In this episode of The New CISO, host Steve Moore speaks with Dean Sapp, CISO and Data Protection Officer at Filevine, about one of security's most critical yet overlooked skills—written communication. Drawing from a brutal college English class that failed students for a single typo and over 20 years building security programs in the legal tech industry, Dean reveals why the ability to articulate security findings clearly separates average professionals from exceptional leaders who drive real business impact.

After abandoning architecture when he learned it would take six years to become licensed, Dean leveraged his dual skills in computer-aided drafting and IT to launch a career at Novell, eventually earning nine certifications in two years and a master's degree from SANS Institute. His background in design thinking shapes how he approaches security program development—viewing it like building a structure that requires solid foundations, functional systems, and even window dressing like SOC 2 compliance.

After interviewing over 100 candidates for SOC positions, Dean identifies the biggest missing skill as the inability to translate security findings into business language executives understand and act upon. He introduces the BLUF (Bottom Line Up Front) principle from military communications, explaining why security professionals have roughly eight seconds to capture executive attention. Dean champions radical transparency through simple frameworks—using stoplight systems or report card grades to communicate security posture, deliberately giving his own program failing marks in areas needing improvement to build trust.

Dean tackles operational communication breakdowns that create real security risk, emphasizing mandatory peer review before escalating incidents. This two-person rule dramatically improves report quality while reducing false positives that waste senior leadership time. He shares how this high-standards approach helped Filevine achieve best-in-class cyber insurance rates, with underwriters calling their security program superior to any SaaS provider they'd evaluated. Drawing on Erik Durschmied's "The Hinge Factor," he illustrates how small communication failures doom missions—just as cavalry troops charging cannons failed because not one rider carried the nails and hammer needed to disable them.

Throughout the discussion, Dean emphasizes holding yourself to impossibly high standards so that external auditors find you excellent. He advocates for brutal honesty about program gaps, documenting accepted risks clearly, and using tools like Grammarly Premium to improve writing quality. His philosophy combines military precision, architectural thinking, and pedagogical discipline—all in service of making security programs that actually work rather than just looking good on paper.

Key Topics Discussed:

* Why written communication is security's most critical missing skill

* BLUF (Bottom Line Up Front): Capturing executive attention in 8 seconds

* Using stoplight or report card systems for transparent board reporting

* Giving your security program honest grades to build executive trust

* Mandatory peer review before escalation to reduce false positives

* How Filevine achieved best-in-class cyber insurance rates

* The two-person rule for improving incident report quality

* Lessons from "The Hinge Factor" about preparation and tools

* Holding impossibly high standards so external auditors find you excellent

* Translating technical findings into business impact language

LEARN MORE:

👉 LinkedIn: https://www.linkedin.com/in/deansapp

Company Website: https://www.filevine.com

GET A DEMO:

👉 Get a hands-on demo of the Exabeam products: https://www.exabeam.com/demo

🔔 Subscribe for more product demos and cybersecurity insights!

ABOUT EXABEAM:

Exabeam is a leader in intelligence and automation that powers security operations for the world’s smartest companies. As a global cybersecurity innovator, Exabeam provides industry-proven, security-focused, and flexible solutions for faster, more accurate threat detection, investigation, and response (TDIR). Cutting-edge technology enhances security operations center performance, optimizing workflows and accelerating time to resolution. With consistent leadership in AI innovation and a proven track record in security information and event management (SIEM) and user behavior analytics, Exabeam empowers global security teams to combat cyberthreats, mitigate risk, and streamline operations.

Real Intelligence. Real Security. Real Fast. Learn more at: https://www.exabeam.com/

CONNECT WITH US:

X/Twitter: https://x.com/exabeam

Instagram: https://www.instagram.com/exabeam/

LinkedIn: https://www.linkedin.com/company/exabeam/

Facebook: https://www.facebook.com/Exabeam/

Blog: https://www.exabeam.com/blog/

In this episode of The New CISO, host Steve Moore speaks with Manuel "Manu" Ressel, CISO at SAUTER Group, about his unconventional journey from classroom teacher to cybersecurity leader—and why the "Four Cs" of modern education provide a powerful framework for building effective security programs. Drawing from years as both a teacher and school principal in Germany, Manu introduces Critical Thinking, Communication, Collaboration, and Creativity as essential leadership skills that fundamentally challenge how the industry approaches awareness training and incident response.

After growing frustrated with Germany's outdated education system that prioritized memorization over critical thinking, Manu left his position as principal and reinvented himself as a digital transformation consultant. Working with schools and mid-sized companies to adopt cloud technologies, he eventually landed the CISO role at SAUTER, an international building automation company with 4,000 employees across multiple countries.

The conversation tackles security's most persistent failure: awareness training that doesn't work. Manu reveals that 37% of security incidents in Germany could be prevented if users made better decisions, yet most organizations rely on boring click-through programs. He advocates for scenario-based, role-specific training—an approach now mandated by Europe's NIS 2 regulation—that treats people as the biggest opportunity in cybersecurity rather than the weakest link.

One of the episode's most practical frameworks is Manu's Observation-Description-Interpretation method for analyzing security incidents. He explains how humans naturally jump from observation directly to interpretation, skipping the crucial middle step of accurately describing what actually happened. This leads to finger-pointing, misdiagnosis, and hasty decisions. By training security analysts to pause and describe incidents factually first, teams make better decisions and build trust with the business.

Manu challenges the punitive approach many organizations take toward security failures, particularly companies that fire employees for repeatedly clicking phishing simulations. He champions building positive fault cultures where employees feel safe reporting mistakes. His three crisis questions—Is anyone dying? Major financial impact? Will someone be hurt?—provide a simple framework for staying calm and deciding when immediate action is necessary versus taking time to think strategically.

Key Topics Discussed:

1. Why the "Four Cs" (Critical Thinking, Communication, Collaboration, Creativity) define effective security leadership
2. The Observation-Description-Interpretation framework for incident analysis without bias
3. Transforming ineffective awareness training into engaging, scenario-based programs
4. Building positive security cultures where employees report issues without fear
5. NIS 2's mandate for role-specific cybersecurity training across organizational levels
6. Why Germany and European mid-market companies lag in cloud adoption
7. Three critical crisis questions: Is anyone dying? Financial impact? Risk of harm?
8. Why punitive phishing training destroys trust and cultural engagement
9. Applying teacher skills to security leadership and de-escalation techniques
10. Staying calm as a CISO's most important superpower during incidents

LEARN MORE:

👉 Guest LinkedIn: https://www.linkedin.com/in/manuel-ressel-9279b997/

Company website: https://www.sauter-controls.com/

GET A DEMO:

👉 Get a hands-on demo of the Exabeam products: https://www.exabeam.com/demo

🔔 Subscribe for more product demos and cybersecurity insights!

ABOUT EXABEAM:

Exabeam is a leader in intelligence and automation that powers security operations for the world’s smartest companies. As a global cybersecurity innovator, Exabeam provides industry-proven, security-focused, and flexible solutions for faster, more accurate threat detection, investigation, and response (TDIR). Cutting-edge technology enhances security operations center performance, optimizing workflows and accelerating time to resolution. With consistent leadership in AI innovation and a proven track record in security information and event management (SIEM) and user behavior analytics, Exabeam empowers global security teams to combat cyberthreats, mitigate risk, and streamline operations.

Real Intelligence. Real Security. Real Fast. Learn more at: https://www.exabeam.com/

CONNECT WITH US:

X/Twitter: https://x.com/exabeam

Instagram: https://www.instagram.com/exabeam/

LinkedIn: https://www.linkedin.com/company/exabeam/

Facebook: https://www.facebook.com/Exabeam/

Blog: https://www.exabeam.com/blog/

In this episode of The New CISO, host Steve Moore speaks with Alex Rice, Founder, CTO, and CISO at HackerOne, about challenging one of cybersecurity's most deeply held beliefs—that security should be the top priority. Drawing from his journey building security programs at Facebook and founding HackerOne, Alex introduces the "safety third" philosophy and explains why accepting that security is never first can actually make you more effective as a leader.

Alex shares his unconventional path into cybersecurity, starting as a 14-year-old programmer in rural Florida and eventually leading product security at Facebook during its explosive growth. He reveals how Facebook ran 70+ penetration tests annually with top-tier vendors and still wasn't finding enough vulnerabilities—until they opened the doors to the hacker community and received over 300 valid findings in a single weekend. This experience became the foundation for HackerOne's bug bounty platform.

The conversation tackles critical leadership challenges facing modern CISOs, including the toxic tendency toward victim blaming when breaches occur, why security teams struggle with customer-centric design, and how to avoid becoming the team everyone knows only for blocking work and sending phishing tests. Alex argues that security professionals must stop drinking their own Kool-Aid and recognize that usability and business outcomes will always take precedence over security controls.

In the episode's second half, Alex addresses AI's role in security operations with refreshing pragmatism. Rather than chasing grandiose AI visions, he advocates for starting with narrow, well-defined tasks where agents can replace security toil—like automated CVSS scoring or vulnerability triage—building trust and expertise before tackling more ambitious projects. He warns against the current trend of AI tools that find more problems when security teams desperately need help fixing the mountain of issues they already know about.

Alex also challenges CISOs to stop over-owning problems like asset inventory management that rightfully belong to other executives, emphasizing the importance of cross-functional collaboration over building security-owned solutions that ultimately fail. Throughout the discussion, he champions a philosophy of empathy, customer-centricity, and accepting hard truths about security's actual place in business priorities—a mindset shift that paradoxically makes security leaders far more effective.

Key Topics Discussed:

1. Why "safety third" should be every CISO's operating philosophy
2. The problem with victim blaming in cybersecurity incidents
3. Building customer-centric security programs that enable rather than block
4. Lessons from scaling Facebook's security program with 70 pen tests per year
5. The origin story of HackerOne and crowdsourced security testing
6. How to avoid becoming the security team everyone resents
7. Practical AI implementation: Starting with toil elimination, not transformation
8. Why CISOs over-own asset management and other problems
9. The importance of process mapping before deploying AI agents
10. Aligning security teams closely with AI and software development

In this episode of The New CISO, host Steve Moore speaks with Iain Paterson, Chief Information Security Officer at Well Health Technologies, about his unconventional path into cybersecurity and the lessons learned from building programs across industries—from banking and healthcare to breach response and beyond.

From skipping college to take an eight-month technical boot camp to leading enterprise security programs, Iain shares how curiosity, hands-on experience, and communication skills shaped his journey. He opens up about the realities of hiring in cybersecurity, why foundational IT work still matters, and how soft skills like empathy and composure are essential for effective leadership. Iain also reflects on leading through high-stress incidents, including the Ashley Madison breach, and explains why staying calm, communicating clearly, and maintaining emotional intelligence define the “new CISO.”

Key Topics Covered:

• A nontraditional start: skipping college for certifications and hands-on learning
• Why technical foundations—servers, networks, and support—still matter
• The problem with “boilerplate” resumes and lack of real-world experience
• Why soft skills are a security superpower: communication, patience, and empathy
• Transitioning from technician to business enabler in cybersecurity
• How early help desk experience builds composure and problem-solving ability
• Lessons from running vulnerability management in large-scale banking
• Learning resilience and resourcefulness as a one-person security team in healthcare
• Behind the scenes of the Ashley Madison breach: stress, responsibility, and empathy
• Why composure, calm communication, and credibility matter in crisis response
• The leadership evolution from technical expert to executive decision-maker
• Building peer networks and finding mentorship to combat isolation as a CISO

Iain’s story highlights how real experience, emotional intelligence, and community support transform good technologists into exceptional leaders. His insights remind us that cybersecurity isn’t just about defense—it’s about communication, composure, and connection.

In this episode of The New CISO (Episode 137), host Steve Moore speaks with Gideon Knocke, CISO at Visage Imaging, about rethinking how we grow in our careers and why learning to “think outside the job” is key to long-term success.

From studying cybersecurity when the field was still new to leading security for millions of patient records in healthcare, Gideon shares how his early curiosity and “career accidents” helped shape his mindset as a modern CISO. He reflects on shifting from technical problem-solving to people-centric leadership, learning how visibility and credibility shape opportunity, and why networking—inside and outside your company—is essential for resilience and growth. Gideon also explains why risk quantification isn’t just about numbers, but about decision-making, communication, and understanding what your organization truly values.

Key Topics Covered:

• Early lessons from studying cybersecurity before it went mainstream
• Why some of the best careers evolve through “happy accidents” and curiosity
• How to build visibility and relevance beyond doing good work
• The difference between being seen as an asset versus a person
• How networking and outreach can transform your mindset and open new doors
• Turning fear of public speaking into confidence through preparation and iteration
• The leadership balance between taking accountability and fostering team candor
• Why large-organization politics can hinder honest communication
• The art of quantifying risk for better decision-making, not just reporting
• Why the new CISO must start with company beliefs and build security on shared values

Gideon’s journey reveals that career success often comes from stepping outside your comfort zone—whether that’s reaching out to 100 strangers on LinkedIn, giving your first talk, or reframing how you communicate risk. His insights remind leaders that growth begins when you stop thinking only about your job and start thinking about your impact.

In this episode of The New CISO (Episode 136), host Steve Moore speaks with Carl Cahill, CISO, about a deliberate, methodical approach to career growth—and why every leader must “pick their pain” to progress.

From combat arms in the U.S. Army to Active Directory engineering and large-enterprise incident response, Carl shares the pivotal choices that shaped his leadership. He opens up about moving from certifications to business fluency, using a personal gap analysis to chart his path to the C-suite, and how feedback like being called a “propeller head” pushed him to translate geek speak into the language of finance, law, and strategy. Carl also explains his five-phase 100-day plan, why IR readiness comes first, and how “radical collaboration” defines the modern CISO.

Key Topics Covered:

• Early career pivots: Army leadership, perseverance, and precision → IT foundations
• Certifications as a fast track (then) vs. blended learning and passion projects (now)
• The “pick your pain” decision: staying comfortable vs. returning to school to advance
• Building a CISO gap analysis from job reqs and targeting stretch assignments
• Upgrading the lexicon: finance, legal, and general management (e.g., Wharton GMP)
• Turning tough feedback into growth: from geek speak to boardroom dialogue
• Consulting variety vs. ownership: when to switch for long-term impact
• The 100-day plan: assess → plan → act → measure → adjust (with IR first)
• Stakeholder mapping, team SWOTs, and making strategy stick beyond 90 days
• Metrics as a “health language” and why today’s CISO must be a radical collaborator

Carl’s story shows how intentional trade-offs—education, language, and leadership style—compound into career momentum. His roadmap helps CISOs and aspiring leaders navigate transitions with discipline, communicate across the business, and build resilient teams that lead with clarity.

Most security professionals know what a CISO does. But what about a BISO? And why are Fortune 500 companies increasingly creating this executive role?

In this episode of The New CISO Podcast, host Steve Moore sits down with Evan Ferree, Staff Vice President and Business Information Security Officer at a Fortune 50 company, to decode one of cybersecurity's most misunderstood leadership positions.

Understanding the BISO Role:

• What a Business Information Security Officer actually does (and how it differs from a Deputy CISO)
• When organizations need a BISO - the size, industry, and complexity indicators
• Why the BISO serves as a "force multiplier" for the security organization
• How to measure and defend BISO value during organizational change

The Career Journey:

• Evan's unconventional path from IT infrastructure to executive security leadership
• How a major cybersecurity breach became his "MBA in cybersecurity" in six months
• Why volunteering for uncomfortable work during crisis creates career opportunities
• The progression from vulnerability analyst to SOC leadership to Staff VP

The 90% Influence Principle:

• Why the BISO role is about influence, not authority
• How to navigate multiple business units with different security needs
• Mastering the "why" behind security initiatives for non-technical audiences
• Building relationships and organizational awareness over time

Executive Skills That Matter:

• The "log lines" storytelling framework from Deloitte CISO Academy
• Developing executive presence through failure and self-awareness
• When to end a meeting and start over (and why that's okay)
• Speaking plain English vs. technical jargon with business leaders

Practical Career Advice:

• Transitioning from tactical security operations to strategic leadership roles
• Why getting uncomfortable is essential for growth
• Building business acumen alongside technical expertise
• Why Evan's best security hires came from outside cybersecurity

Key Insight: "You are 90% an influencer in this role. Unlike tactical security work where authority and urgency create credibility, the BISO must master explaining why security matters to the business - in terms the business understands."

Whether you're a security professional planning your path to executive leadership, a CISO considering adding a BISO function, or a business leader trying to understand how security enables business outcomes, this episode delivers actionable insights from someone who's lived the journey.

Guest: Evan Ferree, Staff Vice President & Business Information Security Officer at a Fortune 50 company, with 11 years of progressive security leadership experience spanning Security Operations, threat management, vulnerability management, and business information security.

Hosted by: Steve Moore | Produced in partnership with: Exabeam

In this episode of The New CISO, host Steve Moore speaks with Dr. Timo Wandhöfer, Group CISO and Head of Information Security & Business Continuity Management at Klöckner & Co, about the evolving responsibilities of modern CISOs and why influencing—not just convincing—stakeholders is essential for success.

From his early career as a researcher in computer science to leading global security and resiliency efforts in the steel industry, Timo shares how critical thinking, skepticism, and cross-functional collaboration shaped his leadership style. He reflects on the dangers of overconfidence in detection, the risks of over-relying on tools, and the lessons learned from merging information security with business continuity. Timo also explores how AI can both accelerate remediation and introduce new risks, and why resilience planning and transparent communication are at the core of effective leadership.

Key Topics Covered:

• The evolving role of the CISO: from protection to resilience and adaptability
• How research skills translate into critical thinking and cross-functional collaboration
• Why overconfidence and lack of visibility remain major pitfalls in security programs
• The importance of transparency, maturity, and asset inventory for strong defenses
• Resiliency planning: ransomware recovery, crisis management, and operating models
• Insider threat investigations and the role of HR, Legal, and IT in response
• The shift from convincing to influencing stakeholders through dialogue
• The promise and risks of AI and automation in remediation and decision-making
• Why today’s CISO must be a communicator, storyteller, and business leader

Timo’s journey highlights how resilience, adaptability, and influence define the “new CISO.” His insights provide a roadmap for leaders who want to strengthen security programs, build trust with stakeholders, and guide their organizations with both technical and business acumen.

In this episode of The New CISO, host Steve Moore speaks with Steve Lodin, VP of Information Security at Sallie Mae, about the career challenges that shaped his leadership style and the lessons he’s learned across decades in cybersecurity.

From breaking into his high school to experiment with Apple II computers to leading global security teams in Europe, Steve shares the pivotal experiences that defined his career. He opens up about career missteps, the importance of asking the right questions before accepting a new role, and how succession planning and crisis preparation are critical for every security leader. Steve also reflects on how medical emergencies, breach response, and shifting industries—from automotive to healthcare to financial services—taught him resilience, adaptability, and perspective.

Key Topics Covered:

• Early career pivots, from engineering to cybersecurity leadership
• Lessons learned from career missteps and short-lived roles
• The five factors Steve now evaluates before taking a new job
• Succession planning and preparing teams to lead during emergencies
• Why tabletop exercises and exposure to executives matter for resilience
• Managing stress, staying calm, and keeping perspective in high-pressure roles
• The long-tail business impact of breaches beyond immediate costs
• Why financial services foster collaboration and innovation in security
• The importance of mentoring and introducing students to cybersecurity careers

Steve’s story reveals why the most valuable lessons often come from challenges, not successes. His insights provide a roadmap for CISOs and aspiring leaders who want to navigate setbacks, lead with composure, and build stronger teams for the future.

In this episode of The New CISO, host Steve Moore speaks with Marius Poskus, Chief Information Security Officer at Glow Financial Services and creator of the Cyber Diaries podcast. Marius shares his journey from physical security into cybersecurity leadership—and how he did it without relying on traditional certifications.

Marius reflects on how self-directed learning, mentorship, and a strong personal brand helped him pivot careers and thrive in the FinTech space. He explains why the security industry needs to stop glorifying certifications, how to break in through SOC roles, and what truly makes a candidate stand out in interviews. From coaching new talent to advising startups on go-to-market strategies, Marius emphasizes that attitude and aptitude matter far more than credentials.

Key Topics Covered:

• Why Marius walked away from a career in physical security—and how that experience shaped his cyber path
• The critical difference between certification collecting and real-world skill development
• Why most entry-level cybersecurity roles are in SOCs—and how to leverage that
• How sharing your learning journey online builds credibility and unlocks job opportunities
• The two A’s that matter most when hiring: attitude and aptitude
• Common mistakes startups make when targeting CISOs and building security tools
• The growing risks of “AI-washing” and what real AI innovation should look like
• Why mentorship only works when mentees are willing to put in the work
• How to shift from security awareness “stick” tactics to culture-based collaboration
• What it means to build a personal brand that outlasts your job title

Marius’ story proves that cybersecurity success doesn’t come from certificates—it comes from curiosity, consistency, and community. Whether you’re just starting your career or leading a security team, this episode will inspire you to focus on what really moves the needle.

Marius Poskus Podcast - Cyber Diaries Podcast