CISO Stories Podcast (Audio)
SC Media and Saviynt are proud to present this month's CISO Stories program, where CISOs share tales from the trenches and unpack leadership lessons learned along the way. Hosted by Jessica Hoffman.
Episodes
This episode was about agentic IAM—what it is and the risks that come with letting non-human agents act for customers. We defined external IAM, then traced how the industry moved from basic login and MFA to consent, delegation, and now agent-to-agent interactions. Along the way we unpacked key risks for CISOs and practitioners to consider.
Segment Resources:
https://www.loginradius.com/
https://customeriambook.com/
Visit https://...
CISO Sandy Dunn breaks down her blueprint for AI-ready defense—pairing MITRE ATT&CK v18 with MITRE ATLAS to move from policy to behavior-based detections. We hit practical AI governance, her early focus on defending and understanding AI, and how OWASP GenAI tools turn checklists into action.
Segment Resources: Article: https://www.linkedin.com/pulse/attck-v18-atlas-blueprint-ai-ready-defense-sandy-dunn-mafoc
AI Cheat Sheet: htt...
Jennifer Selby Long reframes security awareness as more than training—it's about earning trust and influence with executives and security teams. She shares leadership lessons on how to build stronger alignment and support for security initiatives.
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-217
Dawn Capelli, Head of OT-CERT at Dragos, unpacks the evolving risks to Operational Technology. From nation-state attacks on Ukraine's infrastructure to hacktivists targeting U.S. water systems, she explains the PIPEDREAM malware, the top five SANS critical OT controls, and how Dragos' OT-CERT program offers free resources to help organizations defend critical infrastructure now.
Segment Resources: https://www.dragos.com/community/
Kevin Nikkhoo joins the show to explore Security Operations Center as a Service (SOCaaS) and how it compares to traditional SOC models. He breaks down which organizations benefit most from this approach and how AI is reshaping modern SOC operations. Listeners will gain a clear understanding of how SOCaaS can enhance detection and response capabilities—and why embracing AI is key to the future of security operations.
From Diagram to Cloud: Rethinking Cloud Security in an Age of Uncertainty
Episode Summary: In this month's episode of CISO Stories, we dive deep into cloud security with cybersecurity veteran and cloud innovator Yogi Parulekar, founder of InviGrid. Against a backdrop of rising geopolitical tensions and tightening budgets, we explore how organizations can move from reactive security to proactive resilience. Yogi introduces the conce...
In this episode, we explore the crucial role of cultivating a strong security culture to drive change in AppSec, where training and collaboration are key. Our distinguished guest, Danielle Ruderman, discusses the importance of executive support in ensuring that application development isn't just about churning out apps on time, but also about adopting a secure-by-design approach. We also dive into how to empower developers, foster ...
In this episode, Erika Dean dives into the evolution of attack surface management (ASM) in financial tech. From foundational strategies to future-focused threats, she explores how shifts in the fintech landscape demand deeper organizational awareness, ongoing tabletop exercises, and proactive preparation.
This segment is sponsored by Axonius. Visit https://cisostoriespodcast.com/axonius to learn more about them!
Visit https://cisos...
Mandy Andress joins our show to discuss leveraging cyber liability insurance for risk reduction. They explore the importance of strong broker relationships and key steps for selecting or renewing a policy—starting with assessing organizational needs. Learn strategies to lower premiums while increasing coverage.
Segment Resources: https://www.elastic.co/
This segment is sponsored by Sophos. Visit https://cisostoriespodcast.com/sopho...
In this episode of the CISO Stories Podcast, we're joined by Mike Miller, a seasoned penetration tester and audit and compliance SME, to explore the real-world impact of incident response controls. From technical to managerial and physical safeguards, Mike shares eye-opening stories from the field—including how he once penetrated a network with nothing more than a dozen doughnuts. We dive into the importance of layered security app...
In this episode, we sit down with author and AI expert Rock Lambros to explore the evolving landscape of AI governance. We discuss the risks of AI chatbots, comparing OpenAI and DeepSeek, and examine current and emerging governance frameworks. As AI adoption accelerates, organizations must determine the right guardrails and critical questions to ask. This conversation provides insights into how companies are shaping their AI strate...
In this episode, we sit down with experienced CISO Gavin Reid to explore the escalating online threats to privacy, focusing on adversaries and companies illicitly scraping website data for profit. We dive into the implications of such unauthorized data collection and its impact on individual and organizational privacy. Reid also shares insights from his team's involvement in dismantling BadBox, a coordinated global attack exploitin...
In this episode of CISO Stories, Jess Hoffman and Sheena Thomas explore the challenges of cloud security in higher education. They discuss trust issues with cloud providers, the importance of understanding data sensitivity, and navigating regulatory compliance. Sheena highlights the vulnerabilities educational institutions face, the value of incident response playbooks, and the balance between trust and risk in cloud services. The ...
Jessica Hoffman and Melina Scotto discuss the evolution of cybersecurity, focusing on cloud security, business responsibilities, and the importance of basic cyber hygiene. They highlight the role of communication, consulting, and integrating security into business operations, concluding with advice for future cybersecurity professionals.
This segment is sponsored by Fortinet Cloud Security. Visit https://cisostoriespodcast.com/fort...
Jess and Adam discuss cloud security challenges for SMBs, emphasizing strategic planning, compliance with regulations like CMMC, and vendor due diligence. They highlight common pitfalls like the illusion of security and inadequate staffing while offering cost-effective solutions like virtual CISOs. Practical tips help SMBs secure their data, navigate legal concerns, and maximize available resources.
In this episode, we dive into the critical role of proper configurations in cloud environments and why misconfigurations remain the leading cause of security breaches. From overly permissive access controls to unencrypted data stores and default credentials left unchanged, we explore real-world examples that adversaries exploit. Learn how organizations can mitigate these risks through proactive monitoring, automated tools, and a cu...
Bertrum Carroll dives into the evolution of cloud service adoption, comparing early concerns—like data storage, access, and usage—to current apprehensions about AI. We explore how leadership can empower teams with the right training to harness technology effectively. Learn why understanding the shared responsibilities between providers and customers is critical for cloud security success.
In this episode, we're joined by Tammy Klotz, a 3x CISO in the manufacturing industry, to explore identity security challenges in manufacturing environments. Tammy discusses the differences in access management for frontline workers versus knowledge workers, touching on the unique devices and role-based training requirements. Tune in to learn how tailored security solutions are key to managing access across diverse user groups in i...
In this episode of CSP, we sit down with Dr. Sean Murphy, the CISO of BECU, one of Seattle's largest credit unions, to discuss the shifts in identity security brought on by the COVID-19 pandemic. Dr. Murphy highlights how Zero Trust architecture became crucial for verifying internal users, especially as remote work became the norm. He shares insights on the unique challenges of securing a remote workforce in the banking sector and ...
Let's talk about what CISOs look for when hiring identity and access management team members. What training and experience is most attractive for the business and team.
This segment is sponsored by CyberArk. Visit https://cisostoriespodcast.com/cyberark to learn more about them!
This segment is sponsored by Saviynt. Please visit https://cisostoriespodcast.com/saviynt to learn more and get a free demo!
Popular Podcasts
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
The Burden is a documentary series that takes listeners into the hidden places where justice is done (and undone). It dives deep into the lives of heroes and villains. And it focuses a spotlight on those who triumph even when the odds are against them. Season 5 - The Burden: Death & Deceit in Alliance On April Fools Day 1999, 26-year-old Yvonne Layne was found murdered in her Alliance, Ohio home. David Thorne, her ex-boyfriend and father of one of her children, was instantly a suspect. Another young man admitted to the murder, and David breathed a sigh of relief, until the confessed murderer fingered David; “He paid me to do it.” David was sentenced to life without parole. Two decades later, Pulitzer winner and podcast host, Maggie Freleng (Bone Valley Season 3: Graves County, Wrongful Conviction, Suave) launched a “live” investigation into David's conviction alongside Jason Baldwin (himself wrongfully convicted as a member of the West Memphis Three). Maggie had come to believe that the entire investigation of David was botched by the tiny local police department, or worse, covered up the real killer. Was Maggie correct? Was David’s claim of innocence credible? In Death and Deceit in Alliance, Maggie recounts the case that launched her career, and ultimately, “broke” her.” The results will shock the listener and reduce Maggie to tears and self-doubt. This is not your typical wrongful conviction story. In fact, it turns the genre on its head. It asks the question: What if our champions are foolish? Season 4 - The Burden: Get the Money and Run “Trying to murder my father, this was the thing that put me on the path.” That’s Joe Loya and that path was bank robbery. Bank, bank, bank, bank, bank. In season 4 of The Burden: Get the Money and Run, we hear from Joe who was once the most prolific bank robber in Southern California, and beyond. He used disguises, body doubles, proxies. He leaped over counters, grabbed the money and ran. Even as the FBI was closing in. It was a showdown between a daring bank robber, and a patient FBI agent. Joe was no ordinary bank robber. He was bright, articulate, charismatic, and driven by a dark rage that he summoned up at will. In seven episodes, Joe tells all: the what, the how… and the why. Including why he tried to murder his father. Season 3 - The Burden: Avenger Miriam Lewin is one of Argentina’s leading journalists today. At 19 years old, she was kidnapped off the streets of Buenos Aires for her political activism and thrown into a concentration camp. Thousands of her fellow inmates were executed, tossed alive from a cargo plane into the ocean. Miriam, along with a handful of others, will survive the camp. Then as a journalist, she will wage a decades long campaign to bring her tormentors to justice. Avenger is about one woman’s triumphant battle against unbelievable odds to survive torture, claim justice for the crimes done against her and others like her, and change the future of her country. Season 2 - The Burden: Empire on Blood Empire on Blood is set in the Bronx, NY, in the early 90s, when two young drug dealers ruled an intersection known as “The Corner on Blood.” The boss, Calvin Buari, lived large. He and a protege swore they would build an empire on blood. Then the relationship frayed and the protege accused Calvin of a double homicide which he claimed he didn’t do. But did he? Award-winning journalist Steve Fishman spent seven years to answer that question. This is the story of one man’s last chance to overturn his life sentence. He may prevail, but someone’s gotta pay. The Burden: Empire on Blood is the director’s cut of the true crime classic which reached #1 on the charts when it was first released half a dozen years ago. Season 1 - The Burden In the 1990s, Detective Louis N. Scarcella was legendary. In a city overrun by violent crime, he cracked the toughest cases and put away the worst criminals. “The Hulk” was his nickname. Then the story changed. Scarcella ran into a group of convicted murderers who all say they are innocent. They turned themselves into jailhouse-lawyers and in prison founded a lway firm. When they realized Scarcella helped put many of them away, they set their sights on taking him down. And with the help of a NY Times reporter they have a chance. For years, Scarcella insisted he did nothing wrong. But that’s all he’d say. Until we tracked Scarcella to a sauna in a Russian bathhouse, where he started to talk..and talk and talk. “The guilty have gone free,” he whispered. And then agreed to take us into the belly of the beast. Welcome to The Burden.
"SmartLess" with Jason Bateman, Sean Hayes, & Will Arnett is a podcast that connects and unites people from all walks of life to learn about shared experiences through thoughtful dialogue and organic hilarity. A nice surprise: in each episode of SmartLess, one of the hosts reveals his mystery guest to the other two. What ensues is a genuinely improvised and authentic conversation filled with laughter and newfound knowledge to feed the SmartLess mind. Subscribe to SiriusXM Podcasts+ to listen to new episodes of SmartLess ad-free and a whole week early. Start a free trial now on Apple Podcasts or by visiting siriusxm.com/podcastsplus.
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!