CISO Series Podcast
Back in My Day, You Could Get a Cybersecurity Job at the Corner Store

The barrier to entry for using technology has almost completely disappeared compared to the 80s and 90s. But by making technology so user-friendly that truly everyone uses it, have we lost the hacker mindset when it comes to using technology?

This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining is Paul Drapeau, head of global information security, New Balance.

Listen to the full episode here.

The logo trap

The desire to land that huge logo often sends vendors into enterprise procurement cycles. But for Ira Winkler of CYE, a few committed mid-market customers beat one elusive enterprise logo. The argument against chasing Fortune 500 logos from day one isn't new. Months in procurement, scaling pressure you're not ready for, a design-by-committee roadmap that stops serving the customers who use the product. It's a long haul. The reason to chase the big dogs is that VCs are dazzled by them. One recognizable name can close your next funding round faster than a dozen smaller wins. The tension isn't enterprise versus mid-market. It's whether a startup is chasing logos for product-market fit or for investor optics. Those are different strategies with different consequences for every customer already in the room.

Immunity through exposure

As we age in cybersecurity, it's hard not to fall back on "back in my day" cliches. A thread on the cybersecurity subreddit argued that people who grew up in the 80s and 90s developed real security instincts by breaking things. Click the wrong ad banner, a bad download, a corrupted thumb drive, followed by an afternoon spent reinstalling Windows. The internet is sterile now. Pirate sites look like Netflix. iPads and Chromebooks don't let you tinker. The nostalgia isn't wrong, but the comparison is unfair. The 80s and 90s produced a lot of people who learned nothing and a small group who went deep. What creates risk isn't age or era. It's being overwhelmed and under pressure. Removing the safety net builds instincts. So does deliberately putting people in situations where they have to figure things out.

The synthesis edge

AI can recall anything. What it can't do is decide what matters. Author Stuart Winter-Tear argues that in an environment where LLMs surface answers instantly, the scarce skill isn't knowledge. It's synthesis. Knowing what questions to ask, how to weigh trade-offs, and what the system isn't showing you. He calls it the "specialist generalist," someone deep enough in something to master it and broad enough to connect it meaningfully to everything else. In cybersecurity, the best leaders don't just accumulate expertise. They walk into unfamiliar systems and engage with them as if they understand the constraints, then go find out what those constraints are. People who get this wrong often don't consider how this system might behave differently from what they already know.

The cost of holding tight

Leaders who bottleneck their teams usually aren't doing it out of ego. They're doing it because they've been burned, or because nobody ever taught them what real delegation looks like. For Rinki Sethi of Upwind Security, when control replaces trust, decisions stall, ownership disappears, and strong people leave. If someone who can make a call keeps bringing it to you instead, that's not their fault. It's yours. The advanced move is making sure escalations don't pay off. When someone outside your team goes around your person and you fold, you've just rewarded the workaround and undercut everyone who trusted the system. The goal isn't perfect execution. It's building teams that can move when you're not in the room.

Listen to the full episode on our blog or your favorite podcast app, where you can read the entire transcript. If you haven’t subscribed to the CISO Series Podcast via your favorite podcast app, please do so now.

Thanks to Ryan Rene Rosado of RSM for providing our "What's Worse" scenario.

Huge thanks to our sponsors, Doppel

Subscribe to CISO Series Podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "CISO Series Podcast" into your favorite podcast app.

Security You Should Know
Security Has a Trust Problem and It's Not What You Think

Security keeps saying it's a business enabler. Business leaders keep not believing it. In this compilation article from Security You Should Know, contributors from SafeBase by Drata, Harmonic Security, Knostic, Island, Qualys, and Conveyor weigh in on why the gap between security's self-perception and its organizational reputation persists — and what it actually takes to close it.

Read the full article here.

Subscribe to Security You Should Know

Please subscribe via Apple Podcasts, Spotify, Amazon Music, Pocket Casts, RSS, or just type "Security You Should Know" into your favorite podcast app.

What I love about security vendors…

“I spent some time in the vendor space, and what I really love about security vendors is they can give me that outside perspective. Sometimes you get a little overly locked in to your internal view of the world.“ - Paul Drapeau, Head of Global Information Security, New Balance

Listen to the full episode of “Back in My Day, You Could Get a Cybersecurity Job at the Corner Store”

Why Should You Use Native or 3rd Party Cloud Management Tools?

"I met with a CISO of a Fortune 100 in AWS, and they asked me a difficult question, and I came back to them with an architecture diagram containing five or six different AWS security services. Their answer to me was, 'First, how was I supposed to know that? Second, this isn't sustainable.'" - Gal Ordo, co-founder and CPO, Native Security

Listen to the full episode of "Should You Use Native or 3rd Party Cloud Management Tools?"

Subscribe to our newsletters on LinkedIn!

CISO Series Newsletter - Twice every week

Cybersecurity Headlines Newsletter - Every weekday

Security You Should Know Newsletter - Weekly

Protecting executives beyond the office

Chris Pierson, CEO of BlackCloak, breaks down the four pillars of digital executive protection: privacy, personal device security, home network defense, and concierge response. The home is a soft underbelly to the corporate network, and protecting it requires a holistic approach that extends to the whole family.

Watch the full video here.

Thanks to our sponsor, BlackCloak

How to Build Conditional Access Policies That Actually Fit Your Environment

Adam Fuller, project manager, Microsoft security, ThreatLocker, walks us through how to build conditional access policies that actually match your environment, not just replicate security defaults. The key is understanding what's happening in your environment first, then creating policies around it. That means using report mode to audit before enforcing, blocking by geography when your operations are US-only, and fine-tuning rather than blanket-blocking. A deny-by-default approach doesn't have to be rigid if the policies behind it are built with context.

Listen to the full episode and watch the full video here.

Thanks to our sponsor, ThreatLocker

Join the CISO Series Podcast LIVE in Boston (4-30-26)

CISO Series Podcast is recording live at the offices of Aqueduct Technologies in Canton, Massachusetts. David Spark will be joined on stage by Andy Ellis, principal at Duha, and Dmitriy Sokolovskiy, svp of cyber resilience at Semrush.

All are welcome. Whether you're just getting into cybersecurity or you're a seasoned veteran. Space is limited.

It's all happening on Thursday, April 30, 2026 at 5:00 PM. Register here.

Huge thanks to our sponsors, Dropzone AI and Strike48.

Cybersecurity Headlines - Department of Know

Our LIVE stream of The Department of Know happens every Friday at 4 PM ET / 1 PM PT with CISO Series producer Richard Stroffolino, and a panel of security pros. Each week, we bring you the cybersecurity stories that actually matter, and the conversations you’ve been having at work all week long.

Friday’s episode will feature Michael Bickford, CISO, New York State Gaming Commission, and Brett Conlon, CISO, American Century Investments. Join us on YouTube and catch up on what shaped the week in security.

Thanks to our Cybersecurity Headlines sponsor, ThreatLocker

Super Cyber Friday
Join us Friday for “Hacking Trust in Security”

Join us on Friday, April 24, 2026, for Super Cyber Friday: “Hacking Trust in Security: An hour of critical thinking about moving from a cost center to a trusted partner.”

It all kicks off at 1 PM ET / 10 AM PT, when David Spark will be joined by Will Gregorian, CISO, Galileo Medical, and David Nolan, former CISO, Asurion, for an hour of insightful conversation and engaging games. And stick around for our always-popular meetup, hosted right inside the event platform.

Register for this episode on Crowdcast!

Cybersecurity Headlines - Daily News Shorts

Subscribe to the CISO Series YouTube channel, for daily shorts videos from CISO Series reporter, Rich Stroffolino. You can find all of the stories he’s covered, plus new content every weekday, at the Cybersecurity Headlines Shorts YouTube playlist.

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.