Best Sandy Mandy Podcasts (2026)

1
Agents at the Door: Vetting Non-Human Identities in External IAM - Rakesh Soni - CSP #219 29:28

Play Pause

28d ago29:28

29:28

This episode was about agentic IAM—what it is and the risks that come with letting non-human agents act for customers. We defined external IAM, then traced how the industry moved from basic login and MFA to consent, delegation, and now agent-to-agent interactions. Along the way we unpacked key risks for CISOs and practitioners to consider. Segment …

1
Agents at the Door: Vetting Non-Human Identities in External IAM - Rakesh Soni - CSP #219 29:28

28d ago29:28

29:28

This episode was about agentic IAM—what it is and the risks that come with letting non-human agents act for customers. We defined external IAM, then traced how the industry moved from basic login and MFA to consent, delegation, and now agent-to-agent interactions. Along the way we unpacked key risks for CISOs and practitioners to consider. Segment …

1
ATT&CK → ATLAS: A CISO's Blueprint for AI Governance - Sandy Dunn - CSP #218 27:55

2M ago27:55

27:55

CISO Sandy Dunn breaks down her blueprint for AI-ready defense—pairing MITRE ATT&CK v18 with MITRE ATLAS to move from policy to behavior-based detections. We hit practical AI governance, her early focus on defending and understanding AI, and how OWASP GenAI tools turn checklists into action. Segment Resources: Article: https://www.linkedin.com/puls…

1
ATT&CK → ATLAS: A CISO's Blueprint for AI Governance - Sandy Dunn - CSP #218 27:55

2M ago27:55

27:55

CISO Sandy Dunn breaks down her blueprint for AI-ready defense—pairing MITRE ATT&CK v18 with MITRE ATLAS to move from policy to behavior-based detections. We hit practical AI governance, her early focus on defending and understanding AI, and how OWASP GenAI tools turn checklists into action. Segment Resources: Article: https://www.linkedin.com/puls…

1
Security Awareness Through Trust and Influence - Jennifer Selby Long - CSP #217 35:39

3M ago35:39

35:39

Jennifer Selby Long reframes security awareness as more than training—it's about earning trust and influence with executives and security teams. She shares leadership lessons on how to build stronger alignment and support for security initiatives. Show Notes: https://cisostoriespodcast.com/csp-217

1
Security Awareness Through Trust and Influence - Jennifer Selby Long - CSP #217 35:39

3M ago35:39

35:39

Jennifer Selby Long reframes security awareness as more than training—it's about earning trust and influence with executives and security teams. She shares leadership lessons on how to build stronger alignment and support for security initiatives. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodca…

1
OT on the Frontlines: Threat Intelligence You Can't Ignore - Dawn Cappelli - CSP #216 33:18

4M ago33:18

33:18

Dawn Capelli, Head of OT-CERT at Dragos, unpacks the evolving risks to Operational Technology. From nation-state attacks on Ukraine's infrastructure to hacktivists targeting U.S. water systems, she explains the PIPEDREAM malware, the top five SANS critical OT controls, and how Dragos' OT-CERT program offers free resources to help organizations defe…

1
OT on the Frontlines: Threat Intelligence You Can't Ignore - Dawn Cappelli - CSP #216 33:18

4M ago33:18

33:18

Dawn Capelli, Head of OT-CERT at Dragos, unpacks the evolving risks to Operational Technology. From nation-state attacks on Ukraine's infrastructure to hacktivists targeting U.S. water systems, she explains the PIPEDREAM malware, the top five SANS critical OT controls, and how Dragos' OT-CERT program offers free resources to help organizations defe…

1
Reimagining Security Operations: SOC as a Service and the Role of AI - Kevin Nikkhoo - CSP #215 28:26

5M ago28:26

28:26

Kevin Nikkhoo joins the show to explore Security Operations Center as a Service (SOCaaS) and how it compares to traditional SOC models. He breaks down which organizations benefit most from this approach and how AI is reshaping modern SOC operations. Listeners will gain a clear understanding of how SOCaaS can enhance detection and response capabilit…

1
Reimagining Security Operations: SOC as a Service and the Role of AI - Kevin Nikkhoo - CSP #215 28:26

5M ago28:26

28:26

Kevin Nikkhoo joins the show to explore Security Operations Center as a Service (SOCaaS) and how it compares to traditional SOC models. He breaks down which organizations benefit most from this approach and how AI is reshaping modern SOC operations. Listeners will gain a clear understanding of how SOCaaS can enhance detection and response capabilit…

1
From Diagram to Cloud: Rethinking Cloud Security in an Age of Uncertainty - Yogita Parulekar - CSP #214 34:39

6M ago34:39

34:39

From Diagram to Cloud: Rethinking Cloud Security in an Age of Uncertainty Episode Summary: In this month's episode of CISO Stories, we dive deep into cloud security with cybersecurity veteran and cloud innovator Yogi Parulekar, founder of InviGrid. Against a backdrop of rising geopolitical tensions and tightening budgets, we explore how organizatio…

1
From Diagram to Cloud: Rethinking Cloud Security in an Age of Uncertainty - Yogita Parulekar - CSP #214 34:39

6M ago34:39

34:39

From Diagram to Cloud: Rethinking Cloud Security in an Age of Uncertainty Episode Summary: In this month's episode of CISO Stories, we dive deep into cloud security with cybersecurity veteran and cloud innovator Yogi Parulekar, founder of InviGrid. Against a backdrop of rising geopolitical tensions and tightening budgets, we explore how organizatio…

1
Empowering Developers: Fostering a Culture of Security in AppSec - Danielle Ruderman - CSP #213 30:37

7M ago30:37

30:37

In this episode, we explore the crucial role of cultivating a strong security culture to drive change in AppSec, where training and collaboration are key. Our distinguished guest, Danielle Ruderman, discusses the importance of executive support in ensuring that application development isn't just about churning out apps on time, but also about adopt…

1
Empowering Developers: Fostering a Culture of Security in AppSec - Danielle Ruderman - CSP #213 30:37

7M ago30:37

30:37

In this episode, we explore the crucial role of cultivating a strong security culture to drive change in AppSec, where training and collaboration are key. Our distinguished guest, Danielle Ruderman, discusses the importance of executive support in ensuring that application development isn't just about churning out apps on time, but also about adopt…

1
Mapping the Modern Attack Surface: Fintech's Evolving Risk Frontier - Erika Dean - CSP #212 30:47

8M ago30:47

30:47

In this episode, Erika Dean dives into the evolution of attack surface management (ASM) in financial tech. From foundational strategies to future-focused threats, she explores how shifts in the fintech landscape demand deeper organizational awareness, ongoing tabletop exercises, and proactive preparation. This segment is sponsored by Axonius. Visit…

1
Mapping the Modern Attack Surface: Fintech's Evolving Risk Frontier - Erika Dean - CSP #212 30:47

8M ago30:47

30:47

In this episode, Erika Dean dives into the evolution of attack surface management (ASM) in financial tech. From foundational strategies to future-focused threats, she explores how shifts in the fintech landscape demand deeper organizational awareness, ongoing tabletop exercises, and proactive preparation. This segment is sponsored by Axonius. Visit…

1
Maximizing Cyber Liability Insurance: Risk, Relationships & Renewal Strategies - Mandy Andress - CSP #211 33:42

9M ago33:42

33:42

Mandy Andress joins our show to discuss leveraging cyber liability insurance for risk reduction. They explore the importance of strong broker relationships and key steps for selecting or renewing a policy—starting with assessing organizational needs. Learn strategies to lower premiums while increasing coverage. Segment Resources: https://www.elasti…

1
Maximizing Cyber Liability Insurance: Risk, Relationships & Renewal Strategies - Mandy Andress - CSP #211 33:42

9M ago33:42

33:42

Mandy Andress joins our show to discuss leveraging cyber liability insurance for risk reduction. They explore the importance of strong broker relationships and key steps for selecting or renewing a policy—starting with assessing organizational needs. Learn strategies to lower premiums while increasing coverage. Segment Resources: https://www.elasti…

1
Breach by the Dozen: Incident Response Lessons from the Field - Mike Miller - CSP #210 31:29

10M ago31:29

31:29

In this episode of the CISO Stories Podcast, we're joined by Mike Miller, a seasoned penetration tester and audit and compliance SME, to explore the real-world impact of incident response controls. From technical to managerial and physical safeguards, Mike shares eye-opening stories from the field—including how he once penetrated a network with not…

1
Breach by the Dozen: Incident Response Lessons from the Field - Mike Miller - CSP #210 31:29

10M ago31:29

31:29

In this episode of the CISO Stories Podcast, we're joined by Mike Miller, a seasoned penetration tester and audit and compliance SME, to explore the real-world impact of incident response controls. From technical to managerial and physical safeguards, Mike shares eye-opening stories from the field—including how he once penetrated a network with not…

1
AI Governance: Navigating Risks, Frameworks, and the Future - Rock Lambros - CSP #209 29:25

11M ago29:25

29:25

In this episode, we sit down with author and AI expert Rock Lambros to explore the evolving landscape of AI governance. We discuss the risks of AI chatbots, comparing OpenAI and DeepSeek, and examine current and emerging governance frameworks. As AI adoption accelerates, organizations must determine the right guardrails and critical questions to as…

1
AI Governance: Navigating Risks, Frameworks, and the Future - Rock Lambros - CSP #209 29:25

11M ago29:25

29:25

In this episode, we sit down with author and AI expert Rock Lambros to explore the evolving landscape of AI governance. We discuss the risks of AI chatbots, comparing OpenAI and DeepSeek, and examine current and emerging governance frameworks. As AI adoption accelerates, organizations must determine the right guardrails and critical questions to as…

1
Privacy Under Siege: Navigating Data Theft and the BadBox Threat - Gavin Reid - CSP #208 27:56

12M ago27:56

27:56

In this episode, we sit down with experienced CISO Gavin Reid to explore the escalating online threats to privacy, focusing on adversaries and companies illicitly scraping website data for profit. We dive into the implications of such unauthorized data collection and its impact on individual and organizational privacy. Reid also shares insights fro…

1
Privacy Under Siege: Navigating Data Theft and the BadBox Threat - Gavin Reid - CSP #208 27:56

12M ago27:56

27:56

In this episode, we sit down with experienced CISO Gavin Reid to explore the escalating online threats to privacy, focusing on adversaries and companies illicitly scraping website data for profit. We dive into the implications of such unauthorized data collection and its impact on individual and organizational privacy. Reid also shares insights fro…

1
Cloud Security in Higher Education: Balancing Trust and Risk - Sheena Thomas - CSP #207 29:22

1y ago29:22

29:22

In this episode of CISO Stories, Jess Hoffman and Sheena Thomas explore the challenges of cloud security in higher education. They discuss trust issues with cloud providers, the importance of understanding data sensitivity, and navigating regulatory compliance. Sheena highlights the vulnerabilities educational institutions face, the value of incide…

1
Cloud Security in Higher Education: Balancing Trust and Risk - Sheena Thomas - CSP #207 29:21

1y ago29:21

29:21

In this episode of CISO Stories, Jess Hoffman and Sheena Thomas explore the challenges of cloud security in higher education. They discuss trust issues with cloud providers, the importance of understanding data sensitivity, and navigating regulatory compliance. Sheena highlights the vulnerabilities educational institutions face, the value of incide…

1
Cybersecurity in the Cloud: Lessons for Businesses and Beyond - Melina Scotto - CSP #206 34:09

1y ago34:09

34:09

Jessica Hoffman and Melina Scotto discuss the evolution of cybersecurity, focusing on cloud security, business responsibilities, and the importance of basic cyber hygiene. They highlight the role of communication, consulting, and integrating security into business operations, concluding with advice for future cybersecurity professionals. This segme…

1
Cybersecurity in the Cloud: Lessons for Businesses and Beyond - Melina Scotto - CSP #206 34:09

1y ago34:09

34:09

Jessica Hoffman and Melina Scotto discuss the evolution of cybersecurity, focusing on cloud security, business responsibilities, and the importance of basic cyber hygiene. They highlight the role of communication, consulting, and integrating security into business operations, concluding with advice for future cybersecurity professionals. This segme…

1
Cloud Security for SMBs: Strategies, Risks, and Resources - Adam John - CSP #205 32:58

1y ago32:58

32:58

Jess and Adam discuss cloud security challenges for SMBs, emphasizing strategic planning, compliance with regulations like CMMC, and vendor due diligence. They highlight common pitfalls like the illusion of security and inadequate staffing while offering cost-effective solutions like virtual CISOs. Practical tips help SMBs secure their data, naviga…

1
Cloud Security for SMBs: Strategies, Risks, and Resources - Adam John - CSP #205 32:58

1y ago32:58

32:58

Jess and Adam discuss cloud security challenges for SMBs, emphasizing strategic planning, compliance with regulations like CMMC, and vendor due diligence. They highlight common pitfalls like the illusion of security and inadequate staffing while offering cost-effective solutions like virtual CISOs. Practical tips help SMBs secure their data, naviga…

1
Cloud Security at Risk: Tackling Misconfigurations Head-On - Nadia Mazzarolo - CSP #204 23:36

1y ago23:36

23:36

In this episode, we dive into the critical role of proper configurations in cloud environments and why misconfigurations remain the leading cause of security breaches. From overly permissive access controls to unencrypted data stores and default credentials left unchanged, we explore real-world examples that adversaries exploit. Learn how organizat…

1
Cloud Security at Risk: Tackling Misconfigurations Head-On - Nadia Mazzarolo - CSP #204 23:36

1y ago23:36

23:36

In this episode, we dive into the critical role of proper configurations in cloud environments and why misconfigurations remain the leading cause of security breaches. From overly permissive access controls to unencrypted data stores and default credentials left unchanged, we explore real-world examples that adversaries exploit. Learn how organizat…

1
Cloud Security: Lessons Learned and Applied to Emerging Tech - Bertrum Carroll - CSP #203 28:15

1y ago28:15

28:15

Bertrum Carroll dives into the evolution of cloud service adoption, comparing early concerns—like data storage, access, and usage—to current apprehensions about AI. We explore how leadership can empower teams with the right training to harness technology effectively. Learn why understanding the shared responsibilities between providers and customer…

1
Cloud Security: Lessons Learned and Applied to Emerging Tech - Bertrum Carroll - CSP #203 28:15

1y ago28:15

28:15

Bertrum Carroll dives into the evolution of cloud service adoption, comparing early concerns—like data storage, access, and usage—to current apprehensions about AI. We explore how leadership can empower teams with the right training to harness technology effectively. Learn why understanding the shared responsibilities between providers and customer…

1
Identity Challenges in Manufacturing - Tammy Klotz - CSP #202 32:00

1y ago32:00

32:00

In this episode, we're joined by Tammy Klotz, a 3x CISO in the manufacturing industry, to explore identity security challenges in manufacturing environments. Tammy discusses the differences in access management for frontline workers versus knowledge workers, touching on the unique devices and role-based training requirements. Tune in to learn how t…

1
Identity Challenges in Manufacturing - Tammy Klotz - CSP #202 32:00

1y ago32:00

32:00

In this episode, we're joined by Tammy Klotz, a 3x CISO in the manufacturing industry, to explore identity security challenges in manufacturing environments. Tammy discusses the differences in access management for frontline workers versus knowledge workers, touching on the unique devices and role-based training requirements. Tune in to learn how t…

1
Identity Security: Navigating the New Normal with Dr. Sean Murphy - Sean Murphy - CSP #201 34:16

1y ago34:16

34:16

In this episode of CSP, we sit down with Dr. Sean Murphy, the CISO of BECU, one of Seattle's largest credit unions, to discuss the shifts in identity security brought on by the COVID-19 pandemic. Dr. Murphy highlights how Zero Trust architecture became crucial for verifying internal users, especially as remote work became the norm. He shares insigh…

1
Identity Security: Navigating the New Normal with Dr. Sean Murphy - Sean Murphy - CSP #201 34:15

1y ago34:15

34:15

In this episode of CSP, we sit down with Dr. Sean Murphy, the CISO of BECU, one of Seattle's largest credit unions, to discuss the shifts in identity security brought on by the COVID-19 pandemic. Dr. Murphy highlights how Zero Trust architecture became crucial for verifying internal users, especially as remote work became the norm. He shares insigh…

1
Identity Security Training: How important is it? - Eric Belardo - CSP #200 30:32

1y ago30:32

30:32

Let's talk about what CISOs look for when hiring identity and access management team members. What training and experience is most attractive for the business and team. This segment is sponsored by CyberArk. Visit https://cisostoriespodcast.com/cyberark to learn more about them! This segment is sponsored by Saviynt. Please visit https://cisostories…

1
Identity Security Training: How important is it? - Eric Belardo - CSP #200 30:31

1y ago30:31

30:31

Let's talk about what CISOs look for when hiring identity and access management team members. What training and experience is most attractive for the business and team. This segment is sponsored by CyberArk. Visit https://cisostoriespodcast.com/cyberark to learn more about them! This segment is sponsored by Saviynt. Please visit https://cisostories…

1
Have you ever had a pen tester own your network? - Julian Austin - CSP #199 28:51

1y ago28:51

28:51

Guessing the answer is yes. Well, let's talk about some of the simple ways you can avoid account compromises by strengthening your identity security through MFA, least privilege, account reviews, and all the things! This segment is sponsored by CyberArk. Visit https://cisostoriespodcast.com/cyberark to learn more about them! This segment is sponsor…

1
Have you ever had a pen tester own your network? - Julian Austin - CSP #199 28:51

1y ago28:51

28:51

Guessing the answer is yes. Well, let's talk about some of the simple ways you can avoid account compromises by strengthening your identity security through MFA, least privilege, account reviews, and all the things! This segment is sponsored by CyberArk. Visit https://cisostoriespodcast.com/cyberark to learn more about them! This segment is sponsor…

1
How important is your relationship with your tool vendors? - Jacob Lorz - CSP #198 28:38

1y ago28:38

28:38

Let's talk about how important having a customer success manager, or equivalent, to assist you with your tool integration can make the difference between resource fatigue and success. On top of having solid relationships with our tool vendors, long time CISO Jake Lorz, shares with us how important tool interoperability is, proper governance reviews…

1
How important is your relationship with your tool vendors? - Jacob Lorz - CSP #198 28:38

1y ago28:38

28:38

Let's talk about how important having a customer success manager, or equivalent, to assist you with your tool integration can make the difference between resource fatigue and success. On top of having solid relationships with our tool vendors, long time CISO Jake Lorz, shares with us how important tool interoperability is, proper governance reviews…

1
What level of tool rationalization does your company do and why? - LaLisha Hurt - CSP #197 30:36

1y ago30:36

30:36

Let's talk to cybersecurity expert, Lalisha Hurt, about her approach to selecting the right tools for your organization by using proven methods such as referencing the Gartner Magic Quadrant, thinking about the entire IT portfolio as part of your selection process, and what a successful 'Vendor Day' can do! Show Notes: https://cisostoriespodcast.co…

1
What level of tool rationalization does your company do and why? - LaLisha Hurt - CSP #197 30:36

1y ago30:36

30:36

Let's talk to cybersecurity expert, Lalisha Hurt, about her approach to selecting the right tools for your organization by using proven methods such as referencing the Gartner Magic Quadrant, thinking about the entire IT portfolio as part of your selection process, and what a successful 'Vendor Day' can do! Visit https://cisostoriespodcast.com for …

1
Have you consider your team's cognitive biases when selecting tools? - Dustin Sachs - CSP #196 37:26

1y ago37:26

37:26

What if there was more to making those impactful decisions that you haven't considered? Let's talk about how being open minded can directly impact the success of tool selection and optimization in your company. Is a SOC report enough or are there other criteria needed to make that risk based decision? Let's discuss cognitive biases in tool selectio…

1
Have you consider your team's cognitive biases when selecting tools? - Dustin Sachs - CSP #196 37:26

1y ago37:26

37:26

What if there was more to making those impactful decisions that you haven't considered? Let's talk about how being open minded can directly impact the success of tool selection and optimization in your company. Is a SOC report enough or are there other criteria needed to make that risk based decision? Let's discuss cognitive biases in tool selectio…

1
Tokyo DriftSec: Who is going First? Who is going Smooth? - Lisa Landau - CSP #195 29:22

1y ago29:22

29:22

Let's talk to our favorite Tokyo security leader about how she has experienced tool selection across the world. To be risk adverse or not to be risk adverse. What a question! Segment Resources: https://www.youtube.com/watch?v=BdFzJxSemKo Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp…

1
Tokyo DriftSec: Who is going First? Who is going Smooth? - Lisa Landau - CSP #195 29:22

1y ago29:22

29:22

Let's talk to our favorite Tokyo security leader about how she has experienced tool selection across the world. To be risk adverse or not to be risk adverse. What a question! Segment Resources: https://www.youtube.com/watch?v=BdFzJxSemKo Show Notes: https://cisostoriespodcast.com/csp-195