The CISO Stories Podcast

In this episode, we sit down with author and AI expert Rock Lambros to explore the evolving landscape of AI governance. We discuss the risks of AI chatbots, comparing OpenAI and DeepSeek, and examine current and emerging governance frameworks. As AI adoption accelerates, organizations must determine the right guardrails and critical questions to ask. This conversation provides insights into how companies are shaping their AI strategies for a more secure and responsible future.

Segment Resources: https://www.youtube.com/@RockOnCyber https://genai.owasp.org https://owaspai.org

Visit https://cisostoriespodcast.com for all the latest episodes!

In this episode, we sit down with experienced CISO Gavin Reid to explore the escalating online threats to privacy, focusing on adversaries and companies illicitly scraping website data for profit. We dive into the implications of such unauthorized data collection and its impact on individual and organizational privacy. Reid also shares insights from his team’s involvement in dismantling BadBox, a coordinated global attack exploiting connected TV (CTV) devices, highlighting the intersection of cybersecurity and privacy concerns.

HUMAN's Satori threat intelligence team has published the following resources on BadBox: https://www.humansecurity.com/company/satori-threat-intelligence/badbox https://www.humansecurity.com/learn/blog/badbox-peachpit-and-the-fraudulent-device-in-your-delivery-box https://www.humansecurity.com/newsroom/human-disrupts-digital-supply-chain-threat-actor-scheme-originating-from-china

Visit https://cisostoriespodcast.com for all the latest episodes!

In this episode of CISO Stories, Jess Hoffman and Sheena Thomas explore the challenges of cloud security in higher education. They discuss trust issues with cloud providers, the importance of understanding data sensitivity, and navigating regulatory compliance. Sheena highlights the vulnerabilities educational institutions face, the value of incident response playbooks, and the balance between trust and risk in cloud services. The conversation underscores the need for due diligence, awareness, and collaboration to secure higher education in the cloud era.

This segment is sponsored by Fortinet Cloud Security. Visit https://cisostoriespodcast.com/fortinet to learn more about them!

Visit https://cisostoriespodcast.com for all the latest episodes!

Jessica Hoffman and Melina Scotto discuss the evolution of cybersecurity, focusing on cloud security, business responsibilities, and the importance of basic cyber hygiene. They highlight the role of communication, consulting, and integrating security into business operations, concluding with advice for future cybersecurity professionals.

This segment is sponsored by Fortinet Cloud Security. Visit https://cisostoriespodcast.com/fortinet to learn more about them!

Visit https://cisostoriespodcast.com for all the latest episodes!

Jess and Adam discuss cloud security challenges for SMBs, emphasizing strategic planning, compliance with regulations like CMMC, and vendor due diligence. They highlight common pitfalls like the illusion of security and inadequate staffing while offering cost-effective solutions like virtual CISOs. Practical tips help SMBs secure their data, navigate legal concerns, and maximize available resources.

This segment is sponsored by Fortinet Cloud Security. Visit https://cisostoriespodcast.com/fortinet to learn more about them!

Visit https://cisostoriespodcast.com for all the latest episodes!

In this episode, we dive into the critical role of proper configurations in cloud environments and why misconfigurations remain the leading cause of security breaches. From overly permissive access controls to unencrypted data stores and default credentials left unchanged, we explore real-world examples that adversaries exploit. Learn how organizations can mitigate these risks through proactive monitoring, automated tools, and a culture of security-first thinking. Tune in to uncover actionable insights to keep your cloud infrastructure secure.

This segment is sponsored by Fortinet Cloud Security. Visit https://cisostoriespodcast.com/fortinet to learn more about them!

Segment Resources: CoGuard CLI (Select cloud resources can be scanned with a free account): https://portal.coguard.io/auth/realms/coguard/protocol/openid-connect/auth?clientid=client-react-frontend&redirecturi=https%3A%2F%2Fportal.coguard.io%2F&state=7cd7e2ac-aa64-497d-8957-f0b8be3e2f8d&responsemode=fragment&responsetype=code&scope=openid&nonce=86649c48-03f3-44c1-9612-560d42e049d9

More info on the CoGuard CLI on Github: https://github.com/coguardio/

Open AI grant: https://openai.com/index/empowering-defenders-through-our-cybersecurity-grant-program/

Open AI research results on Github: https://github.com/coguardio/coguardopenairuleautogeneration_research

Securing Multi Cloud Environments - Tips from Nadia's co-founder/CTO - blog: https://www.coguard.io/post/securing-multi-cloud-environments

Visit https://cisostoriespodcast.com for all the latest episodes!

Bertrum Carroll dives into the evolution of cloud service adoption, comparing early concerns—like data storage, access, and usage—to current apprehensions about AI. We explore how leadership can empower teams with the right training to harness technology effectively. Learn why understanding the shared responsibilities between providers and customers is critical for cloud security success.

This segment is sponsored by Fortinet Cloud Security. Visit https://cisostoriespodcast.com/fortinet to learn more about them!

Visit https://cisostoriespodcast.com for all the latest episodes!

In this episode, we’re joined by Tammy Klotz, a 3x CISO in the manufacturing industry, to explore identity security challenges in manufacturing environments. Tammy discusses the differences in access management for frontline workers versus knowledge workers, touching on the unique devices and role-based training requirements. Tune in to learn how tailored security solutions are key to managing access across diverse user groups in industrial settings.

This segment is sponsored by CyberArk. Visit https://cisostoriespodcast.com/cyberark to learn more about them!

This segment is sponsored by Saviynt. Please visit https://cisostoriespodcast.com/saviynt to learn more and get a free demo!

This segment is sponsored by Liminal. Visit https://cisostoriespodcast.com/liminal to learn more about them!

Visit https://cisostoriespodcast.com for all the latest episodes!

In this episode of CSP, we sit down with Dr. Sean Murphy, the CISO of BECU, one of Seattle’s largest credit unions, to discuss the shifts in identity security brought on by the COVID-19 pandemic. Dr. Murphy highlights how Zero Trust architecture became crucial for verifying internal users, especially as remote work became the norm. He shares insights on the unique challenges of securing a remote workforce in the banking sector and underscores the importance of a robust identity security framework in protecting both members and employees in today’s evolving threat landscape. This segment is sponsored by CyberArk. Visit https://cisostoriespodcast.com/cyberark to learn more about them!

This segment is sponsored by Saviynt. Please visit https://cisostoriespodcast.com/saviynt to learn more and get a free demo!

This segment is sponsored by Liminal. Visit https://cisostoriespodcast.com/liminal to learn more about them!

Visit https://cisostoriespodcast.com for all the latest episodes!

Let’s talk about what CISOs look for when hiring identity and access management team members. What training and experience is most attractive for the business and team.

This segment is sponsored by CyberArk. Visit https://cisostoriespodcast.com/cyberark to learn more about them!

This segment is sponsored by Saviynt. Please visit https://cisostoriespodcast.com/saviynt to learn more and get a free demo!

This segment is sponsored by Liminal. Visit https://cisostoriespodcast.com/liminal to learn more about them!

Visit https://cisostoriespodcast.com for all the latest episodes!