Super Cyber Fridays!
Join us TOMORROW, Friday [07-18-25], for "Hacking Vendor Competition"

Join us Friday, July 18, 2025, for “Hacking Vendor Competition: An hour of critical thinking about when sales tactics cross the line. ”

It all begins at 1 PM ET/10 AM PT on Friday, July 18, with guests Andy Ellis, principal, Duha, and Gianna Whitver, co-founder and CEO, Cybersecurity Marketing Society. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register now

Defense in Depth
What Are the Cybersecurity Trends We Need To Follow?

We are awash in technologies, ideas, and processes. So much to look at. So much to learn. Where should we be paying the most attention to drive the security practice and the business forward?

Check out this post by Ross Haleiluk of Venture in Security for the discussion that is the basis of our conversation on this week’s episode co-hosted by David Spark, the producer of CISO Series, and Dan Walsh, CISO, Datavant. Joining them is Sneha Parmar, former information security officer, Lufthansa Group Digital.

Listen to the full episode here.

Shifting left, broadening out

Cybersecurity is no longer a downstream problem; it's moving left, integrating earlier into development and supply processes. Jesse Webb, CISO at Avalon Healthcare Solutions, sees significant potential in AI-assisted development: “AI augmented developer teams can truly enforce secure coding practices so that we don’t see the same flaws over and over and over again.” But securing what we build is only part of the picture. Tony Turner of Frenos emphasized that transparency must extend across the entire ecosystem, not just software components: “Supply chain transparency that goes much farther than just SBOM” is what’s needed to manage risk at scale.

The insurance wake-up call

The cyber insurance market is sending clear signals, and they’re not just about premiums. Ymir Vigfusson of Keystrike predicts a market correction in how organizations evaluate tools: “Cyber insurance will increasingly incentivize purchases for products that provide actual security, not just the optics of security.” But that shift comes with limits. “The continual diminishing of the amount of cyber insurance coverage that insurance carriers will sell,” warned cyber insurance maven, Barry Rabkin. Insurance carriers will tighten the belt on companies that previously used insurance as a crutch. George Al Koura, CISO at Ruby, sees a larger cultural shift underway. “Cyber insurance and critical industry compliance legislative mandates are driving a shift in society towards a more educated and scrutinized approach to data management.”

Building trust into the system

The next evolution in security may not come from better tools, but from better decisions at the point of digital engagement. Raj Krishnamurthy of ComplianceCow envisions a model of “OpenTrust in which every service can advertise its own security context, and every consumer of that service can determine if it should do business with it, or ignore or escalate.” David Mundy of Tuskira sees a rising demand for digital authenticity: “Consumers actually caring about and demanding accountability in data security could lead to trust frameworks to verify authenticity of engagement.” Ingemar Dvorsky of SentinelOne warns that this shift must include personal control over AI data use. “Imagine how much data you give out but yet have no transparency. A data privacy key vault could let you decide what data you share with applications.”

Security’s identity crisis

Who owns security, and what that role looks like anymore, is becoming an open question. Fernando Montenegro of The Futurum Group observes an identity shift in the field: “Evolution of roles and responsibilities for security within organizations, tied to multiple factors including career progressions, rise in regulatory landscape, and cognitive overload.” As threats escalate and expectations expand, the security function is being pulled in too many directions, and that fragmentation may be the next big risk.

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Huge thanks to our sponsor, Doppel

Subscribe
Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Cyrus Tibbs, CISO, PENNYMAC.

Thanks to our Cyber Security Headlines sponsor, ThreatLocker

Cyber chatter from around the web...
Jump in on these conversations

“This device is literally invisible to 98% of malicious bad-actors” (More here)

“What’s the bare minimum cybersecurity stack for a small business?” (More here)

“For anyone that's been breached what was a major learning take away?” (More here)

Coming Up On Super Cyber Friday...
Coming up in the weeks ahead on Super Cyber Friday we have:

• [07-18-25] Hacking Vendor Competition

• [07-25-25] Hacking the Security Poverty Line

• [08-01-25] Hacking the Talent Myth

• [08-08-25] Hacking Toxic Culture

 Save your spot and register for them all now!

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.