• Cyber and the NY Giants
    Jul 1 2026

    Christina Morillo shares her unconventional career journey from traditional IT to cybersecurity in the NFL, highlighting the importance of building trust, understanding business risk, and addressing misconceptions in cybersecurity.

    Christina's book: Zero Trust Networks

    Show More Show Less
    48 mins
  • Identity for AI agents
    May 10 2026

    AI agents are moving from answering questions to taking action. That changes everything for identity and access management.

    In this episode, Ken Huang joins Matt to break down why traditional IAM was not built for agentic AI, where service accounts and OAuth scopes fall short, and what CISOs should do now to govern agents before they hit production at scale.

    Episode Links

    • Ken's substack
    • Ken's paper from 2011 on AI (he was way ahead!)
    • NIST AI RMF

    Show More Show Less
    46 mins
  • The future of CISO
    Apr 11 2026

    In this episode, Michael Piacente shares insights on career transitions in IT and security, the evolving role of CISOs, and the impact of AI on security talent and practices. Discover how community, storytelling, and strategic hiring shape the future of cybersecurity leadership.

    Resources

    The 2026 Global CISO Leadership Report

    Hitch Partners

    NIST AI Framework

    Show More Show Less
    44 mins
  • Matt joins a startup
    Jun 27 2022

    Send a text

    This episode of the Cloud Security Today podcast is a little different from the others because this time host Matthew Chiodi gives the interviewer’s seat over to Yousuf Khan and they talk about an exciting new development in Matt’s career.

    Matt announces a big career move and talks about how he’s hoping to fix some of the biggest problems in SaaS security today. He tells Yousuf about his new role and the fresh approach that his new company is bringing to the field. At the end of the episode, they discuss working in a start-up environment and give advice to anyone considering working in a start-up.

    If you enjoyed this episode, subscribe, or follow Cloud Security Today wherever you get your podcasts.

    Timestamps

    [0:28] Matt introduces the topic for today’s episode

    [1:50] Exciting news from Matt about his latest career move

    [5:10] Matt explains one of the biggest challenges in app security today

    [7:25] How have we managed app security up to now?

    [9:20] So how does Cerby work?

    [11:32] Matt’s new role at Cerby and an outline of his first few months

    [12:50] Why Matt likes working in a start-up environment

    [14:05] How Matt became interested in Cerby

    [16:20] What’s next for Cerby?

    [18:10] The advice that Matt would give to anyone looking to join a start-up

    [20:40] Yousuf adds his thoughts about working for a start-up

    Episode Links
    Ridge Ventures
    Yousuf Khan's Linkedin Profile
    Cerby's website
    Matt's Linkedin Profile

    Show More Show Less
    23 mins
  • Principles in cyber leadership
    Mar 23 2025

    Send a text

    In this conversation, MK Palmore shares insights from his diverse leadership journey, spanning the Marine Corps, FBI, and cybersecurity. He emphasizes the importance of a people-centered leadership approach, the balance between technical and leadership skills, and the significance of effective communication. MK reflects on his experiences, the impact of mentorship, and the lessons learned from both successes and failures in leadership roles. MK highlights the challenges in attracting diverse talent to cybersecurity and the necessity of nurturing new professionals. He concludes with insights on continuous learning and the importance of maintaining a beginner's mindset.

    Takeaways

    • Diverse experiences shape leadership philosophy.
    • Mentorship plays a significant role in professional development.
    • Silence from leaders can lead to assumptions and uncertainty.
    • Leaders should increase communication during times of uncertainty.
    • Maintaining a mindset of continuous learning is vital for personal growth.

    Chapters

    00:00
    Introduction to Leadership and Music

    02:57
    Diverse Leadership Experiences

    06:05
    The Importance of People-Centered Leadership

    09:05
    Technical Skills vs. Leadership Skills

    11:49
    Communication as a Leadership Skill

    14:53
    Learning from Mistakes in Communication

    18:01
    The Impact of Silence in Leadership

    20:44
    Navigating Uncertainty in Leadership

    25:06
    Bridging the Gap: Technical and Business Communication

    30:22
    Building Personal Brand and Eminence

    32:53
    Overcoming Barriers in Cybersecurity Talent Acquisition

    38:31
    Staying Sharp: Continuous Learning and Adaptability

    Show More Show Less
    43 mins
  • Tackling cyber & AI in the boardroom
    Oct 20 2024

    Send a text

    Summary
    In this conversation, Chris Hetner discusses the evolving role of boards of directors in cybersecurity, emphasizing the need for improved communication and understanding of cyber risks. He highlights the challenges boards face in adapting to new SEC rules and the importance of leveraging AI responsibly. Hetner also shares insights on tools for quantifying cyber risk and prioritizing investments while advocating for continuous learning and proactive engagement with board members.

    Takeaways

    • Boards are becoming more aware of cybersecurity risks.
    • Cybersecurity discussions often receive limited airtime in board meetings.
    • The SEC's new disclosure rules can drive more frequent discussions on cyber risk.
    • AI governance is crucial as AI technologies become more prevalent.
    • Collaboration with general counsel and risk officers is essential.

    Chapters

    00:00 Introduction and Background on Cybersecurity and Boards
    03:05 Current Challenges Facing Boards in Cybersecurity
    06:11 Understanding Cyber Risk and Communication with Boards
    08:58 Improving Board Engagement with Cybersecurity
    11:56 Leveraging SEC Guidelines for Cyber Risk Discussions
    15:02 The Role of AI in Cybersecurity Governance
    18:05 Tools for Quantifying Cyber Risk
    21:12 Prioritizing Cybersecurity Investments
    24:02 The Importance of AI Governance
    26:57 Staying Informed in Cybersecurity
    30:13 Final Thoughts and Continuous Learning

    The future of cloud security.
    Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.

    Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

    Show More Show Less
    46 mins
  • SBOMs: Good but less than a silver bullet
    Sep 21 2023

    Send a text

    Episode Summary

    On today’s episode, Senior Advisor and Strategist at the Cybersecurity and Infrastructure Security Agency, Allan Friedman, joins Matt to discuss SBOMs. As Senior Advisor and Strategist at CISA, Allan coordinates the global cross-sector community efforts around software bill of materials (SBOM). He was previously the Director of Cybersecurity Initiatives at NTIA, leading pioneering work on vulnerability disclosure, SBOM, and other security topics.

    Before joining the Federal government, Friedman spent over a decade as a noted information security and technology policy scholar at Harvard’s Computer Science Department, the Brookings Institution, and George Washington University’s Engineering School.

    He is the co-author of the popular text Cybersecurity and Cyberwar: What Everyone Needs to Know, has a C.S. degree from Swarthmore College, and a Ph.D. from Harvard University.

    Today, Allan talks about SBOMs and their adoption in non-security industries, Secure by design and secure by default tactics, and how to make software security second nature. What, exactly, is the SBOM? Hear about how SBOMs could’ve helped against significant attacks, the concept of antifragility, and why vulnerability disclosure programs are so important.

    Timestamp Segments

    · [02:27] Allan’s career path.

    · [05:10] Allan’s day-to-day.

    · [06:15] What has been most rewarding?

    · [08:00] SBOMs in non-security startups.

    · [10:50] Real-world examples of Secure by Design tactics.

    · [17:30] Will software security ever seem obvious to us?

    · [19:30] What is the SBOM, and will it solve all our problems?

    · [23:41] Could an SBOM have helped against the SolarWinds attack?

    · [27:52] Memory-safe programming languages.

    · [30:16] Misconceptions around Secure by Design, Secure by Default.

    · [32:00] The importance of vulnerability disclosure programs.

    · [35:37] Antifragility in cybersecurity.

    · [41:47] VEX.

    · [44:29] How to get involved with CISA.

    · [48:00] How does Allan stay sharp?

    Notable Quotes

    · “Sometimes, organizations need a good excuse to do the right thing.”

    · “It is bananas that software that we use, and pay for, still delivers with it not just the occasional vulnerability, but very real risks that require massive investments from customers.”

    · “When tech vendors make important logging information available for free, everyone wins.”

    · “The SB in SBOM doesn’t stand for Silver Bullet.”

    Relevant Links

    Email: sbom@cisa.dhs.gov

    Website: www.cisa.gov

    LinkedIn: Allan Friedman

    Resources:

    Open Source Security Podcast

    Risky Business Podcast

    The future of cloud security.
    Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.

    Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

    Show More Show Less
    50 mins
  • Fed Clouds
    Feb 14 2022

    Send a text

    In a world where cyber-attacks are ever-changing, cybersecurity has to adapt accordingly. Joining us today to delve into the world of cloud security for federal agencies is Sandeep Shilawat, Vice President of Cloud and Edge Computing at ManTech. Sandeep has extensive experience in both Commercial and Federal technology markets. We’ll get to hear his predictions on where the cloud world is heading, as well as what the Federal Authority to Operate (ATO) process will look like in the future. We learn the benefits of cloud compliance standards, as well as how FedRAMP is leveling the playing field in federal cloud computing. We also touch on the role of 5G in cloud computing, and why its presence will disrupt going forward. Join us as we pick Sandeep’s brain for some insights into the present and future of federal cybersecurity.

    Tweetables
    “Visibility has become [the] single biggest challenge and nobody's dealing with cloud management in a multi-cloud perspective from cradle to grave.” — @Shilawat [0:09:03]

    “I think that having a managed cloud service is probably the first approach that should be considered by an agency head. I do think that that's where the market is heading. Sooner or later, it will probably become a de facto way of doing cloud security.” — @Shilawat [0:19:43]

    The future of cloud security.
    Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.

    Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

    Show More Show Less
    34 mins