Brought to you by:Check Point (www.checkpoint.com)Armis (www.armis.com)Guidepoint Security (www.guidepointsecurity.com)🎙️ Episode SummaryDuring The Professional CISO Show – St. Louis Tour Stop, Zach Lewis joins host David Malicoat to discuss his path from IT support to the executive suite, his experience navigating a real ransomware incident, and his forthcoming book Locked Up (Wiley, 2026).Wiley Books: https://www.wiley.com/en-us/Locked+Up%3A+Cybersecurity+Threat+Mitigation+Lessons+from+A+Real-World+LockBit+Ransomware+Response-p-9781394357048 Zach also explores how wilderness survival parallels cybersecurity—teaching preparedness, adaptability, and mental endurance—and why CISOs must lead with transparency and authenticity. 🔑 Key TakeawaysCIO and CISO roles are converging faster than ever in modern enterprises.Sharing real breach stories removes stigma and helps the community grow.Wilderness survival mirrors the mindset needed for effective incident response.Writing a book can transform your professional credibility and brand.Visibility matters: every CISO should cultivate a public voice.💬 Notable Quotes“Being out in the woods is like one giant tabletop exercise.”“No one talks about ransomware because of the stigma—I wanted to change that.”“When you find that unique idea, run with it.”“Everything is bearable—until it’s not, and then you die.”“Build your personal brand so you never have to go job hunting again.”🎁 Listener BenefitsHear a first-hand ransomware leadership storyLearn how to balance dual CIO and CISO responsibilitiesGain inspiration to publish your own cybersecurity insightsDiscover the surprising connection between wilderness survival and cybersecurity strategy📣 Call to ActionFollow The Professional CISO Show on your favorite platform for conversations that move the cybersecurity profession forward. 🔗 Connect with Us🌐 www.thpc.co💼 The Professional CISO Show on LinkedIn🎥 Watch on YouTube🎧 Spotify🍏 Apple Podcasts
Episode SummaryRecorded live at HOU.SEC.CON, The Professional CISO Show welcomes Tommy Perniciaro, Director of Solutions Architecture at LayerX, to explore why the browser has become the least-instrumented layer in the modern security stack — and how CISOs can finally gain visibility and control over it. David and Tommy discuss everything from malicious browser extensions and OAuth-based phishing to AI prompt leakage and the emergence of “AI browsers.” Listeners will walk away with a new appreciation for the browser as the enforcement point of the future — and practical insights on deploying LayerX to close this growing gap. Key TakeawaysThe browser is now a primary attack surface for enterprise users.LayerX gives security teams visibility and control without replacing browsers.GenAI tools and prompts can leak sensitive data if not monitored at the DOM level.OAuth-based phishing is bypassing traditional email and network defenses.Secure enterprise browsers struggle with user adoption — LayerX works inside the browsers you already have.AI browsers are emerging as the next battleground for identity and data protection.Post-quantum cryptography will further challenge network-layer inspection.Notable Quotes“The browser is where all the work is happening — SaaS, AI, identity — but it’s the least instrumented control plane we have.” – Tommy Perniciaro “Without visibility at the DOM level, you’re flying blind to what extensions, prompts, and identities are doing inside your environment.” – David Malicoat “Phishing doesn’t need your password anymore. OAuth grants and browser-based attacks are where it’s moving.” – Tommy Perniciaro “LayerX turns the browsers your people already use into secure browsers — no new deployment, no friction.” – David Malicoat “Post-quantum encryption will change inspection forever. The browser may become the new enforcement point.” – Tommy Perniciaro Listener BenefitsUnderstand why browser visibility is critical in today’s SaaS-driven enterprise.Learn how to prepare your organization for the age of GenAI and AI browsers.Get practical deployment and change management insights for LayerX and similar solutions.Discover how browser-level inspection complements your EDR and network security stack. Call to ActionSubscribe to The Professional CISO Show on your favorite platform and join the movement to professionalize the CISO role.🎧 Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673🍎 Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021🌐 Website: www.thpc.co
Episode Summary In this episode, host David Malicoat sits down in St. Louis, Missouri with Gary Chan, Chief Information Security Officer at SSM Health — and a professional Security Mentalist. Gary blends his background in cybersecurity, engineering, and mentalism to bring a refreshingly human and creative approach to leadership, awareness, and influence in the world of cyber. From performing mind-reading demonstrations to explaining how storytelling drives executive buy-in, Gary shows us how creativity and communication can transform a CISO’s impact inside and outside the organization. They dive deep into how CISOs can become better leaders, storytellers, and advocates for security — and why selling the “why” is far more powerful than explaining the “how.” Key Takeaways🎩 Magic Meets Cybersecurity: How Gary uses mentalism and showmanship to make security awareness engaging and unforgettable.🧭 The Future of the CISO: Why tomorrow’s security leaders must master storytelling, influence, and emotional intelligence — not just technology.💼 Selling the Business Case: How to translate “reduce risk” into tangible stories that matter to the CFO, board, and business leaders.🧠 Leadership Lessons from the Stage: What performing magic taught Gary about persuasion, empathy, and audience connection.💡 From VAR to Healthcare CISO: Gary’s career journey through consulting, sales, and healthcare leadership — and the lessons he carried forward.Notable Quotes“When you’re a senior leader, it’s all about storytelling — people need to understand how security ties back to why the organization exists.”“Nobody cares about reducing risk. They care about the impact to them — their goals, their reputation, their mission.”“Magic and cybersecurity aren’t that different — both are about understanding people’s perceptions and guiding them toward the right conclusion.” Listener BenefitsLearn how to communicate cybersecurity’s value through stories, not statsDiscover practical ways to make security awareness fun and memorableGain insight into leadership and influence beyond the technical realmHear real-world lessons on career growth from consulting to the CISO seatCall to Action ✅ Follow The Professional CISO Show on LinkedIn🎧 Listen and Subscribe on Spotify or Apple Podcasts🌐 Visit THPC.co for show updates and events Guest InformationGary ChanChief Information Security Officer, SSM HealthSecurity Mentalist & Speaker🔗 Website: gschan2000.com🔗 Search “Gary Chan Security Mentalist” for more information SponsorsThis episode is made possible by:Check Point – 2025 Workspace Security Insights Roadshow (www.checkpoint.com)Armis – 2025 Cyber Warfare Report (www.armis.com)GuidePoint Security – Trusted cybersecurity expertise across Fortune 500 and government agencies (www.guidepointsecurity.com)Hashtags#TheProfessionalCISO #CybersecurityLeadership #CISO #GaryChan #SecurityAwareness #CyberCulture #SecurityMentalist #LeadershipDevelopment #StorytellingInSecurity #CISOShow #THPCShow
Episode SummaryIn this episode, David Malicoat sits down with Kate Goldman, founder and CEO of Cybermaniacs, to challenge one of cybersecurity’s oldest assumptions — that humans are the weakest link. Kate argues it’s time for CISOs to rethink human risk, culture, and resilience in the modern organization. Together, David and Kate explore the emerging field of Human Risk Management, the idea of the Human Operating System, and how leaders can leverage psychology, culture, and AI to build resilient teams that thrive in the age of digital transformation. Key TakeawaysWhy the phrase “humans are the weakest link” needs to be retired.The concept of the Human Operating System — and how to “patch” human vulnerabilities.How to evolve from compliance-based awareness to behavior-based resilience.Why culture, psychology, and norms are the real keys to cybersecurity success.The intersection of AI and human risk — and how workforce roles must evolve.Why the next wave of cyber resilience will require rethinking training, learning, and leadership. Notable Quotes“Humans aren’t the weakest link — they’re the core operating system of your business.” — Kate Goldman“You can’t compliance people into good behavior. You have to design the culture around it.” — Kate Goldman“We’ve thrown chaos into a system we barely understood — AI has made human risk even more concentrated.” — Kate Goldman“CISOs must learn to use culture and psychology as part of their playbook.” — David Malicoat“The next era of security isn’t just about tech resilience — it’s about human resilience.” — Kate Goldman Listener BenefitsBy listening, cybersecurity leaders will gain:A new framework for understanding and managing human risk.Insights into integrating behavioral science and culture into cybersecurity programs.Practical ideas for evolving awareness, resilience, and workforce readiness in the AI era.Call to ActionIf you believe it’s time to professionalize the role of the CISO, hit Follow on Spotify or Apple Podcasts, and visit us at www.thpc.co for upcoming episodes and tour dates. Connect with UsLinkedIn: https://www.linkedin.com/company/the-professional-ciso-showYouTube: http://www.youtube.com/@TheProfessionalCISOSpotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021Guest InfoKate GoldmanCEO & Founder, Cybermaniacswww.thecybermaniacs.comFollow on LinkedIn: Kate Goldman SponsorsThis episode is made possible by:MagicMirror Security — “The magic happens when security is invisible.” magicmirrorsecurity.com/thpc Related EpisodesEp. 80 – Stop Rolling Your Eyes: AI Is Your CISO Leadership OpportunityEp. 82 – Responsible AI in Cybersecurity with Alain EspinosaEp. 85 – LLMs vs SLMs: The Future of AI in Cybersecurity Hashtags#CyberSecurity #CISO #HumanRisk #CyberAwareness #AIinSecurity #CyberCulture #Leadership #CyberResilience #TheProfessionalCISOShow
Episode Summary:Joe Sullivan returns to The Professional CISO Show for a wide-ranging discussion with host David Malicoat. Together, they unpack the Salesforce hack, SaaS application blind spots, identity and access management, AI noise versus real use cases, and how security teams must evolve. Joe also shares candid lessons from crisis leadership, regulatory scrutiny, and the personal realities of being a CISO under fire. Key Takeaways:Why SaaS security is still a blind spot — and how attackers exploit itIdentity, cookies, and why current authentication standards fall shortThe fading CIO role and the rise of security leaders managing ITHow AI will reshape both security threats and team structuresAppSec’s critical role in the future of cybersecurityBuilding true organizational resilience in the age of ransomwareJoe’s personal reflections on accountability, recovery, and resilienceNotable Quotes:“We can’t buy our way to good identity security yet.” – Joe Sullivan“AI is just a hyper speed version of a human problem.” – Joe Sullivan“Sooner or later, every CISO faces crisis — and we must prepare like firefighters.” – Joe Sullivan“The CEO wants a digital risk leader, not just a security leader.” – Joe SullivanListener Benefits:Gain insight into current and emerging cybersecurity risksLearn practical approaches to SaaS and identity securityUnderstand how AI will transform both attacks and defensesHear candid reflections on resilience, leadership, and accountabilityCall to Action:🎧 Subscribe and listen:Spotify: The Professional CISO ShowApple Podcasts: The Professional CISO Show💼 Connect on LinkedIn: The Professional CISO Show🌐 Learn more: www.thpc.co
"I get it. I need to stop banging on the table. This will be fixed in future episodes. Sorry for the poor sound experience." - David Get your Responsible AI Vendor Due Diligence Checklist here: https://webforms.pipedrive.com/f/ccV6a7kFIWKZpodmLcDbBhKhYnVU5N81A2tM20DGC8gepc0UtzfcqYaHXfzBi8gzuz Episode Summary:In this episode of The Professional CISO Show, David Malicoat explores whether “Responsible AI” pledges from vendors are genuine safeguards or simply marketing buzz. Using Zscaler’s recent claims as a case study, David walks through vendor promises, compliance implications, audit gaps, and blind spots around explainability, bias, and portability. The episode introduces a practical CISO Vendor AI Evaluation Sheet across six domains — data handling, AI governance, auditability, liability, transparency, and exit strategy — to help CISOs push beyond assurances and demand evidence. Key Takeaways:Why “Responsible AI” is often indistinguishable from “Responsible Marketing”The compliance challenges with GDPR, HIPAA, CCPA, SR 11-7, and the EU AI ActHow metadata, audit evidence gaps, and third-party dependencies introduce hidden riskWhy boards must be educated on AI risk vs. AI marketing hypeWhy CISOs must own the Responsible AI conversation before regulators step inNotable Quotes:“Responsible AI should be more than a press release. It must be auditable, enforceable, and defensible in front of a regulator.”“When regulators knock, they won’t call the vendor first. They’ll call you.”“Don’t just take a vendor’s word for it — ask hard questions, demand evidence, and get it in writing.”Listener Benefits:By listening, you’ll gain a sharper lens for evaluating AI vendor claims, practical tools to strengthen your vendor management process, and strategies to get ahead of inevitable regulation. Call to Action:👉 Download the free CISO Vendor AI Evaluation Sheet from the show notes.👉 Share this episode with your peers and comment your perspective on LinkedIn.👉 Subscribe on Spotify, Apple Podcasts, and YouTube.🔖 Hashtags#ResponsibleAI #CISO #CybersecurityLeadership #TheProfessionalCISO #AICompliance #VendorRisk #AIGovernance
Sponsors:ObservoAI (www.observo.ai)Guidepoint Security (www.guidepointsecurity.com) Episode Summary:AI isn’t just hype anymore — it’s transforming the way enterprises operate. At GPSEC St. Louis, David Malicoat sits down with Felix Simmons, Principal Security Architect at GuidePoint Security, to cut through the noise around AI adoption, risk, and controls. Felix explains why AI is unlike past technology waves, how business demand is driving adoption faster than security teams can keep up, and what enterprises can do to prepare. From agentic AI and non-human identities to offline models and emerging security tooling, this conversation offers a practical guide for CISOs navigating AI in the enterprise. What You’ll Learn in This Episode:The real risks of AI adoption beyond the hypeHow business-driven demand changes the security equationWhy AI controls lag adoption — and what to do about itThe rise of agentic AI and new identity risksOffline models, adversarial risks, and scanning challengesWhat the future of AI-driven enterprise security may look likeGuest:Felix Simmons — Principal Security Architect, GuidePoint Security Links & Resources:🌐 Website: www.thpc.co📺 Watch More Episodes: http://www.youtube.com/@TheProfessionalCISO 🎧 Listen on https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673 🍏 Listen on https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021 💼 Connect on https://www.linkedin.com/company/the-professional-ciso-show Hashtags:#Cybersecurity #CISO #AI #EnterpriseSecurity #GPSEC #GuidePointSecurity #ObservoAI
Summary:Recorded live at CISO XC DFW, this episode of The Professional CISO Show features three powerful conversations from leaders shaping the future of cybersecurity. First, Sonya Wickel shares her 24-year career journey from IT generalist to CISO & CIO, offering insights on fourth-party risk, the value of empathy in leadership, and the importance of staying sharp in both IT and cybersecurity. Then, Eric Bowerman takes us inside the complex task of securing Dallas Fort Worth International Airport — from operational technology and stakeholder management to implementing passwordless authentication and preparing for global events like FIFA. Finally, Tera Davis explains how CyberOne has built a true community partnership with CISO XC, scaling professional services, preparing organizations for AI adoption, and fostering the next generation of security talent.SponsorsValence Security (www.valencesecurity.com)CISO XC (www.cisoxc.com) Key Topics Covered:CISO/CIO dual-role challenges & strategiesThird & fourth-party risk management best practicesCritical infrastructure & OT security challengesBuilding trust and stakeholder alignment in high-impact environmentsPasswordless authentication for operational teamsAuthentic sponsor–community relationshipsScaling professional services & AI readinessLinks & Resources:🌐 Website: www.thpc.co📺 Watch More Episodes: http://www.youtube.com/@TheProfessionalCISO🎧 Listen on Spotify: Open on Spotify🍏 Listen on Apple Podcasts: Open on Apple Podcasts💼 LinkedIn: Follow on LinkedInHashtags:#CyberSecurity #CISO #TheProfessionalCISO #CISOXC #CyberLeadership #RiskManagement #OTSecurity #ThirdPartyRisk #AirportSecurity #Passwordless #CyberCommunity #CyberOne #ValenceSecurity
SponsorsAIM Security (www.aim.security)Guidepoint Security (www.guidepointsecurity.com) Kristi Cook, Head of Cybersecurity at Peabody Energy, joins David Malicoat live from GPSEC St. Louis — with AIM Security as our midday sponsor — to discuss how she’s leading her team through AI adoption, data governance, and talent development.From leveraging conferences as both morale boosters and strategic accelerators, to building a sustainable talent pipeline through the CyberUp apprenticeship program, Kristi offers actionable insights for CISOs facing rapid technological change. We also dive into the unique trust and collaboration in the St. Louis cybersecurity community, and why AI may finally give security leaders the leverage to fix long-standing data governance challenges. Key Topics Covered:Leadership panel insights: AI, SaaS security, hiring, and retentionUsing conferences for team building and strategy alignmentJustifying training investments to executive leadershipFoundations for AI security: IAM and data protectionSolving the talent gap with apprenticeship programsWhy local community trust matters in cybersecurityPreparing for the next wave of rapid tech change Resources & Links:AIM Security: www.aimsecurity.aiCyberUp Apprenticeship Program: wecyberup.orgThe Professional CISO Show Website: www.thpc.coWatch on YouTube: @TheProfessionalCISOListen on Spotify: Click HereListen on Apple Podcasts: Click HereConnect on LinkedIn: The Professional CISO Show #️⃣ Hashtags#Cybersecurity #CISO #TheProfessionalCISOShow #DataGovernance #AIsecurity #Leadership #TeamBuilding #CyberTalent #IdentityAccessManagement #StLouisCybersecurity #GPSEC #PeabodyEnergy #CyberUp
Sponsored by HivePro (www.hivepro.com) and CISO XC (www.cisoxc.com).EP80 – CISO XC DFW | Hive Pro Special: AI, Identity & The Future of Cyber Roles Live from CISO XC DFW, The Professional CISO Show dives into the intersection of innovation, leadership, and cyber resilience. Host David Malicoat sits down with:Ted Sanders, BISO and cybersecurity educator, to discuss embedding cyber strategy at scale and why the BISO role is the next great proving ground for future CISOs.Jon Brickey, SVP & Cybersecurity Evangelist at Mastercard, as he unpacks his unique career journey from NSA to Mastercard and explains how cyber innovation, threatcasting, and AI will reshape the landscape.Travis Farral, CISO at RK Energy, who shares actionable insights on session token hijacking, third-party risks, and his strategic push for FIDO2 adoption in a hybrid environment.Sponsored by Hive Pro, a leader in Continuous Threat Exposure Management. Learn more at https://hivepro.com Key Takeaways:The BISO role as a critical extension of CISO leadershipWhy threat translation is a core skill for cyber leadersHow AI will augment, not replace, cybersecurity rolesJon Brickey’s “Forrest Gump” career across the evolution of cyber defenseIdentity strategy as a cornerstone of modern resilience🎯 Perfect for: CISOs, aspiring cyber leaders, SOC managers, and innovators thinking about the future of security and strategy.🔗 Links & CTAs🌐 Website: www.thpc.co📺 Watch More Episodes: YouTube🎧 Listen on Spotify | Apple Podcasts🔗 Follow us on LinkedIn👤 Guest InfoTed Sanders – BISO in financial services, Cybersecurity Instructor at Collin CollegeJon Brickey – SVP & Cybersecurity Evangelist, MastercardTravis Farral – CISO, RK Energy📌 Related EpisodesEP79: Rob T. Lee on Cybersecurity Training FuturesEP77: The AI Opportunity for CISOs🔖 Hashtags#Cybersecurity #CISO #BISO #AIinSecurity #CyberInnovation #MastercardSecurity #FIDO2 #ThreatExposure #HivePro #TheProfessionalCISO #CISOStrategy #CyberEvangelism #CyberLeadership #CyberPodcast
In this special RSA Conference edition of The Professional CISO Show, host David Malicoat sits down with Rob T. Lee—Chief of Research at SANS Institute and a foundational figure in cybersecurity. With nearly three decades of experience spanning the Air Force, Mandiant, and SANS, Rob shares his insights on the evolving challenges of the CISO role, the toxicity of today’s security environments, and the urgent need for AI literacy across the industry.Rob dives deep into the accelerating threat landscape, the need for cyber safe harbors, and why he believes we’re on the verge of normalizing breaches as the cost of doing business. He also makes the case for rewarding defenders and rethinking how we define cybersecurity success.Key Highlights:Why most CISOs say “never again”—and what needs to changeWhy Rob coined DFIR and CTI (and the story behind it)The CISO “zero-sum game” and how toxic cultures persistRob’s 4-part personal health mantra: Sleep, Diet, Exercise… and AIA call to “Learn AI daily”—for security pros and business leaders alikeWhat boards should be doing—and why every board needs a cyber voiceRob’s RSA keynote preview: cyber safe harbors and AI velocity imbalanceGuest:👤 Rob T. Lee – Chief of Research, SANS Institute🔗 https://www.sans.org/profiles/rob-t-lee/Host:🎙️ David Malicoat, The Professional CISO Show🌐 www.thpc.coListen & Subscribe:🔊 Spotify: The Professional CISO Show on Spotify🍎 Apple Podcasts: The Professional CISO Show on Apple📣 Hashtags: #Cybersecurity #TheProfessionalCISO #RSA2025 #RobTLee #SANS #DFIR #AIinSecurity #CyberRisk #CISOLeadership #CTI #CyberSafeHarbor #LearnAIDaily #IncidentResponse #AIThreats #CyberCulture
Sponsors:Rubrik (www.rubrik.com)Guidepoint Security (www.guidepointsecurity.com)In this episode of The Professional CISO Show, David Malicoat hosts a special two-part discussion live from GPSEC STL in St. Louis. First up is Marc Ashworth, CISO of First Bank and host of The Cyber Executive Podcast, who discusses leadership development, AI, mentorship, and why he started podcasting as a CISO. Then, Michael Evans, Head of Information Security at Energizer, shares his grounded take on data governance, foundational AI readiness, and why security conversations at live events are vital for industry growth.Key Highlights:Marc Ashworth on AI maturity, team building, and starting a CISO podcastMichael Evans on AI implementation and why data governance must come firstLive insights on talent retention, vendor risk, and security leadershipA look ahead: quantum-safe encryption and what CISOs should watch nextCall to Action:Subscribe to The Professional CISO Show for unfiltered conversations with the leaders shaping cybersecurity.🎧 Listen on Spotify: The Professional CISO Show📱 Listen on Apple Podcasts: The Professional CISO Show🌐 More Episodes + Info: www.thpc.co🔗 Follow us on LinkedIn: The Professional CISO ShowHashtags:#CyberSecurity #CISO #AI #DataGovernance #Leadership #TheProfessionalCISO #CyberPodcast #GPSEC #CyberTalent #QuantumSecurity #MarcAshworth #MichaelEvans
🔹 Live from CISO XC DFW (www.cisoxc.com) | Sponsored by Valence Security (www.valencesecurity.com)In this field-recorded episode of The Professional CISO Show, host David Malicoat returns to CISO XC DFW for another round of dynamic, on-the-ground conversations with three influential cybersecurity leaders — each offering a unique and grounded perspective on today’s real-world risks and tomorrow’s security frontiers.Cyber attorney and governance thought leader Shawn Tuma returns to discuss the resurgence of business email compromise (BEC), the importance of humility in cyber defense, and why AI governance is rapidly becoming a core CISO responsibility. Maritime security executive Glen Vickers walks us through the harsh realities of securing satellite-connected vessels, dealing with Starlink, and the challenges of maritime connectivity. Then, longtime friend of the show and security visionary Chris Cochran reveals his newest venture: Commandant, an AI-powered incident response co-pilot designed to fundamentally change how organizations respond to crisis events — complete with its own assistant, Lucy.Throughout the episode, we also explore the challenges of securing SaaS ecosystems, managing identity at scale, and the rising importance of proactive vendor evaluation and tabletop readiness.Whether you’re a field-hardened CISO or just starting your executive security journey, this episode brings you into the heart of cybersecurity’s most pressing conversations — unfiltered, insightful, and straight from the source.🔑 What You’ll Learn in This EpisodeThe dangerous re-emergence of BEC as a top threat vector — and why AI may be amplifying the riskWhy CISOs must lead the charge on AI governance and strategy — or risk being sidelinedHow FIDO and identity modernization can reduce exposure to targeted fraudInsights on satellite cybersecurity, Starlink limitations, and maritime network vulnerabilitiesA behind-the-scenes preview of “Commandant,” an AI co-pilot for incident response — designed to help IR teams with note-taking, SLA tracking, notification workflows, and continuous tabletop exercisesHow vendor selection, tabletop simulations, and small supplier coordination can make or break your organization during a crisisWhy humility, not hubris, is the most underrated leadership trait in cybersecurity💬 Notable Quotes“Just because you can’t think of how the attacker got in doesn’t mean they didn’t. That’s why we need more humility in this industry.” —Shawn Tuma“AI isn’t just a buzzword. It’s a once-in-a-generation shift — and CISOs have a chance to shape it from the start.” —David Malicoat“Lucy is designed to help you during your worst day — capturing context, notes, contracts, timelines, and guiding you through the fog of war.” —Chris Cochran“We’re securing vessels in the middle of the ocean using tech that was old when we got it — Starlink’s changed the game, but it’s brought new challenges too.” —Glen Vickers“A $5M cyber insurance policy might only cover $250K of social engineering fraud. The rest is on you.” —Shawn Tuma🎧 Listen & Subscribe📍 Available now on all major platforms:🔗 Spotify🔗 Apple Podcasts🌐 Full episodes and show resources at www.thpc.co📣 Stay Connected with The Professional CISO Show📺 Watch on YouTube💼 Follow on LinkedIn🧠 Guest InfoShawn Tuma – Partner at Spencer Fane, co-author of GC + CISO ConnectionGlen Vickers – CISO at ABS WavesightChris Cochran – Co-founder, Commandant AI | Formerly of Netflix, NSA, Mandiant📚 Related EpisodesEP 71 – CISO Culture & AI StrategyEP 63 – AI Governance and the Role of the CISOEP 45 – Shawn Tuma on Legal Risk, AI, and Cyber Insurance🔖 Hashtags#CISO #CyberSecurity #TheProfessionalCISOShow #BusinessEmailCompromise #AIinSecurity #IncidentResponse #MaritimeCyber #StarlinkSecurity #ValenceSecurity #CommandantAI #LeadershipInCyber #FIDO #SupplyChainRisk #CyberInsurance #SaaSVisibility #RealWorldSecurity
Sponsors:ObservoAI (www.observo.ai)Guidepoint Security (www.guidepointsecurity.com)In this episode of The Professional CISO Show, recorded live at GuidePoint Security’s GPSEC STL event, host David Malicoat sits down with David Young, Chief Revenue Officer at ObservoAI. Together, they unpack the explosive growth of security data, the hidden costs of legacy pipelines, and why modern SOCs are hitting a breaking point. David shares Observo AI’s origin story from within Rubrik, and how their AI-native platform helps security teams stop drowning in data, reduce costs, and uncover real threats faster. It’s a must-listen for CISOs, SOC leaders, and anyone dealing with the complexity of modern security data environments.What You’ll Learn:Why traditional SIM and log management approaches are failingThe origin of ObservoAI inside Rubrik’s massive 20PB security lakeHow AI and open-box ML models are transforming SOC operationsReal-world cost reductions and productivity gains from major enterprisesWhere the future of data pipelines, SOAR, and AI in security is headedGuest:🎙 David Young, CRO at Observo AI🔗 Connect: https://www.linkedin.com/in/davidmyoung/Host:🎤 David Malicoat, Host of The Professional CISO Show🌐 www.thpc.co | LinkedInListen + Subscribe:🟢 Spotify🍎 Apple PodcastsHashtags:#Cybersecurity #CISO #SecurityData #AIinSecurity #SOAR #SecurityOps #ObservoAI #Rubrik #TheProfessionalCISOShow
Sponsors:AIM Security (www.aim.security)Guidepoint Security (www.guidepointsecurity.com)In this special on-location episode, David Malicoat returns to The Professional CISO Show from the heart of the St. Louis cybersecurity scene—GPSEC STL—presented by GuidePoint Security and AIM Security.He’s joined by two standout guests:🔹 Andrew Wilder, CISO at VetCor and unofficial “cruise director” of the vibrant St. Louis CISO community🔹 Carole Sharp, Lead Security Governance Analyst at Centene and a seasoned expert in GRC and risk quantificationFrom grassroots cybersecurity culture to the future of AI and post-quantum threats, this episode is a powerful snapshot of where security leadership is going—and who’s leading the charge.🧠 Topics CoveredThe legendary St. Louis CISO community (“don’t mess with the family”)AI + DSPM in the real world: what’s workingAgentic AI and the evolution of SOC workRisk quantification, FAIR, and practical GRC strategyThe future of cybersecurity beyond AI: quantum readinessSt. Louis as a cybersecurity hub with soul🛠 Sponsored by AIM SecurityAIM Security helps CISOs safely adopt AI across the enterprise—govern shadow AI, secure LLMs, and stop adversarial threats before they happen. Learn more at aimsecurity.ai🔗 Subscribe & Follow the Show:www.thpc.coLinkedInSpotifyApple Podcasts#cybersecurity #CISO #AIsecurity #GPSEC #quantumcomputing #GRC #DSPM #TheProfessionalCISO #riskmanagement #infosec
Sponsors:Rubrik (www.rubrik.com)Guidepoint Security (www.guidepointsecurity.com)In this live GPSEC St. Louis episode of The Professional CISO Show, host David Malicoat dives deep into cybersecurity leadership with two powerhouse guests: Victor Wieczorek, SVP of Offensive Security at GuidePoint Security, and Wayne Fajerski, Deputy CISO of Edward Jones.Victor shares real-world offensive security insights, including a jaw-dropping AI chatbot exploitation story from a red team engagement. He also unpacks how GuidePoint balances professional services and tech enablement while navigating the AI transformation in ethical, human-centered ways.Wayne, fresh off a panel, breaks down key takeaways around CISO leadership, AI maturity, and how Edward Jones has successfully developed internal cyber talent over his 25-year career. The two guests reflect on AI as a mirror to organizational gaps and explore how GPSEC events bring practitioners and communities closer together through real conversations—not ivory-tower thought leadership.Key Topics:Offensive security trends and AI augmentationReal-world exploitation of insecure chatbotsGPSEC’s role in localized cyber collaborationBuilding and retaining cybersecurity talentAI’s exposure of poor data governanceCultivating next-gen CISOs from within
Sponsors:HivePro (www.hivepro.com)CISO XC: (www.cisoxc.com)In this on-site episode from CISO XC DFW, David Malicoat sits down with Matt Walker (Goosehead Insurance) and Allen Rountree (IBM Public Cloud) for candid conversations on today’s biggest challenges and opportunities in cybersecurity leadership.💡 Topics CoveredApplying Zero Trust principles to AI use casesSaaS data leakage and the evolving DLP strategyContinuous Threat Exposure Management (CTEM) and Hive Pro’s roleSelling security risk to the board and executive teamEnabling business value through classification and risk reductionThe evolving edge and why exposure is the new perimeterWhat it means to “take off the badge” as a CISOHolistic data protection in fragmented environments💬 “Don’t just be the department of no. Enable the business with intelligence and insight.”
Sponsors:ObservoAI (www.observo.ai)Guidepoint Security (www.guidepointsecurity.com)Episode Summary:Live from GPSEC St. Louis, David Malicoat sits down with Gary Brickhouse, CISO of GuidePoint Security, for a wide-ranging discussion on company culture, cybersecurity leadership, and AI governance. Gary shares how GuidePoint scaled its “no jerks” value from 50 to 1,200 employees, how he’s navigating generative AI internally and externally, and why peer-to-peer conversations are the secret sauce behind GuidePoint’s events.Key Highlights:– Why the “no jerks” rule is more than just a slogan– How GuidePoint’s decentralized regional model preserves culture at scale– How they’re approaching AI enablement without blocking innovation– The structure and purpose behind GuidePoint’s AI governance committee– Why cross-functional leadership—not just InfoSec—is key to making AI safe and valuable– Tips for other CISOs thinking about AI policy and enablementGuest:👤 Gary Brickhouse, CISO at GuidePoint Security🔗 GuidePointSecurity.com🎧 Listen now on:Spotify → https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673Apple → https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021🌐 More at: www.thpc.co📱 Follow on LinkedIn: The Professional CISO Show
Sponsors:AIM Security (www.aim.security)Guidepoint Security (www.guidepointsecurity.com)What does it take to secure AI in the enterprise—when the threat landscape, technology stack, and business expectations are all evolving in real time?At GPSEC St. Louis, David Malicoat sits down with Dan Anderson, Field CTO of the Americas at AIM Security, to talk about securing the full lifecycle of AI usage across the enterprise. From browser plugins and AI firewalls to shadow AI discovery and agentic AI governance, this candid conversation dives deep into where the risks really lie and what security leaders need to be doing now.You’ll walk away with a grounded view of the AI adoption journey—and why most organizations are already neck-deep in it, whether they know it or not.🔑 Episode HighlightsWhy “saying no” to AI use is no longer an option—and what happens when you tryDefining the real problem space of AI security: shadow usage, data leakage, adversarial LLMsAIM’s product strategy: covering the full lifecycle from browser to firewall to analyticsWhat agentic AI means—and why it’s the next frontierBuilding an AI security program around people, process, and partnershipThe future of AI governance and how AIM is shaping it through real-world customer feedbackWhy there’s no such thing as a fully baked AI security product in 2025🎧 Listen NowSpotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021YouTube: http://www.youtube.com/@TheProfessionalCISO🌐 Connect with The Professional CISO ShowWebsite: www.thpc.coLinkedIn: The Professional CISO Show📢 About AIM SecurityAIM Security helps security leaders enable safe, governed, and productive AI adoption. From LLM usage monitoring to AI firewalls, AIM empowers enterprises to protect their data, enforce compliance, and stay ahead of the AI attack surface. Learn more and book a demo at www.aim.security
Sponsors:Rubrik (www.rubrik.com)Guidepoint Security (www.guidepointsecurity.com)Episode Summary:In this episode, David Malicoat sits down with Drew Russell, leader of Rubrik’s elite “Night Stalkers” team, for a high-speed, no-fluff conversation recorded live at GPSEC STL. Drew unpacks Rubrik’s evolution from a backup company to a full-spectrum data security and identity resilience platform, clarifies the real problem space for modern CISOs, and explains why identity is the next frontier of cyber resilience. They also dig into Rubrik’s deployment models, modular architecture, and how AI is being operationalized to secure enterprise data. This is one of the clearest explanations yet of how Rubrik is reshaping the security conversation—and why CISOs need to pay attention.Key Highlights:How Rubrik evolved beyond “just backup”The Night Stalkers: Inside Rubrik’s special forces-style innovation teamWhy recovery at speed is now a business imperativeWhat CISOs miss about identity resilience and DSPMRubrik’s modular deployment strategy—and why it mattersHow Rubrik is preparing for AI-integrated enterprise environmentsDrew’s leadership style and how it drives innovationSubscribe and listen now on:SpotifyApple Podcasts