Brought to you by:

Check Point (www.checkpoint.com)

Armis (www.armis.com)

Guidepoint Security (www.guidepointsecurity.com)

🎙️ Episode Summary

During The Professional CISO Show – St. Louis Tour Stop, Zach Lewis joins host David Malicoat to discuss his path from IT support to the executive suite, his experience navigating a real ransomware incident, and his forthcoming book Locked Up (Wiley, 2026).

Wiley Books: https://www.wiley.com/en-us/Locked+Up%3A+Cybersecurity+Threat+Mitigation+Lessons+from+A+Real-World+LockBit+Ransomware+Response-p-9781394357048

Zach also explores how wilderness survival parallels cybersecurity—teaching preparedness, adaptability, and mental endurance—and why CISOs must lead with transparency and authenticity.

🔑 Key Takeaways

• CIO and CISO roles are converging faster than ever in modern enterprises.
• Sharing real breach stories removes stigma and helps the community grow.
• Wilderness survival mirrors the mindset needed for effective incident response.
• Writing a book can transform your professional credibility and brand.
• Visibility matters: every CISO should cultivate a public voice.

💬 Notable Quotes

🎁 Listener Benefits

• Hear a first-hand ransomware leadership story
• Learn how to balance dual CIO and CISO responsibilities
• Gain inspiration to publish your own cybersecurity insights
• Discover the surprising connection between wilderness survival and cybersecurity strategy

📣 Call to Action

Follow The Professional CISO Show on your favorite platform for conversations that move the cybersecurity profession forward.

🔗 Connect with Us

🌐 www.thpc.co

💼 The Professional CISO Show on LinkedIn

🎥 Watch on YouTube

🎧 Spotify

🍏 Apple Podcasts

Episode Summary

Recorded live at HOU.SEC.CON, The Professional CISO Show welcomes Tommy Perniciaro, Director of Solutions Architecture at LayerX, to explore why the browser has become the least-instrumented layer in the modern security stack — and how CISOs can finally gain visibility and control over it.

David and Tommy discuss everything from malicious browser extensions and OAuth-based phishing to AI prompt leakage and the emergence of “AI browsers.” Listeners will walk away with a new appreciation for the browser as the enforcement point of the future — and practical insights on deploying LayerX to close this growing gap.

Key Takeaways

• The browser is now a primary attack surface for enterprise users.
• LayerX gives security teams visibility and control without replacing browsers.
• GenAI tools and prompts can leak sensitive data if not monitored at the DOM level.
• OAuth-based phishing is bypassing traditional email and network defenses.
• Secure enterprise browsers struggle with user adoption — LayerX works inside the browsers you already have.
• AI browsers are emerging as the next battleground for identity and data protection.
• Post-quantum cryptography will further challenge network-layer inspection.

Notable Quotes

Listener Benefits

• Understand why browser visibility is critical in today’s SaaS-driven enterprise.
• Learn how to prepare your organization for the age of GenAI and AI browsers.
• Get practical deployment and change management insights for LayerX and similar solutions.
• Discover how browser-level inspection complements your EDR and network security stack.

Call to Action

Subscribe to The Professional CISO Show on your favorite platform and join the movement to professionalize the CISO role.

🎧 Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673

🍎 Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021

🌐 Website: www.thpc.co

Episode Summary

In this episode, host David Malicoat sits down in St. Louis, Missouri with Gary Chan, Chief Information Security Officer at SSM Health — and a professional Security Mentalist. Gary blends his background in cybersecurity, engineering, and mentalism to bring a refreshingly human and creative approach to leadership, awareness, and influence in the world of cyber.

From performing mind-reading demonstrations to explaining how storytelling drives executive buy-in, Gary shows us how creativity and communication can transform a CISO’s impact inside and outside the organization.

They dive deep into how CISOs can become better leaders, storytellers, and advocates for security — and why selling the “why” is far more powerful than explaining the “how.”

Key Takeaways

• 🎩 Magic Meets Cybersecurity: How Gary uses mentalism and showmanship to make security awareness engaging and unforgettable.
• 🧭 The Future of the CISO: Why tomorrow’s security leaders must master storytelling, influence, and emotional intelligence — not just technology.
• 💼 Selling the Business Case: How to translate “reduce risk” into tangible stories that matter to the CFO, board, and business leaders.
• 🧠 Leadership Lessons from the Stage: What performing magic taught Gary about persuasion, empathy, and audience connection.
• 💡 From VAR to Healthcare CISO: Gary’s career journey through consulting, sales, and healthcare leadership — and the lessons he carried forward.

Notable Quotes

Listener Benefits

• Learn how to communicate cybersecurity’s value through stories, not stats
• Discover practical ways to make security awareness fun and memorable
• Gain insight into leadership and influence beyond the technical realm
• Hear real-world lessons on career growth from consulting to the CISO seat

Call to Action

✅ Follow The Professional CISO Show on LinkedIn

🎧 Listen and Subscribe on Spotify or Apple Podcasts

🌐 Visit THPC.co for show updates and events

Guest Information

Gary Chan

Chief Information Security Officer, SSM Health

Security Mentalist & Speaker

🔗 Website: gschan2000.com

🔗 Search “Gary Chan Security Mentalist” for more information

Sponsors

This episode is made possible by:

• Check Point – 2025 Workspace Security Insights Roadshow (www.checkpoint.com)
• Armis – 2025 Cyber Warfare Report (www.armis.com)
• GuidePoint Security – Trusted cybersecurity expertise across Fortune 500 and government agencies (www.guidepointsecurity.com)

Hashtags

#TheProfessionalCISO #CybersecurityLeadership #CISO #GaryChan #SecurityAwareness #CyberCulture #SecurityMentalist #LeadershipDevelopment #StorytellingInSecurity #CISOShow #THPCShow

Episode Summary

In this episode, David Malicoat sits down with Kate Goldman, founder and CEO of Cybermaniacs, to challenge one of cybersecurity’s oldest assumptions — that humans are the weakest link. Kate argues it’s time for CISOs to rethink human risk, culture, and resilience in the modern organization.

Together, David and Kate explore the emerging field of Human Risk Management, the idea of the Human Operating System, and how leaders can leverage psychology, culture, and AI to build resilient teams that thrive in the age of digital transformation.

Key Takeaways

• Why the phrase “humans are the weakest link” needs to be retired.
• The concept of the Human Operating System — and how to “patch” human vulnerabilities.
• How to evolve from compliance-based awareness to behavior-based resilience.
• Why culture, psychology, and norms are the real keys to cybersecurity success.
• The intersection of AI and human risk — and how workforce roles must evolve.
• Why the next wave of cyber resilience will require rethinking training, learning, and leadership.

Notable Quotes

Listener Benefits

By listening, cybersecurity leaders will gain:

• A new framework for understanding and managing human risk.
• Insights into integrating behavioral science and culture into cybersecurity programs.
• Practical ideas for evolving awareness, resilience, and workforce readiness in the AI era.

Call to Action

If you believe it’s time to professionalize the role of the CISO, hit Follow on Spotify or Apple Podcasts, and visit us at www.thpc.co for upcoming episodes and tour dates.

Connect with Us

• LinkedIn: https://www.linkedin.com/company/the-professional-ciso-show
• YouTube: http://www.youtube.com/@TheProfessionalCISO
• Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673
• Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021

Guest Info

Kate Goldman

CEO & Founder, Cybermaniacs

www.thecybermaniacs.com

Follow on LinkedIn: Kate Goldman

Sponsors

This episode is made possible by:

• MagicMirror Security — “The magic happens when security is invisible.” magicmirrorsecurity.com/thpc

Related Episodes

• Ep. 80 – Stop Rolling Your Eyes: AI Is Your CISO Leadership Opportunity
• Ep. 82 – Responsible AI in Cybersecurity with Alain Espinosa
• Ep. 85 – LLMs vs SLMs: The Future of AI in Cybersecurity

Hashtags

#CyberSecurity #CISO #HumanRisk #CyberAwareness #AIinSecurity #CyberCulture #Leadership #CyberResilience #TheProfessionalCISOShow

Episode Summary:

Joe Sullivan returns to The Professional CISO Show for a wide-ranging discussion with host David Malicoat. Together, they unpack the Salesforce hack, SaaS application blind spots, identity and access management, AI noise versus real use cases, and how security teams must evolve. Joe also shares candid lessons from crisis leadership, regulatory scrutiny, and the personal realities of being a CISO under fire.

Key Takeaways:

• Why SaaS security is still a blind spot — and how attackers exploit it
• Identity, cookies, and why current authentication standards fall short
• The fading CIO role and the rise of security leaders managing IT
• How AI will reshape both security threats and team structures
• AppSec’s critical role in the future of cybersecurity
• Building true organizational resilience in the age of ransomware
• Joe’s personal reflections on accountability, recovery, and resilience

Notable Quotes:

• “We can’t buy our way to good identity security yet.” – Joe Sullivan
• “AI is just a hyper speed version of a human problem.” – Joe Sullivan
• “Sooner or later, every CISO faces crisis — and we must prepare like firefighters.” – Joe Sullivan
• “The CEO wants a digital risk leader, not just a security leader.” – Joe Sullivan

Listener Benefits:

• Gain insight into current and emerging cybersecurity risks
• Learn practical approaches to SaaS and identity security
• Understand how AI will transform both attacks and defenses
• Hear candid reflections on resilience, leadership, and accountability

Call to Action:

🎧 Subscribe and listen:

• Spotify: The Professional CISO Show
• Apple Podcasts: The Professional CISO Show

💼 Connect on LinkedIn: The Professional CISO Show

🌐 Learn more: www.thpc.co

"I get it. I need to stop banging on the table. This will be fixed in future episodes. Sorry for the poor sound experience." - David

Get your Responsible AI Vendor Due Diligence Checklist here: https://webforms.pipedrive.com/f/ccV6a7kFIWKZpodmLcDbBhKhYnVU5N81A2tM20DGC8gepc0UtzfcqYaHXfzBi8gzuz

Episode Summary:

In this episode of The Professional CISO Show, David Malicoat explores whether “Responsible AI” pledges from vendors are genuine safeguards or simply marketing buzz. Using Zscaler’s recent claims as a case study, David walks through vendor promises, compliance implications, audit gaps, and blind spots around explainability, bias, and portability.

The episode introduces a practical CISO Vendor AI Evaluation Sheet across six domains — data handling, AI governance, auditability, liability, transparency, and exit strategy — to help CISOs push beyond assurances and demand evidence.

Key Takeaways:

• Why “Responsible AI” is often indistinguishable from “Responsible Marketing”
• The compliance challenges with GDPR, HIPAA, CCPA, SR 11-7, and the EU AI Act
• How metadata, audit evidence gaps, and third-party dependencies introduce hidden risk
• Why boards must be educated on AI risk vs. AI marketing hype
• Why CISOs must own the Responsible AI conversation before regulators step in

Notable Quotes:

• “Responsible AI should be more than a press release. It must be auditable, enforceable, and defensible in front of a regulator.”
• “When regulators knock, they won’t call the vendor first. They’ll call you.”
• “Don’t just take a vendor’s word for it — ask hard questions, demand evidence, and get it in writing.”

Listener Benefits:

By listening, you’ll gain a sharper lens for evaluating AI vendor claims, practical tools to strengthen your vendor management process, and strategies to get ahead of inevitable regulation.

Call to Action:

👉 Download the free CISO Vendor AI Evaluation Sheet from the show notes.

👉 Share this episode with your peers and comment your perspective on LinkedIn.

👉 Subscribe on Spotify, Apple Podcasts, and YouTube.

🔖 Hashtags

#ResponsibleAI #CISO #CybersecurityLeadership #TheProfessionalCISO #AICompliance #VendorRisk #AIGovernance

Sponsors:

ObservoAI (www.observo.ai)

Guidepoint Security (www.guidepointsecurity.com)

Episode Summary:

AI isn’t just hype anymore — it’s transforming the way enterprises operate. At GPSEC St. Louis, David Malicoat sits down with Felix Simmons, Principal Security Architect at GuidePoint Security, to cut through the noise around AI adoption, risk, and controls.

Felix explains why AI is unlike past technology waves, how business demand is driving adoption faster than security teams can keep up, and what enterprises can do to prepare. From agentic AI and non-human identities to offline models and emerging security tooling, this conversation offers a practical guide for CISOs navigating AI in the enterprise.

What You’ll Learn in This Episode:

• The real risks of AI adoption beyond the hype
• How business-driven demand changes the security equation
• Why AI controls lag adoption — and what to do about it
• The rise of agentic AI and new identity risks
• Offline models, adversarial risks, and scanning challenges
• What the future of AI-driven enterprise security may look like

Guest:

Felix Simmons — Principal Security Architect, GuidePoint Security

Links & Resources:

• 🌐 Website: www.thpc.co
• 📺 Watch More Episodes: http://www.youtube.com/@TheProfessionalCISO 
• 🎧 Listen on https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673 
• 🍏 Listen on https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021 
• 💼 Connect on https://www.linkedin.com/company/the-professional-ciso-show 

Hashtags:

#Cybersecurity #CISO #AI #EnterpriseSecurity #GPSEC #GuidePointSecurity #ObservoAI

Summary:

Recorded live at CISO XC DFW, this episode of The Professional CISO Show features three powerful conversations from leaders shaping the future of cybersecurity.

First, Sonya Wickel shares her 24-year career journey from IT generalist to CISO & CIO, offering insights on fourth-party risk, the value of empathy in leadership, and the importance of staying sharp in both IT and cybersecurity.

Then, Eric Bowerman takes us inside the complex task of securing Dallas Fort Worth International Airport — from operational technology and stakeholder management to implementing passwordless authentication and preparing for global events like FIFA.

Finally, Tera Davis explains how CyberOne has built a true community partnership with CISO XC, scaling professional services, preparing organizations for AI adoption, and fostering the next generation of security talent.

Sponsors

Valence Security (www.valencesecurity.com)

CISO XC (www.cisoxc.com)

Key Topics Covered:

• CISO/CIO dual-role challenges & strategies
• Third & fourth-party risk management best practices
• Critical infrastructure & OT security challenges
• Building trust and stakeholder alignment in high-impact environments
• Passwordless authentication for operational teams
• Authentic sponsor–community relationships
• Scaling professional services & AI readiness

Links & Resources:

🌐 Website: www.thpc.co

📺 Watch More Episodes: 

http://www.youtube.com/@TheProfessionalCISO

🎧 Listen on Spotify: Open on Spotify

🍏 Listen on Apple Podcasts: Open on Apple Podcasts

💼 LinkedIn: Follow on LinkedIn

Hashtags:

#CyberSecurity #CISO #TheProfessionalCISO #CISOXC #CyberLeadership #RiskManagement #OTSecurity #ThirdPartyRisk #AirportSecurity #Passwordless #CyberCommunity #CyberOne #ValenceSecurity

Sponsors

AIM Security (www.aim.security)

Guidepoint Security (www.guidepointsecurity.com)

Kristi Cook, Head of Cybersecurity at Peabody Energy, joins David Malicoat live from GPSEC St. Louis — with AIM Security as our midday sponsor — to discuss how she’s leading her team through AI adoption, data governance, and talent development.

From leveraging conferences as both morale boosters and strategic accelerators, to building a sustainable talent pipeline through the CyberUp apprenticeship program, Kristi offers actionable insights for CISOs facing rapid technological change.

We also dive into the unique trust and collaboration in the St. Louis cybersecurity community, and why AI may finally give security leaders the leverage to fix long-standing data governance challenges.

Key Topics Covered:

• Leadership panel insights: AI, SaaS security, hiring, and retention
• Using conferences for team building and strategy alignment
• Justifying training investments to executive leadership
• Foundations for AI security: IAM and data protection
• Solving the talent gap with apprenticeship programs
• Why local community trust matters in cybersecurity
• Preparing for the next wave of rapid tech change

Resources & Links:

• AIM Security: www.aimsecurity.ai
• CyberUp Apprenticeship Program: wecyberup.org
• The Professional CISO Show Website: www.thpc.co
• Watch on YouTube: @TheProfessionalCISO
• Listen on Spotify: Click Here
• Listen on Apple Podcasts: Click Here
• Connect on LinkedIn: The Professional CISO Show

#️⃣ Hashtags

#Cybersecurity #CISO #TheProfessionalCISOShow #DataGovernance #AIsecurity #Leadership #TeamBuilding #CyberTalent #IdentityAccessManagement #StLouisCybersecurity #GPSEC #PeabodyEnergy #CyberUp

Sponsored by HivePro (www.hivepro.com) and CISO XC (www.cisoxc.com).

EP80 – CISO XC DFW | Hive Pro Special: AI, Identity & The Future of Cyber Roles

Live from CISO XC DFW, The Professional CISO Show dives into the intersection of innovation, leadership, and cyber resilience. Host David Malicoat sits down with:

• Ted Sanders, BISO and cybersecurity educator, to discuss embedding cyber strategy at scale and why the BISO role is the next great proving ground for future CISOs.
• Jon Brickey, SVP & Cybersecurity Evangelist at Mastercard, as he unpacks his unique career journey from NSA to Mastercard and explains how cyber innovation, threatcasting, and AI will reshape the landscape.
• Travis Farral, CISO at RK Energy, who shares actionable insights on session token hijacking, third-party risks, and his strategic push for FIDO2 adoption in a hybrid environment.

Sponsored by Hive Pro, a leader in Continuous Threat Exposure Management. Learn more at 

https://hivepro.com

Key Takeaways:

• The BISO role as a critical extension of CISO leadership
• Why threat translation is a core skill for cyber leaders
• How AI will augment, not replace, cybersecurity roles
• Jon Brickey’s “Forrest Gump” career across the evolution of cyber defense
• Identity strategy as a cornerstone of modern resilience

🎯 Perfect for: CISOs, aspiring cyber leaders, SOC managers, and innovators thinking about the future of security and strategy.

🔗 Links & CTAs

🌐 Website: www.thpc.co

📺 Watch More Episodes: YouTube

🎧 Listen on Spotify | Apple Podcasts

🔗 Follow us on LinkedIn

👤 Guest Info

• Ted Sanders – BISO in financial services, Cybersecurity Instructor at Collin College
• Jon Brickey – SVP & Cybersecurity Evangelist, Mastercard
• Travis Farral – CISO, RK Energy

📌 Related Episodes

• EP79: Rob T. Lee on Cybersecurity Training Futures
• EP77: The AI Opportunity for CISOs

🔖 Hashtags

#Cybersecurity #CISO #BISO #AIinSecurity #CyberInnovation #MastercardSecurity #FIDO2 #ThreatExposure #HivePro #TheProfessionalCISO #CISOStrategy #CyberEvangelism #CyberLeadership #CyberPodcast

In this special RSA Conference edition of The Professional CISO Show, host David Malicoat sits down with Rob T. Lee—Chief of Research at SANS Institute and a foundational figure in cybersecurity. With nearly three decades of experience spanning the Air Force, Mandiant, and SANS, Rob shares his insights on the evolving challenges of the CISO role, the toxicity of today’s security environments, and the urgent need for AI literacy across the industry.

Rob dives deep into the accelerating threat landscape, the need for cyber safe harbors, and why he believes we’re on the verge of normalizing breaches as the cost of doing business. He also makes the case for rewarding defenders and rethinking how we define cybersecurity success.

Key Highlights:

• Why most CISOs say “never again”—and what needs to change
• Why Rob coined DFIR and CTI (and the story behind it)
• The CISO “zero-sum game” and how toxic cultures persist
• Rob’s 4-part personal health mantra: Sleep, Diet, Exercise… and AI
• A call to “Learn AI daily”—for security pros and business leaders alike
• What boards should be doing—and why every board needs a cyber voice
• Rob’s RSA keynote preview: cyber safe harbors and AI velocity imbalance

Guest:

👤 Rob T. Lee – Chief of Research, SANS Institute

🔗 https://www.sans.org/profiles/rob-t-lee/

Host:

🎙️ David Malicoat, The Professional CISO Show

🌐 www.thpc.co

Listen & Subscribe:

🔊 Spotify: The Professional CISO Show on Spotify

🍎 Apple Podcasts: The Professional CISO Show on Apple

📣 Hashtags: #Cybersecurity #TheProfessionalCISO #RSA2025 #RobTLee #SANS #DFIR #AIinSecurity #CyberRisk #CISOLeadership #CTI #CyberSafeHarbor #LearnAIDaily #IncidentResponse #AIThreats #CyberCulture

Sponsors:

Rubrik (www.rubrik.com)

Guidepoint Security (www.guidepointsecurity.com)

In this episode of The Professional CISO Show, David Malicoat hosts a special two-part discussion live from GPSEC STL in St. Louis. First up is Mark Ashworth, CISO of First Bank and host of The Cyber Executive Podcast, who discusses leadership development, AI, mentorship, and why he started podcasting as a CISO. Then, Michael Evans, Head of Information Security at Energizer, shares his grounded take on data governance, foundational AI readiness, and why security conversations at live events are vital for industry growth.

Key Highlights:

• Mark Ashworth on AI maturity, team building, and starting a CISO podcast
• Michael Evans on AI implementation and why data governance must come first
• Live insights on talent retention, vendor risk, and security leadership
• A look ahead: quantum-safe encryption and what CISOs should watch next

Call to Action:

Subscribe to The Professional CISO Show for unfiltered conversations with the leaders shaping cybersecurity.

🎧 Listen on Spotify: The Professional CISO Show

📱 Listen on Apple Podcasts: The Professional CISO Show

🌐 More Episodes + Info: www.thpc.co

🔗 Follow us on LinkedIn: The Professional CISO Show

Hashtags:

#CyberSecurity #CISO #AI #DataGovernance #Leadership #TheProfessionalCISO #CyberPodcast #GPSEC #CyberTalent #QuantumSecurity #MarkAshworth #MichaelEvans

🔹 Live from CISO XC DFW (www.cisoxc.com) | Sponsored by Valence Security (www.valencesecurity.com)

In this field-recorded episode of The Professional CISO Show, host David Malicoat returns to CISO XC DFW for another round of dynamic, on-the-ground conversations with three influential cybersecurity leaders — each offering a unique and grounded perspective on today’s real-world risks and tomorrow’s security frontiers.

Cyber attorney and governance thought leader Shawn Tuma returns to discuss the resurgence of business email compromise (BEC), the importance of humility in cyber defense, and why AI governance is rapidly becoming a core CISO responsibility. Maritime security executive Glen Vickers walks us through the harsh realities of securing satellite-connected vessels, dealing with Starlink, and the challenges of maritime connectivity. Then, longtime friend of the show and security visionary Chris Cochran reveals his newest venture: Commandant, an AI-powered incident response co-pilot designed to fundamentally change how organizations respond to crisis events — complete with its own assistant, Lucy.

Throughout the episode, we also explore the challenges of securing SaaS ecosystems, managing identity at scale, and the rising importance of proactive vendor evaluation and tabletop readiness.

Whether you’re a field-hardened CISO or just starting your executive security journey, this episode brings you into the heart of cybersecurity’s most pressing conversations — unfiltered, insightful, and straight from the source.

🔑 What You’ll Learn in This Episode

• The dangerous re-emergence of BEC as a top threat vector — and why AI may be amplifying the risk
• Why CISOs must lead the charge on AI governance and strategy — or risk being sidelined
• How FIDO and identity modernization can reduce exposure to targeted fraud
• Insights on satellite cybersecurity, Starlink limitations, and maritime network vulnerabilities
• A behind-the-scenes preview of “Commandant,” an AI co-pilot for incident response — designed to help IR teams with note-taking, SLA tracking, notification workflows, and continuous tabletop exercises
• How vendor selection, tabletop simulations, and small supplier coordination can make or break your organization during a crisis
• Why humility, not hubris, is the most underrated leadership trait in cybersecurity

💬 Notable Quotes

🎧 Listen & Subscribe

📍 Available now on all major platforms:

🔗 Spotify

🔗 Apple Podcasts

🌐 Full episodes and show resources at www.thpc.co

📣 Stay Connected with The Professional CISO Show

📺 Watch on YouTube

💼 Follow on LinkedIn

🧠 Guest Info

• Shawn Tuma – Partner at Spencer Fane, co-author of GC + CISO Connection
• Glen Vickers – CISO at ABS Wavesight
• Chris Cochran – Co-founder, Commandant AI | Formerly of Netflix, NSA, Mandiant

📚 Related Episodes

• EP 71 – CISO Culture & AI Strategy
• EP 63 – AI Governance and the Role of the CISO
• EP 45 – Shawn Tuma on Legal Risk, AI, and Cyber Insurance

🔖 Hashtags

#CISO #CyberSecurity #TheProfessionalCISOShow #BusinessEmailCompromise #AIinSecurity #IncidentResponse #MaritimeCyber #StarlinkSecurity #ValenceSecurity #CommandantAI #LeadershipInCyber #FIDO #SupplyChainRisk #CyberInsurance #SaaSVisibility #RealWorldSecurity

Sponsors:

ObservoAI (www.observo.ai)

Guidepoint Security (www.guidepointsecurity.com)

In this episode of The Professional CISO Show, recorded live at GuidePoint Security’s GPSEC STL event, host David Malicoat sits down with David Young, Chief Revenue Officer at ObservoAI. Together, they unpack the explosive growth of security data, the hidden costs of legacy pipelines, and why modern SOCs are hitting a breaking point. David shares Observo AI’s origin story from within Rubrik, and how their AI-native platform helps security teams stop drowning in data, reduce costs, and uncover real threats faster. It’s a must-listen for CISOs, SOC leaders, and anyone dealing with the complexity of modern security data environments.

What You’ll Learn:

• Why traditional SIM and log management approaches are failing
• The origin of ObservoAI inside Rubrik’s massive 20PB security lake
• How AI and open-box ML models are transforming SOC operations
• Real-world cost reductions and productivity gains from major enterprises
• Where the future of data pipelines, SOAR, and AI in security is headed

Guest:

🎙 David Young, CRO at Observo AI

🔗 Connect: https://www.linkedin.com/in/davidmyoung/

Host:

🎤 David Malicoat, Host of The Professional CISO Show

🌐 www.thpc.co | LinkedIn

Listen + Subscribe:

🟢 Spotify

🍎 Apple Podcasts

Hashtags:

#Cybersecurity #CISO #SecurityData #AIinSecurity #SOAR #SecurityOps #ObservoAI #Rubrik #TheProfessionalCISOShow

Sponsors:

AIM Security (www.aim.security)

Guidepoint Security (www.guidepointsecurity.com)

In this special on-location episode, David Malicoat returns to The Professional CISO Show from the heart of the St. Louis cybersecurity scene—GPSEC STL—presented by GuidePoint Security and AIM Security.

He’s joined by two standout guests:

🔹 Andrew Wilder, CISO at VetCor and unofficial “cruise director” of the vibrant St. Louis CISO community

🔹 Carole Sharp, Lead Security Governance Analyst at Centene and a seasoned expert in GRC and risk quantification

From grassroots cybersecurity culture to the future of AI and post-quantum threats, this episode is a powerful snapshot of where security leadership is going—and who’s leading the charge.

🧠 Topics Covered

• The legendary St. Louis CISO community (“don’t mess with the family”)
• AI + DSPM in the real world: what’s working
• Agentic AI and the evolution of SOC work
• Risk quantification, FAIR, and practical GRC strategy
• The future of cybersecurity beyond AI: quantum readiness
• St. Louis as a cybersecurity hub with soul

🛠 Sponsored by AIM Security

AIM Security helps CISOs safely adopt AI across the enterprise—govern shadow AI, secure LLMs, and stop adversarial threats before they happen. Learn more at aimsecurity.ai

🔗 Subscribe & Follow the Show:

www.thpc.co

LinkedIn

Spotify

Apple Podcasts

#cybersecurity #CISO #AIsecurity #GPSEC #quantumcomputing #GRC #DSPM #TheProfessionalCISO #riskmanagement #infosec

Sponsors:

Rubrik (www.rubrik.com)

Guidepoint Security (www.guidepointsecurity.com)

In this live GPSEC St. Louis episode of The Professional CISO Show, host David Malicoat dives deep into cybersecurity leadership with two powerhouse guests: Victor Wieczorek, SVP of Offensive Security at GuidePoint Security, and Wayne Fajerski, Deputy CISO of Edward Jones.

Victor shares real-world offensive security insights, including a jaw-dropping AI chatbot exploitation story from a red team engagement. He also unpacks how GuidePoint balances professional services and tech enablement while navigating the AI transformation in ethical, human-centered ways.

Wayne, fresh off a panel, breaks down key takeaways around CISO leadership, AI maturity, and how Edward Jones has successfully developed internal cyber talent over his 25-year career. The two guests reflect on AI as a mirror to organizational gaps and explore how GPSEC events bring practitioners and communities closer together through real conversations—not ivory-tower thought leadership.

Key Topics:

• Offensive security trends and AI augmentation
• Real-world exploitation of insecure chatbots
• GPSEC’s role in localized cyber collaboration
• Building and retaining cybersecurity talent
• AI’s exposure of poor data governance
• Cultivating next-gen CISOs from within

Sponsors:

HivePro (www.hivepro.com)

CISO XC: (www.cisoxc.com)

In this on-site episode from CISO XC DFW, David Malicoat sits down with Matt Walker (Goosehead Insurance) and Allen Rountree (IBM Public Cloud) for candid conversations on today’s biggest challenges and opportunities in cybersecurity leadership.

💡 Topics Covered

• Applying Zero Trust principles to AI use cases
• SaaS data leakage and the evolving DLP strategy
• Continuous Threat Exposure Management (CTEM) and Hive Pro’s role
• Selling security risk to the board and executive team
• Enabling business value through classification and risk reduction
• The evolving edge and why exposure is the new perimeter
• What it means to “take off the badge” as a CISO
• Holistic data protection in fragmented environments

💬 “Don’t just be the department of no. Enable the business with intelligence and insight.”

Sponsors:

ObservoAI (www.observo.ai)

Guidepoint Security (www.guidepointsecurity.com)

Episode Summary:

Live from GPSEC St. Louis, David Malicoat sits down with Gary Brickhouse, CISO of GuidePoint Security, for a wide-ranging discussion on company culture, cybersecurity leadership, and AI governance. Gary shares how GuidePoint scaled its “no jerks” value from 50 to 1,200 employees, how he’s navigating generative AI internally and externally, and why peer-to-peer conversations are the secret sauce behind GuidePoint’s events.

Key Highlights:

– Why the “no jerks” rule is more than just a slogan

– How GuidePoint’s decentralized regional model preserves culture at scale

– How they’re approaching AI enablement without blocking innovation

– The structure and purpose behind GuidePoint’s AI governance committee

– Why cross-functional leadership—not just InfoSec—is key to making AI safe and valuable

– Tips for other CISOs thinking about AI policy and enablement

Guest:

👤 Gary Brickhouse, CISO at GuidePoint Security

🔗 GuidePointSecurity.com

🎧 Listen now on:

Spotify → https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673

Apple → https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021

🌐 More at: www.thpc.co

📱 Follow on LinkedIn: The Professional CISO Show

Sponsors:

AIM Security (www.aim.security)

Guidepoint Security (www.guidepointsecurity.com)

What does it take to secure AI in the enterprise—when the threat landscape, technology stack, and business expectations are all evolving in real time?

At GPSEC St. Louis, David Malicoat sits down with Dan Anderson, Field CTO of the Americas at AIM Security, to talk about securing the full lifecycle of AI usage across the enterprise. From browser plugins and AI firewalls to shadow AI discovery and agentic AI governance, this candid conversation dives deep into where the risks really lie and what security leaders need to be doing now.

You’ll walk away with a grounded view of the AI adoption journey—and why most organizations are already neck-deep in it, whether they know it or not.

🔑 Episode Highlights

• Why “saying no” to AI use is no longer an option—and what happens when you try
• Defining the real problem space of AI security: shadow usage, data leakage, adversarial LLMs
• AIM’s product strategy: covering the full lifecycle from browser to firewall to analytics
• What agentic AI means—and why it’s the next frontier
• Building an AI security program around people, process, and partnership
• The future of AI governance and how AIM is shaping it through real-world customer feedback
• Why there’s no such thing as a fully baked AI security product in 2025

🎧 Listen Now

Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673

Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021

YouTube: http://www.youtube.com/@TheProfessionalCISO

🌐 Connect with The Professional CISO Show

Website: www.thpc.co

LinkedIn: The Professional CISO Show

📢 About AIM Security

AIM Security helps security leaders enable safe, governed, and productive AI adoption. From LLM usage monitoring to AI firewalls, AIM empowers enterprises to protect their data, enforce compliance, and stay ahead of the AI attack surface. Learn more and book a demo at www.aim.security

Sponsors:

Rubrik (www.rubrik.com)

Guidepoint Security (www.guidepointsecurity.com)

Episode Summary:

In this episode, David Malicoat sits down with Drew Russell, leader of Rubrik’s elite “Night Stalkers” team, for a high-speed, no-fluff conversation recorded live at GPSEC STL. Drew unpacks Rubrik’s evolution from a backup company to a full-spectrum data security and identity resilience platform, clarifies the real problem space for modern CISOs, and explains why identity is the next frontier of cyber resilience. They also dig into Rubrik’s deployment models, modular architecture, and how AI is being operationalized to secure enterprise data. This is one of the clearest explanations yet of how Rubrik is reshaping the security conversation—and why CISOs need to pay attention.

Key Highlights:

• How Rubrik evolved beyond “just backup”
• The Night Stalkers: Inside Rubrik’s special forces-style innovation team
• Why recovery at speed is now a business imperative
• What CISOs miss about identity resilience and DSPM
• Rubrik’s modular deployment strategy—and why it matters
• How Rubrik is preparing for AI-integrated enterprise environments
• Drew’s leadership style and how it drives innovation

Subscribe and listen now on:

• Spotify
• Apple Podcasts