Defense in Depth

How Should We Measure the Performance of a CISO?
All links and images can be found on CISO Series.
Check out this post from the cybersecurity subreddit for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is Jason Richards, vp, information security, CHG Healthcare.
In this episode:
Likability as a career strategy
The storytelling gap
How the math actually gets done
The unofficial scorecard
A huge thanks to our sponsor, ThreatLocker

ThreatLocker makes Zero Trust practical. With Default Deny, Ringfencing, and Elevation Control, CISOs get real control that's easy to manage and built to scale. Stop threats before they execute and reduce operational noise without adding complexity. See how simple prevention can be at ThreatLocker.com/CISO.

All links and images can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Ross Young, co-host, CISO Tradecraft. Joining them is Dan Walsh, CISO, Datavant. Be sure to check out Ross's book Cybersecurity's Dirty Secret: Why Most Budgets Go to Waste.
In this episode:
Patterns hiding in plain sight
Activity vs. advancement
The human cost
Frameworks about frameworks
A huge thanks to our sponsor, Fenix24

Fenix24 is the world's leading breach recovery firm, providing rapid ransomware restoration, full asset visibility, and threat informed hardening. Alongside expert recovery services, Fenix24 delivers ongoing managed protection that secures backups, infrastructure, and critical controls, helping organizations stay resilient, recoverable, and prepared for modern cyber threats. Learn more at fenix24.com.

All links and images can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is Adam Palmer, CISO, First Hawaiian Bank. Be sure to check out David's book, Three Feet from Seven Figures: One-on-One Engagement Techniques to Qualify More Leads at Trade Shows.
In this episode:
Lead with insight, not persuasion
Recognize the opportunity when it arrives
Strategy over features
Keep it efficient
A huge thanks to our sponsor, Endor Labs

Discover how AI coding agents are reshaping software supply chain risk in the State of Dependency Management. Original research from Endor Labs shows 49% of dependency versions have known vulnerabilities (and that 34% don't actually exist). Get the report to see how "shadow AI" is reshaping attack surfaces. Learn more at endorlabs.com.

All links and images can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining is their sponsored guest, Matt Brown, solutions architect, Endor Labs.
In this episode:
The development disconnect
Functionality first, security second
The incentive problem
Speed as the common ground
A huge thanks to our sponsor, Endor Labs

Discover how AI coding agents are reshaping software supply chain risk in the State of Dependency Management. Original research from Endor Labs shows 49% of dependency versions have known vulnerabilities (and that 34% don't actually exist). Get the report to see how "shadow AI" is reshaping attack surfaces. Learn more at www.endorlabs.com.

All links and images can be found on CISO Series.
Check out this post by Caleb Sima for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Evan McHenry, CISO, Robinhood.
In this episode:
The information paradox
Setting realistic expectations
Prioritization over noise
The cart before the horse
Huge thanks to our sponsor, Endor Labs

Discover how AI coding agents are reshaping software supply chain risk in the State of Dependency Management. Original research from Endor Labs shows 49% of dependency versions have known vulnerabilities (and that 34% don't actually exist). Get the report to see how "shadow AI" is reshaping attack surfaces.