In this episode of The Professional CISO Show, David Malicoat is joined by Lenny Krol, Head of Services Sales at Check Point Software, recorded live at GPSEC DFW. Lenny breaks down how Check Point’s services organization supports customers across both Check Point and third-party technologies, why an open ecosystem matters, and how CISOs can realistically scale security operations amid a global talent shortage. From fractional SOC coverage to process maturity and real-world engagement models, this conversation delivers practical insight for security leaders at every stage of their journey. Sponsors:Check Point Software (Premier Sponsor) (www.checkpoint.com)Guidepoint Security (Associate Sponsor) (www.guidepointsecurity.com) 🎙️ Listen on Spotify and Apple Podcasts🌐 Learn more at www.thpc.co
Episode 93: Practical Zero Trust, Apprenticeships, and Learning to Learn in the Age of AI Guest: Larry Woods Every breach has a story. Every leader has a strategy. In this episode of The Professional CISO Show, host David Malicoat sits down with Larry Woods, a seasoned cybersecurity executive, during the St. Louis stop of the U.S. Tour for a wide-ranging and deeply practical conversation about what it really takes to lead cybersecurity at scale. This is not a theoretical discussion. It’s a grounded, experience-driven dialogue focused on execution, leadership maturity, and the realities CISOs face every day. Larry shares his personal journey from early technology exposure through infrastructure leadership and into the CISO role, highlighting how security has quietly become embedded in nearly every aspect of modern IT. From there, the conversation expands into three critical areas shaping the future of the profession. 🔐 Practical Zero Trust — Not the Buzzword VersionZero Trust is often dismissed as unattainable or overly complex. Larry challenges that narrative by reframing Zero Trust as a series of pragmatic, achievable decisions rather than a perfect end state. He explains how removing users and devices from the traditional network, leveraging secure access paths, and embracing cloud-first and SaaS-first strategies can dramatically reduce breach impact. Rather than chasing perfection, the focus is on measurable risk reduction and resilience — a perspective every modern CISO needs. 👩💻 Building Cyber Talent Through ApprenticeshipsLarry also dives into one of the most actionable talent strategies discussed on the show: cybersecurity apprenticeships. Instead of short-term internships that rarely deliver meaningful impact, Larry outlines how long-term, part-time apprenticeships allow organizations to develop junior talent over multiple years. The result is stronger technical capability, deeper cultural alignment, and a pipeline of professionals who truly understand the business — not just the tools. For CISOs struggling with hiring, retention, and entry-level readiness, this segment alone is worth the listen. 🧠 Learning to Learn in the Age of AIOne of the most thought-provoking segments of the episode centers on a question few leaders are asking out loud:What happens to critical thinking when AI always has the answer? Larry and David explore the difference between using AI as a shortcut versus using it as an accelerator for learning. As AI reshapes how work gets done, the ability to learn how to learn becomes a defining leadership skill — especially in cybersecurity, where context, judgment, and reasoning still matter. This conversation connects AI, education, leadership development, and the future CISO skill set in a way that is both reflective and practical. 🏛️ From Technologist to Executive LeaderLarry also shares candid insights on:The moment a CISO truly becomes an executive: the first board presentationWhy leadership teams matter more than company brandsLeading through influence in decentralized organizationsThe value of business education for cybersecurity leadersWhy today’s CISO must be fluent in risk, communication, marketing, legal concepts, and board dynamicsThe episode closes with a personal and revealing “10 Questions” segment that offers a glimpse into Larry’s mindset beyond the title. 🎧 Why You Should ListenIf you are:A CISO navigating Zero Trust, cloud, and board expectationsA security leader building teams and future talentAn aspiring CISO trying to understand what the role really demandsA cybersecurity professional thinking about AI’s long-term impactThis episode will resonate. 🔗 Listen, Watch, and Connect🎥 Watch the episode: http://www.youtube.com/@TheProfessionalCISO🎧 Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673🍎 Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021🌐 Website: https://www.thpc.co🔗 LinkedIn: https://www.linkedin.com/company/the-professional-ciso-show📣 Call to ActionFollow The Professional CISO Show on Spotify and Apple Podcasts, subscribe on YouTube, and share this episode with a peer who’s serious about professionalizing the role of the CISO.🏷️ Hashtags#TheProfessionalCISO #CISOLeadership #ZeroTrust #CybersecurityLeadership #AIandSecurity #CISOJourney #CyberTalent #LearningToLearn #BoardroomSecurity #CyberStrategy
🔥 Episode SummaryGuests: Steve Lupo (Chevron, Retired FBI) & Orlan Streams (RA Infrastructure)Sponsor: CyberOne Security (www.cyberonesecurity.com) Recorded live at HOU.SEC.CON, this episode brings together two unique perspectives shaping the cybersecurity landscape. First, David speaks with Steve Lupo, Event Security Advisor at Chevron and a retired FBI agent, about the deep and often overlooked connection between physical security and cyber operations. From the role of InfraGard to counterintelligence insights and the enduring human attack surface, Steve brings clarity on how CISOs must merge both worlds. Then, Orlan Streams, Cyber Threat Intelligence Analyst at RA Infrastructure, joins to explore the rapidly evolving space of threat intelligence, AI-driven analysis, OT security, mentorship, and communication at the board level. He also shares his own professional development journey—particularly his focus on improving writing and presentation skills to better influence executive decision-making. 🎧 Key HighlightsWhat InfraGard is and why CISOs should engageHow the FBI leverages private-sector intelligenceWhy physical and cyber security must be unifiedHuman risk: the universal vulnerabilityFuture of nation-state adversaries and cyber warfareThreat intelligence challenges in 2025The rise of AI + human judgment in intel analysisWhy OT security is now unavoidableProfessional development: writing, communication & influenceBuilding the next generation of cyber talent through mentorship🔗 Episode Sponsor: CyberOne SecurityCyberOne Security delivers custom cybersecurity solutions built around your business strategy using their Defendable Network Framework. Whether you’re designing resilient architecture or strengthening threat readiness, CyberOne drives measurable outcomes aligned to your environment. CyberOne Security — Strategic. Measurable. Built to Defend. 📲 Follow The Professional CISO ShowWebsite: www.thpc.coYouTube: http://www.youtube.com/@TheProfessionalCISOLinkedIn: https://www.linkedin.com/company/the-professional-ciso-showSpotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021
🔥 Episode SummaryIn this St. Louis tour-stop episode, David Malicoat sits down with cybersecurity leader Moses Bulus to explore what it truly means to evolve into a professional CISO. Moses shares his journey from early developer to building security programs from scratch, and ultimately into executive leadership — showing how business acumen, networking, and intentional mentorship shape the future of the CISO role. Together they dive deep into the accelerating impact of AI, the rising urgency of data security, the realities of hybrid cloud environments, and how CISOs can better prepare both themselves and the next generation for what’s coming. 🎙️ What You’ll LearnWhy CISOs must be intentional about developing the next generation of cybersecurity leadersHow AI is exposing long-standing data governance gaps inside every organizationThe importance of returning to “Security 101” with access management and visibilityWhy hybrid IT + multi-cloud have expanded the attack surface beyond traditional modelsHow to build influence, trust, and presence across the business — not just ITThe power of networking and why it’s not optional for early-career professionalsMoses’ doctoral research in phishing attacks targeting the manufacturing sectorThe limitations of traditional cybersecurity education and how leaders can fill the gap💡 Key Quotes from This Episode“It’s not about cybersecurity. It’s about the business.” — Moses Bulus“You cannot protect what you don’t know or what you don’t understand.” — Moses Bulus“CISOs must be intentional — not just about their own growth, but about developing the role itself.” — David Malicoat“Networking is your future. Think of it like calling your brother when you need help.” — Moses Bulus“AI has introduced new advantages, but it’s also exposed vulnerabilities we’ve ignored for years.” — Moses Bulus🧠 Episode HighlightsMoses’ origin story: developer → network engineer → first cybersecurity hireThe executive leap: presenting to leadership early and building business fluencyWhy business conferences can matter more than technical onesAI’s dual nature: opportunity + internal risk amplifierCloud governance challenges and API-driven riskWhy security leaders must be present, approachable, and embedded in the businessRethinking hiring: degrees are helpful, but curiosity and problem-solving matter moreMoses’ personal story of pursuing a doctorate for his mother — and how research changes thinking🤝 Episode SponsorsPremier Sponsor: Check Point (www.checkpoint.com)Associate Sponsors: Armis (www.armis.com), GuidePoint Security (www.guidepointsecurity.com) 📌 Call to ActionFollow the show, share this episode with a colleague, and join us as we continue the mission to professionalize the role of the CISO. 🔗 Links & ResourcesWebsite:https://www.thpc.coYouTube Channel:http://www.youtube.com/@TheProfessionalCISOLinkedIn Page:https://www.linkedin.com/company/the-professional-ciso-showSpotify:https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673Apple Podcasts:https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021 🏷️ KeywordsCISO, Cybersecurity Leadership, AI Security, Data Security, Cloud Security, Hybrid IT, Cyber Careers, Cyber Education, Moses Bulus, Professional CISO, Cyber Podcast, Cyber Risk Management, CISO Development
🎙️ Episode SummaryEpisode 90 of The Professional CISO Show kicks off the GPSEC DFW series, recorded live in Dallas. Host David Malicoat welcomes Andy Lux, Kendall Reese, and Patrick Gillespie for a dynamic discussion on risk leadership, AI governance, and OT security. Together, they explore how the role of the CISO is evolving — from managing control frameworks to enabling business outcomes through smarter, risk-informed strategies. 🔑 Key TakeawaysThe CISO’s role continues to mature toward enterprise risk and business alignmentAI adoption is accelerating, but governance and ROI remain top concernsFrameworks and cross-functional cooperation define future-ready security programsOT security is no longer separate — it’s central to national and business resilience 💬 Notable Quotes“You can’t be Fort Knox everywhere — we have to know our risk tolerance.” — Andy Lux“We’re shoulder to shoulder in governance; AI requires collaboration and control.” — Kendall Reese“If your IT and OT teams don’t know each other before an incident, it won’t go well.” — Patrick Gillespie🎧 Listener BenefitsBy listening to this episode, you’ll gain insight into:Modern CISO decision frameworksPractical AI integration strategiesGovernance approaches for emerging techThe human and operational side of cybersecurity 📣 Call to ActionSubscribe, share, and join the movement to professionalize the role of the CISO.Visit www.thpc.co for upcoming events, recordings, and sponsor opportunities. 🏆 SponsorsPremier Sponsor: Check Point (www.checkpoint.com)Associate Sponsor: GuidePoint Security (www.guidepointsecurity.com)
Brought to you by:Check Point (www.checkpoint.com)Armis (www.armis.com)Guidepoint Security (www.guidepointsecurity.com)🎙️ Episode SummaryDuring The Professional CISO Show – St. Louis Tour Stop, Zach Lewis joins host David Malicoat to discuss his path from IT support to the executive suite, his experience navigating a real ransomware incident, and his forthcoming book Locked Up (Wiley, 2026).Wiley Books: https://www.wiley.com/en-us/Locked+Up%3A+Cybersecurity+Threat+Mitigation+Lessons+from+A+Real-World+LockBit+Ransomware+Response-p-9781394357048 Zach also explores how wilderness survival parallels cybersecurity—teaching preparedness, adaptability, and mental endurance—and why CISOs must lead with transparency and authenticity. 🔑 Key TakeawaysCIO and CISO roles are converging faster than ever in modern enterprises.Sharing real breach stories removes stigma and helps the community grow.Wilderness survival mirrors the mindset needed for effective incident response.Writing a book can transform your professional credibility and brand.Visibility matters: every CISO should cultivate a public voice.💬 Notable Quotes“Being out in the woods is like one giant tabletop exercise.”“No one talks about ransomware because of the stigma—I wanted to change that.”“When you find that unique idea, run with it.”“Everything is bearable—until it’s not, and then you die.”“Build your personal brand so you never have to go job hunting again.”🎁 Listener BenefitsHear a first-hand ransomware leadership storyLearn how to balance dual CIO and CISO responsibilitiesGain inspiration to publish your own cybersecurity insightsDiscover the surprising connection between wilderness survival and cybersecurity strategy📣 Call to ActionFollow The Professional CISO Show on your favorite platform for conversations that move the cybersecurity profession forward. 🔗 Connect with Us🌐 www.thpc.co💼 The Professional CISO Show on LinkedIn🎥 Watch on YouTube🎧 Spotify🍏 Apple Podcasts
Episode SummaryRecorded live at HOU.SEC.CON, The Professional CISO Show welcomes Tommy Perniciaro, Director of Solutions Architecture at LayerX, to explore why the browser has become the least-instrumented layer in the modern security stack — and how CISOs can finally gain visibility and control over it. David and Tommy discuss everything from malicious browser extensions and OAuth-based phishing to AI prompt leakage and the emergence of “AI browsers.” Listeners will walk away with a new appreciation for the browser as the enforcement point of the future — and practical insights on deploying LayerX to close this growing gap. Key TakeawaysThe browser is now a primary attack surface for enterprise users.LayerX gives security teams visibility and control without replacing browsers.GenAI tools and prompts can leak sensitive data if not monitored at the DOM level.OAuth-based phishing is bypassing traditional email and network defenses.Secure enterprise browsers struggle with user adoption — LayerX works inside the browsers you already have.AI browsers are emerging as the next battleground for identity and data protection.Post-quantum cryptography will further challenge network-layer inspection.Notable Quotes“The browser is where all the work is happening — SaaS, AI, identity — but it’s the least instrumented control plane we have.” – Tommy Perniciaro “Without visibility at the DOM level, you’re flying blind to what extensions, prompts, and identities are doing inside your environment.” – David Malicoat “Phishing doesn’t need your password anymore. OAuth grants and browser-based attacks are where it’s moving.” – Tommy Perniciaro “LayerX turns the browsers your people already use into secure browsers — no new deployment, no friction.” – David Malicoat “Post-quantum encryption will change inspection forever. The browser may become the new enforcement point.” – Tommy Perniciaro Listener BenefitsUnderstand why browser visibility is critical in today’s SaaS-driven enterprise.Learn how to prepare your organization for the age of GenAI and AI browsers.Get practical deployment and change management insights for LayerX and similar solutions.Discover how browser-level inspection complements your EDR and network security stack. Call to ActionSubscribe to The Professional CISO Show on your favorite platform and join the movement to professionalize the CISO role.🎧 Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673🍎 Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021🌐 Website: www.thpc.co
Episode Summary In this episode, host David Malicoat sits down in St. Louis, Missouri with Gary Chan, Chief Information Security Officer at SSM Health — and a professional Security Mentalist. Gary blends his background in cybersecurity, engineering, and mentalism to bring a refreshingly human and creative approach to leadership, awareness, and influence in the world of cyber. From performing mind-reading demonstrations to explaining how storytelling drives executive buy-in, Gary shows us how creativity and communication can transform a CISO’s impact inside and outside the organization. They dive deep into how CISOs can become better leaders, storytellers, and advocates for security — and why selling the “why” is far more powerful than explaining the “how.” Key Takeaways🎩 Magic Meets Cybersecurity: How Gary uses mentalism and showmanship to make security awareness engaging and unforgettable.🧭 The Future of the CISO: Why tomorrow’s security leaders must master storytelling, influence, and emotional intelligence — not just technology.💼 Selling the Business Case: How to translate “reduce risk” into tangible stories that matter to the CFO, board, and business leaders.🧠 Leadership Lessons from the Stage: What performing magic taught Gary about persuasion, empathy, and audience connection.💡 From VAR to Healthcare CISO: Gary’s career journey through consulting, sales, and healthcare leadership — and the lessons he carried forward.Notable Quotes“When you’re a senior leader, it’s all about storytelling — people need to understand how security ties back to why the organization exists.”“Nobody cares about reducing risk. They care about the impact to them — their goals, their reputation, their mission.”“Magic and cybersecurity aren’t that different — both are about understanding people’s perceptions and guiding them toward the right conclusion.” Listener BenefitsLearn how to communicate cybersecurity’s value through stories, not statsDiscover practical ways to make security awareness fun and memorableGain insight into leadership and influence beyond the technical realmHear real-world lessons on career growth from consulting to the CISO seatCall to Action ✅ Follow The Professional CISO Show on LinkedIn🎧 Listen and Subscribe on Spotify or Apple Podcasts🌐 Visit THPC.co for show updates and events Guest InformationGary ChanChief Information Security Officer, SSM HealthSecurity Mentalist & Speaker🔗 Website: gschan2000.com🔗 Search “Gary Chan Security Mentalist” for more information SponsorsThis episode is made possible by:Check Point – 2025 Workspace Security Insights Roadshow (www.checkpoint.com)Armis – 2025 Cyber Warfare Report (www.armis.com)GuidePoint Security – Trusted cybersecurity expertise across Fortune 500 and government agencies (www.guidepointsecurity.com)Hashtags#TheProfessionalCISO #CybersecurityLeadership #CISO #GaryChan #SecurityAwareness #CyberCulture #SecurityMentalist #LeadershipDevelopment #StorytellingInSecurity #CISOShow #THPCShow
Episode SummaryIn this episode, David Malicoat sits down with Kate Goldman, founder and CEO of Cybermaniacs, to challenge one of cybersecurity’s oldest assumptions — that humans are the weakest link. Kate argues it’s time for CISOs to rethink human risk, culture, and resilience in the modern organization. Together, David and Kate explore the emerging field of Human Risk Management, the idea of the Human Operating System, and how leaders can leverage psychology, culture, and AI to build resilient teams that thrive in the age of digital transformation. Key TakeawaysWhy the phrase “humans are the weakest link” needs to be retired.The concept of the Human Operating System — and how to “patch” human vulnerabilities.How to evolve from compliance-based awareness to behavior-based resilience.Why culture, psychology, and norms are the real keys to cybersecurity success.The intersection of AI and human risk — and how workforce roles must evolve.Why the next wave of cyber resilience will require rethinking training, learning, and leadership. Notable Quotes“Humans aren’t the weakest link — they’re the core operating system of your business.” — Kate Goldman“You can’t compliance people into good behavior. You have to design the culture around it.” — Kate Goldman“We’ve thrown chaos into a system we barely understood — AI has made human risk even more concentrated.” — Kate Goldman“CISOs must learn to use culture and psychology as part of their playbook.” — David Malicoat“The next era of security isn’t just about tech resilience — it’s about human resilience.” — Kate Goldman Listener BenefitsBy listening, cybersecurity leaders will gain:A new framework for understanding and managing human risk.Insights into integrating behavioral science and culture into cybersecurity programs.Practical ideas for evolving awareness, resilience, and workforce readiness in the AI era.Call to ActionIf you believe it’s time to professionalize the role of the CISO, hit Follow on Spotify or Apple Podcasts, and visit us at www.thpc.co for upcoming episodes and tour dates. Connect with UsLinkedIn: https://www.linkedin.com/company/the-professional-ciso-showYouTube: http://www.youtube.com/@TheProfessionalCISOSpotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021Guest InfoKate GoldmanCEO & Founder, Cybermaniacswww.thecybermaniacs.comFollow on LinkedIn: Kate Goldman SponsorsThis episode is made possible by:MagicMirror Security — “The magic happens when security is invisible.” magicmirrorsecurity.com/thpc Related EpisodesEp. 80 – Stop Rolling Your Eyes: AI Is Your CISO Leadership OpportunityEp. 82 – Responsible AI in Cybersecurity with Alain EspinosaEp. 85 – LLMs vs SLMs: The Future of AI in Cybersecurity Hashtags#CyberSecurity #CISO #HumanRisk #CyberAwareness #AIinSecurity #CyberCulture #Leadership #CyberResilience #TheProfessionalCISOShow
Episode Summary:Joe Sullivan returns to The Professional CISO Show for a wide-ranging discussion with host David Malicoat. Together, they unpack the Salesforce hack, SaaS application blind spots, identity and access management, AI noise versus real use cases, and how security teams must evolve. Joe also shares candid lessons from crisis leadership, regulatory scrutiny, and the personal realities of being a CISO under fire. Key Takeaways:Why SaaS security is still a blind spot — and how attackers exploit itIdentity, cookies, and why current authentication standards fall shortThe fading CIO role and the rise of security leaders managing ITHow AI will reshape both security threats and team structuresAppSec’s critical role in the future of cybersecurityBuilding true organizational resilience in the age of ransomwareJoe’s personal reflections on accountability, recovery, and resilienceNotable Quotes:“We can’t buy our way to good identity security yet.” – Joe Sullivan“AI is just a hyper speed version of a human problem.” – Joe Sullivan“Sooner or later, every CISO faces crisis — and we must prepare like firefighters.” – Joe Sullivan“The CEO wants a digital risk leader, not just a security leader.” – Joe SullivanListener Benefits:Gain insight into current and emerging cybersecurity risksLearn practical approaches to SaaS and identity securityUnderstand how AI will transform both attacks and defensesHear candid reflections on resilience, leadership, and accountabilityCall to Action:🎧 Subscribe and listen:Spotify: The Professional CISO ShowApple Podcasts: The Professional CISO Show💼 Connect on LinkedIn: The Professional CISO Show🌐 Learn more: www.thpc.co
"I get it. I need to stop banging on the table. This will be fixed in future episodes. Sorry for the poor sound experience." - David Get your Responsible AI Vendor Due Diligence Checklist here: https://webforms.pipedrive.com/f/ccV6a7kFIWKZpodmLcDbBhKhYnVU5N81A2tM20DGC8gepc0UtzfcqYaHXfzBi8gzuz Episode Summary:In this episode of The Professional CISO Show, David Malicoat explores whether “Responsible AI” pledges from vendors are genuine safeguards or simply marketing buzz. Using Zscaler’s recent claims as a case study, David walks through vendor promises, compliance implications, audit gaps, and blind spots around explainability, bias, and portability. The episode introduces a practical CISO Vendor AI Evaluation Sheet across six domains — data handling, AI governance, auditability, liability, transparency, and exit strategy — to help CISOs push beyond assurances and demand evidence. Key Takeaways:Why “Responsible AI” is often indistinguishable from “Responsible Marketing”The compliance challenges with GDPR, HIPAA, CCPA, SR 11-7, and the EU AI ActHow metadata, audit evidence gaps, and third-party dependencies introduce hidden riskWhy boards must be educated on AI risk vs. AI marketing hypeWhy CISOs must own the Responsible AI conversation before regulators step inNotable Quotes:“Responsible AI should be more than a press release. It must be auditable, enforceable, and defensible in front of a regulator.”“When regulators knock, they won’t call the vendor first. They’ll call you.”“Don’t just take a vendor’s word for it — ask hard questions, demand evidence, and get it in writing.”Listener Benefits:By listening, you’ll gain a sharper lens for evaluating AI vendor claims, practical tools to strengthen your vendor management process, and strategies to get ahead of inevitable regulation. Call to Action:👉 Download the free CISO Vendor AI Evaluation Sheet from the show notes.👉 Share this episode with your peers and comment your perspective on LinkedIn.👉 Subscribe on Spotify, Apple Podcasts, and YouTube.🔖 Hashtags#ResponsibleAI #CISO #CybersecurityLeadership #TheProfessionalCISO #AICompliance #VendorRisk #AIGovernance
Sponsors:ObservoAI (www.observo.ai)Guidepoint Security (www.guidepointsecurity.com) Episode Summary:AI isn’t just hype anymore — it’s transforming the way enterprises operate. At GPSEC St. Louis, David Malicoat sits down with Felix Simmons, Principal Security Architect at GuidePoint Security, to cut through the noise around AI adoption, risk, and controls. Felix explains why AI is unlike past technology waves, how business demand is driving adoption faster than security teams can keep up, and what enterprises can do to prepare. From agentic AI and non-human identities to offline models and emerging security tooling, this conversation offers a practical guide for CISOs navigating AI in the enterprise. What You’ll Learn in This Episode:The real risks of AI adoption beyond the hypeHow business-driven demand changes the security equationWhy AI controls lag adoption — and what to do about itThe rise of agentic AI and new identity risksOffline models, adversarial risks, and scanning challengesWhat the future of AI-driven enterprise security may look likeGuest:Felix Simmons — Principal Security Architect, GuidePoint Security Links & Resources:🌐 Website: www.thpc.co📺 Watch More Episodes: http://www.youtube.com/@TheProfessionalCISO 🎧 Listen on https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673 🍏 Listen on https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021 💼 Connect on https://www.linkedin.com/company/the-professional-ciso-show Hashtags:#Cybersecurity #CISO #AI #EnterpriseSecurity #GPSEC #GuidePointSecurity #ObservoAI
Summary:Recorded live at CISO XC DFW, this episode of The Professional CISO Show features three powerful conversations from leaders shaping the future of cybersecurity. First, Sonya Wickel shares her 24-year career journey from IT generalist to CISO & CIO, offering insights on fourth-party risk, the value of empathy in leadership, and the importance of staying sharp in both IT and cybersecurity. Then, Eric Bowerman takes us inside the complex task of securing Dallas Fort Worth International Airport — from operational technology and stakeholder management to implementing passwordless authentication and preparing for global events like FIFA. Finally, Tera Davis explains how CyberOne has built a true community partnership with CISO XC, scaling professional services, preparing organizations for AI adoption, and fostering the next generation of security talent.SponsorsValence Security (www.valencesecurity.com)CISO XC (www.cisoxc.com) Key Topics Covered:CISO/CIO dual-role challenges & strategiesThird & fourth-party risk management best practicesCritical infrastructure & OT security challengesBuilding trust and stakeholder alignment in high-impact environmentsPasswordless authentication for operational teamsAuthentic sponsor–community relationshipsScaling professional services & AI readinessLinks & Resources:🌐 Website: www.thpc.co📺 Watch More Episodes: http://www.youtube.com/@TheProfessionalCISO🎧 Listen on Spotify: Open on Spotify🍏 Listen on Apple Podcasts: Open on Apple Podcasts💼 LinkedIn: Follow on LinkedInHashtags:#CyberSecurity #CISO #TheProfessionalCISO #CISOXC #CyberLeadership #RiskManagement #OTSecurity #ThirdPartyRisk #AirportSecurity #Passwordless #CyberCommunity #CyberOne #ValenceSecurity
SponsorsAIM Security (www.aim.security)Guidepoint Security (www.guidepointsecurity.com) Kristi Cook, Head of Cybersecurity at Peabody Energy, joins David Malicoat live from GPSEC St. Louis — with AIM Security as our midday sponsor — to discuss how she’s leading her team through AI adoption, data governance, and talent development.From leveraging conferences as both morale boosters and strategic accelerators, to building a sustainable talent pipeline through the CyberUp apprenticeship program, Kristi offers actionable insights for CISOs facing rapid technological change. We also dive into the unique trust and collaboration in the St. Louis cybersecurity community, and why AI may finally give security leaders the leverage to fix long-standing data governance challenges. Key Topics Covered:Leadership panel insights: AI, SaaS security, hiring, and retentionUsing conferences for team building and strategy alignmentJustifying training investments to executive leadershipFoundations for AI security: IAM and data protectionSolving the talent gap with apprenticeship programsWhy local community trust matters in cybersecurityPreparing for the next wave of rapid tech change Resources & Links:AIM Security: www.aimsecurity.aiCyberUp Apprenticeship Program: wecyberup.orgThe Professional CISO Show Website: www.thpc.coWatch on YouTube: @TheProfessionalCISOListen on Spotify: Click HereListen on Apple Podcasts: Click HereConnect on LinkedIn: The Professional CISO Show #️⃣ Hashtags#Cybersecurity #CISO #TheProfessionalCISOShow #DataGovernance #AIsecurity #Leadership #TeamBuilding #CyberTalent #IdentityAccessManagement #StLouisCybersecurity #GPSEC #PeabodyEnergy #CyberUp
Sponsored by HivePro (www.hivepro.com) and CISO XC (www.cisoxc.com).EP80 – CISO XC DFW | Hive Pro Special: AI, Identity & The Future of Cyber Roles Live from CISO XC DFW, The Professional CISO Show dives into the intersection of innovation, leadership, and cyber resilience. Host David Malicoat sits down with:Ted Sanders, BISO and cybersecurity educator, to discuss embedding cyber strategy at scale and why the BISO role is the next great proving ground for future CISOs.Jon Brickey, SVP & Cybersecurity Evangelist at Mastercard, as he unpacks his unique career journey from NSA to Mastercard and explains how cyber innovation, threatcasting, and AI will reshape the landscape.Travis Farral, CISO at RK Energy, who shares actionable insights on session token hijacking, third-party risks, and his strategic push for FIDO2 adoption in a hybrid environment.Sponsored by Hive Pro, a leader in Continuous Threat Exposure Management. Learn more at https://hivepro.com Key Takeaways:The BISO role as a critical extension of CISO leadershipWhy threat translation is a core skill for cyber leadersHow AI will augment, not replace, cybersecurity rolesJon Brickey’s “Forrest Gump” career across the evolution of cyber defenseIdentity strategy as a cornerstone of modern resilience🎯 Perfect for: CISOs, aspiring cyber leaders, SOC managers, and innovators thinking about the future of security and strategy.🔗 Links & CTAs🌐 Website: www.thpc.co📺 Watch More Episodes: YouTube🎧 Listen on Spotify | Apple Podcasts🔗 Follow us on LinkedIn👤 Guest InfoTed Sanders – BISO in financial services, Cybersecurity Instructor at Collin CollegeJon Brickey – SVP & Cybersecurity Evangelist, MastercardTravis Farral – CISO, RK Energy📌 Related EpisodesEP79: Rob T. Lee on Cybersecurity Training FuturesEP77: The AI Opportunity for CISOs🔖 Hashtags#Cybersecurity #CISO #BISO #AIinSecurity #CyberInnovation #MastercardSecurity #FIDO2 #ThreatExposure #HivePro #TheProfessionalCISO #CISOStrategy #CyberEvangelism #CyberLeadership #CyberPodcast
In this special RSA Conference edition of The Professional CISO Show, host David Malicoat sits down with Rob T. Lee—Chief of Research at SANS Institute and a foundational figure in cybersecurity. With nearly three decades of experience spanning the Air Force, Mandiant, and SANS, Rob shares his insights on the evolving challenges of the CISO role, the toxicity of today’s security environments, and the urgent need for AI literacy across the industry.Rob dives deep into the accelerating threat landscape, the need for cyber safe harbors, and why he believes we’re on the verge of normalizing breaches as the cost of doing business. He also makes the case for rewarding defenders and rethinking how we define cybersecurity success.Key Highlights:Why most CISOs say “never again”—and what needs to changeWhy Rob coined DFIR and CTI (and the story behind it)The CISO “zero-sum game” and how toxic cultures persistRob’s 4-part personal health mantra: Sleep, Diet, Exercise… and AIA call to “Learn AI daily”—for security pros and business leaders alikeWhat boards should be doing—and why every board needs a cyber voiceRob’s RSA keynote preview: cyber safe harbors and AI velocity imbalanceGuest:👤 Rob T. Lee – Chief of Research, SANS Institute🔗 https://www.sans.org/profiles/rob-t-lee/Host:🎙️ David Malicoat, The Professional CISO Show🌐 www.thpc.coListen & Subscribe:🔊 Spotify: The Professional CISO Show on Spotify🍎 Apple Podcasts: The Professional CISO Show on Apple📣 Hashtags: #Cybersecurity #TheProfessionalCISO #RSA2025 #RobTLee #SANS #DFIR #AIinSecurity #CyberRisk #CISOLeadership #CTI #CyberSafeHarbor #LearnAIDaily #IncidentResponse #AIThreats #CyberCulture
Sponsors:Rubrik (www.rubrik.com)Guidepoint Security (www.guidepointsecurity.com)In this episode of The Professional CISO Show, David Malicoat hosts a special two-part discussion live from GPSEC STL in St. Louis. First up is Marc Ashworth, CISO of First Bank and host of The Cyber Executive Podcast, who discusses leadership development, AI, mentorship, and why he started podcasting as a CISO. Then, Michael Evans, Head of Information Security at Energizer, shares his grounded take on data governance, foundational AI readiness, and why security conversations at live events are vital for industry growth.Key Highlights:Marc Ashworth on AI maturity, team building, and starting a CISO podcastMichael Evans on AI implementation and why data governance must come firstLive insights on talent retention, vendor risk, and security leadershipA look ahead: quantum-safe encryption and what CISOs should watch nextCall to Action:Subscribe to The Professional CISO Show for unfiltered conversations with the leaders shaping cybersecurity.🎧 Listen on Spotify: The Professional CISO Show📱 Listen on Apple Podcasts: The Professional CISO Show🌐 More Episodes + Info: www.thpc.co🔗 Follow us on LinkedIn: The Professional CISO ShowHashtags:#CyberSecurity #CISO #AI #DataGovernance #Leadership #TheProfessionalCISO #CyberPodcast #GPSEC #CyberTalent #QuantumSecurity #MarcAshworth #MichaelEvans
🔹 Live from CISO XC DFW (www.cisoxc.com) | Sponsored by Valence Security (www.valencesecurity.com)In this field-recorded episode of The Professional CISO Show, host David Malicoat returns to CISO XC DFW for another round of dynamic, on-the-ground conversations with three influential cybersecurity leaders — each offering a unique and grounded perspective on today’s real-world risks and tomorrow’s security frontiers.Cyber attorney and governance thought leader Shawn Tuma returns to discuss the resurgence of business email compromise (BEC), the importance of humility in cyber defense, and why AI governance is rapidly becoming a core CISO responsibility. Maritime security executive Glen Vickers walks us through the harsh realities of securing satellite-connected vessels, dealing with Starlink, and the challenges of maritime connectivity. Then, longtime friend of the show and security visionary Chris Cochran reveals his newest venture: Commandant, an AI-powered incident response co-pilot designed to fundamentally change how organizations respond to crisis events — complete with its own assistant, Lucy.Throughout the episode, we also explore the challenges of securing SaaS ecosystems, managing identity at scale, and the rising importance of proactive vendor evaluation and tabletop readiness.Whether you’re a field-hardened CISO or just starting your executive security journey, this episode brings you into the heart of cybersecurity’s most pressing conversations — unfiltered, insightful, and straight from the source.🔑 What You’ll Learn in This EpisodeThe dangerous re-emergence of BEC as a top threat vector — and why AI may be amplifying the riskWhy CISOs must lead the charge on AI governance and strategy — or risk being sidelinedHow FIDO and identity modernization can reduce exposure to targeted fraudInsights on satellite cybersecurity, Starlink limitations, and maritime network vulnerabilitiesA behind-the-scenes preview of “Commandant,” an AI co-pilot for incident response — designed to help IR teams with note-taking, SLA tracking, notification workflows, and continuous tabletop exercisesHow vendor selection, tabletop simulations, and small supplier coordination can make or break your organization during a crisisWhy humility, not hubris, is the most underrated leadership trait in cybersecurity💬 Notable Quotes“Just because you can’t think of how the attacker got in doesn’t mean they didn’t. That’s why we need more humility in this industry.” —Shawn Tuma“AI isn’t just a buzzword. It’s a once-in-a-generation shift — and CISOs have a chance to shape it from the start.” —David Malicoat“Lucy is designed to help you during your worst day — capturing context, notes, contracts, timelines, and guiding you through the fog of war.” —Chris Cochran“We’re securing vessels in the middle of the ocean using tech that was old when we got it — Starlink’s changed the game, but it’s brought new challenges too.” —Glen Vickers“A $5M cyber insurance policy might only cover $250K of social engineering fraud. The rest is on you.” —Shawn Tuma🎧 Listen & Subscribe📍 Available now on all major platforms:🔗 Spotify🔗 Apple Podcasts🌐 Full episodes and show resources at www.thpc.co📣 Stay Connected with The Professional CISO Show📺 Watch on YouTube💼 Follow on LinkedIn🧠 Guest InfoShawn Tuma – Partner at Spencer Fane, co-author of GC + CISO ConnectionGlen Vickers – CISO at ABS WavesightChris Cochran – Co-founder, Commandant AI | Formerly of Netflix, NSA, Mandiant📚 Related EpisodesEP 71 – CISO Culture & AI StrategyEP 63 – AI Governance and the Role of the CISOEP 45 – Shawn Tuma on Legal Risk, AI, and Cyber Insurance🔖 Hashtags#CISO #CyberSecurity #TheProfessionalCISOShow #BusinessEmailCompromise #AIinSecurity #IncidentResponse #MaritimeCyber #StarlinkSecurity #ValenceSecurity #CommandantAI #LeadershipInCyber #FIDO #SupplyChainRisk #CyberInsurance #SaaSVisibility #RealWorldSecurity
Sponsors:ObservoAI (www.observo.ai)Guidepoint Security (www.guidepointsecurity.com)In this episode of The Professional CISO Show, recorded live at GuidePoint Security’s GPSEC STL event, host David Malicoat sits down with David Young, Chief Revenue Officer at ObservoAI. Together, they unpack the explosive growth of security data, the hidden costs of legacy pipelines, and why modern SOCs are hitting a breaking point. David shares Observo AI’s origin story from within Rubrik, and how their AI-native platform helps security teams stop drowning in data, reduce costs, and uncover real threats faster. It’s a must-listen for CISOs, SOC leaders, and anyone dealing with the complexity of modern security data environments.What You’ll Learn:Why traditional SIM and log management approaches are failingThe origin of ObservoAI inside Rubrik’s massive 20PB security lakeHow AI and open-box ML models are transforming SOC operationsReal-world cost reductions and productivity gains from major enterprisesWhere the future of data pipelines, SOAR, and AI in security is headedGuest:🎙 David Young, CRO at Observo AI🔗 Connect: https://www.linkedin.com/in/davidmyoung/Host:🎤 David Malicoat, Host of The Professional CISO Show🌐 www.thpc.co | LinkedInListen + Subscribe:🟢 Spotify🍎 Apple PodcastsHashtags:#Cybersecurity #CISO #SecurityData #AIinSecurity #SOAR #SecurityOps #ObservoAI #Rubrik #TheProfessionalCISOShow
Sponsors:AIM Security (www.aim.security)Guidepoint Security (www.guidepointsecurity.com)In this special on-location episode, David Malicoat returns to The Professional CISO Show from the heart of the St. Louis cybersecurity scene—GPSEC STL—presented by GuidePoint Security and AIM Security.He’s joined by two standout guests:🔹 Andrew Wilder, CISO at VetCor and unofficial “cruise director” of the vibrant St. Louis CISO community🔹 Carole Sharp, Lead Security Governance Analyst at Centene and a seasoned expert in GRC and risk quantificationFrom grassroots cybersecurity culture to the future of AI and post-quantum threats, this episode is a powerful snapshot of where security leadership is going—and who’s leading the charge.🧠 Topics CoveredThe legendary St. Louis CISO community (“don’t mess with the family”)AI + DSPM in the real world: what’s workingAgentic AI and the evolution of SOC workRisk quantification, FAIR, and practical GRC strategyThe future of cybersecurity beyond AI: quantum readinessSt. Louis as a cybersecurity hub with soul🛠 Sponsored by AIM SecurityAIM Security helps CISOs safely adopt AI across the enterprise—govern shadow AI, secure LLMs, and stop adversarial threats before they happen. Learn more at aimsecurity.ai🔗 Subscribe & Follow the Show:www.thpc.coLinkedInSpotifyApple Podcasts#cybersecurity #CISO #AIsecurity #GPSEC #quantumcomputing #GRC #DSPM #TheProfessionalCISO #riskmanagement #infosec