Join us tomorrow for "Hacking Agentic Access"

June 04, 2026

Join us TOMORROW, Friday [06-05-26], for "Hacking Agentic Access"

Join us Friday, June 5, 2026, for “Hacking Agentic Access: An hour of critical thinking about the new world of NHI.”

It all begins at 1 PM ET/10 AM PT tomorrow, with guests Adam Ochayon, Director of Product Strategy & GTM, Oasis Security, and Steve Zalewski, co-host, Defense in Depth. We'll have fun conversation and games, plus at the end of the hour we'll do our meetup in breakout rooms.

Thanks to our Super Cyber Friday sponsor, Oasis Security

Defense in Depth
Has Cybersecurity Become a Cult?

We think of cybersecurity as a discipline. But when do ideas like best practices and NIST frameworks change into a system of belief?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by David Spark, the producer of CISO Series, and Davi Ottenheimer, principal, Flying Penguin. Joining is Joshua Copeland, director of security, Crescendo.

Listen to the full episode here.

Tools, not religion

Frameworks aren't sacred, but they aren't the problem either. Dr. Brian McElyea drew a clear line, saying, "Frameworks aren't dogma, they're guardrails. They give us common language across complex environments." The goal is less dogma and more proof, with CISOs shifting toward continuous validation and resilience metrics rather than checklist compliance. Asrar Ismail of Quality Management Australia pushed back on the cult framing from a different angle. NIST and ISO aren't frozen doctrine. NIST SP 800-53 has had six major revisions, and ISO 27001 is reviewed every five years. "That's not a cult," he said. "That's continuous improvement."

The case for structured discipline

Frameworks are starting points and the "rituals" that accompany them carry real value when used correctly. Brian Bronstein of Appalachia Technologies made the case for phishing tests and tabletop exercises as preparedness tools. "Think about fire drills," he said. "They're run endlessly, and are never perfectly executed, but the muscle memory and lessons learned are invaluable." John Skaarup, CISO at SRB Systems, entirely reframed the critique: "What some see as dogma, others recognize as discipline. What feels like conformity may be the scaffolding of trust."

The management problem underneath

The rituals and frameworks may be symptoms of something deeper. Richard Harrison, CISO at Foodstuffs South Island, traced the roots to "a dominant management paradigm grounded in command and control thinking reinforced by quality management approaches developed in the 70s and 80s," arguing that "traditional siloed approaches to anything (TSM, GRC, Cybersecurity, etc.) are no longer sufficient to manage modern digital supply chain complexity." Ryan Rambo of IXN Solutions saw the same dysfunction in incident response, where the answer is almost always "we need more cybersecurity. More cyber tools, more useless alerting, more cyber consultants." His alternative: "Counterintelligence, not cybersecurity, is the glue that binds cybersecurity, physical security, personnel security, information security, operations security, compliance, and threat intelligence together."

Fix the damn holes

The reason frameworks become checkbox exercises comes down to politics, according to Suzanne Button of Intelligent Consulting BV. Once you understand that, she said, everything else follows. Companies spend more time on new technology and SOC headcount than on fixing known vulnerabilities. "If companies spent half as much time fixing their own issues as they do with shiny tech and rooms filled with SOC analysts, they'd be winning."

Please listen to the full episode on your favorite podcast app, or over on our blog, where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Huge thanks to our sponsor, ThreatLocker

Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

Cybersecurity Headlines - Department of Know

Our LIVE stream of The Department of Know happens every Friday at 4 PM ET / 1 PM PT with CISO Series producer Richard Stroffolino, and a panel of security pros. Each week, we bring you the cybersecurity stories that actually matter, and the conversations you’ve been having at work all week long.

Friday’s episode will feature Robb Dunewood, host, Daily Tech News Show, and David Cross, CISO, Atlassian. Join us on YouTube and catch up on what shaped the week in security.

Thanks to our Cybersecurity Headlines sponsor, Vanta

Participate! Add our live shows to your calendar

Learn more about all of the fun ways you can participate, and add our events to your calendar.

Cyber chatter from around the web...
Jump in on these conversations

  •  "Anyone else losing their mind over this "AI Cybersecurity" hype?" (More here)

  • "Websites have a new way to spy on visitors: analyzing their SSD activity" (More here)

  • "Anthropic says Mythos has already found more than 10,000 vulnerabilities" (More here)

Coming up on Super Cyber Friday:

  • [06-05-26] - “Hacking Agentic Access”

  • [06-12-26] - “Hacking the Analyst Firms”

Register for and add all of these events to your calendar on our Events Page.

Share for a chance to WIN A FREE GIFT!

Help us get the word out! Share next week’s Super Cyber Friday registration link on LinkedIn, tag me (David Spark) and CISO Series, and you'll be entered for a chance to win an item from our prize store. We'll randomly pick one winner from everyone who shares.

Cybersecurity Headlines - Daily News Shorts

Subscribe to the CISO Series YouTube channel, for daily shorts videos from CISO Series reporter, Rich Stroffolino. You can find all of the stories he’s covered, plus new content every weekday, at the Cybersecurity Headlines Shorts YouTube playlist.

Thank you for supporting CISO Series and all our programming

We don’t just say we appreciate your feedback; we incorporate it into our programming. Learn more about all of the fun ways you can participate.

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing on social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.