CISO Series Podcast
Aside From Text, Images, and Videos, GenAI Can’t Fool Me

The capabilities of generative AI systems are impressive, but we need to be realistic about constraints. This applies to the limits of the systems themselves, but also to our ability as humans to spot them. So how do we take advantage of these new capabilities with getting taken for a ride along the way?

This week’s episode is hosted by David Spark, producer of CISO Series and Andy Ellis, partner, YL Ventures. Joining them is our sponsored guest, Sam Curry, global vp, CISO at Zscaler. This episode was recorded live at a Zscaler event in Boston, MA.

Listen to the full episode here.

Guardrails for decision making under fatigue

To mitigate the risk of human error during moments of cognitive fatigue or distraction, it’s critical to establish personal and organizational guardrails that define acceptable actions in common security scenarios. Troy Hunt learned this all too well with a jet-lagged phishing attack. Rather than relying solely on the ability to detect phishing or other threats, individuals should have predetermined rules, such as avoiding sensitive tasks late at night or never entering login credentials directly from an email link, that trigger a pause for reassessment. These behavior-based protocols help reduce reliance on moment-to-moment judgment and build a more resilient human layer of defense.

Preparing for quantum threats

While practical quantum computing capable of breaking current cryptographic systems remains years away, its anticipated impact on asymmetric encryption is profound. Cybersecurity professionals are trying to stay ahead of the implications, with the cybersecurity subreddit trying to contextualize all the advances we're seeing in quantum chips. The risk lies in the potential to derive private keys from public ones, undermining foundational trust models in digital security. Organizations should act now to inventory their cryptographic assets, assess dependencies, and begin transitioning to quantum-resistant algorithms. Early preparation can dramatically reduce the complexity and urgency of future transitions, ensuring business continuity and compliance as quantum capabilities advance.

Strategic use of generative AI

The proliferation of generative AI in cybersecurity has introduced new tools and efficiencies, but its application must be strategic to provide lasting value. Effective use involves integrating AI into clearly defined, process-oriented roles—such as automating routine tasks or generating standard documentation—while recognizing that most cybersecurity challenges are rooted in organizational dynamics, not technical capability alone. Overuse or misapplication of AI, especially in defensive contexts, can create predictable patterns that adversaries may exploit, highlighting the need for human oversight and adaptive deployment strategies.

Reassessing outdated knowledge

Cybersecurity professionals often carry a backlog of obsolete technical knowledge, from mainframe security practices to discontinued network protocols, that no longer serve their current environment. The cybersecurity subreddit was replete with less-than-useful knowledge that professionals still have in their heads. While occasionally useful for niche scenarios, this outdated expertise can clutter decision-making and hinder agility. Regularly reviewing and curating technical competencies ensures alignment with modern tools and threats, supports more effective team collaboration, and helps security leaders remain strategically relevant in a fast-evolving field.

Listen to the full episode on our blog or your favorite podcast app, where you can read the entire transcript. If you haven’t subscribed to the CISO Series Podcast via your favorite podcast app, please do so now.

Thanks to TC Niedzialkowsk, head of security and IT at Opendoor for contributing this week’s “What’s Worse?!” scenario. Thanks to Maria Teigeiro of Zscaler, Tim Armstrong of K Logic, Morad Sitt of Cyber Cedar Advisors, and Brooke Ward of Grip Security for contributing in our Q&A section.

Huge thanks to our sponsor, Zscaler

Subscribe
Subscribe to CISO Series Podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "CISO Series Podcast" into your favorite podcast app.

Security You Should Know
Your Direct Source For Emerging Security Solutions

Each week, Security You Should Know brings you short, focused conversations between security leaders and vendors tackling real problems. No hype, just clear answers to the questions CISOs actually ask. Subscribe to stay in the loop and discover new solutions—without the sales funnel.

Subscribe to the Security You Should Know Newsletter on LinkedIn.

Subscribe
Subscribe to Security You Should Know

Please subscribe via Apple Podcasts, Spotify, Amazon Music, Pocket Casts, RSS, or just type "Security You Should Know" into your favorite podcast app.

Biggest mistake I ever made in security...

“One of three things. Is it, I deleted 40 million copies of Word once? I deleted McAfee AntiVirus on all instances of NT 3.51 & 4.0? Or I deleted 7 Million credit card numbers? I'll let you decide.“ - Sam Curry, global vp, CISO at Zscaler

Listen to the full episode of “Aside From Text, Images, and Videos, GenAI Can’t Fool Me”

Improving the Efficiency of Your Threat Intelligence

"“Can I do anything with this piece of intelligence or not? If I can’t, you’ve made my job harder.” - Jason Steer, CISO, Recorded Future

Listen to the full episode of “Improving the Efficiency of Your Threat Intelligence”

Subscribe to our newsletters on LinkedIn!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Security You Should Know Newsletter - Weekly

Join us Friday, 06-20-25 for "Hacking What It Takes to Become a CISO"

Join us on Friday, June 20, 2025, for Super Cyber Friday: “Hacking What It Takes to Become a CISO.”

It all kicks off at 1 PM ET / 10 AM PT, when Rich Stroffolino will be joined by Montez Fitzpatrick, CISO, NavVis, and David B. Cross, CISO, Atlassian for an hour of insightful conversation and engaging games. And at 2 PM ET / 11 AM PT, stick around for our always-popular meetup. This time, it will be hosted right inside the event platform.

We’re trying something new this week: We’re hosting the show on Airmeet! The experience will feel familiar, but you’ll register through a new link.

Register now on Airmeet

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Christina Shannon, CIO, KIK Consumer Products.

Thanks to our Cyber Security Headlines sponsor, Vanta

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.