CISO Series Podcast
Imagine Scaling Mistakes 5x Faster. Thank You, Automation! (LIVE in NY)

Automation is going to save cybersecurity, right? But it can’t do it if all it does is scale our broken processes. In our rush to adopt new efficient technology, why do we insist on dragging old broken workflows into it?

This week’s episode is hosted by David Spark, producer of CISO Series and Matt Southworth, CISO, Priceline. Joining them is sponsored guest Leslie Nielsen, CISO, Mimecast. This show was recorded in front of a live audience in New York City at the Mimecast Elevate conference on October 23, 2025.

Listen to the full episode here.

Automating dysfunction

Implementing new security tools without fixing underlying processes often amplifies existing problems rather than solving them. Broken processes reflect organizational priorities; if something hasn't been fixed, it hasn't been prioritized enough to warrant investment, argued Anton Chuvakin from the Google Cloud Security Podcast. The real work isn't selecting the right tool, but documenting current workflows and understanding what needs improvement before automation begins. Tools can help expose hidden dependencies and inefficiencies, forcing teams to articulate what they're trying to accomplish. When AI enrichment helps SOCs respond faster to alerts, that's automation done right.

Leading without dominating

Effective security leadership requires balancing expertise with collaboration to avoid creating toxic environments. Experience matters, but as Wil Klusovsky of Appalachia Technologies pointed out, presenting solutions as "a way, not the way" keeps teams engaged and prevents shutting down better ideas. The best security leaders often go unnoticed in meetings, empowering others to drive discussions and make decisions. Most brilliant jerks can be reformed with proper feedback and leadership. They need to see that leaving a room full of confused people doesn't prove your brilliance; it shows your failure. Start with role-reversal exercises to help technical experts understand business perspectives. The goal is building teams that function effectively even when leadership isn't present.

Unglamorous wins

Simple, overlooked security controls often deliver outsized impact compared to flashier solutions. As highlighted in a recent cybersecurity subreddit thread, not all friction is bad. A few speed bumps in user provisioning and access control prevent the speed-driven mistakes that create vulnerabilities. For example, aggressive email retention policies, think 30 to 90 days, dramatically shrink attack surfaces by forcing disciplined data management rather than treating inboxes as permanent archives. Another bump would be turning off old rules and deleting exemptions to see what breaks. It's sure to reveal technical debt from long-forgotten projects.

Code without comprehension

AI-generated code demands the same security rigor as human-written code. What matters most isn't whether AI or humans wrote the code, but what the code does, where it runs, and what data it touches, argued Boyd Kane of CubeSpace. Regardless of who wrote the code, critical systems that touch sensitive information need special care. We've seen cases where a developer can't explain or justify their decisions. Guess what? The same is true for those new to software development, the vibe coders. Is anyone telling them they're still responsible for participating in all the steps of a secure software development lifecycle? Everything still matters, from architecture reviews, threat modeling, static and dynamic analysis, and aggressive penetration testing.

Listen to the full episode on our blog or your favorite podcast app, where you can read the entire transcript. If you haven’t subscribed to the CISO Series Podcast via your favorite podcast app, please do so now.

Thanks to Neil Saltman of AHEAD for contributing this week’s “What’s Worse?!” scenario.

Thanks to our podcast sponsor, Mimecast

Subscribe
Subscribe to CISO Series Podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "CISO Series Podcast" into your favorite podcast app.

Security You Should Know
Stopping Lateral Movement with Zero Networks

Lateral movement across networks remains one of cybersecurity’s most persistent challenges, particularly in an era dominated by ransomware attacks. The root cause isn’t a lack of awareness. Organizations have known about this vulnerability for years. The real culprit is complexity. As environments age and expand across cloud, on-premises, and hybrid infrastructures, the sheer difficulty of segmenting networks without breaking critical business operations has made lateral movement a winning strategy for attackers. Traditional microsegmentation approaches have promised solutions but delivered frustration, requiring massive professional services engagements and ongoing manual policy management that scales poorly, especially in OT environments where different protocols and legacy systems add another layer of difficulty.

In this episode, Benny Lakunishok, co-founder and CEO at Zero Networks, explains how their automated approach to microsegmentation addresses these challenges by putting a network bubble around every asset, from clients and servers to OT devices and cloud resources, without requiring agents or breaking existing environments. Joining him are Shaun Marion, vp and CSO at Xcel Energy, and Doug M., vp and CSO at WCG.

Listen to the full episode here.

Thanks to our podcast sponsor, Zero Networks

Subscribe
Subscribe to Security You Should Know

Please subscribe via Apple Podcasts, Spotify, Amazon Music, Pocket Casts, RSS, or just type "Security You Should Know" into your favorite podcast app.

Biggest mistake I ever made in security…

“I had a brilliant jerk working for me a few companies back, and the biggest mistake I made was letting him hang around, be toxic to the other people, and then sadly, when I left the company, he became somebody else’s problem and they had to get rid of him.“ - Leslie Nielsen, CISO, Mimecast

Listen to the full episode of “Imagine Scaling Mistakes 5x Faster. Thank You, Automation! (LIVE in NY)”

How Should CISOs Talk to the Business…

"The most important thing for us as security leaders doesn't have anything to do with security. It's about earning trust at senior executive and board levels and understanding them and being understood." - Peter Gregory, best-selling cybersecurity author

Listen to the full episode of “How Should CISOs Talk to the Business”

Subscribe to our newsletters on LinkedIn!

CISO Series Newsletter - Twice every week

Cybersecurity Headlines Newsletter - Every weekday

Security You Should Know Newsletter - Weekly

LIVE!
Cybersecurity Headlines - Department of Know

Our LIVE stream of The Department of Know happens every Monday at 4 PM ET / 1 PM PT with CISO Series producer Richard Stroffolino, and a panel of security pros. Each week, we bring you the cybersecurity stories that actually matter, and the conversations you’ll be having at work all week long.

Monday’s episode featured Chris Ray, field CTO, GigaOm, and Peter Clay, CISO, Aireon. Missed it? Watch the replay on YouTube and catch up on what’s shaping the week in security.

Join us again next week, and every Monday.

Thanks to our Cybersecurity Headlines sponsor, Hoxhunt

Join us Friday for “Hacking SOC Workflow”

Join us on Friday, January 9, 2026, for Super Cyber Friday: “Hacking SOC Workflow: An hour of critical thinking of evolving security operations.”

It all kicks off at 1 PM ET / 10 AM PT, when David Spark will be joined by Jason Shockey, CISO, Cenlar FSB, and Edward Wu, CEO and founder, Dropzone AI, for an hour of insightful conversation and engaging games. And at 2 PM ET / 11 AM PT, stick around for our always-popular meetup, hosted right inside the event platform.

Register now

Thanks to our Super Cyber Friday sponsor, Dropzone AI

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.