I Just Can’t Communicate With the Business. I’ve Tried Condescension AND Derision.
All links and images can be found on CISO Series. This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining us is Gary Chan, CISO, SSM Health. Be sure to check out Gary's security mentalism website: https://www.gschan2000.com. In this episode: Decision-making with incomplete information Translation beats technical expertise Influence trumps authority for CISOs Technical prowess creates adversaries Huge thanks to our sponsor, Vanta Automate, centralize, & scale your GRC program with Vanta. Vanta’s Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.
--------
35:44
--------
35:44
Impressive! Our AI is Approaching “One 9” of Accuracy.
All links and images can be found on CISO Series. This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining us is our sponsored guest, Kevin Tian, co-founder and CEO, Doppel. In this episode: AI fraud gets on the juice Agentic AI demands a new security mindset The new frontier for social engineering We still need human verification Huge thanks to our sponsor, Doppel Doppel is the first social engineering defense platform built to dismantle deception at the source. It uses AI and infrastructure correlation to detect, link, and disrupt impersonation campaigns before they spread - protecting brands, executives, and employees while turning every threat into action that strengthens defenses across a shared intelligence network.
--------
39:43
--------
39:43
They Can’t Hack All Our Tools If We Keep Buying New Ones
All links and images can be found on CISO Series. This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is their sponsored guest, Rajan Kapoor, CEO of Material Security. In this episode: AI creates security's catch-22 Delegation without abandonment Google's security gaps demand better tools Trust beats sophistication every time A huge thanks to our sponsor, Material Security What if you could get a view of security across Google Workspace–email, documents, and accounts–all in one place? Material Security unifies your Google Workspace security operations, simplifying and strengthening security with continuous monitoring and automatic issue resolution. See how Material Security simplifies your security for GMail, GDrive and Google accounts. Learn more at https://material.security.
--------
34:18
--------
34:18
Cosmo Quiz! 23 Ways to Make Your Vendors Obsessed With Your Security Standards
All links and images can be found on CISO Series. This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: Large enterprise security demands drive vendor improvements Technical expertise becomes leadership liability without delegation EDR evolution needs prevention focus Career breaks require personal ownership and strategic timing A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
--------
38:45
--------
38:45
We’ll Worry About Recovering From the Attack Once We Ace This Audit
All links and images can be found on CISO Series. This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Peter Clay, CISO, Aireon. In this episode: Purple teaming evolution misses operational realities Effective postmortems require systematic failure analysis Risk expertise requires business context over methodology Compliance and resilience serve different purposes Huge thanks to our sponsor, Safe Security SAFE is reinventing Third-Party Risk Management with Agentic AI. Our AI Agents automate onboarding, assessments, and monitoring—giving security teams real-time visibility and zero-effort control across their vendor ecosystem. See why SAFE is the fastest-growing TPRM platform on the market at https://testdrive.safe.security/.
Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.
Ireland