All links and images can be found on CISO Series

This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining is Megan Samford, vp product and supply chain security, Schneider Electric.

In this episode:

• Two modes of CISO
• The vendor has the keys
• The economic argument for secure code
• Burning through the talent

A huge thanks to our sponsor, Native Security

Native makes secure-by-design inherent to how the cloud operates. It's the control plane for built-in cloud security, unifying and governing native controls, so security intent is defined once and applied consistently across providers. Learn more at native.security.

All links and images can be found on CISO Series

This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is Dmitriy Sokolovskiy, senior vice president, information security, Semrush.

This episode was recorded in front of a live audience at the offices of Aqueduct Technologies in Canton, MA. See photos from the event.

In this episode:

• A clock on everything
• The oversight loop
• Not a better tool, a different one
• It's not the alerts

A huge thanks to our sponsor, Strike48

It's no secret that AI is only as good as the data available to it. Strike48 unifies agentic AI with unmatched log visibility while avoiding the typical hefty price tag. Build and deploy agents for phishing detection, alert triage, threat correlation and more. Queries existing logs where they currently live, so you can keep the technology you already have. Learn more at Strike48.com.

A huge thanks to our sponsor, Dropzone AI

Dropzone AI delivers a team of AI agents that investigate alerts, hunt threats, and respond to attacks across your full security stack. No playbooks required. No hidden humans in the critical path. Your analysts stay in control, directing strategy while AI agents handle the investigation workload at machine speed. Learn more at dropzone.ai.

All links and images can be found on CISO Series

This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining is our sponsored guest, Danny Jenkins, CEO, ThreatLocker.

In this episode:

• Permission creep at machine speed
• The pattern we keep calling a mistake
• Stop authenticating the human
• Vibe coded out of existence

A huge thanks to our sponsor, ThreatLocker

ThreatLocker delivers Zero Trust Network Access and Zero Trust Cloud Access that verifies both user and device before granting access to specific applications. No broad access, nothing exposed, and no reliance on credentials alone. It's a smarter way to control access and reduce risk. Learn more at ThreatLocker.com/CISO.