CISO Series Podcast
It's Okay to Put All Your Eggs in One Basket as Long as You Really Trust the Basket

Hero culture is still distressingly common in cybersecurity. While it's good to have people you can count on when the going gets tough, building up heroes inherently creates single points of failure. How can we build resilience across our entire staff?

This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Rob Allen, chief product officer, ThreatLocker.

Listen to the full episode here.

Your best employee is your biggest risk 

The most dangerous insider threat isn't malicious. For Joshua Copeland of Crescendo, it's the person who keeps everything running. They're effective, they're rewarded, and over time, their access expands while oversight disappears. Documentation becomes optional. When they burn out or make a mistake, the blast radius is enormous because you didn't build resilience; you built dependency. The fix isn't punishing heroes. It's making sure no one has to be one. Hire someone to back them up, force them to take real vacations, and operationalize their work before it becomes irreplaceable. If your culture celebrates heroics over repeatable processes, you're quietly manufacturing risk.

Stop guessing the next attack 

More than half of significant cyber incidents involve scenarios the security team never rehearsed. That stat sounds damning, but it might be closer to a hundred percent. No tabletop can fully predict the randomness of a real attack, pointed out Evan Schuman on CSO Online. The military teaches the same lesson. So what are tabletops good for? They expose gaps in communication and approvals, not gaps in threat modeling. Organizations that run them once a year as a compliance checkbox are missing the point. The real value isn't simulating the right scenario. It's discovering that your ransomware response plan is stored on the system that just got encrypted.

AI is not a feature 

Every vendor booth at every conference now has "AI" plastered across it, and fatigue is setting in. The useful applications, such as crunching large datasets, pattern matching, and classification, are real but unremarkable. The problem is when AI gets shoved into decisions it shouldn't be making, especially binary ones about what's good and what's bad. One wrong call is all it takes. The more interesting conversation isn't how to bolt AI onto yesterday's tools. It's where repeatable automation belongs versus where generative output doesn't. If ransomware hits the same machine twice, you want a playbook that fires the same way every time, not an LLM improvising a new response.

Stop blaming the user 

Seventy percent of employees admit to bypassing security controls. They're not trying to do wrong; they want to get their jobs done. For Dr. Dustin Sachs of PsyberCog Labs, that's not a training problem. It's a design problem. Security awareness programs give both sides a false sense of accomplishment: the security team checked a box, employees sat through thirty minutes of content, and nothing changes. Clicking links is literally what we pay people to do. The answer isn't more education. It's building systems where the secure path is the easy path, and where following legitimate instructions doesn't make you a liability.

Listen to the full episode on our blog or your favorite podcast app, where you can read the entire transcript. If you haven't subscribed to CISO Series Podcast via your favorite podcast app, please do so now.

Thanks to Dr. Dustin Sachs of PsyberCog Labs for providing our "What's Worse?" scenario.

Thanks this episode's security tip sponsor, Qualys.

Huge thanks to our sponsor, ThreatLocker

Subscribe to CISO Series Podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "CISO Series Podcast" into your favorite podcast app.

Best advice for a CISO...

"I've got two pieces of best advice for a CISO. One, listen to this podcast. It's essential. Two, buy ThreatLocker. It's equally essential." - Rob Allen, chief product officer, ThreatLocker

Listen to the full episode of "It's Okay to Put All Your Eggs in One Basket as Long as You Really Trust the Basket"

Why Overpromising is a Dangerous Sales Tactic

"As an engineer, I was given your roadmaps. The conversations were, 'We don't have this right now, but here's what we're building.' When now I have the conversations is, 'We are absolute. We solve all of your data problems.' Like, what does that even mean?" - Octavia Howell, vp and CISO, Equifax Canada

Listen to the full episode of "Why Overpromising is a Dangerous Sales Tactic"

Subscribe to our newsletters on LinkedIn!

CISO Series Newsletter - Twice every week

Cybersecurity Headlines Newsletter - Every weekday

Security You Should Know Newsletter - Weekly

CISO Series Podcast Returns to BSidesSF (3-21-26)

CISO Series Podcast is returning to BSidesSF in San Francisco on March 21! David Spark will be joined on stage by Mike Johnson, CISO, Rivian, and Sara Madden, CISO, Convera, right on the eve of RSA Conference.

Get your tickets here. Find all of the details here.

Thanks to our sponsors, Nudge Security, QuilrAI, and Zenity

When Patch Tuesday and Vulnerability Management Are Not Enough

Rob Allen, chief product officer at ThreatLocker, makes the case that Patch Tuesday and vulnerability management, while essential, will never be enough on their own. The real question isn't whether your software has vulnerabilities — it does. It's what happens next, and whether you've cut off that attack chain before it progresses.

Listen to the full episode here.

Huge thanks to our sponsor, ThreatLocker

Cybersecurity Headlines - Department of Know

Our LIVE stream of The Department of Know happens every Monday at 4 PM ET / 1 PM PT. This week’s episode was with CISO Series reporter and guest host, Sarah Lane, and a panel of security pros. Each week, we bring you the cybersecurity stories that actually matter, and the conversations you’ll be having at work all week long.

Monday’s episode featured John Barrow, CISO, JB Poindexter & Co, and Derek Fisher, director of the cyber defense and information assurance program, Temple University. Missed it? Watch the replay on YouTube and catch up on what’s shaping the week in security.

Join us again next week, and every Monday.

Thanks to our Cybersecurity Headlines sponsor, Dropzone AI

Super Cyber Friday
Join us every Friday in April for “Trust Month”

Trust is at the core of everything we do in cybersecurity — and this April, we're dedicating an entire month to it on Super Cyber Friday.

Throughout April, each episode will tackle a different dimension of trust: building it within your security team, knowing when a vendor becomes a true partner, gaining confidence in AI output, and earning a seat at the table as a business enabler rather than a blocker.

Four Fridays. Four conversations. One theme that touches every corner of the industry. Register for the full series, and get notified whenever new episodes are scheduled.

>>> REGISTER for single episodes or the whole Super Cyber Friday series <<<

Cybersecurity Headlines - Daily News Shorts

Subscribe to the CISO Series YouTube channel, for daily shorts videos from CISO Series reporter, Rich Stroffolino. You can find all of the stories he’s covered, plus new content every weekday, at the Cybersecurity Headlines Shorts YouTube playlist.

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.