Who is Responsible for the Conflict Between Security and Developers?

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining is their sponsored guest, Matt Brown, solutions architect, Endor Labs. In this episode: The development disconnect Functionality first, security second The incentive problem Speed as the common ground A huge thanks to our sponsor, Endor Labs Discover how AI coding agents are reshaping software supply chain risk in the State of Dependency Management. Original research from Endor Labs shows 49% of dependency versions have known vulnerabilities (and that 34% don't actually exist). Get the report to see how "shadow AI" is reshaping attack surfaces. Learn more at www.endorlabs.com.

All links and images can be found on CISO Series. Check out this post by Caleb Sima for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Evan McHenry, CISO, Robinhood. In this episode: The information paradox Setting realistic expectations Prioritization over noise The cart before the horse Huge thanks to our sponsor, Endor Labs Discover how AI coding agents are reshaping software supply chain risk in the State of Dependency Management. Original research from Endor Labs shows 49% of dependency versions have known vulnerabilities (and that 34% don't actually exist). Get the report to see how "shadow AI" is reshaping attack surfaces.  

All links and images can be found on CISO Series. Check out this post, CISO, Upwind Security, for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap, CISO, LinkedIn. Joining us is Octavia Howell, vp and CISO, Equifax Canada. In this episode: Beyond the quota The hard truth beats the polished bluff Paying for someone else's mistakes Reducing friction, increasing trust Huge thanks to our sponsor, ThreatLocker ThreatLocker takes a deny-by-default approach to endpoint security — controlling what applications can run, what can access data, and what can elevate privileges. Used by organizations that want to reduce attack surface without relying on detection alone. Learn more at threatlocker.com/ciso.

All links and images can be found on CISO Series. This week's episode is co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Mark Eggleston, CISO, CSC. In this episode: Breaking trust to test it Technical controls over testing The measurement imperative Fire drills, not gotchas Huge thanks to our sponsor, Scanner All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data lakes, 10x cheaper than SIEMs. Loved by analysts. Built for AI agents. Learn more at scanner.dev.

All links and images can be found on CISO Series. This week's episode is co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Cliff Crosland, co-founder and CEO, Scanner.dev. In this episode: Earning autonomy gradually The blast radius question The reality check Today's value, tomorrow's evolution Huge thanks to our sponsor, Scanner All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data lakes, 10x cheaper than SIEMs. Loved by analysts. Built for AI agents. Learn more at scanner.dev.

All links and images can be found on CISO Series. Check out this post by Dr. Chase Cunningham, CSO at Demo-Force, for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Brett Conlon, CISO, American Century Investments. In this episode: The experience paradox Who benefits from the narrative Kitchen sink job postings The aggregation problem Huge thanks to our sponsor, Scanner All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data lakes, 10x cheaper than SIEMs. Loved by analysts. Built for AI agents. Learn more at scanner.dev  

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is their sponsored guest, Rob Allen, chief product officer, ThreatLocker. In this episode: Getting permissions right The fundamentals that still fail Know what you have Simple controls, outsized impact Huge thanks to our sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.

All links and images can be found on CISO Series. Check out this post by Patrick Garrity of VulnCheck for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Steve Zalewski. Joining them is Tom Doughty, CISO, Generate:Biomedicines. In this episode:  The 3Ms of product clarity Buzzwords work because buyers aren't experts Investor pressures distort messaging Threading the needle Huge thanks to our sponsor, Alteryx Alteryx is a leading AI and data analytics company that powers actionable insights that help organizations drive smarter, faster decisions. Alteryx One helps security, risk, and operations leaders cut hours of manual work to minutes, generate trusted insights at scale, and turn raw data into action faster than ever. Learn more at www.alteryx.com.

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by David Spark, the producer of CISO Series, and Geoff Belknap. Joining them is sponsored guest Matt Goodrich, director of information security, Alteryx. In this episode: The integrity challenge Zero trust for AI outputs Guardrails over garbage It looks good... Huge thanks to our sponsor, Alteryx Alteryx is a leading AI and data analytics company that powers actionable insights that help organizations drive smarter, faster decisions. Alteryx One helps security, risk, and operations leaders cut hours of manual work to minutes, generate trusted insights at scale, and turn raw data into action faster than ever. Learn more at www.alteryx.com.

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode, co-hosted by me, David Spark, the producer of CISO Series, and Jerich Beason, CISO, WM. Their guest is Pam Lindemoen, CSO and vp of strategy, RH-ISAC. In this episode: From loudest to most trusted Letting go of the win Listening over proving Beyond right and wrong Huge thanks to our sponsor, Alteryx Alteryx is a leading AI and data analytics company that powers actionable insights that help organizations drive smarter, faster decisions. Alteryx One helps security, risk, and operations leaders cut hours of manual work to minutes, generate trusted insights at scale, and turn raw data into action faster than ever. Learn more at www.alteryx.com.