between technical risk and business objectives

✔️ The shifting regulatory landscape for security leaders

✔️ Trends in AI and cybersecurity risk reporting

✔️ Why boards struggle with cyber risk management – and how CISOs can help

✔️ The future of cybersecurity leadership and board involvement

✔️ Practical steps for CISOs looking to transition into board roles

📌 Plus, Chris answers our signature “10 Questions” rapid-fire segment!

⏱️ YouTube Timestamps:

00:00 – Intro & The Evolution of The Professional CISO Show

02:00 – Meet Chris Hetner: Cybersecurity, Wall Street, and Board Advisory

10:00 – The CISO’s Role in Board-Level Risk Management

15:00 – Tactical vs. Strategic Cybersecurity: Why CISOs Must Speak Business

22:00 – How CISOs Can Develop Themselves for Board Roles

28:00 – AI, Cybersecurity, and the Future of Risk Management

34:00 – What the Next Administration Means for CISOs

38:00 – 10 Questions with Chris Hetner

42:00 – Final Thoughts & Closing Remarks

📢 Call to Action:

🔹 Subscribe to The Professional CISO Show for more insights on cybersecurity leadership!

🎧 Listen on:

• Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673

• Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021

• Watch more episodes: http://www.youtube.com/@TheProfessionalCISO

🔹 Follow us on LinkedIn: https://www.linkedin.com/company/the-professional-ciso-show

🌐 Visit our website: www.thpc.co

📺 Related Episodes You Might Like:

🎙️ Professionalizing the CISO Role with Matt Walker

🎙️ Building Cybersecurity Communities with Joey Rachid

🎙️ Strategic Cyber Leadership with Gary Hayslip

🔖 Hashtags:

#Cybersecurity #CISO #CyberRisk #Leadership #BoardGovernance #AI #RiskManagement #TheProfessionalCISOShow

Cybersecurity Leadership & Professional Organizations: Evolution or Revolution?

David Malicoat — Wed, 12 Feb 2025 05:00:00 -0600

The Professional CISO Show - Episode 52: The Future of Professional Organizations for CISOs

🎙️ Hook:

Are the current professional organizations truly serving the needs of CISOs, or is it time for a new approach? In this episode of The Professional CISO Show, host David Malicoat takes a deep dive into the evolution of cybersecurity professional associations, weighing the opportunities and challenges of forming a collective that genuinely represents the interests of security leaders.

Episode Summary:

For years, organizations like ISC², ISACA, and ISSA have been the backbone of cybersecurity certifications and networking. But with the evolving role of the CISO, should our professional organizations change as well? In this thought-provoking commentary, David explores the potential benefits and pitfalls of both revamping existing associations and creating new ones.

From advocacy and standardization to ethics and vendor influence, he examines the critical aspects that shape the effectiveness of professional organizations. How do we ensure transparency? How do we prevent bureaucracy and power consolidation? Most importantly, how do we build a professional body that truly advances the role of the CISO?

Key Highlights:

🔹 The need for CISO advocacy in regulations and policy

🔹 Challenges of creating a new professional organization vs. reforming existing ones

🔹 Balancing certifications, training, and real-world experience

🔹 The role of transparency and ethics in cybersecurity leadership

🔹 How professional organizations can influence vendors and drive meaningful change

🔹 Addressing bureaucracy, cost barriers, and conflicts of interest

💡 This is more than just a discussion—it’s a call for CISOs to critically assess their affiliations and shape the future of our profession.

Timestamps:

⏳ 00:00 - Introduction: Why This Discussion Matters

⏳ 02:00 - The Changing Role of CISOs & Professional Organizations

⏳ 06:00 - The Pros and Cons of CISO Advocacy

⏳ 10:00 - Standardization & Best Practices: Are We Reinventing the Wheel?

⏳ 14:00 - Certifications, Training & Professional Development

⏳ 18:00 - Collaborative Threat Intelligence: Can It Work?

⏳ 22:00 - Ethics & Transparency: The Foundation of a Trusted Organization

⏳ 28:00 - Vendor Influence: The Good, The Bad, The Necessary

⏳ 34:00 - Public Awareness & The CISO Role in Business

⏳ 40:00 - Overcoming Bureaucracy, Leadership Conflicts & Financial Barriers

⏳ 50:00 - Final Thoughts: Building a Future-Proof Organization

Call to Action:

📢 Join the discussion! Drop a comment below or engage with us on LinkedIn. Do you think CISOs need a new professional organization? What standards should we demand? Let’s shape the future of our industry together.

✅ Subscribe to The Professional CISO Show:

🔗 YouTube: www.youtube.com/@TheProfessionalCISO

🔗 Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673

🔗 Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021

🔗 Follow The Professional CISO Show on LinkedIn:

https://www.linkedin.com/company/the-professional-ciso-show

🔗 Visit Our Website:

www.thpc.co

▶️ Live from North Texas ISSA Conference – Conversations with Top CISOs

▶️ Matt Walker on Professionalizing the CISO Role & Business Risk

▶️ Gary Hayslip on CISO Leadership & SoftBank’s Security Strategy

Hashtags:

#CISO #CyberSecurity #CyberLeadership #ProfessionalCISO #CISOCommunity #InfoSec #SecurityLeadership #RiskManagement #CyberRisk #Leadership #CISOAssociation #CyberSecurityPodcast

50 Episodes In: What We Learned About Building the Next Gen CISO

David Malicoat — Wed, 05 Feb 2025 05:00:00 -0600

👉 Listen Now: A deep dive into the biggest cybersecurity lessons, trends, and leadership insights from 50 episodes of The Professional CISO Show!

🔍 Episode Summary

In this Year in Review episode, host David Malicoat reflects on the biggest cybersecurity trends, challenges, and insights from 50 expert conversations in 2024.

🔥 What You’ll Learn:

• The Evolution of the CISO Role – From technical expert to business leader

• CISO Liability Risks – Insights from the Uber & SolarWinds cases

• Building Stronger Cybersecurity Teams – Culture, burnout, and leadership

• AI, Automation & Cloud Security – Emerging threats and strategies

• Cybersecurity Partnerships & Collaboration – The key to success

• Professionalizing the CISO Role – Why industry standards matter

• Looking Ahead to 2025 – What’s next for cybersecurity leaders?

🚀 Whether you’re a CISO, security executive, or aspiring cybersecurity leader, this episode is packed with valuable insights to help you navigate the future of cybersecurity in 2025 and beyond!

⏳ Episode Chapters & Key Takeaways:

[00:00] Introduction & Reflections on 50 Episodes

[05:00] The Professionalization of the CISO Role

[12:00] Lessons from Top Cybersecurity Leaders

[22:00] The Growing Liability and Legal Risks for CISOs

[30:00] Talent, Leadership, and Team Building in Security

[37:00] The Role of Partnerships in Cybersecurity Success

[45:00] Emerging Tech: AI, Cloud, and the Changing Threat Landscape

[52:00] Looking Ahead to 2025 – Events, Guests, and Initiatives

[1:00:00] Final Thoughts & Call to Action

🎯 Subscribe & Stay Connected!

✅ Follow & Subscribe to The Professional CISO Show for More Cybersecurity Insights:

🔗 Spotify: The Professional CISO Show

🔗 Apple Podcasts: The Professional CISO Show

📌 Connect with Us for More Cybersecurity Leadership Content:

🔗 Website: www.thpc.co

🔗 LinkedIn: The Professional CISO Show

🔗 YouTube: www.youtube.com/@TheProfessionalCISO

💡 Have a guest suggestion? Want to share feedback? Drop us a message on LinkedIn or leave a review!

🎥 Related Episodes & Resources:

📌 Gary Hayslip on Global Cybersecurity Leadership – Listen here

📌 Joe Sullivan’s Insights from Uber & the Future of CISO Accountability

📌 Ira Winkler on the Realities of Cybersecurity Talent & Workforce Gaps

🔥 Relevant Hashtags:

#Cybersecurity #CISO #TheProfessionalCISO #InfoSec #CyberRisk #Leadership #AI #ThreatIntelligence #RiskManagement #CISOLiability #CISOCommunity

Paul Reyes: Why Every CISO Needs a Business-First Mindset 💼

David Malicoat — Wed, 15 Jan 2025 05:00:00 -0600

🎧 Episode Summary:

In this episode of The Professional CISO Show, host David Malicoat chats with Paul Reyes, VP and CISO at AccentCare, about his incredible journey from the Air Force to leading critical infrastructure cybersecurity efforts. Paul’s career path is filled with twists, lessons, and actionable insights that every cybersecurity leader can learn from.

Discover how Paul transitioned from running infrastructure operations to becoming a CISO, why professionalizing the CISO role is critical, and his advice for new CISOs, military veterans, and anyone passionate about cybersecurity.

🔑 Key Topics Discussed:

• Paul Reyes’ transition from military service to cybersecurity leadership

• The evolution of the CISO role and why it needs to be professionalized

• Key focus areas for new CISOs: email security, endpoint protection, and identity access management

• Challenges in protecting critical infrastructure from evolving cyber threats

• Advice for veterans transitioning into cybersecurity careers

🌟 Highlights:

• [00:01:30] Paul’s unconventional career path: Air Force to AccentCare

• [00:10:45] Starting strong as a new CISO

• [00:18:00] How to measure the maturity of your cybersecurity program

• [00:26:30] Cybersecurity in critical infrastructure: Trends and solutions

• [00:31:00] Insights for transitioning military veterans

📣 Call to Action:

Enjoying the show? Don’t forget to follow, rate, and review The Professional CISO Show! Share this episode with a friend or colleague and help us grow the community of professional CISOs.

🔗 Connect with Us:

• Website: www.thpc.co

• LinkedIn: The Professional CISO Show

• Watch More Episodes: YouTube Channel

• Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn

• Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021

About Our Guest:

Paul Reyes

• Vice President and Chief Information Security Officer at AccentCare

• Air Force veteran with extensive leadership experience at Raytheon, Blockbuster, and more.

🎧 Related Episodes You’ll Love:

• Professionalizing Cybersecurity with Gary Hayslip

• Leadership Lessons from Joey Rachid

Hashtags:

#TheProfessionalCISO #CybersecurityPodcast #CISO #CriticalInfrastructure #CyberRisk #AirForceVeteran #ProfessionalCISO

🎙️ Securing the Supply Chain: Insights from Christine Gadsby of BlackBerry 🎙️

David Malicoat — Wed, 08 Jan 2025 05:00:00 -0600

🎙️ Episode Title:

Securing the Supply Chain: Insights from Christine Gadsby of BlackBerry

🌟 Episode Summary:

In this insightful episode of The Professional CISO Show, David Malicoat sits down with Christine Gadsby, VP & Chief Information Security Officer at BlackBerry, to explore the intricacies of application security (AppSec), software supply chain management, and the ongoing professionalization of the CISO role. Christine shares her remarkable journey, from overcoming personal challenges to becoming a cybersecurity leader.

Together, they discuss:

• The fragility of the software supply chain and its implications.

• Government regulations like NIST and secure-by-design initiatives.

• Blockchain’s potential in managing supply chain accountability.

• Advice for aspiring CISOs interested in AppSec and product security.

Christine’s unique perspective as a product security expert offers invaluable insights into navigating the complexities of cybersecurity today.

🗝️ Key Highlights:

• Christine’s journey into cybersecurity leadership.

• Why AppSec and supply chain security are critical in today’s ecosystem.

• How regulation and liability are reshaping the CISO role.

• Blockchain’s role in securing software and supply chains.

• Practical tips for cybersecurity professionals looking to transition into product security.

📢 Call to Action:

Love what you hear? Help us professionalize the CISO role!

💡 Follow The Professional CISO Show on Spotify and Apple Podcasts.

📲 Share this episode with your network to spread the word!

🔗 Links and Resources:

• LinkedIn: The Professional CISO Show

• Website: www.thpc.co

• Watch on YouTube: @TheProfessionalCISO

• Listen on Spotify: The Professional CISO Show on Spotify

• Listen on Apple Podcasts: The Professional CISO Show on Apple Podcasts

👤 Guest Information:

Christine Gadsby, VP & CISO at BlackBerry

Connect with Christine on LinkedIn.

🎧 Related Episodes:

• Episode 48: Gary Hayslip on Global Cybersecurity Leadership

• Episode 47: Joey Rachid on CISOs and Organizational Impact

🔖 Hashtags:

#Cybersecurity #AppSec #SupplyChainSecurity #TheProfessionalCISOShow #BlackBerry #Leadership #ProfessionalCISO

Through the Doorway: A Challenge to Your Future Self - A New Year’s Reading by David Malicoat

David Malicoat — Wed, 01 Jan 2025 05:00:00 -0600

🎉 Hook:

Step into the New Year with a reflective journey that celebrates growth, perseverance, and the messy beauty of progress. This special episode dives into the heart of transformation and what it means to truly embrace the grind.

✨ Episode Summary:

In this reflective and heartfelt episode, David Malicoat shares a deeply personal journal entry written in January 2024. He offers insights into the metaphor of transition, where life’s messes and challenges are reframed as opportunities for growth and transformation. From navigating chaos to finding the courage to press forward, this episode serves as a motivational message for those striving to make a difference, pursue meaningful goals, and embrace the messy, beautiful process of success.

🔑 Key Highlights:

• Life in Transition: How the messiness of change mirrors personal and professional growth.

• Embracing the Grind: The importance of persistence and repetition in achieving success.

• Courage and Criticism: Facing obstacles and external judgments with an iron will.

• A Personal Challenge: A call to action to live up to your potential and honor your inner voice.

🕒 Time-Stamps (YouTube Only):

• 0:00 – Introduction: Reflections for the New Year

• 1:00 – The Metaphor of Life in Transition

• 3:00 – The Courage to Face Chaos

• 4:00 – A Personal Call to Action

📣 Call-to-Action:

🎥 Watch more episodes of The Professional CISO Show: YouTube Channel

🎙️ Listen on Spotify: The Professional CISO Show

🎧 Tune in on Apple Podcasts: The Professional CISO

🌐 Visit our website: The Professional CISO Show

📱 Follow Us Online:

• LinkedIn: The Professional CISO Show

• YouTube: @TheProfessionalCISO

🎥 Related Episodes & Videos:

• The Courage to Lead: An Interview with Gary Hayslip

• Navigating Professional Challenges as a CISO

• From Chaos to Clarity: Insights for Cybersecurity Leaders

🏷️ Hashtags:

#ProfessionalCISO #CybersecurityLeadership #NewYearMotivation #Transformation #GrowthJourney

🎄 The Professional CISO Show - Episode 47: Twas the Night Before Christmas 🎅

David Malicoat — Tue, 24 Dec 2024 09:32:18 -0600

🎄 The Professional CISO Show - Episode 47: Twas the Night Before Christmas 🎅

Hook:

This week, we’re celebrating the holiday spirit in a truly special way! Join David Malicoat as he shares a personal family tradition, spreading warmth and joy with a timeless classic.

Summary:

In this festive episode, David reads Clement C. Moore’s beloved poem, The Night Before Christmas. This heartwarming tradition, cherished by his family for generations, is now brought to you as a gift of holiday cheer. Gather your loved ones, relax by the fire, and let this enchanting tale bring the magic of Christmas to life.

Key Highlights:

• A personal and heartfelt reading of The Night Before Christmas

• Insights into a family tradition shared with listeners

• Holiday wishes from The Professional CISO Show team

Call to Action:

🎧 Enjoy the episode? Like, share, and subscribe to bring more holiday joy to your network!

👉 Don’t forget to explore past episodes for more insights and inspiration.

Social Media & Related Links:

• Website: www.thpc.co

• Spotify: Listen on Spotify

• Apple Podcasts: Listen on Apple Podcasts

• LinkedIn: Follow us on LinkedIn

• Watch More Episodes: YouTube Channel

Hashtags:

#TheProfessionalCISO #CybersecurityLeadership #TwasTheNightBeforeChristmas #HolidaySpecial #MerryChristmas

The CISO’s North Star: How Mission and Values Guide Crisis Communications with David Chamberlin

David Malicoat — Wed, 18 Dec 2024 04:00:00 -0600

🎧 Episode Summary:

In this episode of The Professional CISO Show, host David Malicoat sits down with David Chamberlin, Managing Director of Strategic Communications Advisory at Orrick, Herrington & Sutcliffe LLP. With a career spanning journalism, corporate communications, PR, and legal advisory, David brings a unique perspective on how CISOs can navigate crises, build trust, and manage reputational risks.

David shares why CISOs must move beyond “bits and bytes” to become business-first leaders, how to prepare for high-stakes moments, and why relationships with legal, communications, and investor relations teams are critical to success.

🔑 What You’ll Learn in This Episode:

• The three-legged stool of crisis management: Business operations, legal risks, and reputational risks.

• Why trust and relationships are central to a CISO’s role during incidents.

• How to leverage mission, vision, and values to guide crisis communications.

• Practical strategies for CISOs to build relationships with GCs, CMOs, and IR teams.

• Why boards of directors need reputational risk expertise alongside cyber and legal advisors.

• Insights on professionalizing the CISO role to gain credibility and leadership influence.

⏰ Episode Highlights:

• [00:02:00] David Chamberlin’s journey from journalism to cybersecurity crisis communications.

• [00:10:00] Why professionalizing the CISO role is critical for success.

• [00:15:00] Understanding the intersection of legal and reputational risks.

• [00:23:00] The value of having reputational risk experts on the board.

• [00:33:00] Tactical advice: How CISOs can build key relationships before a crisis hits.

• [00:36:00] Effective communication during incidents: Truth, trust, and managing expectations.

• [00:41:00] Rapid-Fire Round: 10 Questions with David Chamberlin.

🎯 Call to Action:

If you enjoyed this episode, please subscribe to The Professional CISO Show on your favorite platform. Don’t forget to rate us, leave a review, and share this episode with your colleagues! Together, we can professionalize the role of the CISO.

🔗 Connect with Us:

• Website: www.thpc.co

• Spotify: The Professional CISO Show

• Apple Podcasts: The Professional CISO Show

• LinkedIn: The Professional CISO Show

• YouTube: Watch More Episodes

🎙️ Guest Information:

David Chamberlin

• Managing Director, Strategic Communications Advisory

• Orrick, Herrington & Sutcliffe LLP

🔍 Related Episodes You’ll Love:

• Gary Hayslip: Global CISO at SoftBank Investment Advisors

• Joey Rachid: CISO at Xerox

• Matt Walker: Managing Director of Security and Compliance at Goosehead Insurance

🔖 Hashtags:

#TheProfessionalCISO #CrisisCommunications #ReputationManagement #CybersecurityLeadership #CISO #CyberResilience #ProfessionalizeTheCISO

Cybersecurity Materiality, Reporting, and the CISO’s Legal Landscape with Shawn Tuma

David Malicoat — Wed, 11 Dec 2024 05:00:00 -0600

In this episode of The Professional CISO Show, host David Malicoat welcomes back cybersecurity attorney Shawn Tuma for a deep dive into the legal challenges facing CISOs. Shawn shares his journey of writing a comprehensive book on cybersecurity law, offers practical advice on navigating liability risks, and emphasizes the importance of building stronger partnerships between CISOs and General Counsels (GCs).

This episode is a must-listen for anyone in cybersecurity leadership who wants to professionalize their approach to legal and operational challenges.

What You’ll Learn in This Episode

• Why CISO liability insurance is no longer optional.

• How to foster collaboration between CISOs and GCs.

• The essentials of building an incident response plan.

• Differentiating routine incidents from critical ones.

• Insights on SEC materiality reporting and its impact on CISOs.

About Shawn Tuma

Shawn Tuma is a cybersecurity attorney with decades of experience in cybersecurity law, incident response, and breach management. Known for his practical insights and strategic thinking, Shawn advises organizations on navigating the complex intersection of legal and technical challenges.
🔗 Connect with Shawn on LinkedIn: Shawn Tuma

Let’s Connect!

💻 Website: www.thpc.co

📺 YouTube Channel: The Professional CISO Show

📱 LinkedIn: The Professional CISO Show

🏷️ Hashtags

#Cybersecurity #CISO #IncidentResponse #LegalRisks #CyberLiability #ShawnTuma #ProfessionalCISO #CyberInsurance

“Yes-And” - Janie Aggas on Supporting Business Initiatives Securely as a BISO

David Malicoat — Wed, 04 Dec 2024 05:00:00 -0600

🚀 Episode Summary:

In this insightful episode of The Professional CISO Show, host David Malicoat dives into the dynamic world of cybersecurity leadership with Janie Aggas, Head of Global Business Information Security Office (BISO) at CBRE. From her beginnings in legal studies to her transformative career journey, Janie sheds light on the pivotal role of a BISO in enabling business innovation securely.

Janie explores her unique path, the importance of professionalizing the CISO role, and her ongoing pursuit of a Master’s in Legal Studies in Cybersecurity Law and Policy. Discover how BISOs bridge the gap between cybersecurity, business, and technology, and why this role is critical in today’s evolving digital landscape.

🎯 Key Highlights:

• Janie’s Career Journey: From legal studies to cybersecurity leadership

• The Role of a BISO: A liaison between cybersecurity, business, and technology

• Emerging Tech in Cybersecurity: Tackling unknowns like NFTs and immersive experiences

• Professionalizing the CISO Role: Why it matters and how BISOs contribute

• Practical Takeaways: Insights from Janie’s pursuit of a Master’s in Legal Studies

• Career Development: How BISOs can grow into future CISO roles

💡 Takeaways for Listeners:

• Why the BISO role is vital for aligning security with business objectives

• How emerging tech presents both challenges and opportunities in cybersecurity

• Practical advice for aspiring BISOs or those transitioning from technical roles

📢 Call to Action:

👉 Don’t miss out on more conversations like this!

• Follow The Professional CISO Show on Spotify and Apple Podcasts

• Rate & Review the podcast to help us grow and reach more cybersecurity leaders!

• Share this episode with your network and tag us on LinkedIn!

🌐 Connect with Us:

• Website: www.thpc.co

• LinkedIn: The Professional CISO Show

• Spotify: The Professional CISO Show

• Apple Podcasts: The Professional CISO Show

📋 Guest Information:

Janie Aggas

• Head of Global Business Information Security Office at CBRE

• Connect with her on LinkedIn

🔖 Hashtags:

#TheProfessionalCISO #Cybersecurity #BISO #Leadership #EmergingTech #CyberRisk #JanieAggas #CBRE

Ira Winkler’s Open Letter to the ISC² Board: Ethics, Certifications, and Credibility

David Malicoat — Wed, 27 Nov 2024 05:00:00 -0600

Are the cybersecurity job numbers you’re hearing really accurate? In this compelling episode of The Professional CISO Show, host David Malicoat is joined by Ira Winkler, Vice President and CISO at CYE, to challenge the job market statistics promoted by ISC² and discuss their ethical implications for the cybersecurity profession.

Ira shares the story behind his open letter to ISC², breaking down their claim of 4.8 million job openings and calling for greater transparency and accountability. This eye-opening conversation explores the disconnect between industry narratives and real-world hiring practices, as well as the critical role professional organizations play in maintaining credibility and trust.

Whether you’re a cybersecurity professional, a hiring manager, or someone looking to enter the field, this episode provides invaluable insights into certifications, ethics, and the realities of the job market.

Key Highlights:

• Misleading cybersecurity job statistics: What’s really happening?

• The ethics of promoting certifications with exaggerated claims.

• The reality of hiring for cybersecurity roles: Entry-level vs. skilled positions.

• How professional organizations can regain credibility and trust.

• Ira Winkler’s take on professionalizing the cybersecurity industry.

🎧 Plus, don’t miss Ira’s quickfire answers in our signature “10 Questions” segment at the end!

Key Points Covered:

• [00:00] Introduction and overview of the episode

• [02:00] Ira Winkler on his open letter to ISC² and its impact

• [08:00] Breaking down ISC²’s job market statistics and the truth behind the numbers

• [15:00] Ethical concerns and the responsibility of professional organizations

• [22:00] The challenges facing cybersecurity leaders in hiring

• [30:00] Ira’s career reflections and lessons for professionals

• [37:00] Quickfire 10 Questions with Ira Winkler

Call-to-Action:

• Follow Us: Visit www.thpc.co to explore more episodes and resources.

• Subscribe on YouTube: Watch More Episodes of The Professional CISO Show.

• Listen on Spotify: The Professional CISO Show.

• Listen on Apple Podcasts: The Professional CISO Show.

• Connect with Us: Follow The Professional CISO Show on LinkedIn.

Guest Information:

Ira Winkler

• Vice President and CISO at CYE

• Acclaimed cybersecurity professional and thought leader

• Author of several books on cybersecurity awareness and ethics

Related Episodes:

• Gary Hayslip on Professionalizing the CISO Role

• Matt Walker on Leadership and Cybersecurity Challenges

Hashtags:

#Cybersecurity #ISC2 #ProfessionalCISO #IraWinkler #CyberLeadership #CyberEthics

A Profession on Trial: Joe Sullivan’s Exclusive Take on the CISO Role

David Malicoat — Wed, 20 Nov 2024 05:00:00 -0600

In this exclusive and unfiltered episode of The Professional CISO Show, David Malicoat hosts Joe Sullivan, current CEO of Joe Sullivan Security LLC and the former Chief Security Officer of Uber, for an in-depth conversation you won’t want to miss. Joe reflects on his groundbreaking career, his trial as the first corporate executive prosecuted for handling a data breach, and the lessons he’s learned along the way.

Joe’s insights on professionalizing the CISO role, navigating risk, and fostering collaboration between the public and private sectors provide a roadmap for cybersecurity leaders aiming to take their careers—and the profession—to the next level.

What You’ll Learn in This Episode

• Joe’s journey from federal prosecutor to pioneering cybersecurity leader.

• The evolution of the CISO role and the need for professionalization.

• Building trust and managing risk in high-pressure environments.

• Key lessons from his trial and its impact on the cybersecurity profession.

• The importance of public-private collaboration for cybersecurity’s future.

Key Moments:

• Joe’s early connection with technology – [00:01:00]

• Building trust and safety at eBay and PayPal – [00:10:00]

• Reflections on his trial and its implications – [00:21:00]

• The case for a professional association for CISOs – [00:28:00]

• Advice for the next generation of cybersecurity leaders – [00:43:00]

About Joe Sullivan

Joe Sullivan is the current CEO of Joe Sullivan Security LLC and former Chief Security Officer of Uber. A trailblazer in cybersecurity leadership, Joe is a strong advocate for professionalizing the CISO role and enhancing public-private collaboration to solve the industry’s biggest challenges.

Follow and Subscribe

Don’t miss exclusive interviews with top cybersecurity leaders on The Professional CISO Show.

• YouTube: http://www.youtube.com/@TheProfessionalCISO

• Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673

• Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021

• Website: www.thpc.co

• LinkedIn: https://www.linkedin.com/company/the-professional-ciso-show

Related Episodes

• Gary Hayslip: The Future of Cybersecurity Leadership

• Matt Walker on Professionalizing the CISO Role

Relevant Hashtags

#CyberSecurity #JoeSullivan #CISO #Leadership #DataBreach #FutureOfCISOs

Live Insights from N TX ISSA CSC 12: From Identity Assurance to Borderless Security

David Malicoat — Fri, 15 Nov 2024 04:00:00 -0600

In this special episode recorded live from the North Texas ISSA CSC 12 Conference, host David Malicoat dives deep into the future of cybersecurity with industry trailblazers. Tune in to hear from Ryan Rowcliff of Hyper, Julio Casablanca of WWT, and Ryan Heinrich of ID.me as they share invaluable insights on identity assurance, decentralized security, and the cutting-edge developments reshaping the role of the CISO.

Ryan Rowcliff explains Hyper’s transition to identity assurance, highlighting the impact of FIDO technology and the journey to a password-free future. Julio Casablanca explores “borderless security” and the shift away from traditional security stacks, emphasizing the value of decentralized solutions in today’s digital landscape. Ryan Heinrich discusses ID.me’s vision for a portable internet identity and user-centered verification.

Whether you’re a seasoned cybersecurity professional or just curious about the evolving role of identity in digital security, this episode offers a dynamic look at the advancements shaping the future of cyber defense.

Key Takeaways:

• Understanding the importance of identity assurance in reducing password dependency

• How borderless security enables decentralized, scalable solutions

• The role of portable identity and user control in the future of digital identity

• Emerging regulatory tools that empower CISOs and support cybersecurity transformation

Timestamps:

• [00:01:00] Identity Assurance and Passwordless Technology with Ryan Rowcliff

• [00:04:00] Borderless Security and Decentralized Solutions with Julio Casablanca

• [00:10:00] Portable Identity for the Internet with Ryan Heinrich

• [00:16:00] CISOs and Regulatory Support: Insights into SEC’s Role

Listen and Follow:

Stay tuned for more episodes as we explore groundbreaking topics that impact CISOs and cybersecurity professionals across industries.

• Website: www.thpc.co

• YouTube: http://www.youtube.com/@TheProfessionalCISO

• LinkedIn: https://www.linkedin.com/company/the-professional-ciso-show

• Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673

• Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021

Guests:

• Ryan Rowcliff – Field CTO, Hyper

• Julio Casablanca – Field CISO, WWT

• Ryan Heinrich – Security Engineer, ID.me

Tags:

#IdentityAssurance #BorderlessSecurity #Cybersecurity #CISO #DigitalIdentity #FIDO #DecentralizedSecurity #CyberDefense #ISSA2024

From AI Challenges to CISO Advocacy: Insights from the N TX ISSA CSC 12 Conference

David Malicoat — Mon, 11 Nov 2024 05:00:00 -0600

A special thank you to our sponsor Digital Era Group (https://www.digitaleragroup.com/)

🔊 Episode Summary:

In this special episode of The Professional CISO Show, host David Malicoat takes you directly into the energy of the North Texas ISSA CSC 12 Annual Conference. This engaging episode highlights discussions with key cybersecurity leaders who are shaping the future of the industry. Kevin Haft and Marius Bratan of the North Texas ISSA board discuss their mission, community-building efforts, and the importance of creating diverse and impactful cybersecurity events. Val Mukherjee from the Cyber Future Foundation shares insights into the development of a professional CISO association, emphasizing the need for a unified voice for cybersecurity professionals. Additionally, Steve Duncan from Lookout reflects on his extensive 27-year journey in the industry, offering perspectives on the integration of AI, the future of edge security, and how past lessons shape current practices.

🎙️ Key Points Covered:

• Conference Insights and Event Vision: Kevin Haft discusses the evolution and success of the North Texas ISSA conference and the power of fostering relationships within the cybersecurity community.

• Community and Mission of ISSA: Marius Bratan highlights how the ISSA serves all professional levels in cybersecurity, from newcomers to seasoned executives, and the challenges and strategies in doing so.

• The Push for Professionalization: Val Mukherjee talks about his work in creating a professional association for CISOs, advocating for a structured path for cybersecurity leadership and addressing the well-being and liability concerns of CISOs.

• Past, Present, and Future of Cybersecurity: Steve Duncan shares his unique perspective on cybersecurity’s evolution over decades, emphasizing the importance of preparing for the future, especially with the advent of AI and a borderless network landscape.

🔗 Listen and Subscribe:

• Spotify: The Professional CISO Show on Spotify

• Apple Podcasts: The Professional CISO Show on Apple

💡 Call to Action:

Subscribe to The Professional CISO Show to stay updated with in-depth discussions on cybersecurity, leadership insights, and strategies for empowering the next generation of CISOs. Don’t forget to leave a rating and review to help others discover the podcast!

🌐 Connect with Us:

• Website: www.thpc.co

• LinkedIn: The Professional CISO Show on LinkedIn

👤 Guest Information:

• Kevin Haft – North Texas ISSA Board Member

• Marius Bratan – Sponsorship Director, North Texas ISSA

• Val Mukherjee – Chair, Cyber Future Foundation

• Steve Duncan – Head of Global Sales & Operations, Lookout

🔖 Related Episodes to Explore:

• Pathways to Professionalizing CISOs: A Deep Dive

• CISO Leadership and Strategic Partnerships: Live from NTX ISSA

🔗 Relevant Links and Mentions:

• North Texas ISSA Chapter: Supporting cybersecurity professionals at all career stages.

• Cyber Future Foundation: Leading the initiative for a CISO professional association.

🔖 Relevant Hashtags:

#CISO #CybersecurityLeadership #ISSAConference #ProfessionalCISO #CyberCommunity #AIinCybersecurity #EdgeSecurity

The Next Frontier of Cybersecurity: Culture, Community, and the CISO’s Role

David Malicoat — Wed, 06 Nov 2024 05:00:00 -0600

In this episode of The Professional CISO Show, David Malicoat interviews Cecil Pineda, Senior VP and CISO at R1, on the future of cybersecurity leadership. Known for his groundbreaking work in healthcare cybersecurity and as a co-founder of CISO XC, Cecil shares his journey from early tech enthusiast to cybersecurity leader, emphasizing the importance of culture, collaboration, and community. Cecil’s insights are invaluable for anyone looking to elevate their approach to cybersecurity, whether you’re a CISO, an aspiring leader, or simply interested in the human side of cyber.

🔑 Key Highlights:

• Building a Resilient Cybersecurity Culture – How creating the right culture boosts team performance and loyalty.

• The Power of Collaboration – Why connecting across silos and fostering relationships are essential to effective cybersecurity.

• CISO XC and Community Building – Cecil’s vision for a community-driven approach to cybersecurity.

• Practical Leadership Advice – Tips for aspiring CISOs on building teams, developing resilience, and leading with empathy.

🕒 Time-Stamps:

• [00:00] – Introduction to the episode and Cecil Pineda

• [03:00] – Cecil’s journey from tech tinkering to cybersecurity leadership

• [13:00] – How culture impacts cybersecurity team success

• [20:00] – Building effective collaborations in cybersecurity

• [32:00] – CISO XC and Cecil’s vision for a collaborative cyber community

• [35:00] – “10 Questions for Cecil Pineda”

🔔 Call-to-Action:

If you enjoyed this episode, please subscribe to The Professional CISO Show for more discussions with top leaders in cybersecurity. Remember to rate and review us on Spotify and Apple Podcasts to help others discover the show!

🌐 Connect with Us:

• The Professional CISO Show on LinkedIn

• Website

• Watch Episodes on YouTube

• Spotify

• Apple Podcasts

👤 Guest Information:

Cecil Pineda

• Senior VP and CISO, R1

• Co-founder, CISO XC

📹 Related Episodes:

• Panel Discussion with Sailaja Kotra-Turner, Sonja Hammond, & Jessica Nemmers

• Professionalizing the CISO Role with Matt Walker

#TheProfessionalCISOShow #CyberLeadership #CISO #Cybersecurity #DavidMalicoat #CecilPineda #CultureInCybersecurity #CISOXC

Digital Era of Cybersecurity: Key Takeaways from the North Texas ISSA Conference

David Malicoat — Fri, 01 Nov 2024 05:00:00 -0500

We would like to thank our sponsor Digital Era Group (www.digitaleragroup.com)

Welcome to a special episode of The Professional CISO Show, recorded live at the North Texas ISSA CSC 12th Annual Conference! Join host David Malicoat as he dives into today’s hottest cybersecurity topics with industry veterans, thought leaders, and innovators. Sponsored by Digital Era Group, this episode offers an inside look at data security in a borderless world, AI’s role in risk management, and the future of the CISO role.

In This Episode, We Explore:

• Data Security Without Borders: How CISOs are adapting to secure hybrid and remote work environments.

• AI’s Impact on Cybersecurity: The benefits and challenges AI presents in data protection and threat management.

• Mentorship in Cybersecurity: Why mentorship is key to bridging the talent gap and nurturing the next generation of cyber leaders.

• Future of the CISO Role: The evolving responsibilities, regulatory pressures, and personal risks faced by today’s CISOs.

Key Highlights:

• [00:01:00] Robert Haldeman on supporting students and the cyber community through ISSA

• [00:04:00] Insights from Logo Systems CEO on MSSPs and tech events

• [00:09:00] James Christiansen on AI’s impact on data protection and the CISO role

• [00:13:00] SEC regulations, data governance, and the CISO’s future

• [00:23:00] Carol Weaver discusses securing global and hybrid workforces

• [00:33:00] John Shin on mentorship, learning mindsets, and the future of cyber talent

Featured Guests:

• Robert Haldeman – Deputy Director, ISSA North Texas

• James Christiansen – Former CISO of Visa, GM, and Experian

• Pat Benoit – Cybersecurity Strategist

• Carol Weaver – Information Risk Leader at a Texas Bank

• Maria Scarmato – Founder, Praxis Data Security

• John Shin – Managing Director, RSI Security

Episode Highlights:

Discover how cybersecurity professionals are navigating the complex demands of data protection in a rapidly evolving landscape. From AI’s transformative potential to the critical importance of mentorship, our guests share invaluable insights for CISOs and aspiring cyber leaders.

Call-to-Action:

Subscribe to The Professional CISO Show for exclusive conversations with the top minds in cybersecurity. Don’t miss upcoming episodes filled with expert insights, real-world strategies, and industry trends.

Connect with The Professional CISO Show:

• Website: www.thpc.co

• LinkedIn: The Professional CISO Show

• Watch on YouTube: The Professional CISO Show

• Listen on Spotify: The Professional CISO Show on Spotify

• Listen on Apple Podcasts: The Professional CISO Show on Apple Podcasts

Related Episodes:

• AI and the New Frontier in Cybersecurity

• Protecting Data in a Borderless World

• Mentorship and the Next Generation of CISOs

Hashtags:

#Cybersecurity #CISO #DataProtection #AISecurity #MentorshipInCyber #TheProfessionalCISOShow #RiskManagement #ISSAConference

Hard Truths and Soft Skills: Randy Potts on What Makes an Exceptional CISO

David Malicoat — Wed, 30 Oct 2024 05:00:00 -0500

Randy Potts joins The Professional CISO Show to discuss his unique career journey, from managing satellite communications in defense contracting to becoming a prominent CISO in the financial services industry. Randy shares insights on the importance of community among CISOs, the evolving responsibilities of the role, and practical leadership lessons that can make CISOs indispensable in any organization. Tune in to learn from Randy’s experiences, get a fresh perspective on data and AI in cybersecurity, and discover why empathy and adaptability are crucial in today’s cybersecurity landscape.

Key Highlights

• Randy’s transition from defense to finance and cybersecurity leadership

• The impact of community building in strengthening the CISO role

• Essential leadership advice for aspiring CISOs

• The role of data management and AI in future cybersecurity strategies

Enjoyed this episode? Don’t forget to follow and rate The Professional CISO Show. Share it with your network, and tune in next week for more insights from top cybersecurity experts!

Connect with Us

• LinkedIn: The Professional CISO Show

• Website: www.thpc.co

• More Episodes: Apple Podcasts | Spotify

CISO Realities: Parrish Gunnels Talks Zero Trust & Incident Response

David Malicoat — Wed, 23 Oct 2024 05:00:00 -0500

Episode Summary:

In this episode of The Professional CISO Show, David Malicoat interviews Parrish Gunnels, Senior Vice President and CISO at Sunflower Bank, about his experiences leading cybersecurity across multiple industries. Parrish shares his thoughts on the evolution of the CISO role, why it’s essential to professionalize it, and how cybersecurity leaders can earn a seat at the table in their organizations.

Key topics include the challenges of implementing Zero Trust, the role of artificial intelligence (AI) in financial services, and how CISOs can navigate complex regulatory environments. Parrish also offers valuable advice for aspiring CISOs on how to engage with business leaders and make meaningful impacts in their organizations.

Key Discussion Points:

• [01:30] Introducing Parrish Gunnels and his diverse career path in cybersecurity

• [04:50] Professionalizing the CISO role: Why it’s essential and how to achieve it

• [07:00] Zero Trust: Is it achievable, or just a guiding principle?

• [12:20] Why CISOs still struggle to secure a seat at the table in many organizations

• [18:15] The impact of AI on financial services and the associated security challenges

• [23:45] Advice for new CISOs: Where to focus in your first 30 days

• [30:10] How different industries shape the CISO role and key regulatory differences

• [34:00] Fun rapid-fire questions with Parrish Gunnels

Key Quotes:

• “I think the CISO role is still in its infancy compared to positions like the CIO. There’s a lot we’re still figuring out.” – Parrish Gunnels

• “Zero Trust is a great principle, but it’s not fully achievable, especially in industries like manufacturing with legacy systems.” – Parrish Gunnels

• “Artificial intelligence is here to stay, but the models are still not where they need to be for security.” – Parrish Gunnels

About Our Guest:

Parrish Gunnels is the Senior Vice President and Chief Information Security Officer at Sunflower Bank. He has held cybersecurity leadership roles at companies like Verizon, Capital One, and Citigroup. With a background in telecommunications and financial services, Parrish brings a wealth of experience in securing complex organizations.

Resources Mentioned:

• North Texas ISSA Annual Golf Tournament

• AI in financial services: Latest developments

• CISO leadership advice for new and aspiring security leaders

Connect with The Professional CISO Show:

• Website: www.thpc.co

• YouTube: www.youtube.com/@TheProfessionalCISO

• LinkedIn: @TheProfessionalCISO

Subscribe & Leave a Review:

If you enjoyed this episode, please subscribe and leave a review on Spotify, Apple Podcasts, or your favorite podcast platform! Your support helps us bring more expert insights to the cybersecurity community.

#CISO #Cybersecurity #ZeroTrust #AI #Leadership #ProfessionalCISO #FinancialServices #DavidMalicoat #ParrishGunnels

Anand Singh on Navigating AI, Cybersecurity, and Executive Strategy

David Malicoat — Wed, 16 Oct 2024 05:00:00 -0500

In this episode of The Professional CISO Show, host David Malicoat sits down with Anand Singh, Senior Vice President and Chief Information Security Officer at Alkami Technology. Anand shares his journey through the world of cybersecurity, from working with Cray supercomputers to leading cutting-edge AI-driven cybersecurity strategies.

Key Discussion Points:

• Professionalizing the CISO Role: Anand explains the importance of evolving the CISO role into a true executive function, focusing on business impact.

• AI and Cybersecurity: Learn how AI is transforming cybersecurity from both attack and defense perspectives.

• Board Governance: Anand discusses the growing need for board-level expertise in cybersecurity and the role of CISOs in influencing governance.

• NACD Certification: Anand’s experience earning his NACD Directorship Certification and why it’s important for CISOs to influence cybersecurity at the board level.

• Cybersecurity Leadership: Insights into Anand’s leadership experience across industries, including banking, healthcare, and retail.

Quotable Moments:

• “A CISO must be a true executive—using security as a mechanism to drive business goals.”

• “AI is a force of nature. You can’t block it. You need to embrace it responsibly.”

About Anand Singh:

Anand Singh is an experienced cybersecurity leader, currently serving as SVP & CISO at Alkami Technology. He has held senior positions at leading companies including U.S. Bank, UnitedHealth Group, and Target.com. With a Ph.D. in computer science, Anand brings a deep technical and strategic perspective to the ever-evolving challenges in cybersecurity.

Tune in for Insights on:

• Navigating the intersection of AI and cybersecurity

• The evolving role of CISOs in organizational strategy and risk management

• Board governance and why cybersecurity is essential at the executive level

Connect with Us:

• Follow The Professional CISO Show on LinkedIn and subscribe on YouTube for more exclusive interviews and discussions.

Subscribe & Leave a Review:

If you enjoyed this episode, please subscribe and leave a review on Spotify or Apple Podcasts. Your feedback helps us bring more insightful content from top cybersecurity leaders!

#CISO #Cybersecurity #AI #BoardGovernance #ProfessionalCISO #Leadership #DigitalBanking

AI, Cloud Security, and Resilience: Highlights from N TX ISSA - CSC 12

David Malicoat — Fri, 11 Oct 2024 05:00:00 -0500

In This Episode:

We cover a range of timely topics, including:

• Matt Walker, Managing Director of Security and Compliance at Goosehead Insurance: Discusses the challenges of threat exposure management and strategies for cloud security.

• Dr. Harvey Castro, ER Doctor and Keynote Speaker: Shares his journey of integrating AI into healthcare, from real-time diagnostics to the use of wearable tech for better patient care.

• Justin Hutchens, Innovation Principal at Trace3: Delivers insights on autonomous hacking systems and the future of generative AI in the cyber threat landscape.

• Ric Halsaver, Resilience Expert at IBM: Highlights the critical importance of time in incident response, the power of immutable snapshots, and how to recover quickly after an attack.

Key Takeaways:

• Strategies for navigating the complexities of cloud security and managing SaaS risks.

• How AI is reshaping both cybersecurity defenses and the threats we face.

• Practical advice for improving organizational resilience and minimizing recovery time.

• The balance of human expertise and AI’s high-speed capabilities in cybersecurity and healthcare.

Connect with Our Guests:

• Matt Walker: Managing Director of Security and Compliance, Goosehead Insurance

• Dr. Harvey Castro: ER Doctor, Keynote Speaker, and AI Enthusiast

• Justin Hutchens: Innovation Principal, Trace3, and Author of The Language of Deception: Weaponizing Next Generation AI

• Rick Haussauer: Cyber Resilience Specialist, IBM

Episode Highlights:

• [00:02:15] Matt Walker on Cloud Security Challenges

• [00:11:30] Dr. Harvey Castro: AI in Healthcare and Patient Care

• [00:20:00] Justin Hutchins: AI-Powered Cyber Threats and Autonomous Hacking

• [00:28:45] Rick Haussauer: The Importance of Cyber Resilience and Recovery Time

Join Us Online:

• Visit our website: www.thpc.co

• Watch more on our YouTube channel: The Professional CISO Show

• Follow us on LinkedIn for updates and more content!

Book:

The Language of Deception: Weaponizing Next Generation AI by Justin Hutchens

https://a.co/d/366H7p0

Subscribe and Leave a Review!

If you enjoyed this episode, please subscribe and leave us a review on Spotify, Apple Podcasts, or your favorite podcast platform. Your support helps us bring more industry-leading insights to the CISO community.

Building the Professional CISO: Gary Hayslip on Merging Risk, IT, and Business

David Malicoat — Wed, 09 Oct 2024 05:00:00 -0500

In this episode, David Malicoat interviews Gary Hayslip, Global Chief Information Security Officer (CISO) at SoftBank Investment Advisors. Gary shares his deep insights on the evolution of the CISO role, discussing how it’s becoming more integrated with risk management, business strategy, and AI. He reflects on his own career journey from the U.S. Navy to becoming a global cybersecurity leader, offers practical advice for veterans transitioning into cyber roles, and explores how the future of cybersecurity leadership is shaping up.

Whether you’re an aspiring CISO, a cybersecurity professional, or a business leader, this episode is packed with actionable insights and advice from one of the most respected figures in the industry.

Key Topics Discussed:

• Gary Hayslip’s Journey: From military service to global cybersecurity leadership.

• Professionalizing the CISO Role: Why the CISO role is evolving and how it’s merging with other business and risk functions.

• CISO Tenure and Burnout: Understanding why CISO tenures often range from 18 to 36 months and the factors behind this.

• Advice for Veterans Transitioning to Cybersecurity: Gary shares how veterans can prepare for civilian cyber roles and why cyber offers a “mission-driven” career.

• The Future of the CISO Role: AI, risk management, product security, and why the CISO’s responsibilities are expanding.

Key Quotes from Gary Hayslip:

• “Cyber is a discipline made up of multiple domains. The CISO role is the lead executive within cyber, but it’s something you grow into over time.”

• “I see the CISO role merging with other risk executive roles. We’re business executives managing risk using technology, people, and processes.”

• “AI isn’t something to run from. It’s something you figure out how to use and protect. If you do it right, you’ll be effective. If you screw it up, it’s a resume-generating event.”

Guest Bio:

Gary Hayslip is the Global Chief Information Security Officer (CISO) at SoftBank Investment Advisors, a cybersecurity veteran with decades of experience in the U.S. Navy, municipal government, cybersecurity product advisory roles, and venture capital. He’s also a co-author of the CISO Desk Reference book series and an influential thought leader in the cybersecurity industry.

Connect with Gary Hayslip:

• LinkedIn: https://www.linkedin.com/in/ghayslip/

• Twitter: https://x.com/ghayslip

Episode Resources:

• CISO Desk Reference Guide: Volume 1 & 2 by Gary Hayslip and co-authors Bill Bonney and Matt Stamper

• Cloud Guru (for cloud certifications)

• Udemy Python Courses (for learning scripting)

Additional Links:

• Subscribe to The Professional CISO Show on Spotify and Apple Podcasts

• Follow us on YouTube: www.youtube.com/@TheProfessionalCISO

• Join the conversation on LinkedIn: The Professional CISO LinkedIn

Chapters:

• 0:00 - Intro to Gary Hayslip

• 1:30 - Gary’s Cybersecurity Journey

• 5:00 - Professionalizing the CISO Role

• 14:00 - CISO Tenure and Burnout

• 19:00 - Advice for Veterans in Cybersecurity

• 23:00 - The Future of the CISO Role

• 29:00 - 10 Questions with Gary Hayslip

• 33:00 - Closing Thoughts on Cyber Leadership

Call to Action:

If you enjoyed this episode, please rate and review us on Apple Podcasts and Spotify! Don’t forget to hit that subscribe button so you never miss an episode of The Professional CISO Show.

#CISO #Cybersecurity #GaryHayslip #Leadership #CyberRisk #VeteransInCyber #ProfessionalCISO #CyberLeadership #AIinCybersecurity

CISO Masterclass: Key Skills for Security Leaders in 2024 at North Texas ISSA CSC 12

David Malicoat — Wed, 02 Oct 2024 05:00:00 -0500

Brought to you by CyberProof (www.cyberproof.com)

In this episode of The Professional CISO Show, recorded live at the North Texas ISSA CSC 12 Annual Conference, David Malicoat brings you conversations with industry-leading cybersecurity experts. Tune in to hear from Greg Lenox and Jason Malacko from CyberProof, Cecil Pineda (CISO of R1 and co-founder of CISO XC), and Robert Pace (CISO of Invitation Homes).

Our guests cover crucial topics like Managed Detection and Response (MDR), Extended Detection and Response (XDR), the impact of AI on cybersecurity, and essential leadership skills for modern CISOs. This episode, part of The Professional CISO Event Series, also explores how networking and strategic partnerships can help organizations strengthen their cybersecurity posture.

Key Discussion Points:

• The future of MDR and XDR in cybersecurity (CyberProof)

• The growing role of AI and cloud cost optimization

• Key skills and leadership advice for current and aspiring CISOs (Cecil Pineda)

• How to manage political capital when implementing security strategies (Robert Pace)

• The rise of Dallas as a hub for cybersecurity leadership

Whether you’re an experienced CISO or new to the field, this episode offers practical insights and real-world strategies to elevate your cybersecurity approach.

Featured Guests:

• Greg Lenox – National Named Account Manager, CyberProof

• Jason Malacko – Director of Architecture, CyberProof

• Cecil Pineda – CISO, R1 & Co-founder, CISO XC

• Robert Pace – CISO, Invitation Homes

Timestamps:

• 0:00 – Intro and Overview of North Texas ISSA CSC 12 Conference

• 2:00 – Interview with Greg Lennox and Jason Malacco (CyberProof)

• 10:00 – AI in cybersecurity and strategic partnerships

• 15:00 – Cecil Pineda on critical skills for CISOs

• 25:00 – Robert Pace on data security and using political capital in cybersecurity

Subscribe to The Professional CISO Show for expert interviews, actionable insights, and the latest trends in cybersecurity leadership.

Connect with Us:

• Website: www.thpc.co

• YouTube: The Professional CISO

• LinkedIn: David Malicoat

Sponsors:

This episode was made possible by our partners at CyberProof, a leader in Managed Detection & Response services. Learn more at cyberproof.com.

#CyberSecurity #CISO #MDR #XDR #AI #CyberProof #ProfessionalCISOEventSeries #Leadership #NorthTexasISSA

Is It Time to Break Apart GRC?

David Malicoat — Wed, 25 Sep 2024 05:00:00 -0500

In this episode of The Professional CISO Show, David Malicoat tackles a bold question: Is it time to break apart Governance, Risk, and Compliance (GRC) into separate, specialized functions? Join us as we explore how unbundling GRC could transform your cybersecurity program from a checkbox exercise into a powerful tool for business alignment and risk management. With thought-provoking insights and historical examples, David makes the case for why GRC needs a fresh approach in today’s fast-paced digital landscape.

If you’re a CISO, security professional, or business leader, this episode is packed with actionable advice to help you elevate your organization’s cybersecurity maturity.

Key Takeaways:

• Why governance, risk, and compliance deserve individual attention

• How CISOs can take ownership of governance for strategic impact

• Using compliance to secure resources and improve risk management

• Practical strategies to rethink and realign your GRC structure

Timestamps:

• 00:00 – Welcome and Introduction

• 02:00 – Why GRC Needs a Fresh Approach

• 06:00 – Historical Example: British Defense of Singapore

• 09:00 – The Evolution of GRC: From 2000s to Present

• 15:00 – Governance: A CISO’s Primary Responsibility

• 21:00 – Risk Management: Aligning Cyber and Business Risk

• 25:00 – Compliance: Turning It into a Strategic Advantage

• 29:00 – Final Thoughts: Breaking Apart GRC for Cyber Superpowers

• 31:00 – Call to Action: Professionalizing the CISO Role

Quotes:

• “Governance isn’t just a checkbox; it’s the CISO’s responsibility to lead and set the strategic direction of the cybersecurity program.”

• “Risk is the lens through which all programs need to make decisions. Without it, you’re misaligned with the business.”

• “Just because you have GRC doesn’t mean you’re using it to its full potential. It could be your superpower if harnessed properly.”

Connect with David Malicoat:

Website: www.thpc.co

YouTube: The Professional CISO Show

LinkedIn: David Malicoat on LinkedIn

Twitter: @ProfessionalCISO

Listen & Subscribe:

Don’t miss an episode! Subscribe on Spotify | Apple Podcasts | Google Podcasts

Please leave us a review to help spread the word!

Hashtags for Social Sharing:

#CISO #GRC #GovernanceRiskCompliance #Cybersecurity #RiskManagement #ProfessionalCISO #Leadership

Building Teams vs. Buying Talent: Insights from CISO Joey Rachid

David Malicoat — Wed, 18 Sep 2024 05:00:00 -0500

Episode 30: Joey Rachid – Professionalizing the CISO Role & Building Strong Cyber Teams

In this episode of The Professional CISO Show, host David Malicoat interviews Joey Rachid, Chief Information Security Officer (CISO) at UST. Joey takes us on a fascinating journey from his early days in the U.S. Marine Corps, where he first got involved with technology, to his rise as a cybersecurity leader in the consulting and services industry.

They discuss:

• The difference between building vs. buying cybersecurity talent

• The importance of professionalizing the CISO role in today’s business environment

• Joey’s views on how business acumen and an MBA can elevate your role as a CISO

• Effective leadership strategies for developing high-performing cybersecurity teams

• The future of the CISO role and what it means for aspiring security professionals

Whether you’re a current or aspiring CISO, Joey’s insights on leadership, risk management, and aligning cybersecurity with business objectives are invaluable for anyone looking to grow in the field. Tune in for a deep dive into the practical and strategic aspects of being a cybersecurity leader today.

Key Takeaways:

• Joey Rachid’s path from the Marine Corps to cybersecurity leadership

• Developing vs. hiring talent: Which is the better approach?

• How an MBA can boost your business credibility as a CISO

• The role of trust, competence, and character in effective leadership

• Future trends in cybersecurity leadership and the evolving CISO role

Resources & Links:

• Follow Joey Rachid on LinkedIn: https://www.linkedin.com/in/joeyrachid/

• Learn more about UST: https://www.ust.com/

• Follow The Professional CISO Podcast on LinkedIn: https://www.linkedin.com/company/the-professional-ciso-show

• Subscribe to our YouTube channel: www.youtube.com/@TheProfessionalCISO

• Visit our website: www.thpc.co

Timestamps:

00:00 – Introduction

02:30 – Joey’s background: From Marine Corps to cybersecurity

06:45 – Building vs. buying talent in cybersecurity

10:30 – Why professionalizing the CISO role matters

15:00 – The value of an MBA in cybersecurity leadership

20:00 – Leading and developing high-performing teams

25:00 – Trust, character, and competence in leadership

30:00 – The future of the CISO role

The Challenge of Selling Cybersecurity: Insights from Matt Walker

David Malicoat — Wed, 11 Sep 2024 05:00:00 -0500

In this episode of The Professional CISO Show, host David Malicoat is joined by Matt Walker, Managing Director of Security and Compliance at Goosehead Insurance. Matt shares his unique journey from a career in commercial art to becoming a cybersecurity leader. Together, they explore the evolving role of the CISO and the importance of professionalizing the position within organizations.

Key Takeaways:

Professionalizing the CISO Role: Matt discusses the need for establishing a standardized professional framework for CISOs and the challenges associated with it.
Translating Technical Risk into Business Terms: Learn how to communicate complex technical risks in a way that resonates with non-technical stakeholders and aligns with business objectives.
Building Relationships in the C-Suite: Discover strategies for developing strong, trust-based relationships within the executive team, and how to navigate the political landscape of the boardroom.
The Journey from IT to Cybersecurity Leadership: Matt shares his personal experiences and insights on transitioning from a technical background to a leadership role in cybersecurity.

About the Guest: Matt Walker is the Managing Director of Security and Compliance at Goosehead Insurance. With a rich background in network security, commercial art, and leadership roles at Bain & Company and Dell, Matt brings a unique perspective to the discussion on cybersecurity leadership and the future of the CISO role.

Episode Highlights:

[02:00] Matt Walker’s early career and transition from commercial art to cybersecurity
[07:00] The importance of professionalizing the CISO role
[13:00] Strategies for effectively communicating risk to business leaders
[18:00] Navigating stakeholder relationships and building trust in the C-suite
[25:00] Matt’s tips for introverts on building professional relationships and influence
[30:00] The role of diplomacy in cybersecurity leadership

Connect with Matt Walker:

LinkedIn: https://www.linkedin.com/in/techguymatt/
Goosehead Insurance: Website

Connect with David Malicoat:

Website: The Professional CISO
YouTube: The Professional CISO
LinkedIn: https://www.linkedin.com/in/david-malicoat-cissp/

Subscribe & Leave a Review: Enjoyed the episode? Subscribe to The Professional CISO Show on Apple Podcasts, Spotify, or your favorite podcast platform. Don’t forget to leave a review and share the episode with your network!

The Women of Cyber: Beyond the Panel and Into the Trenches - A Professional CISO Show Special

David Malicoat — Wed, 04 Sep 2024 05:00:00 -0500

In this special episode of The Professional CISO Show, host David Malicoat brings together three influential women leaders in cybersecurity: Sailaja Kotra-Turner (VP & CISO, Brown-Forman), Sonya Hammond (CISO & VP of IT Architecture and Engineering, National Veterinary Associates), and Jessica Nemmers (Field CISO, Flair Data Systems). The panel explores the challenges and opportunities women face in the cybersecurity industry, offering insights into breaking stereotypes, advancing technical expertise, and creating more inclusive professional environments.

Key Topics Discussed:

• Overcoming the challenges of being typecast into diversity panels

• Encouraging young women to pursue and succeed in cybersecurity

• The importance of diverse and inclusive networking opportunities

• Actionable advice for women currently in the field seeking career advancement

• Strategies for engaging with CISOs as a vendor or partner in the cybersecurity space

Why Listen:

This episode is a must-listen for cybersecurity professionals, aspiring CISOs, and anyone interested in the intersection of diversity and technology. Gain valuable insights from leaders who are at the forefront of professionalizing the CISO role and promoting diversity in the field.

Connect with Us:

• 🌐 Visit our website: www.thpc.co

• 📺 Watch the episode on YouTube: The Professional CISO YouTube Channel

• 🔗 Follow us on LinkedIn: https://www.linkedin.com/company/the-professional-ciso-show

Episode Links:

• North Texas ISSA Cybersecurity Conference: https://www.ntxissa.org/

• Subscribe to our podcast on Apple Podcasts and Spotify for more episodes!

About the Host:

David Malicoat is a seasoned Chief Information Security Officer and host of The Professional CISO Show, where he explores the critical topics necessary to professionalize the CISO role. With insightful discussions and expert guests, David aims to drive the conversation forward on what it means to be a professional CISO.

Hashtags: #Cybersecurity #WomenInTech #CISO #DiversityInTech #ProfessionalCISO

Mentors, Risks, and Rewards: Insights From Sailaja Kotra-Turner

David Malicoat — Wed, 28 Aug 2024 05:00:00 -0500

In this episode of The Professional CISO Show, host David Malicoat interviews Sailaja Kotra-Turner, CISO and Director of Global Infrastructure and Operations at Brown-Forman. Sailaja shares her remarkable journey from IT automation to cybersecurity leadership, offering invaluable insights into the evolving role of the CISO, the importance of mentorship, and the integration of security within infrastructure teams. Whether you're a seasoned professional or just starting out, Sailaja's story is filled with practical lessons on becoming a proactive business leader in cybersecurity.

Key Takeaways:

Career Evolution: How Sailaja transitioned from IT to cybersecurity, overcoming challenges along the way.
Mentorship Matters: The critical role mentors played in her professional growth.
Security Integration: Strategies for embedding security within infrastructure teams.
CISO Role Transformation: The shift from technical expert to business leader.
Certifications Strategy: Choosing the right certifications to signal career intent.
Building a Security-First Culture: Practical tips for fostering security awareness across organizations.

Quotes:

"We need to get to the point where every infrastructure professional is also a security expert."
"The earlier security leaders are involved, the better. It’s always easier to build security in from the start."

Resources & Links:

Follow The Professional CISO Podcast: www.thpc.co
Watch on YouTube: The Professional CISO YouTube Channel
Connect on LinkedIn: The Professional CISO
Sailaja Kotra-Turner on LinkedIn: https://www.linkedin.com/in/sailajakotraturner/
David Malicoat on LinkedIn: https://www.linkedin.com/in/david-malicoat-cissp/

Upcoming Event:

12th Annual North Texas ISSA Cybersecurity Conference:Join us on September 6th at the Plano Event Center. The Professional CISO Podcast will be on-site, conducting live interviews and engaging with industry leaders. (https://www.ntxissa.org/)

Call to Action: If you found value in this episode, please subscribe, rate, and review The Professional CISO Podcast on Spotify and Apple Podcasts. Your support helps us continue bringing you great content from top cybersecurity leaders. Share this episode with your network to spread the word!

Hashtags: #Cybersecurity #CISO #Leadership #ProfessionalDevelopment #Mentorship

Gaining and Maintaining Support: Sonja Hammond's Stakeholder Strategies

David Malicoat — Wed, 21 Aug 2024 05:00:00 -0500

In this episode of The Professional CISO Show, host David Malicoat is joined by Sonja Hammond, the Chief Information Security Officer and Vice President of IT Architecture and Engineering at National Veterinary Associates. Sonja shares her remarkable journey from land administration to becoming a cybersecurity leader, offering valuable insights on the evolution of the CISO role. The conversation delves into the importance of professionalizing the role, building strong stakeholder relationships, managing career growth amidst technological changes, and strategies to prevent burnout in high-pressure roles. Whether you're an experienced CISO or an aspiring security professional, this episode is packed with actionable advice and thought-provoking insights.

Key Takeaways:

The need for professionalizing the CISO role and moving it into risk management.
Strategies for gaining and maintaining stakeholder support.
How to manage a cybersecurity career amidst rapid technological changes.
Preventing burnout and maintaining a healthy work-life balance as a CISO.
The importance of adaptability and continuous learning in cybersecurity leadership.

Guest Information:

Name: Sonja Hammond
Position: Chief Information Security Officer & VP of IT Architecture and Engineering, National Veterinary Associates
LinkedIn: https://www.linkedin.com/in/sonjahammond/

Links & Resources:

Episode Transcript: [Link to Transcript] (if available)
Related Articles/Resources: [Link to any additional resources mentioned]
Subscribe to the Podcast: [Spotify Link] | [Apple Podcasts Link]
Visit our Website: www.thpc.co
Follow us on LinkedIn: [LinkedIn Profile Link]

Episode Chapters:

Introduction (00:00)
Sonja Hammond's Career Journey (02:00)
Professionalizing the CISO Role (10:00)
Building Stakeholder Support (13:00)
Managing Career Growth and Preventing Burnout (18:00)
Final Thoughts and Advice for CISOs (24:00)
10 Rapid-Fire Questions with Sonja Hammond (26:00)

Please Rate and Review: If you enjoyed this episode, please take a moment to rate and review our podcast on Spotify or Apple Podcasts. Your feedback helps us bring more valuable content to the CISO community.

Stay Connected:

Website: www.thpc.co
YouTube: www.youtube.com/@TheProfessionalCISO
LinkedIn: https://www.linkedin.com/company/the-professional-ciso-podcast

Thank you for listening!

From Pirouettes to Protocols: Jessica Nemmers' CISO Journey

David Malicoat — Wed, 14 Aug 2024 05:00:00 -0500

Host: David Malicoat, Chief Information Security Officer and Host of The Professional CISO

Guest: Jessica Nemmers, Field CISO at Flare Data Systems

Episode Overview:

In this inspiring episode of The Professional CISO, David Malicoat welcomes Jessica Nemmers, the Field CISO at Flare Data Systems, to share her extraordinary journey from being a professional ballerina to becoming a leader in the cybersecurity industry. Jessica's story is a testament to the power of resilience, adaptability, and the importance of professionalizing the CISO role.

Key Topics Discussed:

The Transition: How Jessica made the leap from ballet to cybersecurity.
Professionalizing the CISO Role: Why business acumen and relationship-building are crucial for today’s CISOs.
Government Regulations & Compliance: Navigating the challenges and opportunities.
Mentorship & Advice: Practical tips for aspiring CISOs, especially those from non-traditional backgrounds.

Why You Should Listen: If you’re a cybersecurity professional, aspiring CISO, or simply interested in career transitions, this episode offers valuable insights into the evolving role of the CISO and how non-traditional paths can lead to success in cybersecurity.

Timestamps:

[00:00] Introduction to Jessica Nemmers and her background.
[01:00] Jessica’s journey from a professional ballerina to a cybersecurity leader.
[10:00] The importance of professionalizing the CISO role.
[18:00] Challenges and opportunities in government regulations and compliance.
[26:00] Advice for those entering cybersecurity from non-traditional backgrounds.
[31:00] Closing thoughts and key takeaways.

Resources Mentioned:

Flair Data Systems: https://www.flairdata.com/
NIST Cybersecurity Framework 2.0: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf
EC-Council Certified CISO Program: https://www.eccouncil.org/train-certify/certified-chief-information-security-officer-cciso/
North Texas ISSA: https://www.ntxissa.org/

Connect with Us:

Website: www.thpc.co
YouTube: @TheProfessionalCISO
LinkedIn: https://www.linkedin.com/in/david-malicoat-cissp/
Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=1bf04388441845bc
Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021

Follow, Share, and Subscribe:

If you enjoyed this episode, please follow, share, and subscribe to The Professional CISO Show. Your support helps us continue to provide valuable content to the cybersecurity community.

#Cybersecurity #CISO #JessicaNemmers #ProfessionalCISO #CareerTransition #CyberLeadership

Innovative Risk Management Techniques: Insights from Jim Desmond

David Malicoat — Wed, 07 Aug 2024 05:00:00 -0500

Host: David Malicoat

Guest: Jim Desmond, SVP and CSO at Asurion

Episode Summary:

In this episode of The Professional CISO Podcast, David Malicoat interviews Jim Desmond, the Senior Vice President and Chief Security Officer at Asurion. They delve into the necessity of professionalizing the CISO role, effective risk management strategies, and the importance of ethical standards in cybersecurity. Jim shares his journey from consulting to cybersecurity leadership, providing valuable insights and actionable advice for CISOs and aspiring cybersecurity professionals.

Key Topics Discussed:

Introduction to Jim Desmond:
- Background in consulting and building cybersecurity programs.
- Unique aspects of his career and personal interests.
Professionalizing the CISO Role:
- The importance and implications of ethical standards for CISOs.
- Comparisons to other professional fields like law and medicine.
Risk Management:
- Jim's approach to prioritizing vulnerabilities and focusing on impactful areas.
- Tools and techniques used, including Rapid7 and Brinca.
Crisis Leadership:
- Leading and inspiring teams during challenging times.
- The human side of cybersecurity and leadership.
Cybersecurity Frameworks:
- Navigating various standards and their implications for global organizations.
- Practical advice for implementing effective cybersecurity practices.
Personal Insights:
- Jim’s journey, favorite podcasts, and what drives his passion for cybersecurity.
- Fun rapid-fire questions revealing Jim's personal preferences and thoughts.

Notable Quotes:

"The importance of ethical standards and external support for CISOs."
"Strategies to optimize risk management and vulnerability assessment."
"Insights into the human side of cybersecurity and leadership."

Upcoming Events:

Digital Fight Club: Official podcast coverage and event highlights.
ISSA North Texas: Moderating a panel on "Platform vs. Best of Breed" and the annual cybersecurity conference.

How to Support:

If you enjoyed this episode, please follow us on Spotify and Apple Podcasts, rate and review the show, and share it with your colleagues and friends. Your support helps us continue to bring you quality content on transforming the role of the CISO.

Stay Connected:

Website: www.thpc.co
YouTube: @TheProfessionalCISO
LinkedIn: The Professional CISO

Join the Conversation:

We’d love to hear your thoughts! Leave a comment or review with your questions or insights about professionalizing the CISO role and risk management strategies.

#Cybersecurity #CISO #RiskManagement #ProfessionalCISO #JimDesmond #Leadership #Podcast #CybersecurityLeadership #DigitalFightClub #ISSA #TheProfessionalCISO

Tune in to learn more about professionalizing the CISO role and enhancing your cybersecurity practices!

Renee Guttmann Talks IT and OT Security Convergence and so much more!

David Malicoat — Wed, 31 Jul 2024 05:00:00 -0500

Welcome to the latest episode of The Professional CISO Show! In this episode, host David Malicoat sits down with Renee Guttmann, the founder and principal of CISO Hive, to discuss her extraordinary journey in cybersecurity. With a career spanning prestigious companies such as Coca-Cola, Royal Caribbean Cruises, Campbell Soup Company, Capital One, and Time Warner, Renee shares her invaluable insights and experiences.

We would like to thank our sponsor Armis for making this episode possible.
If you are going to Black Hat USA 2024, make sure to visit them at their booth or schedule some time at one of their events!

Key Topics Discussed:

[00:02:00] Early Career: Renee’s unique path from an analyst to a top-tier CISO.
[00:06:00] Networking: The critical role of networking in the cybersecurity field.
[00:11:00] Professionalizing the CISO Role: Why it’s essential and its future impact.
[00:18:00] Reporting Structure: The debate on where the CISO should report within an organization.
[00:23:00] IT and OT Convergence: The evolution and importance of IT and OT security.
[00:28:00] Career Advice: Staying well-rounded in cybersecurity and the importance of understanding OT.

Guest Information:

Renee Gutmann

Founder and Principal, CISO Hive
Formerly held positions at Coca-Cola, Royal Caribbean Cruises, Campbell Soup Company, Capital One, and Time Warner

Connect with Renee:

LinkedIn: Renee Guttmann

Host Information:

David Malicoat

Host of The Professional CISO Show
Chief Information Security Officer at a medium-sized direct and digital marketing company

Connect with David:

LinkedIn: David Malicoat
Website: The Professional CISO

Resources Mentioned:

Subscribe and Follow:

Spotify: The Professional CISO Show on Spotify
Apple Podcasts: The Professional CISO Show on Apple Podcasts

Support the Show: If you enjoyed this episode, please rate and review us on your favorite podcast platform. Your feedback helps us improve and reach more listeners interested in cybersecurity.

Follow Us on Social Media:

Tags: #Cybersecurity #CISO #ReneeGutmann #CybersecurityLeadership #Networking #Mentorship #ITSecurity #OTSecurity #RiskManagement

THPC Innovation Series #2 - Armis VIPR - w/Or Priel

David Malicoat — Fri, 26 Jul 2024 05:00:00 -0500

In this episode of the Professional CISO Podcast, host David Malicoat dives into the Innovation Series with Or Priel, co-founder of Silk Security. They discuss the acquisition of Silk by Armis, and the integration of Armis Centrix VIPR Pro. Or shares insights about his background in cybersecurity and his journey through various startups. The conversation covers the challenges organizations face with security tools and the innovative ways Silk Security’s technology bridges gaps in remediation and operational efficiency. They delve deep into the technology, problem-solving approaches, and the future extensibility of their solutions.

00:00 Introduction to the Professional CISO Podcast
00:31 Innovation Series: Exploring Tech and Value Propositions
01:02 Guest Introduction: Or Priel from Armis Centrix for VIPR Pro
01:23 Or Priel's Background and Career Journey
04:17 Discussing the Problem Space in Cybersecurity
08:27 The Armis Acquisition of Silk Security
10:29 Deep Dive into Armis Centrix for Viper Pro
17:34 Implementation and Integration Insights
19:12 Future Directions and Extensibility
21:31 People, Process, and Technology Considerations
29:15 Complementary Tools and Outcomes
32:23 Conclusion and Final Thoughts

Episode Sponsor: www.armis.com/platform/armis-centrix-for-vipr-pro-prioritization-and-remediation/

Or Priel LinkedIn: https://www.linkedin.com/in/or-priel-13086371/

David Malicoat LinkedIn: https://www.linkedin.com/in/david-malicoat-cissp/

THPC Website: www.thpc.co

THPC LInkedIn: https://www.linkedin.com/company/the-professional-ciso-podcast

The Professional CISO Podcast: Digital FightClub Recap #2 - Sponsored by Interpres Security

David Malicoat — Wed, 24 Jul 2024 19:02:53 -0500

In this episode of the Professional CISO Podcast, host David Malicoat welcomes Will Long, Matt Walker, Andrew Forgie, and Phillip Wylie for a series of discussions on critical infrastructure and cybersecurity defenses. The guests share insights on vulnerability management, the role of federal and private sectors in securing critical systems, and the importance of asset inventory. They also debate topics like AI's impact on cybersecurity and the need for offensive security awareness. The episode concludes with announcements of upcoming events and speaking engagements.

00:00 Introduction to the Professional CISO Podcast
00:30 Deep Dive into Critical Infrastructure
01:27 Tools and Strategies for Vulnerability Management
02:50 Final Thoughts on Critical Infrastructure
03:32 Introduction to Matt Walker
04:00 Insights from Digital Fight Club
05:34 Future Topics and Takeaways
07:19 Andrew Forgie's First Digital Fight Club
08:35 Federal Government's Role in Cybersecurity
12:46 Phillip Wylie’s Perspective
15:38 Upcoming North Texas ISSA Conference
16:43 Conclusion and Call to Subscribe

Sponsor

Interpres Security: www.interpressecurity.com

David Malicoat LinkedIn: https://www.linkedin.com/in/david-malicoat-cissp/

THPC Website: www.thpc.co

THPC LInkedIn: https://www.linkedin.com/company/the-professional-ciso-podcast

Digital Fight Club Website: https://digitalfightclub.co/

Will Long LinkedIn: https://www.linkedin.com/in/williamlongsr/

Matt Walker LinkedIn: https://www.linkedin.com/in/techguymatt/

Andrew Forgie LinkedIn: https://www.linkedin.com/in/andrewforgie/

Phillip Wylie LinkedIn: https://www.linkedin.com/in/phillipwylie/

THPC Innovation Series #1 - Armis - w/Michael Freeman

David Malicoat — Sun, 21 Jul 2024 11:53:51 -0500

In this episode of the Professional CISO Podcast, host David Malicoat introduces the first Innovation Series which delves into the latest technologies and developments in cybersecurity from a buyer's perspective. The episode features Michael Freeman, Head of Threat Intelligence at Armis, discussing the Armis Centrix product. The conversation covers the origins and problem-solving capabilities of Armis Centrix, focusing on asset identification, security prioritization, and process management. They discuss various aspects, including the integration of AI, the challenges of asset management in IT and OT environments, and the steps Armis is taking to future-proof its solutions. David and Michael also explore how Centrix can assist different cybersecurity teams without requiring additional hiring, provide process support, and potentially offer cost savings through tool consolidation. The episode aims to shed light on current trends and advancements, helping CISOs stay ahead in the ever-evolving cybersecurity landscape.

00:00 Introduction to the Professional CISO Podcast
00:30 Introducing the Innovation Series
01:22 Deep Dive: Armis Centrix with Michael Freeman
02:24 Understanding the Problem Space
03:32 Prioritizing and Securing Assets
07:45 Implementation and Initial Setup
11:48 Future-Proofing with AI and Acquisitions
17:55 People, Process, and Technology
30:05 Final Thoughts and Wrap-Up

Make sure you join Armis at Blackhat 2024: www.armis.com/black-hat

Michael Freeman LinkedIn: https://www.linkedin.com/in/michael-f-81848a4/

David Malicoat LinkedIn: https://www.linkedin.com/in/david-malicoat-cissp/

THPC Website: www.thpc.co

THPC LInkedIn: https://www.linkedin.com/company/the-professional-ciso-podcast

The Professional CISO Podcast: Digital FightClub Recap #1 - Sponsored by Armis

David Malicoat — Wed, 17 Jul 2024 05:00:00 -0500

In this episode of the Professional CISO Podcast, David Malicoat hosts discussions live from the Digital Fight Club After Party. Featuring interviews with cybersecurity experts like Will Long from Infinity Cyber Advisors, Jim Kastle from Kimberly-Clark, James Binford from Humana, and several others, the episode delves into the highlights of the evening's fights on critical topics in cybersecurity. Key discussions focus on the divisive AI debate, the importance of managing risk over just cybersecurity, and perspectives on future threats and technologies. The episode also touches on challenges such as the shortage of cybersecurity roles and effective strategies in vulnerability management.

00:00 Introduction to the Professional CISO Podcast
00:22 Live from Digital Fight Club: Interview with Will Long
02:17 Insights from Referee Jim Kastle
04:21 James Binford on AI and Offensive Security
06:37 Byron Davis Discusses AI and Cybersecurity
10:26 Russ Murrell's Take on Digital Fight Club
13:38 Scot Miller's Perspective on AI and Future Topics
18:15 Presley Prescott on Critical Infrastructure and Training
21:58 Conclusion and Call to Subscribe

Sponsor

Armis: www.armis.com

David Malicoat LinkedIn: https://www.linkedin.com/in/david-malicoat-cissp/

THPC Website: www.thpc.co

THPC LInkedIn: https://www.linkedin.com/company/the-professional-ciso-podcast

Digital Fight Club Website: https://digitalfightclub.co/

Will Long LinkedIn: https://www.linkedin.com/in/williamlongsr/

Jim Kastle LinkedIn: https://www.linkedin.com/in/jim-kastle-01ba172/

James Binford LinkedIn: https://www.linkedin.com/in/jamesbinford/

Byron Davis LinkedIn: https://www.linkedin.com/in/byron-d-5b710962/

Russ Murrell LinkedIn: https://www.linkedin.com/in/russ-m-623692/

Scot Miller LinkedIn: https://www.linkedin.com/in/scotmiller/

Presley Prescott LinkedIn: https://www.linkedin.com/in/presley-prescott-4548472/

The Critical Connection: CISOs and General Counsels in Cybersecurity

David Malicoat — Wed, 10 Jul 2024 05:00:00 -0500

In this episode of the Professional CISO Podcast, host David Malicoat dives into an engaging conversation with top cybersecurity attorney Shawn Tuma. They discuss Tuma's extensive career in cybersecurity law, the evolving role of the CISO, and the importance of professionalizing this crucial position. Tuma also introduces his forthcoming book focused on enhancing the relationship between general counsels and CISOs. The episode highlights the critical nature of cyber risk management, the need for strategic and business acumen in CISOs, and offers practical advice for CISOs to develop their careers. Additionally, Malicoat provides updates on upcoming events and future podcast episodes.

CISO 2.0: Cheryl Nifong on Modern Cybersecurity Leadership

David Malicoat — Wed, 03 Jul 2024 05:00:00 -0500

In this episode of the Professional CISO Podcast, host David Malicoat interviews Cheryl Nifong, CISO at the University of Texas at Arlington. They discuss Cheryl's career path, the necessity of professionalizing the CISO role, and the transition from technical to governance, risk, and compliance (GRC) positions. Cheryl shares her unique journey starting out in technical support, moving to cybersecurity leadership, and her experiences in creating effective risk management strategies. The episode covers challenges faced by women in cybersecurity, advice for aspiring cybersecurity professionals, and the importance of mentorship. Cheryl emphasizes the significance of strategic leadership and aligning daily tasks with the organization's broader vision. The conversation closes with practical advice for women entering the field and Cheryl's perspective on the future evolution of the CISO role.

00:00 Introduction to the Professional CISO Podcast
00:32 Interview with a Higher Education Security Leader
01:29 Upcoming Event: Digital Fight Club
02:56 Guest Introduction: Cheryl Nyfong
03:30 Cheryl's Journey into Cybersecurity 06:22 Transitioning to GRC and Leadership
11:12 The Evolution of the CISO Role
21:48 Women in Cybersecurity
25:05 Discovering Hidden Talents in Cybersecurity
26:06 Managing Risks with Non-Traditional Hires
27:03 The Power of Internships and Volunteer Programs
29:09 Advice for Women Entering Cybersecurity
32:23 The Importance of Mentorship
36:37 Strategic Leadership in Cybersecurity
44:12 Fun and Personal Insights with Cheryl Nyfong
47:02 Conclusion and Final Thoughts

Cheryl Nifong: https://www.linkedin.com/in/cheryl-nifong/ LinkedIn:

David Malicoat LinkedIn: https://www.linkedin.com/in/david-malicoat-cissp/

THPC Website: www.thpc.co

THPC LInkedIn: https://www.linkedin.com/company/the-professional-ciso-podcast

Digital Fight Club Website: https://digitalfightclub.co/

Player / Coach Leadership: Insights from Public Sector CIO, Ricardo Suarez

David Malicoat — Wed, 26 Jun 2024 05:00:00 -0500

In this episode of the Professional CISO Podcast, host David Malicoat interviews Ricardo Suarez, a seasoned technology leader who has served in local government for over 21 years. Ricardo shares his journey from being a sysadmin and teacher to becoming the CIO of Hialeah. The conversation delves into the early influences on Ricardo's interest in technology, the importance of professionalizing the role of the CISO, and the evolving challenges of cybersecurity. They also discuss the significance of conferences for networking and innovation, as well as the complexities of leadership and relationship-building in the public sector.

00:00 Introduction to the Professional CISO Podcast
00:09 Meet Our Guest: Ricardo Suarez
01:32 Personal Background and Early Career
02:28 Transition to Cybersecurity
04:01 The Role of a CISO
06:28 Challenges and Insights in Leadership
07:33 The Value of Conferences
09:49 Innovation in Cybersecurity
11:26 Leadership Style and Development
14:03 Rapid-Fire Questions
16:55 Conclusion and Final Thoughts

Accelerating Tomorrow's Cybersecurity: Insights from Edison Humphries at Secure Miami

David Malicoat — Wed, 19 Jun 2024 10:05:58 -0500

In this episode of the professional CISO podcast, host David Malicoat interviews Edison Humphries, the Vice President and CISO at MasTec. With roots in network engineering and security management, Edison shares his journey from a computer operator in Jamaica to a CISO in the United States. The conversation covers the challenges and rewards of transitioning into leadership roles, the importance of mentoring and developing new talent, and the necessity of professionalizing the CISO role amidst increasing demands and responsibilities. Edison also discusses the benefits of attending cybersecurity conferences, the importance of creating a supportive team culture, and the need for work-life balance. The episode concludes with a fun segment of rapid-fire questions, providing deeper insights into Edison's personal and professional perspectives.

00:00 Introduction to the Professional CISO Podcast
00:11 Interview with Edison Humphries: Background and Career Journey
00:42 Shout Outs and Conference Highlights
01:47 Edison's Early Career and Transition to Leadership
04:24 The Importance of Mentorship and Team Dynamics
06:04 Professionalizing the Role of the CISO
09:05 Challenges and Mental Health in the CISO Role
12:02 The Value of Conferences and Local Networking
13:49 Developing and Retaining New Talent
16:30 Rapid-Fire Questions with Edison Humphreys
19:35 Conclusion and Final Thoughts

Edison Humphries LinkedIn: https://www.linkedin.com/in/hedisonhumphries/

David Malicoat LinkedIn: https://www.linkedin.com/in/david-malicoat-cissp/

THPC Website: www.thpc.co

THPC LInkedIn: https://www.linkedin.com/company/the-professional-ciso-podcast

Digital Fight Club Website: https://digitalfightclub.co/

Foundation Sponsors

Interpres Security: https://interpressecurity.com/

ContraForce: https://www.contraforce.com/

The Next Chapter: Life After CISO with Justin Somaini, Partner YL Ventures

David Malicoat — Wed, 12 Jun 2024 05:00:00 -0500

In Episode 14 of the Professional CISO Podcast, host David Malicoat welcomes security leader Justin Somaini, a partner at YL Ventures. This episode explores Somaini's journey from military upbringing to penetration testing, and his current venture into cybersecurity venture capital. Key topics include the need to professionalize the CISO role, risk quantification, and the requirement for standardized cybersecurity measures for companies. The episode also delves into the future of the CISO role, the importance of community involvement, and practical advice for CISOs facing increased scrutiny. Somaini concludes with his perspectives on life after being a CISO and tips for career advancement.

00:00 Introduction to the Professional CISO Podcast
00:31 Interview with a Venture Capital Security Leader
01:36 Digital Fight Club Announcement
03:29 Guest Introduction: Justin Somaini
04:03 The Journey of Justin Somaini in Tech
05:14 Professionalizing the Role of the CISO
12:39 The Future of Risk Quantification
18:35 The Evolution of the CISO Role
22:30 Increased Scrutiny in Cybersecurity
23:29 Changing the 'I've Got It Covered' Mentality
25:30 Simplifying Security with NIST CSF
27:01 Exploring Career Paths for CISOs
28:42 Building Relationships in the Security Industry
32:06 The Importance of Innovation
34:14 Real Advice for Aspiring CISOs
36:42 Rapid-Fire Questions with Justin Somaini
39:55 Conclusion and Final Thoughts

Justin Somaini LinkedIn: https://www.linkedin.com/in/jsomaini/

YL Ventures: https://www.ylventures.com/

David Malicoat LinkedIn: https://www.linkedin.com/in/david-malicoat-cissp/

THPC Website: www.thpc.co

THPC LInkedIn: https://www.linkedin.com/company/the-professional-ciso-podcast

Digital Fight Club Website: https://digitalfightclub.co/

Foundation Sponsors

Interpres Security: https://interpressecurity.com/

ContraForce: https://www.contraforce.com/

Strategic Leadership in Cybersecurity: A Conversation with Benjamin Dulieu

David Malicoat — Wed, 05 Jun 2024 05:00:00 -0500

Episode Summary: Welcome to The Professional CISO Podcast, hosted by David Malicoat. In this exciting episode, we sit down with Benjamin Dulieu, the CISO at Duck Creek Technologies, to explore his incredible journey from the Marine Corps to becoming a top cybersecurity leader. Ben shares invaluable insights on leadership, the importance of structured processes, and how CISOs can earn their seat at the executive table.

Key Takeaways:

Leadership and Trust: Effective leadership in cybersecurity hinges on building trust and understanding team dynamics.
Business Integration: CISOs must align their objectives with business goals and think like a COO with a tech focus.
Structured Processes: Turning complex challenges into manageable, repeatable processes is crucial for efficiency and improvement.
Professionalizing the Role: The CISO role is evolving to become more integrated with business strategy and operations.

Notable Quotes:

"If human beings in a war zone can be turned into a process, you're kidding yourself if you think technology can't be."
"You're running your own business as a CISO within the company. Start thinking like a COO with a technological mindset."

Listener Benefits:

Gain insights from Ben Dulieu’s unique career path and leadership philosophy.
Learn how to effectively integrate cybersecurity with business strategies.
Understand the importance of structured processes and continuous improvement.
Discover practical advice for aspiring and current CISOs on earning executive trust and building strong teams.

Benjamin Dulieu LinkedIn: https://www.linkedin.com/in/benjamin-dulieu-2844137a/

David Malicoat LinkedIn: https://www.linkedin.com/in/david-malicoat-cissp/

THPC Website: www.thpc.co

THPC LInkedIn: https://www.linkedin.com/company/the-professional-ciso-podcast

Digital Fight Club Website: https://digitalfightclub.co/

Foundation Sponsors

Interpres Security: https://interpressecurity.com/

ContraForce: https://www.contraforce.com/

CISO Interview Chronicles: One CISO’s Path to the Final Three at a Fortune 500

David Malicoat — Wed, 29 May 2024 05:00:00 -0500

In this exclusive episode of the Professional CISO Podcast, the script is flipped as David Malicoat, our usual host, becomes the guest. With his mentor, Robert Pace, taking over the hosting duties, David opens up about his recent experience interviewing for a CISO position at a Fortune 500 company. From the initial approach to making it to the final three candidates, David shares his mental state throughout the process and the invaluable lessons learned along the way. This episode is a must-listen for both seasoned CISOs and those aspiring to make the jump to high-level positions.

Key Takeaways:

Initial Interest: David discusses how he was first approached for the position and his initial thoughts and feelings about the opportunity.
Application Process: Insights into the preparation of his resume and the mindset of staying calm and collected while waiting for responses.
Interview Stages: Detailed breakdown of the multiple interview stages, including virtual screenings, leadership evaluations, and the importance of stakeholder management.
Emotional Regulation: Techniques David used to manage stress and maintain focus during the high-stakes process, emphasizing the role of support from friends, family, and mentors.
Learnings and Reflections: The importance of emotional intelligence, self-awareness, and staying true to oneself throughout the interview process.
Final Thoughts: Reflections on reaching the final three candidates, handling the outcome, and maintaining a positive outlook for future opportunities.

Notable Quotes:

"In the end, it's all about the learnings."
"Control the controllables and stay focused on what you can manage."
"Give the opportunity its regard, but don't let it control you."

Listener Benefits:

For Aspiring CISOs: Gain insights into the interview process at a Fortune 500 company and learn how to prepare mentally and professionally.
For Seasoned Professionals: Reflect on your own experiences and find new strategies for managing high-pressure situations.
For Everyone: Understand the importance of emotional intelligence and the role of mentorship in career advancement.

Call to Action:
Don’t miss this chance to learn from David Malicoat’s personal experience. Subscribe to the Professional CISO Podcast for more episodes that professionalize the CISO role and offer valuable insights for your career journey.

Connect with Us:

Follow Robert Pace on LinkedIn: https://www.linkedin.com/in/robert-pace097/

Follow David Malicoat on LinkedIn: https://www.linkedin.com/in/david-malicoat-cissp/

THPC Website: www.thpc.co

Follow THPC on LInkedIn: https://www.linkedin.com/company/the-professional-ciso-podcast

Check out the Digital Fight Club Website: https://digitalfightclub.co/

Please check out our Foundation Sponsors

Interpres Security: https://interpressecurity.com/

ContraForce: https://www.contraforce.com/

Cloud Security, Veterans, and Leadership. A Discussion.

David Malicoat — Thu, 02 May 2024 03:00:00 -0500

This week’s guest is Allen Rountree, Deputy CISO of IBM Public Cloud. David talks to Allen about Leadership in cybersecurity, being fluent in the language of risk, and risk specific to cloud computing. Allen and David both served in the Marine Corps and both served in the Marine Corps Security Forces (MCSF), so they have very similar early starts in their service careers. In this conversation, they also cover specific advice for veterans looking to get into cybersecurity.

Allen Rountree LinkedIn: https://www.linkedin.com/in/allenrountree/

David Malicoat LinkedIn: https://www.linkedin.com/in/david-malicoat-cissp/

THPC Website: www.thpc.co

THPC LInkedIn: https://www.linkedin.com/company/the-professional-ciso-podcast

Digital Fight Club Website: https://digitalfightclub.co/

Foundation Sponsors

Interpres Security: https://interpressecurity.com/

ContraForce: https://www.contraforce.com/

The first rule of Digital Fight Club is to TALK about Digital Fight Club!

David Malicoat — Wed, 24 Apr 2024 14:04:35 -0500

This week’s guest is Mike Pratt, Host and Owner of Digital Fight Club (DFC). Your host, David Malicoat, talks to Mike about how DFC started and how the show made it into the consciousness of the cybersecurity community. David reveals his history with DFC, as well as some back story on how DFC Cyber came together. Finally, Mike and David talk about the new developments with DFC and how it is gaining national attention with a full Hollywood production ready for television. DFC is back at the Grenada Theater in Dallas, Texas on June 27, 2024 for the recording of Season 1, Episode 1.

Mike Pratt LinkedIn: https://www.linkedin.com/in/mikepratt/

Digital Fight Club Website: https://digitalfightclub.co/

David Malicoat LinkedIn: https://www.linkedin.com/in/david-malicoat-cissp/

THPC Website: www.thpc.co

THPC LInkedIn: https://www.linkedin.com/company/the-professional-ciso-podcast

Evolving Leadership: Navigating the Future of Cybersecurity with Ryan Bachman

David Malicoat — Wed, 17 Apr 2024 12:25:09 -0500

Welcome to Episode 9 of the Professional CISO Podcast hosted by David Malicoat.

David meets up with Ryan Bachman, currently the Executive Vice President and Global Chief Information Security Officer at General Motors Financial. They discuss Bachman's career journey, from his early fascination with technology to his current role. Additionally, they highlight the significance of building trust and service within an organization and discuss the future trajectory of the CISO role in the corporate world as the responsibilities of the CISO role expand.

Sponsors:

This episode is brought to you by Valence Security. Take steps to secure your SaaS apps and more at https://www.valencesecurity.com/

Impactful Moments:

00:00 - Welcome

03:30 - Introducing guest, Ryan Bachman

07:27 - Tech Driven vs Business Driven

12:25 - They DO Understand

17:20 - Broader Executive Skills

20:08 - Thanks to Valence Security

22:44 - Building Your Brand as A CISO

26:24 - Giving Good Service as A CISO

29:13 - Driving Innovation in Cybersecurity

37:38 - The Expanding Role of the CISO

46:47 - 10 Questions

Links:

Connect with our guest, Ryan Bachman:

https://www.linkedin.com/in/ryan-bachman-9253296/

Attacking Healthcare from All Sides with OffSec Director, James Binford

David Malicoat — Wed, 10 Apr 2024 04:00:00 -0500

A Texas Tech2Table event sets the stage for David and his podcast guest, James Binford, an Offensive Security Director. They discuss how his background as a former BISO influences his insights on offensive and defensive security, specifically surrounding healthcare. The conversation also touches on AI in security, and the importance of incorporating writing and storytelling to help formulate your message.

Sponsors:

This episode is brought to you by ContraForce. When you need to to get maximum productivity from your existing Microsoft Security stack and other leading tools, you should be working with ContraForce. https://www.contraforce.com/

Impactful Moments:

00:00 - Welcome

02:09 - Introducing guest, James Binford

04:15 - Challenges of OffSec

08:35 - Healthcare Specific Defense Tips?

10:00 - Proactive on AI

11:58 - From Our Sponsor, Contraforce

12:58 - Advice for Healthcare CISOs

14:05 - CISOs Start with Writing

16:13 - Future of Healthcare Security

19:10 - 10 Questions

Links:

Connect with James Binford:

https://www.linkedin.com/in/jamesbinford/

‘Right Brain’ Skills and Leadership for Today’s CISO with Patrick Benoit

David Malicoat — Wed, 03 Apr 2024 04:00:00 -0500

Welcome to Episode 7 of the Professional CISO Podcast, Hosted by David Malicoat

David reunites with longtime friend and former coworker, Patrick Benoit. They explore the evolution and professionalization of the CISO role, Pat's career journey from technology and military service to cybersecurity leadership, and the necessity of soft skills alongside technical knowledge. They also discuss the challenge of guiding boards on cyber risk, the relationship between CISOs and technology executives, and the importance of developing trust and leadership qualities.

Don’t forget to subscribe to the podcast and join us on LinkedIn so we can keep the conversation moving forward. www.theprofessionalciso.com

Sponsors: This episode is brought to you by our foundational sponsor, Interpres Security. Visit www.interpressecurity.com/HVM to learn more!

Impactful Moments:

00:00 - Welcome

02:06 - Introducing guest, Pat Benoit

06:08 - Licensing CISOs?

07:37 - CISO Now Is Like CIO Then

09:25 - The ‘Trust & Inspire’ Skills

13:12 - Little c to Big C in CISO

16:00 - Approaching Other ‘C’ Roles

20:11 - 10 questions

27:15 - Cyber-Risk Insight

Links:

Connect with Pat Benoit:

cyber-riskinsights.com

https://www.linkedin.com/in/patricklbenoit/

Books Mentioned:

https://www.amazon.com/Extreme-Ownership-U-S-Navy-SEALs/dp/1250067057

The Four Agreements

The SEC & the CISO: It’s A New World Out There

David Malicoat — Wed, 27 Mar 2024 03:00:00 -0500

Welcome to Episode 6 of the Professional CISO Podcast, Hosted by David Malicoat

Today’s lesson in becoming a professional CISO goes back to where a lot of our journey began; the SEC complaint against Solarwinds and its CISO, Tim Brown. David points out the good, the bad, and the key takeaways from the complaint that you can take to work with you today.

Don’t forget to subscribe to the podcast and join us on LinkedIn so we can keep the conversation moving forward.

Sponsors:

Impactful Moments:

00:00 - Welcome

02:14 - Disclaimers

02:59 - Background

04:17 - What the SEC Got Right

05:43 - Where the SEC Fumbled

08:16 - Conflating the Publications

10:46 - Who Can Publish Public Statements?

12:10 - Takeaways

15:52 - From our Sponsor, Contraforce

16:52 - Buried Four Levels Deep in the Org

22:40 - Closure

Links:

Join the Conversation: www.theprofessionalciso.com

SEC Complaint: https://www.sec.gov/news/press-release/2023-227

NIST CSF: https://www.nist.gov/cyberframework

NIST 800-53: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf

AI; Risk, Regulations and A Vision for the Future with Shashank Tiwari

David Malicoat — Wed, 20 Mar 2024 04:00:00 -0500

Welcome to Episode 5 of the Professional CISO Podcast, Hosted by David Malicoat

Part of becoming a professional CISO means knowing how to interact with stakeholders, so David sits down with Shashank Tiwari, CEO at Uno.ai, to help illuminate the path forward when it comes to all things AI. David brings the big questions, so get ready to take notes as Shashank dishes the advice you’ve been looking for.

Sponsors:

Impactful Moments:

00:00 - Welcome

01:20 - Introducing guest, Shashank Tiwari

05:05 - Storytelling & Human Connections

09:57 - Security for AI, AI for Security

12:47 - From our Sponsor, Contraforce

13:58 - Securing How We’re Using AI & the Unknown

20:14 - The CISO as the AI Voice of Reason

23:03 - AI/SEC Regulations & Potential Impacts

28:20 - AI & the Skills Gap

33:10 - AI & Skill Certifications

36:37 - 10 Questions

Links:

Connect with Shashank Tiwari:

https://www.linkedin.com/in/tshanky/

Streamlining and Simplifying the Security Environment with Nick Lantuh

David Malicoat — Wed, 13 Mar 2024 04:00:00 -0500

Welcome to Episode 4 of the Professional CISO Podcast, Hosted by David Malicoat.

The scenery changes on our journey to becoming a professional CISO, as David sits down with guest Nick Lantuh, CEO of Interpres Security. Looking at the CISO role from the top, Nick describes his perspective as someone with CEO and Board member experience, but he also ways for CISOs to bring innovation to the table.

Sponsors: This episode is brought to you by our foundational sponsor, Interpres Security. Visit www.interpressecurity.com/HVM to learn more!

Impactful Moments:

00:00 - Welcome

01:29 - Introducing guest, Nick Lantuh

05:41 - CISO’s with Cyber Chops

08:22 - Believe, Lead, Succeed

10:01 - From our Sponsor, Interpres Security

10:55 - CISO Introspection

15:20 - Cyber Savings

19:35 - Prioritization of Threat & Defense

27:38 - Tool Maximization and CTEM

31:21 - 10 Questions

Links:

Connect with Nick Lantuh:

https://www.linkedin.com/in/nicklantuh/

You’re a crucial part of the conversation:

www.theprofessionalciso.com

Healthcare CISO: Protecting Your Organization's Vitality with Will Long

David Malicoat — Wed, 06 Mar 2024 04:00:00 -0600

Welcome to Episode 3 of the Professional CISO Podcast, Hosted by David Malicoat.

David gets to enjoy an in-person interview with new friend, Will Long, an Independent Healthcare CISO. Will speaks candidly about the complexity of cyber risk in the healthcare field and how it impacts leadership at the CISO level in various capacities. Listeners will enjoy hearing general tips about stakeholder management and creating effective solutions for the specific problems they face.

Sponsors: This episode is brought to you by our foundational sponsor, Interpres Security. Visit www.interpressecurity.com/HVM to learn more!

Impactful Moments:

00:00 - Welcome

01:13 - Introducing guest, Will Long

03:59 - The Case for a CISO Professional

05:50 - Healthcare vs Other Industry

11:02 - Communicating with Healthcare Practitioners

13:32 - From our Sponsor, Interpres Security

14:25 - Moving Faster in Healthcare

17:09 - Automation in Healthcare

19:08 - Working on Your Executive Presence

23:40 - Cyber-Risk Quantification in Healthcare

27:18 - 10 Questions

Connect with our guest, Will Long:

https://www.linkedin.com/in/williamlongsr/

Engage with the THPC community on LinkedIn:

https://www.linkedin.com/company/the-professional-ciso-podcast/

Quantifying the Threat: A Conversation with Michael Jenks

David Malicoat — Wed, 28 Feb 2024 04:00:00 -0600

Welcome to Episode 2 of the Professional CISO Podcast, Hosted by David Malicoat.

David sits down with Michael Jenks, CTO and co-founder of Interpres Security. They discuss the potential of threat-informed defense and automation; highlighting them as key pieces in the newest capabilities in cybersecurity. They should be on the CISO radar to help prioritize and make informed decisions that can bring them to the next level.

Sponsors: This episode is brought to you by our foundational sponsor, Interpres Security. Visit www.interpressecurity.com/HVM to learn more!

Key Moments:

00:00 - Welcome

00:57 - Introducing our Guest, Michael Jenks

03:24 - Compliance is Not Security

06:32 - The Quantitative Realm

10:26 - Thanks to Our Sponsor, Interpres

11:23 - It’s All About Automation

14:49 - A Symbiotic Relationship

16:28 - Continuous Threat Exposure Management (CTEM)

19:14 - What Should CISOs Be Thinking?

36:11 - 10 Questions

Connect with our Guest, Michael Jenks:

https://www.linkedin.com/in/michaeljenks/

Engage with the THPC community on LinkedIn:

https://www.linkedin.com/company/the-professional-ciso-podcast/

Using a Balanced Leadership Approach with Robert Pace

David Malicoat — Wed, 21 Feb 2024 13:05:00 -0600

Welcome to Episode 1 of the Professional CISO Podcast, Hosted by David Malicoat.

Our journey continues with a notable figure in David’s professional development, Robert Pace, Chief Information Security Officer of Invitation Homes. He previously held positions at First American Payment Systems, Textron, and PwC. Robert Pace and David Malicoat worked together early in their careers at Perot Systems, which was later acquired by Dell Services.

This episode touches on various aspects such as risk management, team development, personal well-being, the process of professionalizing the CISO role, and more. At the end, we’ll break down the Eisenhower Matrix as a practical tool for effective decision-making and task prioritization.

Sponsors:

Key Moments:

00:00 - Welcome

00:29 - Introducing our Guest, Robert Pace

01:53 - How Robert Jetted into Tech

05:55 - How Robert & David Met

10:26 - CISO Networking

13:21 - What’s Going Good/Bad in the CISO role?

18:11 - Getting Risk Management Experience

21:23 - The Process and the Risk Element

23:04 - Developing Teams

28:42 - CISO Work/Life Balance

34:03 - Eisenhower Matrix

36:11 - 10 Questions

Engage with the community on LinkedIn:

https://www.linkedin.com/company/the-professional-ciso-podcast/

Links to Cool Stuff:

A good guide to The Eisenhower Matrix by James Clear: https://jamesclear.com/eisenhower-box

Shaping Cyber Leadership: Today, Tomorrow, Together

the-professional-ciso — Mon, 19 Feb 2024 13:28:25 -0600