CISO Series Podcast

Jason Mayer, Deputy CISO at Raymond James Financial, shares views on third-party risk and aligning security with business needs. Pam Lindemoen, CSO and VP of Strategy for Retail and Hospitality ISAC, focuses on industry collaboration and security awareness. They discuss why training often fails. They explore security theater, measuring behavior change, business-aligned messaging, and handling repeat risky users.

Julie Myerholtz, CISO at Brunswick Corporation and security leader, discusses cloud shared responsibility, insecure defaults, and when to retire obsolete controls. She explores AI risks from vendors and adaptive malware, building a beginner's mind on teams, and treating feedback about diversity as a gift.

Rebecca Harness, CISO at Deltek with hands-on security and IT operations experience. She talks about building trust with leaders, experimenting with AI pilots rather than chasing perfection, and folding IT under security leadership. They discuss designing controls around how people actually work and practical challenges of Zero Trust and permission changes.

Rob Allen, Chief Product Officer at ThreatLocker, leads product and security strategy at a prevention-focused company. He discusses deny-by-default protections and why relying on single “heroes” creates risk. Conversations cover building redundant expertise, tabletop readiness, and cautious use of AI in operational security.

Tim Leehealey, VP of Corporate Strategy and Operations at Strike48, is a security leader focused on agentic log intelligence. He talks about defensible forensics, when tools and culture should bend to business needs, the limits of SIEM and AI hype, and a new agent-based approach to logs and SOC operations.

Vikas Mahajan, VP and CISO at the American Red Cross, brings experience leading enterprise security and incident resiliency. He and the hosts debate the limits of vendor questionnaires, whether to build or buy a SOC, AI governance tradeoffs, and practical shift-left tactics. Short, focused conversations on translating threats into business context and embedding security into developer tools.

Tammy Klotz, CISO at Trinseo and author focused on empathetic leadership in cybersecurity. She tackles the accountability vs authority gap, reframes CISOs as risk advisors working with business and legal, and debunks hacklore while pushing employee empowerment. They also compare real-world attack scenarios and explore voice-cloning threats to helpdesks.

Russ Ayres, CISO at Principal Financial Group, shares practical security leadership know-how. He discusses which metrics actually drive business decisions. He explores automation risks that amplify broken processes. He covers AI’s impact on tooling and the need for bilingual human-AI skills. He explains how to stay intentionally connected with security teams.

Janet Heins, CISO at ChenMed, brings healthcare security leadership and practical advice. They talk about how vendor inbound failures and peer referrals shape buying, the tension of reporting lines and independence under constraints, choosing opaque-but-secure vendors over transparent but weak ones, and designing security where patient safety and clinician workflows matter.

Johann Balaguer, Global CISO at Hard Rock Hotels and Casinos, brings experience securing hospitality and large-scale operations. He discusses resilience for cloud and third-party infrastructure. Short takes cover vendor dependencies, designing redundancy and failover, mapping critical systems, and career development for security teams.