CISO Series Newsletter
Posts
Join us tomorrow for "Hacking the Cloud Security Playbook"

Join us tomorrow for "Hacking the Cloud Security Playbook"

May 14, 2026

Join us TOMORROW, Friday [05-15-26], for "Hacking the Cloud Security Playbook"

Join us Friday, May 15th, 2026, for “Hacking the Cloud Security Playbook: An hour of critical thinking about CNAPP in the age of AI development.”

It all begins at 1 PM ET/10 AM PT tomorrow, with guests Dan Benjamin, vp product - data, identity, and AI security, Palo Alto Networks, and Howard Holton, CEO, GigaOm. We'll have fun conversation and games, plus at the end of the hour we'll do our meetup in breakout rooms.

Register for this event on Crowdcast!

Thanks to our Super Cyber Friday sponsor, Palo Alto Networks

Defense in Depth
Why Cyber Startups Need CISO Advisors

All security startups will tell you they talk to potential customers. The problem is that you limit your development when you only talk to CISOs who might buy. It's not the same guidance you'll get from a CISO who advises.

Check out this post by Val Tsanev of the Cyber Risk Alliance for the discussion that is the basis of our conversation. This week’s episode is co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Steve Jensen, CISO, University of Maine System.

Listen to the full episode here.

Building for whom?

Great engineering and market fit are not the same thing. "Every product company has brilliant engineers and technical savants. With all that expertise building products, how many of said product geniuses have spent time in end-to-end architecture build and security design from edge to apps to cloud and now AI," asked Jon Shende of Thales Cybersecurity Products. Knowing what CISOs, CTOs, GRC teams, and legal care about is a different skill set. Marielle Palm found that too many startups have these blinders on. "Building in a bubble is the silent killer. Real validation isn't just talking; it's brutal, unfiltered, and in the room with the people who'll buy. If your advisors aren't challenging you, you're just confirming your bias. That's the real risk."

The only feedback loop that matters

Not everyone is convinced that advisors move the needle. "Only customers matter. People who don't deploy, don't buy, and don't feel the pain don't shape winning products," challenged Aviv Nahum of Above Security. Advisors, he argued, won't deploy because of conflicts of interest, which removes them from the feedback loop that forces the truth. Luigi Lenguito of BforeAI trusts hard numbers. Revenue tells you more than any indication of intent. "Closing sales is a much better indicator that you're on the right track, and at seed one should already have sensible ARR," said Lenguito. In his experience, advisory signals are too variable to trust until procurement enters the picture.

Valid, but for whom?

Founder conviction is an asset until it becomes a blind spot. Anton Chuvakin of Google Cloud Podcast put it well: "The founder thinks they build based on a valid experience. And it is valid. But valid at Google does not mean valid at a 4000-person agricultural equipment maker in the Midwest." Nrupak Shah of Coles added another dimension to that gap. Security products don't just need to work, they need to be easy enough for non-security users to adopt. The real implementation challenge is making cybersecurity capabilities accessible to people who didn't sign up to be cybersecurity practitioners.

Rethink the advisor roster

CISOs open doors, but they may not be the sharpest source of product feedback in the room. Anatoly Chikanov of Primary Ventures suggested founders target a different level of the org chart: "Your VP of security or director will often be great advisors because they are closer to the reality of running XYZ products in production." That proximity to day-to-day operations produces more technically targeted product input. "CISOs can help with logos and intros, but you also need some closer leadership practitioners to help balance that out with some technical acumen."

Please listen to the full episode on your favorite podcast app, or over on our blog, where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Huge thanks to our sponsor, Material

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

Help us get the word out! Share next week’s Super Cyber Friday registration link on LinkedIn, tag me (David Spark) and CISO Series, and you'll be entered for a chance to win an item from our prize store. We'll randomly pick one winner from everyone who shares.

Shadow IT Is an Insider Threat (And Not a Malicious One)

Your employees aren't trying to cause a breach. They're just trying to get their job done.

Ryan Bowman, vp of solutions engineering at ThreatLocker, breaks down why shadow IT is less of a policy problem and more of a tooling problem. When IT doesn't keep up, users find their own solutions, and that's where the exposure starts.

Watch the full clip and read more here.

Huge thanks to our sponsor, ThreatLocker

Cybersecurity Headlines - Department of Know

Our LIVE stream of The Department of Know happens every Friday at 4 PM ET / 1 PM PT with CISO Series producer Richard Stroffolino, and a panel of security pros. Each week, we bring you the cybersecurity stories that actually matter, and the conversations you’ve been having at work all week long.

Friday’s episode will feature Gary Chan, CISO, SSM Health and Peter Liebert, CISO, LifeOmic. Join us on YouTube and catch up on what shaped the week in security.

Thanks to our Cybersecurity Headlines sponsor, Doppel

Participate! Add our live shows to your calendar

Learn more about all of the fun ways you can participate, and add our events to your calendar.

Google Calendar, iCalendar, Outlook, or export an .ics file

Cyber chatter from around the web...
Jump in on these conversations

"CISA says 'Copy Fail' flaw now exploited to root Linux systems" (More here)
"Microsoft Edge stores your passwords in plaintext RAM... on purpose" (More here)
"Chrome is quietly installing a 4GB AI model on your device" (More here)

Coming up on Super Cyber Friday:

[05-15-26] - “Hacking the Cloud Security Playbook”
[05-22-26] - No show
[05-29-26] - “Hacking Pentesting in the Age of Agentic AI”
Register for and add all of these events to your calendar on our Events Page.

Cybersecurity Headlines - Daily News Shorts

Subscribe to the CISO Series YouTube channel, for daily shorts videos from CISO Series reporter, Rich Stroffolino. You can find all of the stories he’s covered, plus new content every weekday, at the Cybersecurity Headlines Shorts YouTube playlist.

Thank you for supporting CISO Series and all our programming

We don’t just say we appreciate your feedback; we incorporate it into our programming. Learn more about all of the fun ways you can participate.

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing on social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.