
Hosted by David Spark, Mike Johnson, and Andy Ellis · EN

All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series, and Andy Ellis, principal of Duha. Joining them is Tim Callahan, CIO/CISO, AFLAC. In this episode: Week one is the wrong time to overreach Nobody has the AI playbook Vulnerability management wasn't built for this clock Stop blaming the human, fix the system A huge thanks to our sponsor, Vanta No, it's not your imagination. Risk and regulations ARE ramping up—and customers now expect proof of security just to do business. That's why Vanta is a game-changer. Vanta automates your compliance process and brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Companies like Ramp and Writer spend 82% less time on audits with Vanta. That's not just faster compliance—it's more time for growth. Get started at Vanta.com/CISO.

All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series, and Andy Ellis, principal of Duha. Joining is Patti Degnan, operating partner, Andreessen Horowitz. In this episode: Identity built for one person at a time Patching can't outrun the exploit timeline The exception hiding inside zero trust A revenue question nobody's answered yet A huge thanks to our sponsor, ThreatLocker ThreatLocker delivers Zero Trust Network Access and Zero Trust Cloud Access that verifies both user and device before granting access to specific applications. No broad access, nothing exposed, and no reliance on credentials alone. It's a smarter way to control access and reduce risk. Learn more at ThreatLocker.com/CISO.

All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series and Nick Vigier, CISO, Oscar Health. Joining is our sponsored guest, Mitchem Boles, field CTO, Intezer. This episode was recorded live at Intezer's AI SOC event held at the NASDAQ in NYC. In this episode: Who owns the risk Before it gets better The SOC of zero The decision bottleneck A huge thanks to our sponsor, Intezer Intezer Forensic AI SOC is designed for enterprises managing high alert volumes across SIEM, EDR Network, identity, phishing, and cloud systems. These organizations often rely on MDRs to fill coverage gaps but face frustration with limited visibility, too many escalations, and missed incidents hiding in low-severity alerts. Learn more at Intezer.com.

All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining is Megan Samford, vp product and supply chain security, Schneider Electric. In this episode: Two modes of CISO The vendor has the keys The economic argument for secure code Burning through the talent A huge thanks to our sponsor, Native Security Native makes secure-by-design inherent to how the cloud operates. It's the control plane for built-in cloud security, unifying and governing native controls, so security intent is defined once and applied consistently across providers. Learn more at native.security.

All links and images can be found on CISO Series This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is Dmitriy Sokolovskiy, senior vice president, information security, Semrush. This episode was recorded in front of a live audience at the offices of Aqueduct Technologies in Canton, MA. See photos from the event. In this episode: A clock on everything The oversight loop Not a better tool, a different one It's not the alerts A huge thanks to our sponsor, Strike48 It's no secret that AI is only as good as the data available to it. Strike48 unifies agentic AI with unmatched log visibility while avoiding the typical hefty price tag. Build and deploy agents for phishing detection, alert triage, threat correlation and more. Queries existing logs where they currently live, so you can keep the technology you already have. Learn more at Strike48.com. A huge thanks to our sponsor, Dropzone AI Dropzone AI delivers a team of AI agents that investigate alerts, hunt threats, and respond to attacks across your full security stack. No playbooks required. No hidden humans in the critical path. Your analysts stay in control, directing strategy while AI agents handle the investigation workload at machine speed. Learn more at dropzone.ai.

All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining is our sponsored guest, Danny Jenkins, CEO, ThreatLocker. In this episode: Permission creep at machine speed The pattern we keep calling a mistake Stop authenticating the human Vibe coded out of existence A huge thanks to our sponsor, ThreatLocker ThreatLocker delivers Zero Trust Network Access and Zero Trust Cloud Access that verifies both user and device before granting access to specific applications. No broad access, nothing exposed, and no reliance on credentials alone. It's a smarter way to control access and reduce risk. Learn more at ThreatLocker.com/CISO.

Our Data Security Policy Is Transparent in That It Doesn't Exist All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining is Mike Melo, CISO, TMX Group. In this episode: The weight of old controls Data you can actually see 68 vendors and counting Authority you never had to claim A huge thanks to our sponsor, Vanta Still stuck on the quarterly audit treadmill? Meet Calm-pliance. Vanta combines compliance, risk, and proof on one Agentic Trust Platform—and continuously monitors your controls, keeping you audit-ready all year round. Find your Calm-pliance here.

All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series, and Andy Ellis, principal of Duha. Joining them is their sponsored guest Amit Megiddo, CEO and founder, Native. In this episode: The CISO you don't need Misconfigurations aren't a cloud problem Secure by design means enforcing it Finding bugs faster isn't the bottleneck A huge thanks to our sponsor, Native Native makes secure-by-design inherent to how the cloud operates. It's the control plane for built-in cloud security, unifying and governing native controls, so security intent is defined once and applied consistently across providers. Learn more at native.security.

All links and images can be found on CISO Series This week's CISO Series Podcast features David Spark, producer of CISO Series, and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Jadee Hanson, CISO, Vanta. In this episode: The compliance receipt nobody reads Who signs off on the AI that wrote the code The agent that wouldn't stop The questionnaire that should not exist A huge thanks to our sponsor, Vanta Risk and regulation ramping up—and customers expect proof of security just to do business. Vanta's automation brings compliance, risk, and customer trust together on one AI-powered platform. So whether you're prepping for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure—and keeps your deals moving. Learn more at vanta.com/ciso.

All links and images can be found on CISO Series This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining is Jean-Paul Calabio, vp and CISO, Grainger. In this episode: Scanning the map isn't securing the territory CFOs don't fund faith What your AI inherits Nobody owns the gap Thanks to Jonathan Waldrop, CISO, Acoustic for providing our "What's Worse" scenario. A huge thanks to our sponsor, ThreatLocker ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.