CISO Series Podcast
AI Isn’t Going to Take Your Job, It’s Going to Eliminate It! (LIVE at BSidesSF)

The first reaction to AI tools is often that it will take jobs. But for analysts, it provides an opportunity to free up repetitive task for more hypothesis-driven threat hunting that would likely slip through the cracks. The promise of time to focus on higher-level work is alluring, but what will that actually look like for analysts?

This week’s episode is hosted by David Spark, producer of CISO Series and Andy Ellis, partner, YL Ventures. Joining them is Alexandra Landegger, global head of cyber strategy & transformation, RTX.

The event was shot in front of a live audience in San Francisco at BSidesSF 2025.

Listen to the full episode here.

A cybersecurity fast-track?

Cybersecurity isn't typically an entry-level field—it’s more often a transition point for people coming from adjacent roles. That frequently differs from the narrative we hear from online cybersecurity influencers. Skills like simplifying complex topics or managing a crisis under pressure can be more valuable than traditional technical backgrounds. Based on the reaction to David Spark's post about this on LinkedIn, success often comes from identifying those transferable skills and retraining with targeted support, rather than expecting certification alone to open doors.

When Ambition Becomes a Liability

Job seekers trying to stand out in cybersecurity need to balance creativity with caution. Overstepping legal or ethical boundaries—even with good intentions—can damage credibility, as seen in the case of Nicholas Kloster. Doing your homework on a company or person is smart and can give you an edge. However, revealing too much of that research in outreach can feel invasive. Professional curiosity should be tempered with respect for boundaries and social norms.

Giving the CVE Program the Credit It Deserves

Despite criticism, the CVE system continues to offer essential value by providing a shared language and taxonomy for discussing vulnerabilities. As Cyberscoop recently outlined in a post about its history, its longevity as a public-private partnership speaks to its usefulness. Improvements are still needed—especially around context and broader coverage—but its role in coordinating across the ecosystem remains vital. The recent possibility of a lapse in MITRE's funding for the CVE program made the importance of this system all the more apparent.

Elevating human cyber talent with AI

AI and automation are changing the nature of cybersecurity roles. Automation, rather than replacing jobs, enables analysts to focus on things like hypothesis-driven threat hunting, particularly in scenarios where adversaries use legitimate credentials that evade basic detection, as Lesley Carhart of Dragos outlines. While some routine tasks are being offloaded to machines, new responsibilities are emerging around managing and validating AI output, understanding business context, and navigating complex environments. The challenge now is how to prepare new talent for these higher-level roles when traditional entry-level paths are disappearing.

Listen to the full episode on our blog or your favorite podcast app, where you can read the entire transcript. If you haven’t subscribed to the CISO Series Podcast via your favorite podcast app, please do so now.

Thanks to Jay Dance of StubHub for contributing this week’s “What’s Worse?!” scenario. And thanks to Ty Sbano of Vercel, Mohan Kumar of Box, Supro Ghose, Arkadiy Goykhberg of Branch Financial, Chris Pedigo of Axonius, and Bar Hofesh of Bright Security for their questions.

Huge thanks to our sponsors, SecurityScorecard, Nudge Security, and Vanta

Subscribe
Subscribe to CISO Series Podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "CISO Series Podcast" into your favorite podcast app.

Biggest mistake I ever made in security…

“A number of years ago, I was working on a cyber incident, and at the end, we put together this beautiful AAR. And then came my mistake of not checking the system. I assumed everyone was going to get the work done, and a year later, the same incident, same way, happened all over again. The lesson I learned, accountability is everything for cyber.“ - Alexandra Landegger, global head of cyber strategy & transformation, RTX

Listen to the full episode of “AI Isn’t Going to Take Your Job, It’s Going to Eliminate It! (LIVE at BSidesSF)”

Why Cybersecurity Professionals Lie on Their Resumes

"I will tell you that some of the smartest CISOs I know don’t have any certifications. I look back at my schooling. I’m a terrible test taker. I’m a great practitioner. And the fact that I’m a terrible test taker does not constitute me being a terrible CISO, or I wouldn’t be where I am today." - Krista Arndt, associate CISO, St. Luke’s University Health Network

Listen to the full episode of “Why Cybersecurity Professionals Lie on Their Resumes”

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Security You Should Know Newsletter - Weekly

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Rusty Waldron, chief business security officer, ADP.

Thanks to our Cyber Security Headlines sponsor, Conveyor

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.