Join us TOMORROW, Friday [05-01-26], for "Hacking the Death of Entry-Level Jobs"

Join us Friday, May 1, 2026, for: “Hacking the Death of Entry-Level Jobs: An hour of critical thinking about how to get your foot in the door in the age of AI.”

It all begins at 1 PM ET/10 AM PT tomorrow, with guests Kathleen Mullin, former CISO, MyCareGorithm, and Mathew Biby, director of cybersecurity, TixTrack. We'll have fun conversation and games, plus at the end of the hour we'll do our meetup in breakout rooms.

Register for this event on Crowdcast!

Defense in Depth
How Do You Know If Your Backups Will Survive a Ransomware Attack?

Every organization wants to be able to recover from a ransomware attack. So why does no one seem to test properly for it?

Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Heath Renfrow, co-founder, Fenix24.

Listen to the full episode here.

Knowing which systems to save first 

Business context has to come before recovery planning. Andrew Wilder, CSO at Vetcor, argued that the starting point is to identify which systems are business-critical, understand their interdependencies, and protect them above all else. He said, "Once we know that, how are we continuously testing our resilience?... When you assume breach, your mindset changes to continuous resilience."

Recovery is a business conversation, not an IT ticket 

The language of recovery matters. Most incident response plans focus on what teams need to do rather than what the business needs to know. Restoring Active Directory is "an 'IT problem,' not a 'business problem,'" and that framing leaves executives without the context they need, said Daniel Frye of BreachRx. Fernando Maymi of Anomali pushed further, arguing that business continuity planning is the missing piece. "Ransomware is fundamentally a business disruption event, not just a cybersecurity incident," he said. Incident response and disaster recovery matter, but business continuity planning defines how the organization keeps operating during the disruption. "The real differentiator isn't whether you can recover after you get hit, it's whether the business can stay operational when you do," said Maymi.

Not all systems are created equal 

Traditional business continuity planning wasn't built for ransomware. Unlike a fire or server failure, a ransomware attack is executed by a hostile adversary, and you cannot restore everything at once. Simon Goldsmith, CISO at OVO, said knowing what to recover first means knowing which systems keep the business running and which ones give a threat actor the most leverage. Tony Gonzalez of Innervision Services added that recovery playbooks need to be detailed and tested at backup time and periodically thereafter, but many organizations fall short by focusing on data and applications while overlooking physical or virtual server configurations. Kim Wallace of HPE brought it back to outcomes, asking whether, once data is restored, the application can recover to a minimal viable product. "These details are typically surfaced in a Business Impact Assessment to identify risk and investments needed to successfully recover the business MVP," said Wallace.

Recovery knowledge as a governed asset 

Most organizations can restore a server. Far fewer can answer the hard questions under pressure. Eduardo Ortiz of Techtronic Industries reframed the core issue, saying, "Recovery maturity isn't a backup problem, it's a knowledge management problem." Which systems come back first, what dependencies only two engineers know, and whether identity can be rebuilt fast enough to use what was restored. Active Directory recovery alone "is its own discipline most teams have never rehearsed," he said. The maturity shift comes when recovery knowledge stops being tribal and becomes governed. This requires dependency maps, identity runbooks, SaaS recovery paths, and decision authority, all of which are documented, tested, and owned before the incident. "Tabletops test communication. Technical drills test execution. The gap between them is where most recoveries break down," added Ortiz.

Please listen to the full episode on your favorite podcast app, or over on our blog, where you can read the full transcript. If you're not already subscribed to Defense in Depth podcast, please go ahead and subscribe now.

Huge thanks to our sponsor, Fenix24

Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

Ask Me Anything - April 2026

Our monthly AMA on r/cybersecurity on Reddit is ongoing throughout this week! Our topic is "I'm a security professional in the healthcare industry. Ask me anything about the unique challenges of working in this space."

Healthcare security professionals face a distinct set of challenges. From protecting patient data and clinical systems to navigating regulatory pressures and the unique risks that come with life-critical infrastructure. This month's panel brings together CISOs and security leaders from across the healthcare space to share what it's really like to work on the front lines of this industry.

Please ask questions for our participants here.

This month's participants are:

• Errol Weiss, (u/SecretaryWise6205), CISO, Health-ISAC

• Jack Kufahl, (u/AccidentalCISO1817), CISO, Michigan Medicine

• Samantha Jacques, (u/MedDevGuru786), VP of clinical engineering, McLaren Health Care

• Jason Elrod, (u/CISO_Jason), CISO, MultiCare Health System

• Montez Fitzpatrick, (u/Beneficial-Expert635), CISO, Navvis

• Gary Longsine, (u/IntrinsicSecurity), CEO, Intrinsic Security

Thanks to all of our participants for contributing!

Deny Everything, Allow Only What You Need with ThreatLocker

Denying by default sounds simple, and it is. The hard part is knowing what to allow, and building a system that makes permit-by-exception actually manageable.

Rob Allen from ThreatLocker breaks down how the product has evolved to solve that core zero trust challenge: not the blocking, but the intelligent permitting. He talks about how customer feedback, from advisory boards to hallway conversations at events, has shaped where ThreatLocker draws the line between security and usability.

When you strip away every feature and every component, what you're really selling is peace of mind. Read more and watch the full video.

Thanks to our sponsor, ThreatLocker.

Cybersecurity Headlines - Department of Know

Our LIVE stream of The Department of Know happens every Friday at 4 PM ET / 1 PM PT with CISO Series producer Richard Stroffolino, and a panel of security pros. Each week, we bring you the cybersecurity stories that actually matter, and the conversations you’ve been having at work all week long.

Friday’s episode will feature Janet Heins, CISO, ChenMed, and TC Niedzialkowski, head of IT & security, Opendoor. Join us on YouTube and catch up on what shaped the week in security.

Thanks to our Cybersecurity Headlines sponsor, Guardsquare

Participate! Add our live shows to your calendar

Learn more about all of the fun ways you can participate, and add our events to your calendar.

Google Calendar, iCalendar, Outlook, or export an .ics file

Cyber chatter from around the web...
Jump in on these conversations

• "Bluetooth tracker hidden in a postcard and mailed to a warship exposed its location — $5 gadget put a $585 million Dutch ship at risk for 24 hours" (More here)

• "Anthropic's Mythos model accessed by unauthorized users, Bloomberg News reports" (More here)

• "UK security agency officially declares passkeys superior to passwords – and passkeys should be the 'first choice' for authentication" (More here)

Coming up on Super Cyber Friday:

• [05-01-2026] “Hacking the Death of Entry-Level Jobs”

• [05-08-2026] “Hacking the End of Compliance”

• [05-15-2026] “Hacking the Cloud Security Playbook”

Register for and add all of these events to your calendar on our Events Page.

Cybersecurity Headlines - Daily News Shorts

Subscribe to the CISO Series YouTube channel, for daily shorts videos from CISO Series reporter, Rich Stroffolino. You can find all of the stories he’s covered, plus new content every weekday, at the Cybersecurity Headlines Shorts YouTube playlist.

Thank you for supporting CISO Series and all our programming

We don’t just say we appreciate your feedback; we incorporate it into our programming. Learn more about all of the fun ways you can participate.

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing on social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.