The New CISO Podcast

The New CISO is a podcast hosted by Exabeam Chief Security Strategist, Steve Moore. A former IT security leader himself, Steve sits down with Chief Information Security Officers to get their take on cybersecurity trends, what it takes to lead security teams and how things are changing in today’s world.

What career path is best? When is a data breach is over? How do you manage limited IT budgets for maximum ROI? Informative and educational, The New CISO answers your burning cybersecurity questions. Whether you’re a current or aspiring CISO, The New CISO provides practical advice, guidance, and lessons learned from peers.

Have a topic or guest you’d like to see featured on The New CISO? Email us at thenewciso@exabeam.com

Listen and Subscribe

iTunes Button (via NiftyButtons.com) Listen on Google Play Music Listen on Spotify RSS Feed

Hosted by Steve Moore

Steve Moore is Vice President and Chief Security Strategist at Exabeam, helping drive solutions for threat detection and advising customers on security programs and breach response. He is the host of the “The New CISO Podcast” and a Forbes Tech Council member. Prior to Exabeam, Moore served as Staff VP of Cybersecurity Analytics at Anthem, a Fortune 30 healthcare company. Moore’s experience includes leading the investigation of state sponsored cyberespionage campaigns, breach response, associated legal depositions, and client management. He’s passionate about cybersecurity, teamwork and leadership excellence.


Episode 11: Partnering with Higher Education to Prepare Students for a Career in Cybersecurity

Building effective cyber programs in higher education can help prepare the next generation of CISOs for the challenges of an industry in flux. And for those programs to match the realities of industry, real-world experience and mentorship are crucial elements to weave into their DNA.

A United States Air Force veteran, Marc Crudgington serves as the Chief Information Security Officer, SVP Information Security for Woodforest National Bank and is an active member of the University of Houston CIS Industry Advisory Board and Sam Houston State University Digital and Cyber Forensic Engineering Advisory Board.

Marc Crudgington


Episode 10: Assessing Security Reporting Structures

As a modern CISO and security expert, a challenge you may face is that a leader you report to might not understand the business of security. Given that, how do we influence and ultimately correct existing lines of reporting.

Leonard (Lenny) Levy is an accomplished information security executive with over 20 years’ experience addressing cybersecurity challenges. Most recently he served as the interim Chief Information Security Officer for Providence St. Joseph Health, a $26 billion catholic healthcare system.

Lenny Levy


Episode 9: Digital Trust for Digital Transformation

As a CISO, experience in a broad range of business functions incorporating security often paves the way for future career growth and with an evolving cybersecurity industry, opportunities arise for some CISOs to reshape the way their organization sees them; from a security office into a “trust office.”

Lakshmi Hanspal is the Global CISO at Box, joining the company in January of 2019. In this senior leadership role, she’s responsible for corporate, physical and cyber security of Box’s footprint, including data protection and privacy. Prior to joining Box, Lakshmi was the CISO for SAP Ariba and has held senior positions across Paypal and Bank of America, among other companies. Her career spans across 23+ years in information security, risk management and privacy, with 16+ years in the financial and payments space.

Lakshmi Hanspal


Episode 8: Securing a Cybersecurity Organization

As cybersecurity becomes entrenched in the business cycle, other business functions have expanded their interactions with security teams.That said, the understanding of what a CISO does – hasn’t always followed the same trajectory. How do we as security practitioners help our organizations interact with our security teams, and help them understand the role we play in an increasingly at-risk world?

Currently the CISO of Netskope, Lamont Orange has managed cybersecurity programs, developed cybersecurity talent and maintained and socialized internal security programs for more than 20 years.

Lamont Orange


Episode 7: Understanding the Adversary

Building a career in security can be a challenge, even for those of us who start off early. For some however, the job can be a natural progression from her Majesty’s armed forces to helping secure the 2012 Olympics and ultimately becoming a CISO. So how do you channel these unique experiences into something that will withstand the diverse threats organizations face today?

Mick Jenkins is the Chief Information Security Officer at Brunel University and a former counter terrorism officer in the British Armed Forces.

Mick Jenkins


Episode 6: Contributing to the Cybersecurity Community

Not too long ago you’d be hard pressed to find cybersecurity communities to engage with, whereas today their ubiquity might be putting them at risk. With so many – and often topical – security communities, how do we ensure the important issues take center stage; promote information sharing, avoid political problems and the sins of our past, all while nurturing young security talent for the future?

Scott Morris is the Vice President, Chief Information Security Officer at BlueCross BlueShield Western New York, where he’s responsible for leading the Enterprise Information Assurance team, including information security, regulatory compliance and process assurance, and incident/problem management.

Scott Morris


Episode 5: Does Security Training Really Work?

If we believe that employees are our first line of defense against attacks – like phishing, credential theft, and business email compromise, we need their active participation. But is security training – specifically phishing training – really effective? Should we be doing it differently? We touch on the idea of training versus education, positive reinforcement versus negative, suggestions for engaging with employees, and the best sushi in Vegas.

David Tyburski is the Global Chief Information Security Officer for Wynn Resorts, where for over the last 10 years, he has been responsible for leading the enterprise strategy for information security, identity / access, governance, and incident management for the Las Vegas based developer and operator of high-end luxury hotels and casinos.

David Tyburski


Episode 4: Winning Over the Board

The CISO and the board generally share something in common – they both want to manage risk and make the business successful. But a CISO has to earn the board’s trust, even when it’s well established that they’re the security subject matter expert.

Colin Anderson is Vice President of Information Technology, Global Chief Information Security Officer at Levi Strauss & Co. In this role he manages an international team responsible for information risk management, regulatory compliance, information privacy, and IT enterprise risk management.

Colin Anderson


Episode 3: What It Means to Be an Honest Broker

Learn what it means to be an “honest broker” in the context of security leadership—an agent of trust and transparency for a business. Brian covers strategies for delivering the right message to the board, the learning opportunities that come with candor, and the honest truth about managing the inherent stress of being a CISO.

Brian Haugli is a partner at Side Channel Security, a consulting firm in the Boston area. Previously VP and chief security officer for The Hanover Insurance Group, he’s a seasoned security leader who’s held numerous roles within the federal government responsible for strategic initiatives involving cybersecurity and information risk management.

Brian Haugli


Episode 2: The Ins and Outs of Budgeting

Andrew Wild, CISO at QTS Data Centers, talks about building an IT security budget, the challenges of prioritizing resources to balance risk, and the value of cooperation–something often more difficult to obtain than the budget itself.

Andrew Wild is CISO of QTS Data Centers. As an information security and risk management executive with over 25 years of experience, he has built and managed numerous corporate information security programs and is known for leading by example with a positive and energetic attitude.

Andrew Wild


Episode 1: Lessons Learned from a Virtual CISO

Matt Klein, Virtual CISO and Executive Advisor at Optiv, sits down with Steve Moore to share his insights on teamwork, getting visibility at the executive level, and the right prep for effective board conversations.

Matt Klein is a virtual CISO and executive advisor for Optiv. He advises enterprises on how to transition through leadership changes, improve security and reduce risk, and identify areas of opportunity where information technology can help contribute value to the bottom line.

Matt Klein