Send us a text

In this episode of the Candid CISO Podcast, John Donovan sits down with Jimmy Sanders, a cybersecurity leader whose journey from interning at a beef jerky company to leading security teams at Netflix and Samsung is nothing short of inspiring. Join us as Jimmy shares his experience of leading fearlessly in high-growth environments, where the pressure to innovate never stops and the stakes are sky-high. He reveals how he balanced security and rapid development, motivated teams beyond monetary incentives, and built proactive, resilient defenses in environments where risk was a given. We also explore Jimmy's unique perspective on diversity in tech, the grit required to overcome obstacles, and his current role as International President of ISSA, where he’s shaping the future of cybersecurity leadership. Whether you’re a security professional or a business leader, this episode will provide practical insights and thought-provoking strategies to lead cybersecurity teams and programs with courage and vision.

Key Takeaways

• Integrate security into development in ways that accelerate innovation, making protection a catalyst rather than a constraint.
• Harness individual intrinsic motivators to inspire your team, transforming engagement from compliance to passionate commitment.
• Embed security as a shared objective early, ensuring risk discussions influence key decisions rather than follow them.
• Think ahead of threats by building a culture of continuous testing, turning defense into an anticipatory advantage.
• Align your leadership approach with organizational values to drive influence and lasting change across cultural differences.
• Forge alliances across teams to dismantle silos, using trust as the foundation for more resilient security strategies.
• Leverage your position to challenge status quo thinking and push for diversity that enriches the entire industry.
• Shift from pure technical talk to storytelling and empathy, making complex security issues relatable and urgent for all.
• Future-proof talent by immersing them in the technologies reshaping security, fostering adaptability over mere expertise.
• Don’t just wait for doors to open; cultivate opportunities by acting decisively and positioning yourself for growth.

TrustLogix is a sponsor of the Candid CISO podcast. Visit their website at: https://www.trustlogix.io/candidciso

For show notes, transcripts, links, and more episodes visit https://www.candidciso.com

The Candid CISO podcast is produced by Nonconformist Innovation Media.

V2

Support the show

In this insightful Candid CISO episode, John Donovan interviews Carlota Sage, a vCISO with a unique, multifaceted background in tech and cybersecurity. They discuss the strengths and challenges of the vCISO role versus full-time CISO positions, emphasizing the flexibility and affordability vCISOs bring to organizations that can't justify a full-time CISO. Carlota shares her experiences at major security conferences, the increasing role of compliance in driving security initiatives, and the critical importance of community, diversity, and boundary-setting in tech. Her candid stories reveal her journey from unconventional beginnings in tech to her current advocacy for strong security programs. This episode is particularly valuable for its real-world advice on leveraging compliance as a business enabler and the power of community and diversity in cybersecurity.

Key Takeaways:

• vCISOs provide flexible, high-quality security expertise – Ideal for companies needing CISO-level support without full-time costs.

• Compliance often drives SMB security efforts – Many startups only implement security when clients or contracts require it.

• Boundary-setting is crucial in cybersecurity – Protecting personal time preserves energy and prevents burnout in demanding roles.

• Security as a sales enabler – Compliance readiness can differentiate startups and drive new business.

• Community combats cybersecurity burnout – Engaging in networks like B-sides and Diana Initiative supports career longevity.

• Diversity of thought strengthens security – Unique perspectives, not just backgrounds, drive more resilient cybersecurity programs.

• Introverts and extroverts complement in cybersecurity – Collaboration can bring quieter, skilled professionals into the spotlight.

• Third-party compliance impacts everyone – Big enterprises push smaller vendors to meet higher compliance standards.

• Speaking at conferences builds visibility – Being a security speaker, even at small events, raises professional credibility.

• Leverage security metrics for funding – Know customer acquisition costs and use them to justify security budgets.

TrustLogix is a sponsor of the Candid CISO podcast. Visit their website at: https://www.trustlogix.io/candidciso

For show notes, transcripts, links, and more episodes visit https://www.candidciso.com

The Candid CISO podcast is produced by Nonconformist Innovation Media.

Send us a text

In this episode of The Candid CISO, Rinki Sethi, a trailblazing cybersecurity leader, shares her incredible journey from an unexpected start in the industry to her rise as a prominent figure in security leadership with host John Donovan. Rinki opens up about the challenges she faced, the importance of mentorship, and how vulnerability and communication have been crucial to her success. She provides insightful guidance on building strong security teams, navigating crisis management, and fostering a supportive cybersecurity community. Tune in for practical advice and inspiration for advancing your own cybersecurity career.

Key topics include

1. Discovering your specific passion within the broad field of cybersecurity is crucial for a fulfilling career, as Rinki Sethi’s own journey from compliance to developer training demonstrates.
2. Mentorship can be found in unexpected places, from peers to senior leaders, and actively seeking guidance from those around you can significantly shape your career path.
3. Securing executive buy-in is essential for building a strong security culture, and aligning security goals with business objectives helps demonstrate the value of security initiatives.
4. To effectively advocate for security investments, it is crucial to present security as a business enabler, highlighting its ability to improve efficiency, reduce friction, and even create a competitive advantage.
5. Sharing real-world examples of how security programs have reduced business friction, such as streamlining compliance processes or shortening sales cycles, can help garner support for future security initiatives.
6. Transparency and clear communication are vital when implementing security programs, especially those that may be perceived as intrusive, to ensure understanding and minimize resistance.
7. Prioritizing mental health in the demanding field of cybersecurity is crucial, and creating a supportive environment where team members feel comfortable seeking help and addressing mental well-being is essential.
8. Crisis management exercises, including surprise breach simulations, can be invaluable for preparing executive teams and other stakeholders to effectively navigate real-world security incidents.
9. Networking outside of your immediate professional circle can lead to unexpected mentorship opportunities, board positions, and valuable connections that can benefit your career in the long run.
10. Giving back to the cybersecurity community by mentoring others, sharing your experiences, and encouraging newcomers is crucial for fostering a strong and inclusive industry.

TrustLogix is a sponsor of the Candid CISO podcast. Visit their website at: https://www.trustlogix.io/candidciso

For show notes, transcripts, links, and more episodes visit https://www.candidciso.com

The Candid CISO podcast is produced by Nonconformist Innovation Media.

Support the show

Send us a text

In this episode of the Candid CISO, Co-Host John Donovan sits down with Jason Elrod, CISO of MultiCare Health Systems, who shares how getting lost on a trail run and running barefoot for 19 miles became a metaphor for leadership in cybersecurity. Jason dives into the tough realities of protecting critical infrastructure, balancing security and compliance, and tackling imposter syndrome head-on. He also reveals why being fiercely dangerous (ethically, of course) is essential for a successful cybersecurity career. From personal lessons on resilience to high-candor takes on navigating boardrooms, Jason keeps it real—and a bit ironic—by showing how getting off track can sometimes lead to the best insights. Follow along for an unexpected and entertaining ride!

Key topics include

• How getting lost on a trail run turned into a lesson on leadership and staying present.
• Why facing your fears and doing what scares you leads to growth—both on trails and in cybersecurity
• The power of fierce, mission-driven cybersecurity professionals and why being 'ethically dangerous' matters
• How imposter syndrome is universal—and why accepting it can make you a more confident leader
• Balancing security and compliance: How to prioritize safety without getting lost in the checkbox mentality
• Jason's candid take on communicating cybersecurity risks to executives and boards in a way they’ll understand
• How ultra-running teaches resilience, focus, and mindfulness—and how that applies to a high-stress CISO role
• The importance of finding a restorative practice to reset and thrive in high-pressure leadership positions
• Why being both the smartest and 'dumbest' in the room drives better teamwork and collaboration
• How showing vulnerability and high candor can help you lead more authentically and inspire your team

Thanks to our season sponsors

TrustLogix is a sponsor of the Candid CISO podcast. Visit their website at: https://www.trustlogix.io/candidciso

For show notes, transcripts, links, and more episodes visit https://www.candidciso.com

The Candid CISO podcast is produced by Nonconformist Innovation Media.

Support the show

In this episode of the Candid CISO podcast, host John Donovan sits down with Mandy Andress, an experienced CISO, investor, and board member, to explore her career journey in the cybersecurity industry. Mandy discusses how her diverse roles have shaped her perspective on implementing security measures tailored to different organizations, taking into account their culture, communication styles, and technological infrastructure. She also opens up about her personal experiences as a gay woman working in tech, offering insight into how diversity has influenced her leadership approach and decision-making processes.

The conversation touches on the evolving responsibilities of a CISO, especially in the context of remote work and the rise of AI-driven cyberattacks. Mandy reflects on her experiences balancing compliance and security in both traditional and tech-forward industries, sharing her strategies for building effective security teams and fostering collaboration.

Key Takeaways

• Mandy emphasizes the importance of aligning security strategies with an organization's unique culture, communication style, and tech stack to ensure they are effective and sustainable.

• She talks about how her experience as a gay woman in cybersecurity shows that diversity enhances problem-solving, fosters collaboration, and strengthens team performance.

• Mandy believes in creating a safe and supportive environment for team members by being a good listener, sharing personal experiences, and being open to vulnerability.

• The role of a CISO continues to evolve, and while it has become more defined in terms of business impact, it still requires constant adaptation due to the fast-paced changes in technology and cyber threats.

• Remote work presents unique challenges for leadership and team cohesion, but it also offers opportunities to redefine communication and collaboration through virtual means.

• Mandy advocates for taking on lateral career moves, as they can provide valuable learning experiences that contribute to broader skill sets, particularly in leadership and security roles.

• Building trust and rapport within an organization is crucial for a CISO, especially when influencing security decisions and balancing the organization's risk appetite with technical considerations.

• Mandy underscores the importance of balancing compliance and security, recognizing that they do not always align perfectly, and making informed decisions on when to prioritize one over the other.

• The rise of AI-driven cyberattacks is a growing concern, and security teams need to rethink their approach, focusing on speed, adaptability, and leveraging AI tools for defense.

• Lastly, Mandy encourages cybersecurity professionals to stay curious, remain open to learning, and take calculated risks in their careers, always keeping an eye on long-term growth and opportunities.

TrustLogix is a sponsor of the Candid CISO podcast. Visit their website at: https://www.trustlogix.io/candidciso

For show notes, transcripts, links, and more episodes visit https://www.candidciso.com

The Candid CISO podcast is produced by Nonconformist Innovation Media.

In this episode, John Donovan sits down with cybersecurity expert and entrepreneur Dr. Joel Fulton for an insightful conversation covering leadership, resilience, and career growth. Joel shares his journey from an unconventional upbringing to becoming a successful CISO and startup founder. He discusses the challenges of transitioning from individual contributor to leader, the evolving nature of the CISO role, and the importance of self-awareness in leadership. Listeners can expect actionable advice on building balanced teams, effective communication, and leveraging professional communities for growth and support.

Takeaways

• Pursue Passion Projects Cautiously: Dream projects like writing require patience, planning, and multiple efforts to gain traction.

• Learn from Personal Struggles: Overcoming tough life experiences can build resilience and redefine success in your career.

• Work with People You Respect: Prioritize working with individuals who align with your values to avoid toxic environments.

• Self-awareness in Leadership: Understand your strengths and weaknesses to better lead and collaborate with others.

• Avoid Comparison in Leadership: The CISO role is evolving—don’t compare yourself to others; create your own leadership path.

• Build Balanced Teams: Combine technical skills, risk tolerance, and leadership within your team for maximum effectiveness.

• Communicate Clearly as a Leader: Ensure your brainstorming sessions are not misinterpreted as directives; leave space for team input.

• Delegate to Empower Growth: As a manager, trust and empower your team by avoiding micromanagement.

• Startups Require Flexibility: Starting a business involves unexpected challenges; embrace uncertainty and adapt quickly.

• Leverage Peer Communities: Build and engage in professional communities to access advice, mentorship, and problem-solving support.

TrustLogix is a sponsor of the Candid CISO podcast. Visit their website at: https://www.trustlogix.io/candidciso

For show notes, transcripts, links, and more episodes visit https://www.candidciso.com

The Candid CISO podcast is produced by Nonconformist Innovation Media.

In this episode of the Candid CISO podcast, Tyler Pinckard, Head of Security and Data Protection Officer at Support Logic, shares his provocative insights on the evolving landscape of cybersecurity. Tyler challenges the traditional view of security as merely a cost center, arguing that when leveraged correctly, compliance and AI can become powerful competitive advantages. He delves into the critical role of preparation and rehearsals, emphasizing that many security failures stem from a lack of planning rather than the complexity of threats. Tyler also advocates for embracing AI and automation to stay ahead in the fast-paced tech environment, urging CISOs to disrupt rather than be disrupted. This episode is a must-listen for security leaders looking to sharpen their strategic edge and rethink their approach to modern cybersecurity challenges.

Takeaways

• Security as a Strategic Advantage: Compliance and AI can turn security into a competitive edge.
• Preparation is Key: Many security failures result from poor planning, not just complex threats.
• Embrace Disruption: CISOs should leverage AI and automation to disrupt, rather than be disrupted.
• The Power of Rehearsals: Regular rehearsals and preparation prevent failures during critical security incidents.
• Compliance as a Crowbar: Compliance like SOC 2 and ISO is essential for customer trust and retention.
• AI's Role in Cybersecurity: AI can enhance efficiency, particularly in tasks like static analysis and case summarization.
• Practical Use of AI: AI should assist with tasks while maintaining human oversight for critical decisions.
• Startups and Security: Aligning security with business goals is crucial for success in fast-paced startups.
• Leadership in Cybersecurity: Effective leaders delegate and empower teams rather than micromanaging technical tasks.
• Diversity Drives Success: Diverse teams offer varied perspectives, reducing risks and improving security outcomes.
• Pragmatic Use of Tools: Use tools like GitHub Co-Pilot to maximize team efficiency and effectiveness.
• Security for the Modern CISO: CISOs must continuously adapt, applying both traditional strategies and modern tech solutions.

TrustLogix is a sponsor of the Candid CISO podcast. Visit their website at: https://www.trustlogix.io/candidciso

For show notes, transcripts, links, and more episodes visit https://www.candidciso.com

The Candid CISO podcast is produced by Nonconformist Innovation Media.

Send us a text

In this episode of the Candid CISO podcast, Co-Host John Donovan interviews Carlos de Leon, CISO at the Washington State Department of Revenue. They discuss various topics related to cybersecurity leadership and strategy, including the challenges and rewards of the CISO role, the importance of compliance, and the need for strong communication and people skills. They also touch on incident response and threat management, highlighting the lessons learned from the CrowdStrike incident and a cloning incident at Carlos' agency. The conversation concludes with a discussion on the impact of technology and organizational factors on the CISO role, as well as Carlos' personal career journey. Also in this conversation, Carlos shares insights and advice on thinking creatively, his early hacker days, and career development in cybersecurity. He emphasizes the importance of an adversarial mindset and thinking outside the box to solve problems. Carlos provides advice for those looking to enter the cybersecurity field and become a CISO. The conversation concludes with a discussion on Hacker Summer Camp and the importance of networking and community in the cybersecurity industry.

Segments

Support the show