Best CISO Marketplace Podcasts (2025)

1
The Privacy Divide: State Laws, Age Limits, and the Battle for the Under-18 Consumer. 36:11

Play Pause

7h ago36:11

36:11

This episode explores the complex division in state mandates between general consumer privacy laws and specific children’s design codes, which often function as separate acts or amendments. We break down how compliance is determined either by broad, quantitative thresholds like annual gross revenue and high data volume, or by the specific service's…

1
The Crown Jewels of Governance: Australian Cyber Security Priorities for Boards in 2025-26 12:25

6h ago12:25

12:25

Australia faces a heightened global cyber threat environment driven by geopolitical tensions, with malicious actors continuing to target organizations of all types and sizes, which has led to rising cybercrime costs and serious data breaches. Drawing on guidance from the Australian Signals Directorate (ASD) and the Australian Institute of Company D…

1
The Generative Firewall: Securing AI and Using AI for Defense 13:56

4h ago13:56

13:56

This episode explores the transformative challenge of modern security, focusing on how organizations must adapt their strategies to both secure generative AI applications and leverage AI to strengthen existing defenses. We dive into the critical concepts of securing functionally non-deterministic AI systems by implementing external security boundar…

1
Rogue Agents and Railgun Fights: Securing the AI Frontier 42:33

1h ago42:33

42:33

Nation-state hackers are now deploying autonomous AI agents like Claude to execute 80–90% of sophisticated espionage and crime campaigns at machine speed, requiring human intervention at only a few critical decision points. Defenders are thrust into an urgent "AI vs. AI arms race," racing to adopt proactive measures like Google's Big Sleep to detec…

1
The 90% Attack: Inside the First AI-Orchestrated Cyber Espionage Campaign 12:18

3d ago12:18

12:18

Anthropic revealed on November 13, 2025, that Chinese state-sponsored hackers successfully weaponized its Claude AI system to conduct the first documented AI-orchestrated cyber espionage campaign. The sophisticated operation, which targeted approximately 30 global organizations including technology companies, financial institutions, and government …

1
Beyond the First Lie: Building Communication Resilience with the RESIST Framework 17:09

12h ago17:09

17:09

Explore the systematic RESIST 3 framework, which guides government communicators through six sequential steps designed to build resilience against the impacts of manipulated, false, and misleading information (MDM). This episode details the crucial "Recognise" stage, where communicators use the FIRST indicators (Fabrication, Identity, Rhetoric, Sym…

1
From Perimeter to Pipeline: Securing the OWASP Top 10 in the Cloud Era 13:33

9h ago13:33

13:33

The 2025 OWASP Top 10 reveals a fundamental shift in application security, showing how threats have transformed from simple code flaws like buffer overflows to exploiting the systemic complexity of cloud-native and microservices architectures. This newest list confirms the continued dominance of Broken Access Control (A01) and spotlights the critic…

1
From BOLA to Bots: Building a Layered API Defense Against the Modern Top 10 40:03

2d ago40:03

40:03

APIs are the "nervous system" of modern applications, making them the number one attack vector, with flaws like Broken Object Level Authorization (BOLA), Broken Object Property Level Authorization (BOPLA), and Broken Function Level Authorization (BFLA) accounting for a high percentage of breaches. This episode delves into the multi-layered "defense…

1
Orchestrating Security: The DevSecOps Blueprint for 2025 36:08

31m ago36:08

36:08

Driven by a market anticipated to exceed USD 40.6 billion by 2030, DevSecOps Engineers are crucial experts who bridge the gaps between software development, security protocols, and operational efficiency. Successful implementation relies on a socio-technical work system that emphasizes cultural transformation, shared security responsibility, and pr…

1
The Algorithmic Adversary: Tracking the Shift to Novel AI-Enabled Malware 15:36

1d ago15:36

15:36

The Google Threat Intelligence Group (GTIG) has identified a significant shift where adversaries are now deploying novel AI-enabled malware in active operations, moving beyond simple productivity gains observed in 2024. This new operational phase includes "Just-in-Time" AI malware, such as PROMPTFLUX and PROMPTSTEAL, that utilize Large Language Mod…

1
The Scorched Earth CISO: Extinguishing Burnout with AI and Executive Support 43:17

2h ago43:17

43:17

Cybersecurity leaders, including CISOs, face overwhelming job demands and chronic stress, with up to 80% classifying themselves as “highly stressed” due to resource limitations and the ceaseless evolution of threats. This pressure is compounded by alert fatigue—where the relentless influx of noisy, often false-positive alerts causes mental and oper…

1
Hybrid Resilience: Mastering Digital Tech and Collaboration for Supply Chain Recovery 31:33

3h ago31:33

31:33

The COVID-19 pandemic introduced unprecedented volatility and uncertainty (VUCA) to global supply chains, forcing retailers to rapidly pivot their operational strategies to manage severe disruption. This episode explores interview findings revealing how supply chain professionals effectively utilized a blend of proactive strategies, such as digital…

1
Warding the Walls: Ransomware, Zero Trust, and the Fight for Critical Infrastructure 33:42

7d ago33:42

33:42

Municipalities face escalating cyber threats like devastating ransomware attacks, which have cost cities like Atlanta millions of dollars in recovery and disrupted essential public services. This vulnerability is amplified by the mass deployment of interconnected IoT devices and the convergence of traditional IT with sensitive Operational Technolog…

1
Compliance Convergence: Harmonizing DORA, NIS2, and SEC for 2025 Resilience 13:18

1d ago13:18

13:18

The simultaneous enforcement of the EU’s DORA (January 2025 deadline) and NIS2, alongside the U.S. SEC’s four-day disclosure rule (effective late 2023), has created an increasingly fragmented and high-stakes compliance landscape for global enterprises. This episode details how organizations can move beyond segregated checklists to build a unified c…

1
Guardrails and Attack Vectors: Securing the Generative AI Frontier 15:45

2d ago15:45

15:45

This episode dissects critical risks specific to Large Language Models (LLMs), focusing on vulnerabilities such as Prompt Injection and the potential for Sensitive Information Disclosure. It explores how CISOs must establish internal AI security standards and adopt a programmatic, offensive security approach using established governance frameworks …

1
Trick or Threat: Your Personal Cybersecurity Survival Guide for 2026 45:32

5d ago45:32

45:32

Artificial intelligence has fundamentally reshaped the threat landscape, enabling attackers to deploy flawless, context-specific phishing emails and clone the voices of executives, leading to massive losses like the Hong Kong multinational firm that lost $25 million during a deepfake video call scam. With ransomware back on the rise and 77% of CISO…

1
The Digital Hustle: RaaS, EDR Killers, and the Cybercrime Business Model 40:05

7d ago40:05

40:05

RaaS (Ransomware-as-a-Service) has professionalized cybercrime, turning digital extortion into a resilient business where affiliates leverage sophisticated toolkits for high-stakes attacks on critical sectors. This episode details how threat actors circumvent defenses by compromising high-value systems like VMware ESXi hypervisors and Managed File …

1
Speaking 'Boardish': A CISO's Guide to Risk, Resilience, and Revenue 25:24

25d ago25:24

25:24

The modern Chief Information Security Officer (CISO) role is evolving from a purely technical function to an enterprise risk leadership position, yet many leaders struggle to secure necessary resources due to a fundamental communication gap with the board. This podcast explores how security executives can master "Boardish"—the language of finance, …

1
When Trust Breaks: Auditing the $300M Third-Party Liability Cap 36:35

12d ago36:35

36:35

Third-party relationships expose organizations to major threats across operational, strategic, and legal risk areas, including the significant danger of reputational damage and the potential for loss of intellectual property. Recent managed service provider (MSP) cyberattacks have resulted in catastrophic financial devastation, demonstrating that a…

1
Resilience in an AI-Accelerated World: The CISO's Objective Challenge 26:25

24d ago26:25

26:25

This episode tackles the CISO's strategic mandate: moving beyond subjective assessments, as "Security without true adversarial testing is just an illusion," to achieve objective measurement and resilience. We analyze key vulnerability trends, including the significant surge in hardware, API, and broken access control flaws, recognizing that every A…

1
The Hybrid SOC Revolution: AI, ATT&CK, and Fortifying Resilience in 2025 41:45

28d ago41:45

41:45

Cyber threats are evolving at an unprecedented pace, with sophisticated ransomware and supply chain breaches on the rise, contributing to cybercrime costs estimated to exceed $10.5 trillion per year by 2025. We delve into the optimal hybrid SOC model, discussing how organizations leverage AI-driven automation to reduce Mean Time to Detect (MTTD) by…

1
The Trust Trap: Why Employees Turn Malicious and How Causal AI Predicts the Breaking Point 39:27

29d ago39:27

39:27

Insider threats are not just technical breaches but fundamentally human failures, where employees exploit their legitimate access due to a complex mix of financial stress, revenge, and unmet expectations. This episode explores how personality traits like narcissism and organizational shortcomings create a "Trust Trap," allowing behavioral precursor…

1
Smart Cities, Critical Failures: Unpacking the IoT Ransomware Threat 37:36

26d ago37:36

37:36

Modern municipalities rely heavily on interconnected IoT devices and sensors to optimize services, creating urban environments that utilize cloud computing and AI for enhanced quality of life. However, this expanded complexity significantly increases the attack surface, making cities attractive targets for cybercriminals executing ransomware and de…

1
The Digital Crossroads: Identity, Encryption, and the End of Anonymous Life 31:20

21d ago31:20

31:20

We analyze how global Digital ID systems, mandatory age verification laws (like the UK Online Safety Act and Texas SB2420), and anti-encryption pushes (such as EU Chat Control) are converging to form an unprecedented architecture for monitoring human behavior. This convergence is systematically destroying online anonymity by necessitating the colle…

1
The Deepfake Disaster: AI's Industrial Revolution for Global Fraud 16:31

1M ago16:31

16:31

The global scam crisis has become an "industrial revolution for fraud," fueled by AI weaponization, deepfakes, and voice cloning that make sophisticated scams nearly indistinguishable from reality, resulting in combined losses across major economies exceeding $70 billion in 2024-2025. We examine how international criminal networks are exploiting in…

1
The CISO Crucible: Resilience, AI Governance, and the Four-Day Rule 46:15

1M ago46:15

46:15

The modern CISO is facing an aggressive threat landscape driven by the weaponization of AI, leading to hyper-realistic phishing and polymorphic malware, while ransomware remains the top risk (70% of organizations concerned). We dissect the shift in priorities, where operational resilience and business continuity now rank as the number one cybersecu…

1
The Vanguard Crisis: Why $10.5 Trillion in Cyber Costs Can’t Buy Enough Talent 33:10

1M ago33:10

33:10

The global annual costs associated with cybersecurity are forecasted to reach a staggering 10.5 trillion by the end of 2025. Despite this immense financial backdrop, 80% of Chief Information Security Officers (CISOs) believe they operate with insufficient budgets to ensure robust security measure, contributing to an overwhelming 88% of CISOs functi…

1
Shadow War: Hacktivism, Proxies, and Iran's Digital Empire 38:06

1M ago38:06

38:06

This podcast explores how Iran's strategy of asymmetric warfare hinges on sophisticated state-sponsored groups like APT42 and IRGC-backed hacktivist networks to achieve strategic goals while maintaining plausible deniability. We investigate the operations of digital proxies, including CyberAv3ngers and Handala Hack, as they target U.S. political ca…

1
Code and Conflict: The Cyber-Geopolitics of the Middle East 14:11

26d ago14:11

14:11

The Middle East serves as a hotbed of geopolitics, where rivalries—particularly between Iran and the Saudi/UAE axis—have made the cyber realm the vanguard of statecraft. This episode analyzes how nations deploy asymmetric capabilities, ranging from destructive malware like Shamoon and sophisticated state-sponsored espionage operations (such as APT3…

1
The 3.4 Million Gap: Cracking the Code on Cybersecurity's Global Workforce Crisis 10:41

27d ago10:41

10:41

The cybersecurity industry faces a critical global shortage of 3.4 million workers, a deficit compounded by evolving threats, high attrition rates due to burnout, and geopolitical factors such as costly H-1B visa policies. We investigate how major tech hubs like Nama Bengaluru are rising as global capability centers (GCCs) for AI and cybersecurity,…

1
Secure Our World: Mastering the Fundamentals of Incident Resilience 16:21

1M ago16:21

16:21

We clarify the distinct but coordinated roles of Incident Response (IR) Plans, Disaster Recovery (DR) Plans, and Business Continuity (BC) Plans, which together form a resilient defense system against modern disruptions. This episode details the foundational controls essential for organizational readiness, emphasizing cyber hygiene basics like Multi…

1
Crypto Agility and the AI-Driven SOC: Securing the 2026 Enterprise 13:29

1M ago13:29

13:29

The foundation of digital security is collapsing as autonomous, AI-driven phishing and deepfakes escalate cyber threats, while the looming quantum threat forces organizations to prepare against the risk of nation-states executing "harvest now, decrypt later" (HNDL) attacks. This episode explores the critical strategic response required in 2026: org…

1
Patch or Perish: Navigating the Windows 10 EOL Minefield 13:12

1M ago13:12

13:12

The impending end-of-life (EOL) for operating systems like Windows 10 creates an immediate and permanent security vulnerability, essentially transforming these unpatched systems into prime targets for sophisticated cyber threats and ransomware attacks. This failure to maintain supported software leads to massive financial liabilities, including pot…

1
The PSYOP Industrial Complex: Hacking Human Trust in the Fifth Generation War 43:26

1M ago43:26

43:26

Modern conflict, often characterized as Fifth Generation Warfare (5GW), targets the consciousness and subconsciousness of civil populations through invisible, non-attributable cyber and informational attacks. We explore the looming "PSYOP industrial complex," which fuses military psychological operations techniques with hyper-personalized digital m…

1
AI, CaaS, and Cronos: Inside the Industrialization of Cybercrime in 2024 11:02

2M ago11:02

11:02

By CISO Marketplace

1
The DeepSeek AI Paradox: Security Catastrophe, CCP Censorship, and the High Cost of 'Cheap' Models 16:21

2M ago16:21

16:21

By CISO Marketplace

1
The Cybersecurity and Privacy Divide: CISO vs. DPO in the Age of GDPR 16:31

2M ago16:31

16:31

We break down the crucial differences between the Chief Information Security Officer (CISO), who is responsible for protecting information assets against cyber threats, and the Data Protection Officer (DPO), whose primary focus is ensuring compliance with privacy laws and regulations. The roles face an inherent conflict of interest because the DPO …

1
Stop the Attack Cycle: Play Ransomware, Phishing, and the Power of MFA 13:41

2M ago13:41

13:41

Ransomware groups, such as Play (also known as Playcrypt), were among the most active groups in 2024 and use advanced methods like double extortion, first exfiltrating data and then encrypting systems, often targeting critical infrastructure globally. Initial access frequently begins with human elements, as phishing remains the top entry point for …

1
Cyber Security Resilience 2025: Taking Control in an Expanding Threat Landscape 14:37

2M ago14:37

14:37

This episode explores why cyber insureds are demonstrating enhanced resilience, evidenced by an overall decline in claims severity by more than 50% and a 30% drop in large loss frequency during 1H, 2025. We detail the shifting attacker tactics, including the migration of ransomware to less protected mid-sized firms and the emergence of data exfiltr…

1
Phishing, Ransomware, and Geopolitical Spies: Inside the EU's 2025 Cyber Frontline 29:35

2M ago29:35

29:35

This episode dissects the latest ENISA Threat Landscape, revealing how cybercriminal operations remain potent, fueled by resilient Ransomware-as-a-Service (RaaS) models and highly effective vectors like phishing (60%) and vulnerability exploitation (21.3%). We explore how geopolitical conflicts drive state-aligned cyberespionage, particularly from …

1
The Global Tech Tangle: AI, Censorship, and the 2025 Compliance Crisis 15:03

2M ago15:03

15:03

This year marks a high-stakes moment for digital governance as major legislation like the EU AI Act, DORA, and India's DPDPA see major enforcement, imposing new obligations on enterprises worldwide. We analyze how algorithmic logic and frameworks like the EU Digital Services Act (DSA) are compelling global censorship by targeting "misleading" or "h…

1
Artificial Power: Brussels, Silicon Valley, and the Global Compliance Fight 12:53

2M ago12:53

12:53

2025 marks a high-stakes year for enterprises navigating rapidly shifting obligations as global compliance accelerates across continents, driven by major enactments like India's DPDPA (effective July 2025) and sweeping EU frameworks. We analyze the core tensions between the EU's binding, risk-based frameworks, such as the EU AI Act banning unaccept…

1
The 2025 Convergence: AI, Critical Infrastructure, and the Supply Chain Siege 12:49

2M ago12:49

12:49

We analyze the defining cyber conflicts of 2025, dominated by state-sponsored actors like Volt Typhoon pre-positioning in critical infrastructure and groups like Salt Typhoon compromising global telecommunications networks for espionage. The season also saw ransomware evolve with extreme speed, exemplified by the Akira group's ultra-short dwell tim…

1
The Great Reversal: From 'Safety-First' to the AI-Military Complex 17:20

2M ago17:20

17:20

Every major AI company, driven by the existential necessity of covering billions in development losses (the "Burn Rate Crisis"), discarded its ethical prohibitions to pursue lucrative defense contracts. This pivot involved companies like OpenAI removing the explicit ban on "military and warfare" and Anthropic creating "Claude Gov" models designed s…

1
The Identity Crackdown: Escaping the Digital Prison 47:36

2M ago47:36

47:36

This episode explores the global race between governments implementing centralized digital IDs that risk mass surveillance and privacy erosion, versus decentralized models emphasizing Self-Sovereign Identity (SSI). We detail the complex threats posed by non-interoperable systems and "Digital Twins" technology, which aggregates scattered digital foo…

1
Beyond the Firewall: Converging Cyber and Physical Defense 16:30

2M ago16:30

16:30

Modern organizations face hybrid threats that exploit the inherent gaps between information systems and physical facilities, making security convergence a daily operational necessity. We detail the foundational framework of risk assessment—which combines threat, vulnerability, and consequence—to ensure both physical access points and digital assets…

1
The Digital Frontline: Hacktivists, Proxies, and the AI-Driven Border War 15:39

2M ago15:39

15:39

This episode examines the rapid escalation of the Cambodia–Thailand military conflict into cyberspace, driven by 19 distinct nationalist hacktivist groups, including AnonSecKh/BL4CK CYB3R and Keymous, starting immediately after physical clashes in July 2025. These groups leveraged low-complexity tactics like website defacements and mass Distributed…

1
The Geopolitics of Code: Quantifying Risk in the Global Software Supply Chain 16:16

2M ago16:16

16:16

Global supply chains, particularly in critical sectors like technology, are facing unprecedented threats from sophisticated adversaries who exploit vulnerabilities in third-party software and digital ecosystems. This geopolitical reality is driving stringent international regulations, such as the EU's NIS2 Directive and Cyber Resilience Act (CRA), …

1
The AI Paradox: Why Global Cyber Costs are Falling, But the Threat is Rising (The 5 Pillars of Readiness) 36:56

2M ago36:56

36:56

Cyber incidents are escalating sharply worldwide, characterized by a staggering 21 percent average annual growth rate in disclosed incidents since 2014 and the increasing sophistication of AI-driven attacks like deepfakes and advanced phishing. Despite this escalating threat volume, the global average cost of a data breach recently dropped by 9% to…

1
Systematic Security: Protecting Sweden's Digital Frontline Amid Hybrid Threats. 14:56

2M ago14:56

14:56

Sweden's integration into NATO, coupled with sustained, sophisticated cyber operations from state actors like Russia, China, and Iran, has dramatically intensified the threat level against its Critical Infrastructure and Vital Societal Functions (VSF & CI). To combat this escalating threat, Swedish legislation, including the new Cybersecurity Act (…