Defense in Depth

All links and images can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Ross Young, co-host, CISO Tradecraft. Joining them is Dan Walsh, CISO, Datavant. Be sure to check out Ross's book Cybersecurity's Dirty Secret: Why Most Budgets Go to Waste.
In this episode:
Patterns hiding in plain sight
Activity vs. advancement
The human cost
Frameworks about frameworks
A huge thanks to our sponsor, Fenix24

Fenix24 is the world's leading breach recovery firm, providing rapid ransomware restoration, full asset visibility, and threat informed hardening. Alongside expert recovery services, Fenix24 delivers ongoing managed protection that secures backups, infrastructure, and critical controls, helping organizations stay resilient, recoverable, and prepared for modern cyber threats. Learn more at fenix24.com.

All links and images can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is Adam Palmer, CISO, First Hawaiian Bank. Be sure to check out David's book, Three Feet from Seven Figures: One-on-One Engagement Techniques to Qualify More Leads at Trade Shows.
In this episode:
Lead with insight, not persuasion
Recognize the opportunity when it arrives
Strategy over features
Keep it efficient
A huge thanks to our sponsor, Endor Labs

Discover how AI coding agents are reshaping software supply chain risk in the State of Dependency Management. Original research from Endor Labs shows 49% of dependency versions have known vulnerabilities (and that 34% don't actually exist). Get the report to see how "shadow AI" is reshaping attack surfaces. Learn more at endorlabs.com.

All links and images can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining is their sponsored guest, Matt Brown, solutions architect, Endor Labs.
In this episode:
The development disconnect
Functionality first, security second
The incentive problem
Speed as the common ground
A huge thanks to our sponsor, Endor Labs

Discover how AI coding agents are reshaping software supply chain risk in the State of Dependency Management. Original research from Endor Labs shows 49% of dependency versions have known vulnerabilities (and that 34% don't actually exist). Get the report to see how "shadow AI" is reshaping attack surfaces. Learn more at www.endorlabs.com.

All links and images can be found on CISO Series.
Check out this post by Caleb Sima for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Evan McHenry, CISO, Robinhood.
In this episode:
The information paradox
Setting realistic expectations
Prioritization over noise
The cart before the horse
Huge thanks to our sponsor, Endor Labs

Discover how AI coding agents are reshaping software supply chain risk in the State of Dependency Management. Original research from Endor Labs shows 49% of dependency versions have known vulnerabilities (and that 34% don't actually exist). Get the report to see how "shadow AI" is reshaping attack surfaces.

All links and images can be found on CISO Series.
Check out this post, CISO, Upwind Security, for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap, CISO, LinkedIn. Joining us is Octavia Howell, vp and CISO, Equifax Canada.
In this episode:
Beyond the quota
The hard truth beats the polished bluff
Paying for someone else's mistakes
Reducing friction, increasing trust
Huge thanks to our sponsor, ThreatLocker

ThreatLocker takes a deny-by-default approach to endpoint security — controlling what applications can run, what can access data, and what can elevate privileges. Used by organizations that want to reduce attack surface without relying on detection alone. Learn more at threatlocker.com/ciso.