In this episode of The New CISO (Episode 136), host Steve Moore speaks with Carl Cahill, CISO, about a deliberate, methodical approach to career growth—and why every leader must “pick their pain” to progress.

From combat arms in the U.S. Army to Active Directory engineering and large-enterprise incident response, Carl shares the pivotal choices that shaped his leadership. He opens up about moving from certifications to business fluency, using a personal gap analysis to chart his path to the C-suite, and how feedback like being called a “propeller head” pushed him to translate geek speak into the language of finance, law, and strategy. Carl also explains his five-phase 100-day plan, why IR readiness comes first, and how “radical collaboration” defines the modern CISO.

Key Topics Covered:

• Early career pivots: Army leadership, perseverance, and precision → IT foundations
• Certifications as a fast track (then) vs. blended learning and passion projects (now)
• The “pick your pain” decision: staying comfortable vs. returning to school to advance
• Building a CISO gap analysis from job reqs and targeting stretch assignments
• Upgrading the lexicon: finance, legal, and general management (e.g., Wharton GMP)
• Turning tough feedback into growth: from geek speak to boardroom dialogue
• Consulting variety vs. ownership: when to switch for long-term impact
• The 100-day plan: assess → plan → act → measure → adjust (with IR first)
• Stakeholder mapping, team SWOTs, and making strategy stick beyond 90 days
• Metrics as a “health language” and why today’s CISO must be a radical collaborator

Carl’s story shows how intentional trade-offs—education, language, and leadership style—compound into career momentum. His roadmap helps CISOs and aspiring leaders navigate transitions with discipline, communicate across the business, and build resilient teams that lead with clarity.

Most security professionals know what a CISO does. But what about a BISO? And why are Fortune 500 companies increasingly creating this executive role?

In this episode of The New CISO Podcast, host Steve Moore sits down with Evan Ferree, Staff Vice President and Business Information Security Officer at a Fortune 50 company, to decode one of cybersecurity's most misunderstood leadership positions.

Understanding the BISO Role:

• What a Business Information Security Officer actually does (and how it differs from a Deputy CISO)
• When organizations need a BISO - the size, industry, and complexity indicators
• Why the BISO serves as a "force multiplier" for the security organization
• How to measure and defend BISO value during organizational change

The Career Journey:

• Evan's unconventional path from IT infrastructure to executive security leadership
• How a major cybersecurity breach became his "MBA in cybersecurity" in six months
• Why volunteering for uncomfortable work during crisis creates career opportunities
• The progression from vulnerability analyst to SOC leadership to Staff VP

The 90% Influence Principle:

• Why the BISO role is about influence, not authority
• How to navigate multiple business units with different security needs
• Mastering the "why" behind security initiatives for non-technical audiences
• Building relationships and organizational awareness over time

Executive Skills That Matter:

• The "log lines" storytelling framework from Deloitte CISO Academy
• Developing executive presence through failure and self-awareness
• When to end a meeting and start over (and why that's okay)
• Speaking plain English vs. technical jargon with business leaders

Practical Career Advice:

• Transitioning from tactical security operations to strategic leadership roles
• Why getting uncomfortable is essential for growth
• Building business acumen alongside technical expertise
• Why Evan's best security hires came from outside cybersecurity

Key Insight: "You are 90% an influencer in this role. Unlike tactical security work where authority and urgency create credibility, the BISO must master explaining why security matters to the business - in terms the business understands."

Whether you're a security professional planning your path to executive leadership, a CISO considering adding a BISO function, or a business leader trying to understand how security enables business outcomes, this episode delivers actionable insights from someone who's lived the journey.

Guest: Evan Ferree, Staff Vice President & Business Information Security Officer at a Fortune 50 company, with 11 years of progressive security leadership experience spanning Security Operations, threat management, vulnerability management, and business information security.

Hosted by: Steve Moore | Produced in partnership with: Exabeam

In this episode of The New CISO, host Steve Moore speaks with Dr. Timo Wandhöfer, Group CISO and Head of Information Security & Business Continuity Management at Klöckner & Co, about the evolving responsibilities of modern CISOs and why influencing—not just convincing—stakeholders is essential for success.

From his early career as a researcher in computer science to leading global security and resiliency efforts in the steel industry, Timo shares how critical thinking, skepticism, and cross-functional collaboration shaped his leadership style. He reflects on the dangers of overconfidence in detection, the risks of over-relying on tools, and the lessons learned from merging information security with business continuity. Timo also explores how AI can both accelerate remediation and introduce new risks, and why resilience planning and transparent communication are at the core of effective leadership.

Key Topics Covered:

• The evolving role of the CISO: from protection to resilience and adaptability
• How research skills translate into critical thinking and cross-functional collaboration
• Why overconfidence and lack of visibility remain major pitfalls in security programs
• The importance of transparency, maturity, and asset inventory for strong defenses
• Resiliency planning: ransomware recovery, crisis management, and operating models
• Insider threat investigations and the role of HR, Legal, and IT in response
• The shift from convincing to influencing stakeholders through dialogue
• The promise and risks of AI and automation in remediation and decision-making
• Why today’s CISO must be a communicator, storyteller, and business leader

Timo’s journey highlights how resilience, adaptability, and influence define the “new CISO.” His insights provide a roadmap for leaders who want to strengthen security programs, build trust with stakeholders, and guide their organizations with both technical and business acumen.

In this episode of The New CISO, host Steve Moore speaks with Steve Lodin, VP of Information Security at Sallie Mae, about the career challenges that shaped his leadership style and the lessons he’s learned across decades in cybersecurity.

From breaking into his high school to experiment with Apple II computers to leading global security teams in Europe, Steve shares the pivotal experiences that defined his career. He opens up about career missteps, the importance of asking the right questions before accepting a new role, and how succession planning and crisis preparation are critical for every security leader. Steve also reflects on how medical emergencies, breach response, and shifting industries—from automotive to healthcare to financial services—taught him resilience, adaptability, and perspective.

Key Topics Covered:

• Early career pivots, from engineering to cybersecurity leadership
• Lessons learned from career missteps and short-lived roles
• The five factors Steve now evaluates before taking a new job
• Succession planning and preparing teams to lead during emergencies
• Why tabletop exercises and exposure to executives matter for resilience
• Managing stress, staying calm, and keeping perspective in high-pressure roles
• The long-tail business impact of breaches beyond immediate costs
• Why financial services foster collaboration and innovation in security
• The importance of mentoring and introducing students to cybersecurity careers

Steve’s story reveals why the most valuable lessons often come from challenges, not successes. His insights provide a roadmap for CISOs and aspiring leaders who want to navigate setbacks, lead with composure, and build stronger teams for the future.

In this episode of The New CISO, host Steve Moore speaks with Marius Poskus, Chief Information Security Officer at Glow Financial Services and creator of the Cyber Diaries podcast. Marius shares his journey from physical security into cybersecurity leadership—and how he did it without relying on traditional certifications.

Marius reflects on how self-directed learning, mentorship, and a strong personal brand helped him pivot careers and thrive in the FinTech space. He explains why the security industry needs to stop glorifying certifications, how to break in through SOC roles, and what truly makes a candidate stand out in interviews. From coaching new talent to advising startups on go-to-market strategies, Marius emphasizes that attitude and aptitude matter far more than credentials.

Key Topics Covered:

• Why Marius walked away from a career in physical security—and how that experience shaped his cyber path
• The critical difference between certification collecting and real-world skill development
• Why most entry-level cybersecurity roles are in SOCs—and how to leverage that
• How sharing your learning journey online builds credibility and unlocks job opportunities
• The two A’s that matter most when hiring: attitude and aptitude
• Common mistakes startups make when targeting CISOs and building security tools
• The growing risks of “AI-washing” and what real AI innovation should look like
• Why mentorship only works when mentees are willing to put in the work
• How to shift from security awareness “stick” tactics to culture-based collaboration
• What it means to build a personal brand that outlasts your job title

Marius’ story proves that cybersecurity success doesn’t come from certificates—it comes from curiosity, consistency, and community. Whether you’re just starting your career or leading a security team, this episode will inspire you to focus on what really moves the needle.

Marius Poskus Podcast - Cyber Diaries Podcast

In this episode of The New CISO, host Steve Moore speaks with Aleksandar Radosavljevic, Global CISO at Global Fashion Group, about building trust, measuring resilience, and the evolving role of the security leader.

Aleksandar shares how his unexpected pivot from electrical engineering to cybersecurity sparked a passion for protecting systems and solving problems. With over two decades of experience across pharma, manufacturing, and tech, he offers insights into how security leaders can establish trust, drive business value, and focus on what really matters.

The conversation covers the art of starting strong in a new CISO role, navigating interviews with curiosity and care, and avoiding common traps like overcomplicating metrics or chasing the latest tools without mastering the basics.

Key Topics Covered:

• Why pharma’s mission-driven work made a lasting impact on Aleksandar
• Career advice for cybersecurity newcomers: follow learning, not just industry
• How CISOs can build early trust by listening and understanding the business
• Red flags and green lights during the CISO interview process
• Why being challenged in an interview signals a healthy security culture
• The problem with vanity metrics—and what to track instead
• Aleksandar’s favorite KPIs: time to detect, respond, and contain incidents
• The role of situational awareness in building cyber resilience
• How simplifying language helps CISOs align with executive teams
• Why mandate and mindset matter more than reporting lines

Aleksandar’s story is a reminder that cybersecurity leadership is about more than tools and tactics—it’s about trust, transparency, and transforming security from a blocker into a true business enabler.

In this episode of The New CISO, host Steve Moore speaks with Keith Price, Chief Security Officer at National Highways, about the evolving responsibilities of modern security leaders and the critical role of convergence between cyber, physical, and people security.

Keith shares real-world stories from his work protecting England’s strategic road network—used by over four million people daily—and explains why understanding both legacy infrastructure and cutting-edge technology is essential for building a resilient security strategy. From managing insider threats and recovering stolen radar equipment to championing mental health and developing junior talent, Keith offers a holistic approach to leadership in critical infrastructure.

Key Topics Covered:

• How converging physical, cyber, and personnel security leads to stronger protection
• Real-life insider threat examples—and how sensors helped prevent major damage
• The challenge of managing decades-old asset tracking systems across regions
• Why availability and integrity of data now outweigh confidentiality in certain sectors
• How Keith’s team detected stolen highway radar for sale on eBay
• The importance of empathetic leadership and supporting mental health in security teams
• How "Cyber Coffee" sessions create safe spaces for vulnerability and connection
• Upskilling IT staff into cybersecurity roles through “pay-it-forward” learning
• The case for offering security-as-a-service to small but critical supply chain partners

Keith’s insights reveal why successful security leadership requires more than just technical knowledge—it demands communication, humility, and a deep understanding of human behavior. This conversation is a must-listen for any security professional working to bridge silos and lead with impact.

In this episode of The New CISO, host Steve Moore speaks with Ben, Director of Group Security and Architecture at Bilfinger, about the role of self-awareness, confidence, and communication in effective cybersecurity leadership.

Ben shares his unconventional path to becoming a CISO, how he applies the “done is better than perfect” philosophy, and why embracing vulnerability, curiosity, and creativity is key to building strong teams. From baking sourdough to producing his own podcast, Ben highlights how personal passions can shape professional growth.

Key Topics Covered:

• Why done is better than perfect can be a strength—not a flaw—in cybersecurity
• The surprising connection between baking sourdough and fostering security culture
• How Ben’s podcast, Infosec Theater, educates non-technical audiences using humor and storytelling
• The creative interview question he uses to gauge mindset: “If cybersecurity were an animal, what would it be?”
• Why hiring for attitude and resilience beats hiring for experience alone
• How podcasting sharpened his ability to listen, simplify, and lead

Ben also emphasizes the importance of recognizing your own strengths and surrounding yourself with people who balance them out. His perspective offers actionable takeaways for CISOs and security professionals seeking to grow into thoughtful, human-centered leaders.

🔗 Listen to Ben’s podcast, Infosec Theater: https://www.infosec.theater/

In this episode of The New CISO, host Steve Moore talks with Nithin Reddy, Global VP of Cybersecurity at Dayforce, about how his dual roles in cybersecurity leadership and education shape his approach to building stronger, smarter teams.

Nithin reveals how teaching cybersecurity not only amplifies his impact but also sharpens his communication and leadership skills. From protecting millions of users’ data to mentoring students and influencing curriculum design, he shares why simplifying complex ideas is the key to inspiring both executives and future security professionals.

The conversation explores:

• The link between teaching and leadership growth
• How to manage stress in high-stakes security operations—and tell the difference between “good” and “bad” stress
• Dayforce’s in-house employee risk scoring model and the power of just-in-time access controls
• The impact of generative AI on phishing threats and how awareness training must evolve
• A real-life story of using a fake $200 gift card to teach conference-goers a lesson on social engineering

Whether you’re leading a SOC or standing at the front of a classroom, this episode is a masterclass in turning knowledge into influence—and purpose into performance.

In this episode of The New CISO, host Steve Moore speaks with Rich Durost, Chief Information Security Officer at Froedtert ThedaCare Health, about his journey from West Point cadet to cybersecurity leader—and what slicing cake has to do with building effective security programs.

Drawing from 23 years in the military and over 15 years in cybersecurity, Rich shares how discipline, preparation, and teamwork—skills first sharpened during plebe year dessert duty—translate directly into the responsibilities of a CISO. He reflects on the shift from tactical to strategic thinking, the value of mentoring deputies, and why authentic leadership and relationship-building are vital in today’s remote work environment.

Rich also explores the unique challenges of healthcare cybersecurity, the importance of aligning with clinical goals, and how CISOs can move from being the "department of no" to strategic business enablers by simply asking “how” instead of “no.”

Whether you're a rising security professional or a seasoned executive, you’ll gain practical leadership takeaways—and maybe a new appreciation for cake.