Super Cyber Fridays!
Join us TOMORROW, Friday [06-27-25], for "Hacking the Internal Politics of Cybersecurity"

Join us on Friday, June 27, 2025, for Super Cyber Friday: “Hacking the Internal Politics of Cybersecurity.”

It all kicks off at 1 PM ET / 10 AM PT, when David Spark will be joined by Alexandra Landegger, global head of cyber strategy & transformation, RTX, and Bethany De Lude, CISO emeritus, The Carlyle Group, for an hour of insightful conversation and engaging games. And at 2 PM ET / 11 AM PT, stick around for our always-popular meetup. This time, it will be hosted right inside the event platform.

Register now on LinkedIn

Remember to add it to your calendar via LinkedIn or on Airmeet link in the invite.

Defense in Depth
Don't Ask "Can" We Secure It, But "How" Can We Secure It

Do security professionals limit themselves when they ask, "If" they can secure something? How would the approach and the problem solving change if they instead asked, "How?"

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by David Spark, the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining is Hanan Szwarcbord, vp, CSO and head of infrastructure, Micron Technology.

Listen to the full episode here.

Embracing growth

A shift in mindset, from restrictive to enabling, may be one of the most powerful tools security teams can adopt. “'How can we?' vs 'can we?' is one of growth vs fixed thinking,” said Pete Salama. “One of the roles of security is to provide checks and balances to enable the business to operate securely, reducing risk, not to limit its innovation and operations.” Aleksandra Melnikova of SquareX echoed this approach, especially in the context of emerging technologies. She pointed out that blocking tools like GenAI may be secure, but often isn’t the most efficient or forward-thinking strategy.

An urgent need for creativity 

Securing AI doesn’t require reinventing the wheel, but it does demand thoughtful application of existing principles to new risks. “It helps that most new things, despite being new, tend to follow foundational tech rules,” said David Ethington of Paramount. “AI takes input and generates output, albeit in a complicated manner. That being said, it has already been shown that you can introduce data that can impact the system in various ways.” David (Wood) Messerly of Cyberhaven pointed to a growing urgency among organizations looking for practical safeguards. “We’re getting asked a lot, ‘How can we put guardrails on shadow AI apps to prevent sensitive/confidential data egress/ingress?’” he said, with common concerns around source code, intellectual property, and customer data flowing through public LLMs.

Get the business context

Understanding the “why” behind a security decision is just as important as figuring out how to implement it. “Especially if it is in the early acquisition stages,” said Robert R., “There might be other alternatives to include—process improvements, impact, additional costs not realized.” Tom Kanan of Mobb echoed the value of this approach, explaining, “I usually break things down with ‘why + how’—why this, why now, why this specific thing?” He emphasized that asking “why” brings in the business context and a broader perspective, which then helps shape a balanced and effective security strategy. “It helps me craft at least some of the strategy for ‘how’—securing it effectively while balancing risk and productivity,” he said.

Embrace your inner theater kid

Reframing the language we use in security conversations can unlock creativity and collaboration. “Two words I have changed are 'can' and 'issues' to 'how' and 'challenges',” said James Porter. “It forces us to think outside the box.” Julia Flick of Hook Security added a dose of improvisational wisdom, championing the collaborative mindset of “‘Yes, and’ all day!!!” She argued this kind of improvisational thinking, rooted in openness and momentum, is precisely why theater kids make great teammates in cybersecurity.

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Huge thanks to our sponsor, Query.ai

Subscribe
Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Bil Harmer, operating partner and CISO, Craft Ventures.

Thanks to our Cyber Security Headlines sponsor, ThreatLocker

Cyber chatter from around the web...
Jump in on these conversations

“I am bored: tell me the worst mistake you have done at your cybersecurity job” (More here)

“For people who have discovered zero day exploits being publicly exploited, how?” (More here)

“Good source for cyber attack post mortems” (More here)

Coming Up On Super Cyber Friday...
Coming up in the weeks ahead on Super Cyber Friday we have:

• [06-27-25] [“Hacking the Internal Politics of Cybersecurity”]

• [07-11-25] [“Hacking the Resilience Mindset”]

 Save your spot and register for them all now!

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.