CISO Series Podcast
When We See White Smoke, We Know We Have a New CISO

The CISO is the leader of a security program. So what is the best way to cultivate relationships with staff?

This week’s episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining them is Russ Ayres, CISO, Principal Financial Group.

Listen to the full episode here.

Metrics that matter

Security leaders continue to chase board-level metrics that nobody believes or cares about. The fundamental problem isn't finding the right number, argued Deb Radcliff in a recent CSO Online piece. It's that most metrics don't tie to actual decisions. Showing security stats won't move the needle if board members can't connect them to choices they care about. The real test is simple: does your metric lead to a conversation about whether to spend money on option A or option B? If it doesn't, you're just sharing trivia. Great storytelling beats great dashboards every time.

Tool babysitting problem

Cybersecurity has devolved into an industry of specialists. Frank Wang of Surge AI argues the industry is full of people who excel at configuring vendor dashboards but struggle with broader architectural thinking. The promise is that AI will flip this dynamic. Machines can master specific tools while humans focus on business logic, attack paths, and root cause analysis. It's an appealing vision of leaner teams but the reality is messier. You'll always need people who can go deep when systems fail. The current crop of SaaS tools is often poorly designed and shifts configuration burdens to customers. AI might help vendors build better setup wizards, but understanding the complexity of your SaaS ecosystem isn't going away.

Automating the brokenness

Organizations keep automating processes they don't understand, scaling dysfunction at machine speed. The problem isn't designing better interfaces or deploying smarter AI, argued Ron Bronson of the University of Michigan. It's that automation faithfully executes whatever broken logic you feed it. The caseworker bypassing eligibility software is a symptom of systems designed without understanding the actual problem being solved. Start with outcomes, not outputs. Too many security teams have automated thousands of access reviews when developers didn't need more reports; they needed easier ways to fix the issues.

Stay connected intentionally

CISOs get pulled in every direction, vendor pitches, incident response, departmental politics, the list goes on. A thread on the cybersecurity subreddit indicates that for many, contact with their CISO is rare. But staying connected to your team isn't optional; it's operational intelligence. The best security leaders live where their teams communicate, whether that's Slack, Teams, or another real-time comms tool. Weekly one-on-ones that don't get deferred. But connection requires discipline: no multitasking during conversations, no defensive reactions when you hear uncomfortable truths, and practiced responses for moments when someone tells you something you don't want to believe. Your open door only works if people trust you'll listen.

Listen to the full episode on our blog or your favorite podcast app, where you can read the entire transcript. If you haven’t subscribed to the CISO Series Podcast via your favorite podcast app, please do so now. 

Thanks to Oscar Morales from Calian IT and Cyber Solutions for providing our "What's Worse" scenario.

Thanks to our podcast sponsor, Strike48

Subscribe
Subscribe to CISO Series Podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "CISO Series Podcast" into your favorite podcast app.

Security You Should Know
Operationalizing Threat Intelligence with Recorded Future

In this episode, Jamie Zajac, Chief Product Officer at Recorded Future, explains how autonomous threat operations can close this gap by automatically deploying intelligence across security controls at machine speed. Joining him are Dan Holden, CISO at Commerce, and Arvin B., CISO at C&S Wholesale Grocers.

Want to know:

• Why do organizations still struggle to operationalize threat intelligence despite massive investments?

• How does threat intelligence translate into board-level metrics that demonstrate business impact?

• What do autonomous threat operations mean and how do they differ from traditional threat intelligence?

• How can intelligence drive faster incident response and more efficient SOC operations?

• Why third-party risk intelligence matters more than vendor questionnaire scores?

• How AI is changing the threat landscape and what defenders should prioritize?

• What does the future of threat intelligence look like in two years?

• How to use intelligence for policy decisions and budget building, not just tactical blocking?

Check out the episode for the answers you need. Find the full episode and article here.

Thanks to our podcast sponsor, Recorded Future

Subscribe
Subscribe to Security You Should Know

Please subscribe via Apple Podcasts, Spotify, Amazon Music, Pocket Casts, RSS, or just type "Security You Should Know" into your favorite podcast app.

Best advice for a CISO…

“First of all, don't be a CISO. It's a rough job and you've got to have better options. There are many things that you could do that probably as a ratio of risk versus reward [Laughter] are definitely better areas for you to invest your time. But if you must, then you probably want to make sure that you focus on explicit gaps, not trends. I definitely think the issues that we've had over the CISO world are kind of breaking apart people into a hype cycle of tools and those of us that are fundamentalists. And so, I would say, try to focus on the fundamentals. “ - Russ Ayres, deputy CISO & head of cyber, Equifax

Listen to the full episode of “When We See White Smoke, We Know We Have a New CISO”

Simple Security Solutions That Deliver a Big Impact

"You should probably assume that privilege escalation is going to happen in the same way you could say you should probably assume a breach is going to happen. But privilege escalation is a pretty common. It's a fundamental part of basically any attack or any breach, and you should assume it's going to happen and act accordingly." - Rob Allen, chief product officer, ThreatLocker

Listen to the full episode of “Simple Security Solutions That Deliver a Big Impact”

Subscribe to our newsletters on LinkedIn!

CISO Series Newsletter - Twice every week

Cybersecurity Headlines Newsletter - Every weekday

Security You Should Know Newsletter - Weekly

How ThreatLocker's MDR Operates So Efficiently

David Spark sat down with John Lilliston, detect product director at ThreatLocker, to discuss how ThreatLocker’s MDR service stands out. Discover how integrating MDR with their zero trust approach can effectively reduce attack surfaces and provide seamless detection capabilities.

Watch the full video, listen to the podcast episode, and read the article for more insights: “Simple Security Solutions That Deliver a Big Impact.”

A big thank you to our sponsor, ThreatLocker

CISO Series Podcast Returns to BSidesSF (3-21-26)

On the eve of RSA Conference, CISO Series Podcast returns to BSidesSF for a live audience recording in San Francisco. David Spark will be joined on stage by Mike Johnson, CISO, Rivian, and Sara Madden, CISO, Convera.

It’s all happening on March 21, 2026 at 2:45 PM. Tickets are available via BSidesSF here, and you can get all the information you need here.

Thank you to our sponsor, Nudge Security

Cybersecurity Headlines - Department of Know

Our LIVE stream of The Department of Know happens every Monday at 4 PM ET / 1 PM PT with CISO Series producer Richard Stroffolino, and a panel of security pros. Each week, we bring you the cybersecurity stories that actually matter, and the conversations you’ll be having at work all week long.

Monday’s episode featured Chris Ray, field CTO, GigaOm, and Nick Ryan, former BISO. Missed it? Watch the replay on YouTube and catch up on what’s shaping the week in security.

Join us again next week, and every Monday.

Thanks to our Cybersecurity Headlines sponsor, ThreatLocker

Join CISO Series Podcast live at ThreatLocker's Zero Trust World 2026, March 4-6th, 2026 in Orlando, FL. Use coupon code ZTWCISOSERIES26 to get $200 off your ticket.

Super Cyber Fridays!
Join us NEXT Friday for “Hacking the Future of Log Data”

Join us again on Friday, February 20, 2026, for Super Cyber Friday: “Hacking the Future of Log Data: An hour of critical thinking about why your traditional SIEM is telling only a fraction of the story.”

It all kicks off at 1 PM ET / 10 AM PT, when Rich Stroffolino will be joined by Tim Leehealey, vp of corporate strategy and operations, Strike48, and Nick Falzarano, director, information security, TE Connectivity, for an hour of insightful conversation and engaging games. And at 2 PM ET / 11 AM PT, stick around for our always-popular meetup, hosted right inside the event platform.

Register now

Thanks to our Super Cyber Friday sponsor, Strike48

Cybersecurity Headlines - Daily News Shorts

Subscribe to the CISO Series YouTube channel, for daily shorts videos from CISO Series reporter, Rich Stroffolino. You can find all of the stories he’s covered, plus new content every weekday, at the Cybersecurity Headlines Shorts YouTube playlist.

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.