CISO Stories Podcast (Audio)

Hosted by Jessica Hoffman

TechnologyInterviews guests

Website RSS feed

Episodes

226

Latest episode

Jun 2026

Language

About the show

SC Media is proud to present this month's CISO Stories program, where CISOs share tales from the trenches and unpack leadership lessons learned along the way. Hosted by Jessica Hoffman.

Listen to episodes

60 recent

June 8, 202631 min

Critical Infrastructure: The Risk Hiding in Plain Sight - Jason Manar - CSP #225

In this episode, former FBI cyber leader Jason Manar joins us to unpack the state of critical infrastructure security and why small and medium-sized businesses are more connected to it than they realize. From power, telecom, healthcare, finance, and supply chains, Jason explains how hidden dependencies can turn "not our problem" into a business-stopping event. With his FBI perspective and CISO experience, Jason shares what organizations should understand about risk, resilience, and protecting the systems we all quietly rely on. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-225

May 11, 202637 min

IAM for MSSPs: The Hidden Risk of Blind Trust - Dustin Sachs - CSP #224

Identity is at the center of nearly every modern breach, but when IAM responsibilities are shared with MSSPs, where does trust end and accountability begin? In this episode of CISO Stories, Jessica Hoffman sits down with Dr. Dustin Sachs to explore the human side of identity and access management, including cognitive bias, automation, privilege creep, and the hidden risks of "blind trust" in real-world security operations. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-224

April 13, 202630 min

Cloud Security: The AI Effect & How to Proceed - Richard Marcus - CSP #223

In this episode of CISO Stories, Jessica Hoffman speaks with Richard Marcus, CISO at Optro, about how organizations are securing cloud environments at scale. They discuss secure by design principles, infrastructure as code, continuous monitoring, and how GRC and security teams are working together more effectively. The conversation also explores the impact of AI on both defense and the evolving threat landscape, with practical insights for modern security leaders. Segment Resources: Optro Cyber Risk Playbook: https://optro.ai/resources/ebook/the-cyber-risk-playbook-for-the-ai-threat-era This segment is sponsored by BlinkOps. Blink Micro-Agents stop AI threats with agentic speed and precision — visit https://cisostoriespodcast.com/blinkops to see the Agentic SOC in action. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-223

March 9, 202631 min

From Alerts to Action: Making Public–Private Threat Intel Actually Useful - Ian Washburn - CSP #222

Threat intelligence too often arrives as a steady stream of alerts that don't translate into clear, timely decisions. This episode explores how public-sector intel flows today through channels like CISA, MS-ISAC, and CIS—and why changes in funding and distribution can reshape what organizations actually receive and when. We also imagine an all-in state approach, where states take a bigger role in getting actionable cyber intel to local businesses and organizations. From a higher-ed security leadership lens, we connect student data privacy and regulatory realities to the broader public–private challenge—and highlight community-driven efforts like the Redwood Project that strengthen trust-based, peer-to-peer intelligence sharing. This segment is sponsored by Arctic Wolf. Visit https://cisostoriespodcast.com/arcticwolf to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-222

February 9, 202626 min

Beyond Vendor Risk: Real-Time GRC, AI, and Protecting App User Data - Jadee Hanson - CSP #221

CISO Jadee Hanson shares how Vanta "drinks its own champagne," running on NIST CSF with quarterly baseline reviews and using Vanta's GRC platform to turn every release into live UAT for privacy, governance, and compliance. We rethink third-party management—why point-in-time risk scores are fading and how AI drives continuous monitoring and outcome-based assurance. Bottom line: don't just audit—instrument your controls and prove trust in real time. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-221

January 12, 202626 min

Keys Without People — John Heasman on Cleaning Up Non-Human Access - John Heasman - CSP #220

Title: Keys Without People" — John Heasman on Cleaning Up Non-Human Access Summary: John breaks today's non-human identity mess into three buckets: core tools your business runs on, old/one-off integrations that linger, and engineer tokens left behind. His playbook is simple: decide what's truly critical, assign a clear owner, keep access minimal, and review it on a schedule. With AI spawning even more "non-human users," basics done well—prioritize, tighten, rotate, repeat—win the day. This segment is sponsored by Saviynt. Visit https://cisostoriespodcast.com/saviynt to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-220

December 8, 202529 min

Agents at the Door: Vetting Non-Human Identities in External IAM - Rakesh Soni - CSP #219

This episode was about agentic IAM—what it is and the risks that come with letting non-human agents act for customers. We defined external IAM, then traced how the industry moved from basic login and MFA to consent, delegation, and now agent-to-agent interactions. Along the way we unpacked key risks for CISOs and practitioners to consider. Segment Resources: https://www.loginradius.com/ https://customeriambook.com/ Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-219

November 10, 202527 min

ATT&CK → ATLAS: A CISO's Blueprint for AI Governance - Sandy Dunn - CSP #218

CISO Sandy Dunn breaks down her blueprint for AI-ready defense—pairing MITRE ATT&CK v18 with MITRE ATLAS to move from policy to behavior-based detections. We hit practical AI governance, her early focus on defending and understanding AI, and how OWASP GenAI tools turn checklists into action. Segment Resources: Article: https://www.linkedin.com/pulse/attck-v18-atlas-blueprint-ai-ready-defense-sandy-dunn-mafoc AI Cheat Sheet: https://www.linkedin.com/feed/update/urn:li:activity:7388688396166238208/ OWASP LLM Governance Checklist: https://genai.owasp.org/resource/llm-applications-cybersecurity-and-governance-checklist-english/ OWASP Threat Defense COMPASS: https://genai.owasp.org/resource/owasp-genai-security-project-threat-defense-compass-1-0/ Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-218

October 13, 202535 min

Security Awareness Through Trust and Influence - Jennifer Selby Long - CSP #217

Jennifer Selby Long reframes security awareness as more than training—it's about earning trust and influence with executives and security teams. She shares leadership lessons on how to build stronger alignment and support for security initiatives. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-217

September 8, 202533 min

OT on the Frontlines: Threat Intelligence You Can't Ignore - Dawn Cappelli - CSP #216

Dawn Capelli, Head of OT-CERT at Dragos, unpacks the evolving risks to Operational Technology. From nation-state attacks on Ukraine's infrastructure to hacktivists targeting U.S. water systems, she explains the PIPEDREAM malware, the top five SANS critical OT controls, and how Dragos' OT-CERT program offers free resources to help organizations defend critical infrastructure now. Segment Resources: https://www.dragos.com/community/ This segment is sponsored by NowSecure. Visit https://cisostoriespodcast.com/nowsecure to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-216