Feb 9, 2026
CISO Jadee Hanson shares how Vanta “drinks its own champagne,” running on NIST CSF with quarterly baseline reviews and using Vanta’s GRC platform to turn every release into live UAT for privacy, governance, and compliance. We rethink third-party management—why point-in-time risk scores are fading and how...
Jan 12, 2026
Title: Keys Without People” — John Heasman on Cleaning Up Non-Human Access
Summary: John breaks today’s non-human identity mess into three buckets: core tools your business runs on, old/one-off integrations that linger, and engineer tokens left behind. His playbook is simple: decide what’s truly critical, assign...
Dec 8, 2025
This episode was about agentic IAM—what it is and the risks that come with letting non-human agents act for customers. We defined external IAM, then traced how the industry moved from basic login and MFA to consent, delegation, and now agent-to-agent interactions. Along the way we unpacked key risks for CISOs...
Nov 10, 2025
CISO Sandy Dunn breaks down her blueprint for AI-ready defense—pairing MITRE ATT&CK v18 with MITRE ATLAS to move from policy to behavior-based detections. We hit practical AI governance, her early focus on defending and understanding AI, and how OWASP GenAI tools turn checklists into action.
Segment Resources:...
Oct 13, 2025
Jennifer Selby Long reframes security awareness as more than training—it’s about earning trust and influence with executives and security teams. She shares leadership lessons on how to build stronger alignment and support for security initiatives.
Visit https://cisostoriespodcast.com for all the latest...