Cybersecurity’s human dimension takes center stage as we welcome Matthew Rosenquist, CISO, Cybersecurity Strategist and Advisor at Cybersecurity Insights. Hosts Aaron Lentz and Tim York guide the discussion, which explores the evolving role of CISOs, the realities of consolidation and AI’s increasing impact, ranging from bridging talent gaps to changing threat profiles.
Key Takeaways:
00:00 Introduction.
01:43 The market’s consolidation cycle disrupts legacy expectations.
06:28 CISOs must be influential at both board and business levels.
10:55 Technical and business leadership gaps are systemic.
14:54 Security features convert freemium users to revenue.
18:21 Basic protections boost small businesses’ security posture.
22:52 Revenue drivers define an effective security strategy.
27:01 Unrealistic entry-level job requirements stall progress.
30:59 Upskilling launches junior talent into future leadership.
35:19 AI elevates both security analysts and adversaries.
43:34 Behavioral awareness defends better than firewalls alone.
Resources Mentioned:
https://www.linkedin.com/in/matthewrosenquist
Cybersecurity Insights | LinkedIn
https://www.linkedin.com/company/cybersecurityinsights
Cybersecurity Insights | Website
https://www.cybersecurityinsights.us/
Thank you for listening to “Authenticate This!: The Cybersecurity Leadership Podcast.” Be sure to leave us a review and subscribe so you don’t miss an episode.
For more information, visit ic-consult.com
#Cybersecurity #IdentityManagement #InformationSecurity #IAM #IdentityAccessManagement
On this episode, hosts Aaron Lentz and Tim York sit down with Zach Lewis, Chief Information Officer and Chief Information Security Officer of the University of Health Sciences and Pharmacy in St. Louis. Zach discusses leading his university through a ransomware attack, how he balances security with student experience in a nonprofit environment, and why open conversations about breaches are vital for the industry.
Key Takeaways:
00:00 Introduction.
02:06 Zach's book chronicles the university's LockBit ransomware experience.
06:54 Password managers fail when Active Directory authentication becomes unavailable.
09:00 Companies now want cybersecurity leaders who understand breach environments.
14:27 Campus card systems integrate everything from dining to Grubhub.
20:24 AI coding tools represent emerging technological capabilities worth exploring.
23:54 Universities should teach students proper AI tool integration techniques.
28:45 Technical revolutions require flexible pivoting from established security plans.
37:36 Small organizations benefit from outsourcing 24/7 SOC monitoring.
42:48 Legacy applications must evolve, or organizations get left behind.
Resources Mentioned:
https://www.linkedin.com/in/aaron-lentz/
https://www.linkedin.com/in/tim-york-b80b23a/
https://www.linkedin.com/in/zacharylewis1
University of Health Sciences and Pharmacy in St. Louis | LinkedIn
https://www.linkedin.com/school/uhsp
University of Health Sciences and Pharmacy in St. Louis | Website
https://www.uhsp.edu
https://www.amazon.com/Locked-Cybersecurity-Mitigation-Real-World-Ransomware/dp/1394357044
Thank you for listening to “Authenticate This!: The Cybersecurity Leadership Podcast.” Be sure to leave us a review and subscribe so you don’t miss an episode.
For more information, visit ic-consult.com
#Cybersecurity #IdentityManagement #InformationSecurity #IAM #IdentityAccessManagement
On this episode, Tim York and Aaron Lentz talk to Steve Cobb, CISO of SecurityScorecard and a founding member of the CarolinaCISO. Steve shares how today’s threat actors are targeting human behavior more than systems, and why cultural change and technical guardrails are both essential. He also discusses mentoring the next generation of cyber talent, the importance of foundational skills and his leadership approach rooted in curiosity, communication and service.
Key Takeaways:
00:00 Introduction.
06:48 Deepfakes are now impersonating public officials to influence real-world decisions.
09:39 “Trust but verify” is essential in a world where video calls can be faked.
12:54 Organizations are rushing into AI at the cost of security and thoughtfulness.
16:27 Cultural assumptions about trust make US users especially vulnerable to deception.
20:51 We’re wired to seek connection; shifting to suspicion at work is counterintuitive but necessary.
23:36 Threat actors are focused on hacking people, not just tech.
26:15 Competitive cyber events train youth in real-world collaboration and red/blue team skills.
35:03 Strong cyber teams are grounded in foundational skills: networking, cloud and OS.
39:51 Communication, both up and down the chain, is a critical skill for cyber leaders.
40:30 Servant leadership — building trust and supporting the team — creates stronger, more resilient organizations.
Resources Mentioned:
https://www.linkedin.com/in/tim-york-b80b23a/
https://www.linkedin.com/in/aaron-lentz/
https://www.linkedin.com/in/wscobb/
SecurityScorecard | LinkedIn
https://www.linkedin.com/company/security-scorecard/
SecurityScorecard | Website
https://securityscorecard.com/
CarolinaCISO | LinkedIn
https://www.linkedin.com/company/carolinaciso/
CarolinaCISO | Website
https://www.carolinaciso.org/
Thank you for listening to “Authenticate This!: The Cybersecurity Leadership Podcast.” Be sure to leave us a review and subscribe so you don’t miss an episode.
For more information, visit ic-consult.com
#Cybersecurity #IdentityManagement #InformationSecurity #IAM #IdentityAccessManagement
On this episode, hosts Tim York and Jackie Henrich talk to Susanne Senoff, CISO of PROS, about making security human, building trust through connection and leading with authenticity. Susanne shares lessons from her unconventional career path, her views on psychological safety and how she builds resilient, empowered teams in high-stakes environments.
Key Takeaways:
(03:56) Making security fun starts with creating psychological safety and room for humor — even in high-pressure environments.
(11:29) Serving internal and external customers while driving meaningful security impact.
(13:44) Missed connections in security often stem from a lack of listening and failure to understand business constraints.
(15:58) Moving from individual contributor to leader means learning how to create impact through others.
(20:39) When expectations are clear and support is real, people rise to the challenge.
(24:41) Realizing the value of asking for help and knowing what energizes you.
(34:22) Mentorship often comes through informal moments, not structured relationships.
(40:14) Not all mentors give good advice. Leadership means filtering input and trusting your gut.
(45:00) Engaging with “grumpy gooses” is a fast path to trust and alignment because of their honesty.
Resources Mentioned:
https://www.linkedin.com/in/susanne-elizer-senoff-575ba96/
PROS | LinkedIn
https://www.linkedin.com/company/pros/
PROS | Website
https://pros.com/
Thank you for listening to “Authenticate This!: The Cybersecurity Leadership Podcast.” Be sure to leave us a review and subscribe so you don’t miss an episode.
For more information, visit ic-consult.com
#Cybersecurity #IdentityManagement #InformationSecurity #IAM #IdentityAccessManagement
Hosts Aaron Lentz and Tim York talk to Scott Ostrander, Vice President and Chief Information Security Officer of SPS Commerce and Founding Member of MinnesotaCISO.
With the experience that comes with two decades at Medtronic and now leading security at a SaaS company, Scott shares how he builds trust, manages risk and leads with empathy in fast-paced environments. He breaks down the limitations of access reviews, how AI is reshaping identity verification and why listening matters more than immediate change. From deepfake threats to third-party visibility and vendor partnerships, Scott offers pragmatic insights and people-centered leadership advice for today’s CISOs.
Key Takeaways:
(05:39) Deleting your biometric data reduces exposure if companies are sold or breached.
(11:09) Culture and identity shape how security decisions are made in business.
(16:30) Effective change depends on alignment and trust with the existing team.
(26:32) AI deepfakes now challenge the reliability of identity verification.
(28:22) Most organizations lack a clear view of their third-party risk landscape.
(38:45) The real risk in access reviews is denying needed access.
(43:46) Determining who has access to what remains difficult across SaaS ecosystems.
(48:31) Trusted vendors offer insight and partnership, not just a sales pitch.
(52:32) Trust builds when vendors stop selling and start listening.
Resources Mentioned:
https://www.linkedin.com/in/scott-ostrander-46846a8/
SPS Commerce | LinkedIn
https://www.linkedin.com/company/sps-commerce/
SPS Commerce | Website
https://www.spscommerce.com/
MinnesotaCISO | LinkedIn
https://www.linkedin.com/company/minnesotaciso/
MinnesotaCISO | Website
https://minnesotaciso.org/
Thank you for listening to “Authenticate This!: The Cybersecurity Leadership Podcast.” Be sure to leave us a review and subscribe so you don’t miss an episode.
For more information, visit ic-consult.com.
#Cybersecurity #IdentityManagement #InformationSecurity #IAM #IdentityAccessManagement
On this episode, hosts Aaron Linz and Tim York talk to Rich Rhodes, Chief Information Security Officer of Choice Bank. Rich shares how his people-first philosophy shapes the way he leads security programs, especially during high-stress moments like bank mergers, regulatory pressure and pandemic-era team isolation. Drawing from years in financial services and community work, Rich explains why fundamentals matter, how humor builds trust and why he believes security is 90% people.
Key Takeaways:
(04:30) Volunteer work revealed the real-world consequences of identity loss.
(07:56) Cybersecurity leadership must center the human experience, not just controls.
(09:33) Managing conflict in security teams requires empathy and intentional restraint.
(16:09) Employee well-being and development are critical responsibilities of CISOs.
(18:25) Regular communication and transparency help unify distributed teams.
(27:04) Large-scale IAM implementations demand urgency and cross-functional alignment.
(30:55) Creative morale boosters can protect team mental health during crises.
Resources Mentioned:
https://www.linkedin.com/in/rich-rhodes-cissp-pcip-1b35755/
Choice Bank | LinkedIn
https://www.linkedin.com/company/choicebank/
Choice Bank | Website
https://bankwithchoice.com/
Meals on Wheels | Website
https://meals-on-wheels.com/
Thank you for listening to “Authenticate This!: The Cybersecurity Leadership Podcast.” Be sure to leave us a review and subscribe so you don’t miss an episode.
For more information, visit https://ic-consult.com.
#Cybersecurity #IdentityManagement #InformationSecurity #IAM #IdentityAccessManagement
Hosts Aaron Lentz and Tim York talk to Andrew Wilder, Chief Security Officer of Vetcor. With three CISO roles under his belt — including at Nestlé — Andrew shares how he evolved from a command-and-control leader to a collaborative influencer of change. He discusses the importance of identity hygiene, working with the C-suite and why taking your own notes is a secret weapon for long-term leadership. From mentoring through CyberUp to partnering with startups, Andrew offers real stories and practical advice for modern cybersecurity leaders.
Key Takeaways:
(04:41) Dormant accounts and poor identity hygiene are common cybersecurity challenges.
(08:46) Understand the level of change before accepting a leadership role.
(11:52) Mature CISOs accept business risk decisions and move forward.
(16:29) Staying calm in a cyber crisis helps lead a team with clarity.
(21:54) Agentic AI offers efficiency but brings big change challenges.
(27:27) Automate last — after you question, delete, simplify and accelerate.
(32:13) Overpermissioned accounts are prime for data exfiltration.
(38:02) Strong relationships beat cold outreach every time.
(40:26) Cyber insurance now drives many security tool decisions.
(43:13) Partnerships give CISOs tools, team growth and ecosystem security.
(46:34) Trusting AI blindly is a dangerous mistake.
Resources Mentioned:
https://www.linkedin.com/in/aaron-lentz/
https://www.linkedin.com/in/tim-york-b80b23a/
https://www.linkedin.com/in/apwilder/
https://www.linkedin.com/company/vetcor/
https://wecyberup.org/
https://www.infragard.org/
Thank you for listening to “Authenticate This!: The Cybersecurity Leadership Podcast.” Be sure to leave us a review and subscribe so you don’t miss an episode.
For more information, visit ic-consult.com.
#Cybersecurity #IdentityManagement #InformationSecurity #IAM #IdentityAccessManagement
On this episode, Julie Myerholtz, Chief Information Security Officer of Brunswick Corporation, shares her approach to identity security, leadership and security culture. She explains why people, not tools, are the first line of defense, how gamification improves security awareness and why identity security must evolve to address non-human identities and just-in-time access.
Key Takeaways:
(09:10) A strong mentor can shape an effective approach to identity security.
(12:17) A formal IT degree isn’t required for a successful cybersecurity career.
(13:52) Cybersecurity plays a direct role in keeping business operations running.
(17:41) Executives need impact, not technical details, in security reporting.
(20:27) Security’s success is invisible — failure is when people take notice.
(23:40) Security must align with business risk, not just technical threats.
(29:08) Identity security is the foundation of digital defense.
(32:50) Legacy identity debt creates major security challenges.
(36:17) Non-human identities must be managed like human accounts.
(39:42) Security incentives drive faster user adoption of new systems.
(43:00) Daytime deployments keep support teams available for issues.
Resources Mentioned:
https://www.linkedin.com/in/jmyerholtz/
https://www.linkedin.com/company/brunswick-corporation/
CyberArk -
https://www.cyberark.com/
https://rhisac.org/
Thank you for listening to “Authenticate This!: The Cybersecurity Leadership Podcast.” Be sure to leave us a review and subscribe so you don’t miss an episode.
For more information, visit ic-consult.com.
#Cybersecurity #IdentityManagement #InformationSecurity #IAM #IdentityAccessManagement
On this episode, Corey Kaemming, Sr. Director of Information Security at Valvoline Inc., joins the conversation to share his leadership philosophy, the evolution of identity security and the real challenges security professionals face today. From the overuse of buzzwords to vendor consolidation, Corey provides a candid look at what works — and what doesn’t — in building a strong security program.
Key Takeaways:
(06:36) Corey’s leadership philosophy is rooted in listening first and building trust.
(10:58) Early mentorship conveys the importance of preparation and empathy.
(13:07) Identity security touches every part of the business and drives operations.
(18:49) Breaking into identity security requires hands-on experience and adaptability.
(23:59) Security leaders must communicate in ways that resonate with executives.
(27:47) Running security for a company's divestiture requires trust and precision.
(30:44) People resist security changes, but tying them to business outcomes helps.
(37:38) Too many identity tools create complexity and strain resources.
(42:29) Security isn’t a one-time fix — it demands constant attention and updates.
(53:56) Zero trust is widely used but often misunderstood in execution.
Resources Mentioned:
https://www.linkedin.com/in/corey-kaemming/
https://www.linkedin.com/company/valvoline/
Evanta -
https://www.evanta.com/
Signal -
https://signal.org/
Retail & Hospitality ISAC (RH-ISAC) -
https://rhisac.org/
Thank you for listening to “Authenticate This!: The Cybersecurity Leadership Podcast.” Be sure to leave us a review and subscribe so you don’t miss an episode.
For more information, visit ic-consult.com.
#Cybersecurity #IdentityManagement #InformationSecurity #IAM #IdentityAccessManagement
On this inaugural episode, hosts Aaron Lentz and Tim York explore the human element in cybersecurity leadership, using real-world examples and practical insights. From understanding the nuances of deepfakes to thinking of identity tools as hammers, they share actionable strategies for influencing organizational culture and fostering effective collaboration.
Key Takeaways:
(02:26) A false tsunami alert at Bandon Dunes highlighted different human reactions to crises.
(06:02) Deepfakes have evolved from basic to highly convincing, requiring cultural changes to combat them effectively.
(12:25) A privileged access management (PAM) tool failed due to poor communication and user resistance.
(17:03) The rise of Chief Identity Officer roles reflects the growing complexity of identity programs.
(20:27) Simplifying identity workflows is critical for future-proofing cybersecurity strategies.
(25:42) Onboarding delays can erode trust and impact organizational culture.
(27:46) The best CISOs focus on influencing internal culture alongside implementing tools.
Resources Mentioned:
https://www.linkedin.com/in/aaron-lentz/
Tim York -
https://www.linkedin.com/in/tim-york-b80b23a/
Thank you for listening to “Authenticate This!: The Cybersecurity Leadership Podcast.” Be sure to leave us a review and subscribe so you don’t miss an episode.
For more information, visit ic-consult.com
#Cybersecurity #IdentityManagement #InformationSecurity #IAM #IdentityAccessManagement