Join us TOMORROW, Friday [04-03-26], for "Hacking Trust in Leadership"

Join us Friday, April 3, 2026, for “Hacking Trust in Leadership: An hour of critical thinking about how to build productive relationships within your security team.”

It all begins at 1 PM ET/10 AM PT tomorrow, with guests Jack Leidecker, CISO, Gong, and Doug Mayer, vp, CISO, WCG We'll have fun conversation and games, plus at the end of the hour we'll do our meetup in breakout rooms.

Register for the Super Cyber Friday event series. Join us for just this episode, or choose to register for all of our upcoming episodes in this ongoing event series.

Defense in Depth
How to Be Less Busy and More Effective in Cyber

There's no shortage of frameworks that offer ways to manage and configure your security program. While they may be providing some guidance, are they offering advice that appears beneficial but doesn't actually improve your security posture?

Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by David Spark, the producer of CISO Series, and Ross Young, co-host, CISO Tradecraft. Joining them is Dan Walsh, CISO, Datavant. Be sure to check out Ross's book Cybersecurity's Dirty Secret: Why Most Budgets Go to Waste.

Listen to the full episode here.

Patterns hiding in plain sight 

Being busy isn't a virtue in cybersecurity. It's an attack on effectiveness. Tarak Hamba of Onward Platforms knows how we all get busy, with meeting overload and everything marked as urgent in a flooded inbox. This isn't random chaos, but "repeatable patterns that quietly degrade thinking." He's seen the impact this can have, saying, "I've seen technically strong teams struggle not because of lack of skill or intent, but because attention was constantly fragmented long before meaningful decisions had to be made." Treating countermeasures like calendar auditing and protected focus time as defensive controls makes "the cost of context switching tangible instead of abstract." Marco Ermini, CISO at EQS Group, pointed out that this isn't just a security problem. As he aptly put it, "Busy is a very old stupid."

Activity vs. advancement 

Looking busy and being effective are two very different things. Michael Rebultan asked if "busy" has become the default operating mode: "How do we know whether our SOCs and leadership are truly advancing security, or just perfecting the art of looking important without moving the needle?" Jeremy French, CISO at Stetson University, experiences this daily through back-channel requests that land outside any formal system. Everyone flags their issue as high priority and demands immediate resolution. His countermeasure is simple but effective: "If it isn't in a ticket, don't focus on it."

The human cost 

Of all the ways busyness degrades organizations, boundary erosion is the most damaging. Athanassios Tony Michailidis singled out the gradual elimination of work-life boundaries as an urgent issue, seeing it cause "devastating effects on families and people's physical and mental health." Chris Mixter of Gartner offered a concrete countermeasure he calls "Regret-Based Calendar Management." Each quarter, the executive reviews the prior three months of calendar entries to identify meetings he didn't need to attend, then has his assistant systematically eliminate similar commitments in the quarter ahead. It sharpens his sense of where his time matters, Mixter noted, and as a bonus, "the task frankly delights his assistant."

Frameworks about frameworks 

There is a certain irony in building a new framework to critique the inefficiencies baked into existing ones, and Mauricio Ortiz of Merck did not miss it. He noted the humor in using one framework to argue that others are cluttered with unproductive steps. But don't mistake his skepticism for a lack of respect. "I would highlight my admiration for the huge efforts many smart people in the industry put into the ideation and refinement of those frameworks." His view is that all frameworks carry genuine value and good intent. The problems tend to emerge not from the frameworks themselves, but from how they are applied.

Please listen to the full episode on your favorite podcast app, or over on our blog, where you can read the full transcript. If you're not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our podcast sponsor, Fenix24

Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

How to earn trust from a team that's been burned?

When a team has been burned by a leader before, you can't talk your way to trust. You have to earn it action by action.

We asked our community what it actually takes to rebuild. The consensus: listen before you change anything, protect your people when things get hard, and play the long game, because trust takes a lifetime to earn and only moments to lose.

Thanks to our guests:

• Mark Eggleston, CISO, CSC

• Sam Jacques, VP of clinical engineering, McLaren Health Care

• Krista Arndt, associate CISO, St. Luke's University Health Network

• Montez Fitzpatrick, CISO, Navvis

Want to keep the conversation going? Join us on 04-03-26 for Super Cyber Friday, "Hacking Trust in Leadership." Register here.

The Cool and Not-So-Cool of RSA 2026

David Spark just got back from RSA, and he has some thoughts. From the rapid evolution of agentic AI, to the rise of homegrown AI-built security tools, this year’s conference made one thing clear: the industry is moving fast, and the gap between those embracing AI and those dabbling is widening. Plus: guerrilla marketing wins, color-coded vendor charts lose, and a first-timer gets some hard-won advice.

Read David’s full RSA wrap-up here.

LIVE CISO Series Podcast Recording in NYC

New York-area cybersecurity professionals, this one's for you.

CISO Series Podcast is recording live at Intezer's AI SOC Live event at Nasdaq in New York City. David Spark will be joined on stage by Mitchem Boles, Field CISO, Intezer, and Nick Vigier, CISO, Oscar Health.

This is an invitation-only event capped at 70 attendees — space is extremely limited.

It's all happening on April 27, 2026 at 3:30 PM.

Request your invite here.

Huge thanks to our sponsor, Intezer

Cybersecurity Headlines - Department of Know

Our LIVE stream of The Department of Know happens every Monday at 4 PM ET / 1 PM PT with CISO Series producer Richard Stroffolino, and a panel of security pros. Each week, we bring you the cybersecurity stories that actually matter, and the conversations you’ll be having at work all week long.

Monday’s episode featured Dennis Pickett, vp, CISO, Westat, and Jacob Combs, CISO, Tandem Diabetes Care. Missed it? Watch the replay on YouTube and catch up on what’s shaping the week in security.

Join us again next week, and every Monday.

Thanks to our Cybersecurity Headlines sponsor, ThreatLocker

Cyber chatter from around the web...
Jump in on these conversations

"Iran-linked hackers breach FBI director's personal email, publish excerpts online" (More here)

"Self-propagating malware poisons open source software and wipes Iran-based machines" (More here)

"A major hacking tool has leaked online, putting millions of iPhones at risk" (More here)

Coming up on Super Cyber Friday:

• [04-03-26] “Hacking Trust in Leadership”

• [04-10-26] “ Hacking Vendor Trust”

• [04-17-26] “Hacking AI Trust”

• [04-24-26] “Hacking Trust in Security”

Register for the Super Cyber Friday event series. You can register for all upcoming episodes in this ongoing event series. After you register, you can add events to your calendar right on our event series Airmeet page.

Cybersecurity Headlines - Daily News Shorts

Subscribe to the CISO Series YouTube channel, for daily shorts videos from CISO Series reporter, Rich Stroffolino. You can find all of the stories he’s covered, plus new content every weekday, at the Cybersecurity Headlines Shorts YouTube playlist.

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.