
Candid CISO
Claim This Podcastby Steve Tout & John Donovan
Podcast Overview
<p>At Candid CISO, our mission is to raise the game for cybersecurity leaders.</p><p><br></p><p>There’s no manual for sitting in the CISO seat. Leadership is forged under pressure—through blind spots, board meetings, and breach drills. Our exclusive content delivers unfiltered stories, practical guidance, and sharp insight from those who’ve led through it all. From identity to AI, we surface what matters most to those shaping security at the highest level.</p><p><br></p><p>Explore our full library of episodes, playbooks, strategic briefs, and hard-earned lessons here on Substack ➡️ https://candidciso.substack.com/ </p>
Language
🇺🇲
Publishing Since
2/2/2024
2 verified contact emails on file for Candid CISO
Pitch yourself as a guest, propose sponsorships, or reach out directly to the host.
Recent Episodes

November 14, 2024
Leading Fearlessly in High-Growth Environments with Jimmy Sanders
<p>In this episode of the Candid CISO Podcast, John Donovan sits down with Jimmy Sanders, a cybersecurity leader whose journey from interning at a beef jerky company to leading security teams at Netflix and Samsung is nothing short of inspiring. Join us as Jimmy shares his experience of <em>leading fearlessly in high-growth environments</em>, where the pressure to innovate never stops and the stakes are sky-high. He reveals how he balanced security and rapid development, motivated teams beyond monetary incentives, and built proactive, resilient defenses in environments where risk was a given. We also explore Jimmy's unique perspective on diversity in tech, the grit required to overcome obstacles, and his current role as International President of ISSA, where he’s shaping the future of cybersecurity leadership. Whether you’re a security professional or a business leader, this episode will provide practical insights and thought-provoking strategies to lead cybersecurity teams and programs with courage and vision.</p> <p> </p> <p><strong>Key Takeaways</strong></p> <ul> <li>Integrate security into development in ways that accelerate innovation, making protection a catalyst rather than a constraint.</li> <li>Harness individual intrinsic motivators to inspire your team, transforming engagement from compliance to passionate commitment.</li> <li>Embed security as a shared objective early, ensuring risk discussions influence key decisions rather than follow them.</li> <li>Think ahead of threats by building a culture of continuous testing, turning defense into an anticipatory advantage.</li> <li>Align your leadership approach with organizational values to drive influence and lasting change across cultural differences.</li> <li>Forge alliances across teams to dismantle silos, using trust as the foundation for more resilient security strategies.</li> <li>Leverage your position to challenge status quo thinking and push for diversity that enriches the entire industry.</li> <li>Shift from pure technical talk to storytelling and empathy, making complex security issues relatable and urgent for all.</li> <li>Future-proof talent by immersing them in the technologies reshaping security, fostering adaptability over mere expertise.</li> <li>Don’t just wait for doors to open; cultivate opportunities by acting decisively and positioning yourself for growth.</li> </ul> <p> </p> <div class="MuiBox-root css-4cps79 e1de0imv0"><span class= "MuiTypography-root MuiTypography-bodyMedium css-1lit4es e1de0imv0"> IdRamp is a sponsor of the Candid CISO podcast. Visit their website at: <a href= "https://www.idramp.com/candidciso">https://www.idramp.com/candidciso</a></span></div> <div class="MuiBox-root css-4cps79 e1de0imv0"> </div> <div class="MuiBox-root css-4cps79 e1de0imv0"> <p>TrustLogix is a sponsor of the Candid CISO podcast. Visit their website at: <a href= "https://www.trustlogix.io/candidciso">https://www.trustlogix.io/candidciso</a></p> <p> </p> <p>For show notes, transcripts, links, and more episodes visit <a href= "https://www.candidciso.com">https://www.candidciso.com</a></p> <p> </p> <p>The Candid CISO podcast is produced by Nonconformist Innovation Media.</p> </div>

November 5, 2024
Reimagining Risk and the Virtual CISO
<p>In this insightful Candid CISO episode, John Donovan interviews Carlota Sage, a vCISO with a unique, multifaceted background in tech and cybersecurity. They discuss the strengths and challenges of the vCISO role versus full-time CISO positions, emphasizing the flexibility and affordability vCISOs bring to organizations that can't justify a full-time CISO. Carlota shares her experiences at major security conferences, the increasing role of compliance in driving security initiatives, and the critical importance of community, diversity, and boundary-setting in tech. Her candid stories reveal her journey from unconventional beginnings in tech to her current advocacy for strong security programs. This episode is particularly valuable for its real-world advice on leveraging compliance as a business enabler and the power of community and diversity in cybersecurity.</p> <p> </p> <p><strong>Key Takeaways:</strong></p> <ul> <li> <p><strong>vCISOs provide flexible, high-quality security expertise</strong> – Ideal for companies needing CISO-level support without full-time costs.</p> </li> <li> <p><strong>Compliance often drives SMB security efforts</strong> – Many startups only implement security when clients or contracts require it.</p> </li> <li> <p><strong>Boundary-setting is crucial in cybersecurity</strong> – Protecting personal time preserves energy and prevents burnout in demanding roles.</p> </li> <li> <p><strong>Security as a sales enabler</strong> – Compliance readiness can differentiate startups and drive new business.</p> </li> <li> <p><strong>Community combats cybersecurity burnout</strong> – Engaging in networks like B-sides and Diana Initiative supports career longevity.</p> </li> <li> <p><strong>Diversity of thought strengthens security</strong> – Unique perspectives, not just backgrounds, drive more resilient cybersecurity programs.</p> </li> <li> <p><strong>Introverts and extroverts complement in cybersecurity</strong> – Collaboration can bring quieter, skilled professionals into the spotlight.</p> </li> <li> <p><strong>Third-party compliance impacts everyone</strong> – Big enterprises push smaller vendors to meet higher compliance standards.</p> </li> <li> <p><strong>Speaking at conferences builds visibility</strong> – Being a security speaker, even at small events, raises professional credibility.</p> </li> <li> <p><strong>Leverage security metrics for funding</strong> – Know customer acquisition costs and use them to justify security budgets.</p> </li> </ul> <p> </p> <p> </p> <div class="MuiBox-root css-4cps79 e1de0imv0"><span class= "MuiTypography-root MuiTypography-bodyMedium css-1lit4es e1de0imv0"> IdRamp is a sponsor of the Candid CISO podcast. Visit their website at: <a href= "https://www.idramp.com/candidciso">https://www.idramp.com/candidciso</a></span></div> <div class="MuiBox-root css-4cps79 e1de0imv0"> </div> <div class="MuiBox-root css-4cps79 e1de0imv0"> <p>TrustLogix is a sponsor of the Candid CISO podcast. Visit their website at: <a href= "https://www.trustlogix.io/candidciso">https://www.trustlogix.io/candidciso</a></p> <p> </p> <p>For show notes, transcripts, links, and more episodes visit <a href= "https://www.candidciso.com">https://www.candidciso.com</a></p> <p> </p> <p>The Candid CISO podcast is produced by Nonconformist Innovation Media.</p> </div>

October 25, 2024
Resilience On The Trails And In Cybersecurity: A Journey with Jason Elrod
<p>In this episode of the <em>Candid CISO</em>, Co-Host John Donovan sits down with <strong>Jason Elrod</strong>, CISO of MultiCare Health Systems, who shares how getting lost on a trail run and running barefoot for 19 miles became a metaphor for leadership in cybersecurity. Jason dives into the tough realities of protecting critical infrastructure, balancing security and compliance, and tackling imposter syndrome head-on. He also reveals why being fiercely dangerous (ethically, of course) is essential for a successful cybersecurity career. From personal lessons on resilience to high-candor takes on navigating boardrooms, Jason keeps it real—and a bit ironic—by showing how getting off track can sometimes lead to the best insights. Follow along for an unexpected and entertaining ride!</p> <p> </p> <p><strong>Key topics include <br /></strong></p> <ul> <li>How getting lost on a trail run turned into a lesson on leadership and staying present.</li> <li>Why facing your fears and doing what scares you leads to growth—both on trails and in cybersecurity</li> <li>The power of fierce, mission-driven cybersecurity professionals and why being 'ethically dangerous' matters</li> <li>How imposter syndrome is universal—and why accepting it can make you a more confident leader</li> <li>Balancing security and compliance: How to prioritize safety without getting lost in the checkbox mentality</li> <li>Jason's candid take on communicating cybersecurity risks to executives and boards in a way they’ll understand</li> <li>How ultra-running teaches resilience, focus, and mindfulness—and how that applies to a high-stress CISO role</li> <li>The importance of finding a restorative practice to reset and thrive in high-pressure leadership positions</li> <li>Why being both the smartest and 'dumbest' in the room drives better teamwork and collaboration</li> <li>How showing vulnerability and high candor can help you lead more authentically and inspire your team</li> </ul> <p> </p> <p><strong>Thanks to our season sponsors</strong></p> <p> </p> <div class="MuiBox-root css-4cps79 e1de0imv0"><span class= "MuiTypography-root MuiTypography-bodyMedium css-1lit4es e1de0imv0"> IdRamp is a sponsor of the Candid CISO podcast. Visit their website at: <a href= "https://www.idramp.com/candidciso">https://www.idramp.com/candidciso</a></span></div> <div class="MuiBox-root css-4cps79 e1de0imv0"> </div> <div class="MuiBox-root css-4cps79 e1de0imv0"> <p>TrustLogix is a sponsor of the Candid CISO podcast. Visit their website at: <a href= "https://www.trustlogix.io/candidciso">https://www.trustlogix.io/candidciso</a></p> <p> </p> <p>For show notes, transcripts, links, and more episodes visit <a href= "https://www.candidciso.com">https://www.candidciso.com</a></p> <p> </p> <p>The Candid CISO podcast is produced by Nonconformist Innovation Media.</p> </div>
13 total episodes available
Deep-dive analytics for Candid CISO
Frequently asked questions
Have a different question and can't find the answer you're looking for? Reach out to our support team by sending us an email and we'll get back to you as soon as we can.
- What is Candid CISO?
<p>At Candid CISO, our mission is to raise the game for cybersecurity leaders.</p><p><br></p><p>There’s no manual for sitting in the CISO seat. Leadership is forged under pressure—through blind spots, board meetings, and breach drills. Our exclusive content delivers unfiltered stories, practical guidance, and sharp insight from those who’ve led through it all. From identity to AI, we surface what matters most to those shaping security at the highest level.</p><p><br></p><p>Explore our full library of episodes, playbooks, strategic briefs, and hard-earned lessons here on Substack ➡️ https://candidciso.substack.com/ </p> - How often does this podcast release new episodes?
This podcast updates weekly.
- Where can I listen to this podcast?
This podcast is available on 8 platforms including Apple Podcasts, Spotify, and more. You can also use the RSS feed directly.
- Does this podcast accept guests?
Information about guest appearances is not available.
Legal Disclaimer
Pod Engine is not affiliated with, endorsed by, or officially connected with any of the podcasts displayed on this platform. We operate independently as a podcast discovery and analytics service.
All podcast artwork, thumbnails, and content displayed on this page are the property of their respective owners and are protected by applicable copyright laws. This includes, but is not limited to, podcast cover art, episode artwork, show descriptions, episode titles, transcripts, audio snippets, and any other content originating from the podcast creators or their licensors.
We display this content under fair use principles and/or implied license for the purpose of podcast discovery, information, and commentary. We make no claim of ownership over any podcast content, artwork, or related materials shown on this platform. All trademarks, service marks, and trade names are the property of their respective owners.
While we strive to ensure all content usage is properly authorized, if you are a rights holder and believe your content is being used inappropriately or without proper authorization, please contact us immediately at hey@podengine.ai for prompt review and appropriate action, which may include content removal or proper attribution.
By accessing and using this platform, you acknowledge and agree to respect all applicable copyright laws and intellectual property rights of content owners. Any unauthorized reproduction, distribution, or commercial use of the content displayed on this platform is strictly prohibited.
