All links and images for this episode can be found on CISO Series.

This week’s episode was recorded in front of a live audience in Seattle as part of the National Cybersecurity Alliance’s event Convene. Recording is hosted by me, David Spark (@dspark), producer of CISO Series and Nicole Ford, SVP and CISO, Nordstrom. Joining us is guest, Varsha Agrawal, head of information security, Prosper Marketplace.

In this episode:

• Who guards the AI guardrails?
• What should security awareness training look like?
• The authentication point of failure
• Uncommon sense

Thanks to our podcast sponsors, KnowBe4, Proofpoint, and Vanta!

KnowBe4's PhishER Plus is a lightweight SOAR platform that streamlines threat response for high-volume, potentially malicious emails reported by users. It automatically prioritizes messages, helping InfoSec and Security Operations teams quickly address the most critical threats, reducing inbox clutter and enhancing overall security efficiency.

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber-attacks.

Whether you’re starting or scaling your security program, Vanta helps you automate compliance across SOC 2, ISO 27001, and more. Streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies use Vanta to manage risk and prove security.

All links and images for this episode can be found on CISO Series.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is Kush Sharma, Director Municipal Modernization & Partnerships, Municipal Information Systems Association, Ontario (MISA Ontario).

In this episode:

• Your first security hire
• Moving beyond the basics with critical infrastructure
• Untangling the Gordian Knot of municipal cybersecurity
• Starting from square one

Thanks to our podcast sponsor, Material Security!

Material Security is a multi-layered email threat detection & response toolkit designed to stop attacks and reduce the threat surface across all of Microsoft 365 and Google Workspace. Learn more at material.security.

All links and images for this episode can be found on CISO Series.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is Bethany De Lude, CISO, the Carlyle Group.

In this episode:

• CISOs as storytellers
• Grinding a CISO’s gears
• An evolving role
• Earning trust with vendors

Thanks to our podcast sponsor, Scrut Automation!

Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Our best-in-class features like process automation, AI, and 75+ native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit www.scrut.io to learn more or schedule a demo.

All links and images for this episode can be found on CISO Series.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is Ty Sbano, CISO, Vercel.

In this episode:

• Perception is the reality for insider threats
• Coaching rather than shaming
• Working to make DevOps redundant
• Fixing a strained relationship

Thanks to our podcast sponsor, Backslash!

Backslash Security is your modern AppSec solution, focusing on what truly matters—real risks. Gain clear visibility into your applications and fix only the code and open-source software that’s actually in use, making your AppSec smarter and more efficient. Learn more at https://www.backslash.security/.

All links and images for this episode can be found on CISO Series.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is Fredrick Lee (Flee), CISO, Reddit.

In this episode:

• The case for the technical CISO
• Making Recall safe for business
• The aches and pains of cybersecurity hiring
• Leveling up municipal cybersecurity

Thanks to our podcast sponsor, ThreatLocker!

ThreatLocker® is a global leader in Zero Trust endpoint security offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images for this episode can be found on CISO Series.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is Justin Somaini, partner, YL Ventures.

In this episode:

• The startup balancing act

• Giving back is its own reward

• When to pen test

• Getting ahead with generative AI policy

Thanks to our podcast sponsor, Vanta!

Whether you’re starting or scaling your security program, Vanta helps you automate compliance across SOC 2, ISO 27001, and more. Streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies use Vanta to manage risk and prove security.

All links and images for this episode can be found on CISO Series.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is Patti Titus, CISO, Booking Holdings.

In this episode:

• Defense vs. Resilience
• Communication is on par with mitigation
• Preparing like its post-quantum
• The challenges and opportunities of diversity

Thanks to our podcast sponsor, Cyera!

Cyera’s AI-powered data security platform gives companies visibility over their sensitive data, context over the risk it represents, and actionable, prioritized remediation guidance.
 As a cloud-native, agentless platform, Cyera provides holistic data security coverage across SaaS, PaaS, IaaS and on-premise environments. Visit www.cyera.io to learn more.

All links and images for this episode can be found on CISO Series.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Steve Zalewski. Joining us is our sponsored guest, Amir Khayat, CEO and co-founder, Vorlon Security.

In this episode:

• The evolving challenges of incident response
• Repetition isn’t always the mother of automation
• Third-party APIs, first-party risk
• You know what they say when you assume something

Thanks to our podcast sponsor, Vorlon Security!

Vorlon helps organizations take back control of their data by providing continuous visibility of sensitive data shared via API across third-party applications. Know what data goes where, when, and how between third-party apps with external threat intelligence. Reduce the complexity of investigating and responding to third-party security incidents with Vorlon.