The Professional CISO

Why CISOs Are Rethinking Managed Security: Check Point’s Open Garden Approach | Lenny Krol

In this episode of The Professional CISO Show, David Malicoat is joined by Lenny Krol, Head of Services Sales at Check Point Software, recorded live at GPSEC DFW.   Lenny breaks down how Check Point’s services organization supports customers across both Check Point and third-party technologies, why an open ecosystem matters, and how CISOs can realistically scale security operations amid a global talent shortage. From fractional SOC coverage to process maturity and real-world engagement models, this conversation delivers practical insight for security leaders at every stage of their journey.   Sponsors: Check Point Software (Premier Sponsor) (www.checkpoint.com) Guidepoint Security (Associate Sponsor) (www.guidepointsecurity.com)   🎙️ Listen on Spotify and Apple Podcasts 🌐 Learn more at www.thpc.co [http://www.thpc.co]

Practical Zero Trust, Apprenticeships, and Learning to Learn in the Age of AI | Larry Woods

Episode 93: Practical Zero Trust, Apprenticeships, and Learning to Learn in the Age of AI   Guest: Larry Woods   Every breach has a story. Every leader has a strategy.   In this episode of The Professional CISO Show, host David Malicoat sits down with Larry Woods, a seasoned cybersecurity executive, during the St. Louis stop of the U.S. Tour for a wide-ranging and deeply practical conversation about what it really takes to lead cybersecurity at scale.   This is not a theoretical discussion. It’s a grounded, experience-driven dialogue focused on execution, leadership maturity, and the realities CISOs face every day.   Larry shares his personal journey from early technology exposure through infrastructure leadership and into the CISO role, highlighting how security has quietly become embedded in nearly every aspect of modern IT. From there, the conversation expands into three critical areas shaping the future of the profession.   🔐 Practical Zero Trust — Not the Buzzword Version Zero Trust is often dismissed as unattainable or overly complex. Larry challenges that narrative by reframing Zero Trust as a series of pragmatic, achievable decisions rather than a perfect end state.   He explains how removing users and devices from the traditional network, leveraging secure access paths, and embracing cloud-first and SaaS-first strategies can dramatically reduce breach impact. Rather than chasing perfection, the focus is on measurable risk reduction and resilience — a perspective every modern CISO needs.   👩‍💻 Building Cyber Talent Through Apprenticeships Larry also dives into one of the most actionable talent strategies discussed on the show: cybersecurity apprenticeships.   Instead of short-term internships that rarely deliver meaningful impact, Larry outlines how long-term, part-time apprenticeships allow organizations to develop junior talent over multiple years. The result is stronger technical capability, deeper cultural alignment, and a pipeline of professionals who truly understand the business — not just the tools.   For CISOs struggling with hiring, retention, and entry-level readiness, this segment alone is worth the listen.   🧠 Learning to Learn in the Age of AI One of the most thought-provoking segments of the episode centers on a question few leaders are asking out loud: What happens to critical thinking when AI always has the answer?   Larry and David explore the difference between using AI as a shortcut versus using it as an accelerator for learning. As AI reshapes how work gets done, the ability to learn how to learn becomes a defining leadership skill — especially in cybersecurity, where context, judgment, and reasoning still matter.   This conversation connects AI, education, leadership development, and the future CISO skill set in a way that is both reflective and practical.   🏛️ From Technologist to Executive Leader Larry also shares candid insights on: * The moment a CISO truly becomes an executive: the first board presentation * Why leadership teams matter more than company brands * Leading through influence in decentralized organizations * The value of business education for cybersecurity leaders * Why today’s CISO must be fluent in risk, communication, marketing, legal concepts, and board dynamics The episode closes with a personal and revealing “10 Questions” segment that offers a glimpse into Larry’s mindset beyond the title.   🎧 Why You Should Listen If you are: * A CISO navigating Zero Trust, cloud, and board expectations * A security leader building teams and future talent * An aspiring CISO trying to understand what the role really demands * A cybersecurity professional thinking about AI’s long-term impact This episode will resonate.   🔗 Listen, Watch, and Connect * 🎥 Watch the episode: http://www.youtube.com/@TheProfessionalCISO [http://www.youtube.com/@TheProfessionalCISO] * 🎧 Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673 [https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673] * 🍎 Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021 [https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021] * 🌐 Website: https://www.thpc.co [https://www.thpc.co] * 🔗 LinkedIn: https://www.linkedin.com/company/the-professional-ciso-show [https://www.linkedin.com/company/the-professional-ciso-show] 📣 Call to Action Follow The Professional CISO Show on Spotify and Apple Podcasts, subscribe on YouTube, and share this episode with a peer who’s serious about professionalizing the role of the CISO. 🏷️ Hashtags #TheProfessionalCISO #CISOLeadership #ZeroTrust #CybersecurityLeadership #AIandSecurity #CISOJourney #CyberTalent #LearningToLearn #BoardroomSecurity #CyberStrategy

HOU.SEC.CON Live: Merging Physical & Cyber Security + The Future of Threat Intelligence

🔥 Episode Summary Guests: Steve Lupo (Chevron, Retired FBI) & Orlan Streams (RA Infrastructure) Sponsor: CyberOne Security (www.cyberonesecurity.com)   Recorded live at HOU.SEC.CON, this episode brings together two unique perspectives shaping the cybersecurity landscape.   First, David speaks with Steve Lupo, Event Security Advisor at Chevron and a retired FBI agent, about the deep and often overlooked connection between physical security and cyber operations. From the role of InfraGard to counterintelligence insights and the enduring human attack surface, Steve brings clarity on how CISOs must merge both worlds.     Then, Orlan Streams, Cyber Threat Intelligence Analyst at RA Infrastructure, joins to explore the rapidly evolving space of threat intelligence, AI-driven analysis, OT security, mentorship, and communication at the board level. He also shares his own professional development journey—particularly his focus on improving writing and presentation skills to better influence executive decision-making.     🎧 Key Highlights * What InfraGard is and why CISOs should engage * How the FBI leverages private-sector intelligence * Why physical and cyber security must be unified * Human risk: the universal vulnerability * Future of nation-state adversaries and cyber warfare * Threat intelligence challenges in 2025 * The rise of AI + human judgment in intel analysis * Why OT security is now unavoidable * Professional development: writing, communication & influence * Building the next generation of cyber talent through mentorship 🔗 Episode Sponsor: CyberOne Security CyberOne Security delivers custom cybersecurity solutions built around your business strategy using their Defendable Network Framework. Whether you’re designing resilient architecture or strengthening threat readiness, CyberOne drives measurable outcomes aligned to your environment. CyberOne Security — Strategic. Measurable. Built to Defend.   📲 Follow The Professional CISO Show Website: www.thpc.co [http://www.thpc.co] YouTube: http://www.youtube.com/@TheProfessionalCISO [http://www.youtube.com/@TheProfessionalCISO] LinkedIn: https://www.linkedin.com/company/the-professional-ciso-show [https://www.linkedin.com/company/the-professional-ciso-show] Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673 [https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673] Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021 [https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021]

How CISOs Must Lead the Next Generation | Moses Bulus on AI, Data Security & Hybrid IT (Ep. 91)

🔥 Episode Summary In this St. Louis tour-stop episode, David Malicoat sits down with cybersecurity leader Moses Bulus to explore what it truly means to evolve into a professional CISO.   Moses shares his journey from early developer to building security programs from scratch, and ultimately into executive leadership — showing how business acumen, networking, and intentional mentorship shape the future of the CISO role.   Together they dive deep into the accelerating impact of AI, the rising urgency of data security, the realities of hybrid cloud environments, and how CISOs can better prepare both themselves and the next generation for what’s coming.     🎙️ What You’ll Learn * Why CISOs must be intentional about developing the next generation of cybersecurity leaders * How AI is exposing long-standing data governance gaps inside every organization * The importance of returning to “Security 101” with access management and visibility * Why hybrid IT + multi-cloud have expanded the attack surface beyond traditional models * How to build influence, trust, and presence across the business — not just IT * The power of networking and why it’s not optional for early-career professionals * Moses’ doctoral research in phishing attacks targeting the manufacturing sector * The limitations of traditional cybersecurity education and how leaders can fill the gap * 💡 Key Quotes from This Episode * “It’s not about cybersecurity. It’s about the business.” — Moses Bulus * “You cannot protect what you don’t know or what you don’t understand.” — Moses Bulus * “CISOs must be intentional — not just about their own growth, but about developing the role itself.” — David Malicoat * “Networking is your future. Think of it like calling your brother when you need help.” — Moses Bulus * “AI has introduced new advantages, but it’s also exposed vulnerabilities we’ve ignored for years.” — Moses Bulus 🧠 Episode Highlights * Moses’ origin story: developer → network engineer → first cybersecurity hire * The executive leap: presenting to leadership early and building business fluency * Why business conferences can matter more than technical ones * AI’s dual nature: opportunity + internal risk amplifier * Cloud governance challenges and API-driven risk * Why security leaders must be present, approachable, and embedded in the business * Rethinking hiring: degrees are helpful, but curiosity and problem-solving matter more * Moses’ personal story of pursuing a doctorate for his mother — and how research changes thinking 🤝 Episode Sponsors Premier Sponsor: Check Point (www.checkpoint.com) Associate Sponsors: Armis (www.armis.com), GuidePoint Security (www.guidepointsecurity.com)   📌 Call to Action Follow the show, share this episode with a colleague, and join us as we continue the mission to professionalize the role of the CISO.   🔗 Links & Resources Website:https://www.thpc.co [https://www.thpc.co] YouTube Channel:http://www.youtube.com/@TheProfessionalCISO [http://www.youtube.com/@TheProfessionalCISO] LinkedIn Page:https://www.linkedin.com/company/the-professional-ciso-show [https://www.linkedin.com/company/the-professional-ciso-show] Spotify:https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673 [https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673] Apple Podcasts:https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021 [https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021]   🏷️ Keywords CISO, Cybersecurity Leadership, AI Security, Data Security, Cloud Security, Hybrid IT, Cyber Careers, Cyber Education, Moses Bulus, Professional CISO, Cyber Podcast, Cyber Risk Management, CISO Development

🎙️ Episode 90 | GPSEC DFW: The Modern CISO, AI, and the OT Frontier

🎙️ Episode Summary Episode 90 of The Professional CISO Show kicks off the GPSEC DFW series, recorded live in Dallas. Host David Malicoat welcomes Andy Lux, Kendall Reese, and Patrick Gillespie for a dynamic discussion on risk leadership, AI governance, and OT security. Together, they explore how the role of the CISO is evolving — from managing control frameworks to enabling business outcomes through smarter, risk-informed strategies.   🔑 Key Takeaways * The CISO’s role continues to mature toward enterprise risk and business alignment * AI adoption is accelerating, but governance and ROI remain top concerns * Frameworks and cross-functional cooperation define future-ready security programs * OT security is no longer separate — it’s central to national and business resilience   💬 Notable Quotes “You can’t be Fort Knox everywhere — we have to know our risk tolerance.” — Andy Lux “We’re shoulder to shoulder in governance; AI requires collaboration and control.” — Kendall Reese “If your IT and OT teams don’t know each other before an incident, it won’t go well.” — Patrick Gillespie 🎧 Listener Benefits By listening to this episode, you’ll gain insight into: * Modern CISO decision frameworks * Practical AI integration strategies * Governance approaches for emerging tech * The human and operational side of cybersecurity   📣 Call to Action Subscribe, share, and join the movement to professionalize the role of the CISO. Visit www.thpc.co [https://www.thpc.co/] for upcoming events, recordings, and sponsor opportunities.   🏆 Sponsors * Premier Sponsor: Check Point (www.checkpoint.com) * Associate Sponsor: GuidePoint Security (www.guidepointsecurity.com)