Apr 13, 2026
In this episode of CISO Stories, Jessica Hoffman speaks with Richard Marcus, CISO at Optro, about how organizations are securing cloud environments at scale. They discuss secure by design principles, infrastructure as code, continuous monitoring, and how GRC and security teams are working together more effectively....
Mar 9, 2026
Threat intelligence too often arrives as a steady stream of alerts that don’t translate into clear, timely decisions. This episode explores how public-sector intel flows today through channels like CISA, MS-ISAC, and CIS—and why changes in funding and distribution can reshape what organizations actually receive...
Feb 9, 2026
CISO Jadee Hanson shares how Vanta “drinks its own champagne,” running on NIST CSF with quarterly baseline reviews and using Vanta’s GRC platform to turn every release into live UAT for privacy, governance, and compliance. We rethink third-party management—why point-in-time risk scores are fading and how...
Jan 12, 2026
Title: Keys Without People” — John Heasman on Cleaning Up Non-Human Access
Summary: John breaks today’s non-human identity mess into three buckets: core tools your business runs on, old/one-off integrations that linger, and engineer tokens left behind. His playbook is simple: decide what’s truly critical, assign...
Dec 8, 2025
This episode was about agentic IAM—what it is and the risks that come with letting non-human agents act for customers. We defined external IAM, then traced how the industry moved from basic login and MFA to consent, delegation, and now agent-to-agent interactions. Along the way we unpacked key risks for CISOs...