CISO Series Podcast
We're All for a Responsible AI Rollout as Long as It Goes as Fast as Possible

Almost all organizations have some concrete AI adoption plan either in progress or on their roadmap. Great. Too bad many of these organizations don't have any plans for AI oversight. How do we balance the speed of innovation with security and compliance concerns?

This week’s episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Jennifer Swann, CISO, Bloomberg Industry Group.

Listen to the full episode here.

Vulnerability management vs. configuration control

Traditional vulnerability management continues to dominate cybersecurity budgets and attention. But are we fighting the wrong battle? "While the cybersecurity industry continues its obsession with CVE tracking and patch management, a growing number of practitioners are questioning whether we're fighting the wrong battle," according to a recent thread on r/cybersecurity. We know abandoning traditional vulnerability management entirely would be shortsighted. Remember Log4j? The core issue isn't choosing between CVEs and misconfigurations, but rather developing better prioritization that treats any risk as a vulnerability worth addressing. Prioritization is the name of the game.

Open-source security and supply chain trust

The cybersecurity community faces a critical blind spot in the "verify" portion of the trust-but-verify approach when it comes to open-source software. "While open source software powers over 90 percent of modern applications, the cybersecurity community has largely ignored the glaring absence of the verify portion in the trust by verify," said Dan Lorenc, CEO of Chainguard. The XZ Utils backdoor discovery noted that sophisticated actors are operating on a different time scale. They can take years to target a critical open-source component. The challenge isn't trivial.

Building security leadership presence

Landing a cybersecurity job goes beyond technical credentials and certifications on your resume. "In cybersecurity, landing the job isn't just about what's on your resume or the search you've racked up. It's about how you show up when the pressure's on," said veteran security managers on the cybersecurity subreddit. What happens when you have to deal with an incident? How do you manage that? Others are watching and how you come out on the other end will define you as a security professional.

AI governance and enterprise risk

Artificial intelligence agents promise to revolutionize business operations. Problem is "AI agents have blurred traditional boundaries between data, logic and action in ways that create entirely new risk categories." The agentic decisions of AI is like having a new employee who's pretty good running without supervision. Pretty good means there's still going to be issues. Sure, be innovative, but geez have a plan to continuous monitoring. You wouldn't let a new hire go wild without being checked in on once in a while.

Listen to the full episode on our blog or your favorite podcast app, where you can read the entire transcript. If you haven’t subscribed to the CISO Series Podcast via your favorite podcast app, please do so now.

Thanks to Jonathan Waldrop, former CISO, The Weather Company for providing our "What's Worse" scenario.

Thanks to our podcast sponsor, Vanta

Subscribe
Subscribe to CISO Series Podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "CISO Series Podcast" into your favorite podcast app.

What I love about cybersecurity…

“I love that cybersecurity is never boring. I'm a doer. I like to learn. I like to get my hands dirty. I like to find ways to clear up my team cycles by automation and leveraging emerging technologies like AI and just learning about new things.“ - Jennifer Swann, CISO, Bloomberg Industry Group

Listen to the full episode of “We're All for a Responsible AI Rollout as Long as It Goes as Fast as Possible.”

How to Deal with Last Minute Compliance Requirements

"These compliance roadblocks are actually opportunities. You can turn your pain into progress — expand into new markets, differentiate yourself, and show that you’re making investments. Don’t just see a nuisance; flip it into growth." - Pukar Hamal, founder and CEO, SecurityPal

Listen to the full episode of “How to Deal with Last Minute Compliance Requirements”

Subscribe to our newsletters on LinkedIn!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Security You Should Know Newsletter - Weekly

PREVIEW: CISO Series Podcast LIVE in LA

Join David Spark for another CISO Series Podcast recording! We'll be in wonderful Los Angeles, on the beach at the Annenberg Community Beach House as part of the ISSA LA Cyber Security Summit 2025.

Joining David on stage will be Quincey Collins, CSO, at Sheppard Mullin, and Jeff Steadman, deputy CISO, Corning Incorporated.

You need to get tickets HERE. Use the discount code CISOSERIES20 to get 20% off.

Watch the full preview video HERE.

WHEN: September 18, 2025. Doors open at 8:30 am and we'll be recording in the afternoon.

WHERE: Annenberg Community Beach House, 415 Pacific Coast Highway Santa Monica, CA 90402

Big thanks to our sponsors, Adaptive Security and Dropzone AI

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Ray Espinoza, vp of information security, Elite Technology.

Thanks to our Cyber Security Headlines sponsor, ThreatLocker

Super Cyber Fridays!
Join us Friday for “Hacking AI in Meetings”

Join us on Friday, September 5th, 2025, for Super Cyber Friday: “Hacking AI in Meetings: An hour of critical thinking about how to avoid liability while getting value from your recordings.”

It all kicks off at 1 PM ET / 10 AM PT, when David Spark will be joined by Joe Essenfeld, CEO, FORA, and Doug Mayer, vp, CISO, WCG, for an hour of insightful conversation and engaging games. And at 2 PM ET / 11 AM PT, stick around for our always-popular meetup, hosted right inside the event platform.

Register now

Thanks to our Super Cyber Friday sponsor, FORA

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.