In this episode, Ciaran and James are joined by cyber policy and practices leader Jen Easterly. Together they discuss the power of storytelling in cybersecurity, the evolution of cyber as a tool of state power, and why Secure by Design is critical to improving the security of the technologies we rely onContact:Have questions or comments? Email us at ciso-network@sans.org

In this special live episode of Cyber Leaders, Ciaran sits down with Thomas Harvey, CISO at Santander UK. As one of the UK’s leading operational cybersecurity figures, Thomas discusses the growing need for cross-sector collaboration, why a more connected security community is essential to national cyber resilience, and how building trust can help create a safer and more fraud-resistant digital landscape. Recorded at Merchant Taylors’ Hall, London on Wednesday the 22nd of October 2025.  Contact:Have questions or comments? Email us at ciso-network@sans.org

In this episode, Ciaran and James speak with Emily Taylor of Oxford Information Labs and Roxana Radu, Associate Professor of Digital Technologies and Public Policy at the Blavatnik School of Government, University of Oxford, about who really controls the internet. Emily and Roxana discuss how internet governance operates amid shifting geopolitics, dissect the foundational protocols (and problems) that underpin the web, and explore the often-obscure institutions that keep it running.Contact:Have questions or comments? Email us at ciso-network@sans.org

In this episode, Ciaran and James are joined by Curtis Dukes, Executive Vice President of the Center for Internet Security, to discover what “best practice” really means in cybersecurity today. Curtis draws on his extensive experience as former Head of the Information Assurance Directorate at the NSA, and discusses his current work on safe harbor laws and global “secure by design” initiatives aimed at building a safer digital world.Contact:Have questions or comments? Email us at ciso-network@sans.org

In this episode, Ciaran and James speak with Dr. Nikki Robinson – author, professor, and Senior Technical Staff Member and Senior Manager for Platform Development at IBM – about vulnerability management and human factors in cybersecurity. Nikki shares insights from her research into vulnerability chaining and how organisations can strengthen their approach to managing technical risk, as well as the human dynamics that shape security behaviour across teams.Contact:Have questions or comments? Email us at ciso-network@sans.org

In this episode, Ciaran and James speak with Heather Barnhart, Senior Director of Forensic Research at Cellebrite and Head of Faculty and DFIR Curriculum Lead at SANS, about the challenging world of digital forensics. Heather shares her experiences working on high-profile criminal cases, discusses the importance of thorough logging, and reflects on the real-world impact of cybersecurity on people’s lives.Contact:Have questions or comments? Email us at ciso-network@sans.org

In this episode, Ciaran and James are joined by Marin Ivezic and Dr. Kawin Boonyapredee of Applied Quantum to discuss one of the biggest strategic challenges in the future of cybersecurity: quantum computing. Marin and Kawin share their insights on quantum and how it could reshape security; from the existential risk of Q-Day to the regulations driving quantum readiness.Contact:Have questions or comments? Email us at ciso-network@sans.org

In this episode, Ciaran and James are joined by Paul Chichester CMG, MBE, Director of Operations at the UK’s National Cyber Security Centre, to explore how cyber threats have evolved over the decades. Drawing on more than 30 years experience at GCHQ, Paul reflects on the progression, from early digital espionage to major nation-state attacks and the rise of ransomware, and explains why collaboration and partnership remain essential to building a safer online world.Contact:Have questions or comments? Email us at ciso-network@sans.org

In this episode, Ciaran and James are joined by SANS Chief of Research and Head of Faculty, Rob Lee, to tackle the one big issue on everyone’s mind, AI. Rob shares his expert insight on the rapid rise of AI, from mainstream adoption to cognitive impact, and examines the threats, opportunities, and where human judgment still matters.Contact:Have questions or comments? Email us at ciso-network@sans.org

In this bonus episode, Ciaran and James look back on the memorable moments of Series 2, revisiting insightful interviews and compelling discussions. They explore recurring themes such as cyber conflict, critical infrastructure protection and the shifting threat landscape. It’s a chance to reflect and gear up for what’s ahead in Series 3.To see links and learn more about the show, visit https://www.sans.org/cyber-leaders-podcast/Contact:Have questions or comments? Email us at ciso-network@sans.org

In this episode, Ciaran and James are joined by Tim Conway, Technical Director of ICS and SCADA, to discuss the hidden systems that keep society running, from power plants to water grids. Tim sheds light on the unique challenges of securing industrial control systems, the dangers of complacency, and why the OT world is often overlooked until something goes terribly wrong. To learn more about our guest Tim Conway and for links from the episode, visit https://www.sans.org/podcasts/cyber-leaders/Contact:Have questions or comments? Email us at ciso-network@sans.org

In this episode, Ciaran and James are joined by Senior SANS instructor John Hubbard to discuss the ever-changing threat landscape and how SOC teams can stay ahead. John shares his expertise on spotting threats early, how to test your defences before the real attackers show up, and why he’s on a mission to simplify cybersecurity operations for the next generation of defenders.To learn more about our guest John Hubbard and for links from the show, visit https://www.sans.org/podcasts/cyber-leaders/Contact:Have questions or comments? Email us at ciso-network@sans.org

In this bonus episode, Ciaran and James sit down with Dr. Bilyana Lilly, to discuss cyber disinformation, diplomacy and defense. Here Bilyana sheds light on how geopolitical risk affects technology, including cyber threats, information warfare, and the evolving global security landscape.To learn more about our guest Dr. Bilyana Lilly and for links from the episode, visit https://www.sans.org/podcasts/cyber-leaders/Contact:Have questions or comments? Email us at ciso-network@sans.org

In this episode, Ciaran and James sit down with Tarah Wheeler, scholar, campaigner and entrepreneur, to discuss risk, safety and security in an increasingly unstable digital world. Tarah shares her expertise on protecting the most vulnerable, navigating legal grey zones in cybersecurity research, and translating complex technical issues into action for policymakers and small businesses alike.Find more information about our guest Tarah Wheeler and episode links at https://www.sans.org/podcasts/cyber-leaders/Contact:Have questions or comments? Email us at ciso-network@sans.org

In this episode, Ciaran and James meet Max Smeets, Co Director of Virtual Routes and Senior Researcher at the Center for Strategic Studies at ETH Zurich, to discuss how digital threats are reshaping geopolitics. Max shares his expertise on the cyber dimensions of modern warfare, and the impact of ransomware attacks on global security.Contact:Have questions or comments? Email us at ciso-network@sans.org

In this episode, Ciaran and James meet Christine Gadsby, Vice President and CISO at BlackBerry, to talk supply chain security; from exploding pagers to software liabilities. Christine reflects on how the industry is maturing around regulation, secure development, and vendor accountability as well as what happens when even hardware becomes a weapon.Contact:Have questions or comments? Email us at ciso-network@sans.org

In this episode, Ciaran and James are joined by Ross McKerchar, CISO at Sophos, to discuss one of the most significant – and to some, controversial – counter cyber operations ever carried out by a private company. Ross shares insights from the frontlines of the Pacific Rim campaign, as well as the shifting dynamics of the cybersecurity industry and what active defence really looks like in practice.Contact:Have questions or comments? Email us at ciso-network@sans.org

Kicking off series two, Ciaran and James sit down with none other than the CIO of NATO, Manfred Boudreaux-Dehmer, to discuss what collective defence means in the cyber domain. Manfred offers a rare inside look at managing security and information risk across NATO’s vast digital landscape and shares insights on emerging threats, evolving technologies, and how the Alliance is adapting to keep its members protected in an increasingly contested cyberspace.Contact:Have questions or comments? Email us at ciso-network@sans.org

In this episode, Lisa Forte, founder of Red Goat, joins Ciaran and James to discuss risk, security and the threat from within. Lisa offers her expertise on insider threat, crisis management, and high risk adventures. Highlights:Insider threat; the breakdownU.S. CERT definitions and mitigationDefining Insider Threats | CISA | Insider Threat Mitigation Guide NPSA guidance and toolsInsider Risk | NPSA | Reducing Insider Risk | NPSA A pervasive problemSANS – Decoding: “Insider Threat” Forget the outside hacker, the bigger threat is inside • The Register Surveillance won’t curb insider threats — but workplace culture can | Security Magazine Red Goat Security research into the barriers preventing reporting.Insider Threat Report 2019 Additional Resources:Red Goat Cyber Security Whistleblowing for employees Contact:Have questions or comments? Email us at ciso-network@sans.org

We're Back for Season 2!Catch up on episodes from Season 1: https://www.sans.org/podcasts/cyber-leaders/Contact:Have questions or comments? Email us at ciso-network@sans.org

In this bonus episode, Ciaran and James ring in the new year with a look back at the standout guests and thought-provoking topics from series one. They also take a sneak peek at what 2025 holds for the ever-evolving world of tech security.And to top it off, there’s a special announcement to chase away those January blues.Highlights:Typhoon VariantsCiaran and James take a look at developing cyber threats from China, including:Volt Typhoon: a persistent botnet with wide-reaching impactsVolt Typhoon back with vengeance | Blowing out the botsSalt Typhoon: a new wave of cyber espionageWall Street Journal article: How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military Weapons | Department of Treasury PressReleaseNew year, new legislationAs the U.S. pulls back on regulation, other nations are strengthening theircybersecurity laws.Australia’s new law mandates ransomware attack reportingMandatory ransomware payment reporting | Cyber SanctionsUK: Cybersecurity and resilience bill focused on ransomware mitigationCyber Security and Resilience Bill | Ransomware Legislative Proposals: Government ConsultationAdditional Resources:Cyber Leaders Series One EpisodesThe myth of the 8-character passwordLazarus Heist: The intercontinental ATM theft that netted $14m in two hoursCyber Threat ConferenceContact:Have questions or comments? Email us at ciso-network@sans.org

In this special bonus episode, Ciaran and James tackle one of their favorite cybersecurity acronyms: FUD – Fear, Uncertainty, and Doubt. Here our hosts break down what exactly FUD means for cybersecurity, why it matters, and the real-world risks it presents. Highlights:Notable Example of FUD- The Killer Drones story; FUD in action and then retraction- Highlights from the RAeS Future Combat Air & Space Capabilities Summit- BBC article on viral report Malware attacks - WannaCry Guidance for Users | NHS Case Study on WannaCry- Lessons from the Colonial Pipeline Attack- CFR Analysis of the Shamoon Attack | BBC Coverage of Shamoon AttackAccidental IT failures- UK Air Traffic Control Technical Failure: confusion over two DVLs. - BBC Report on ATC Failure | Regulator Review Following ATC Technical Failure The Ultimate FUD phrase- Leon Panetta's Cyber Pearl Harbor Warning; fostering a climate of fear about the catastrophic consequences of cyber warfare.- Panetta’s Speech on Cyber Threats | BBC Coverage of Panetta's WarningDousing the FUD Flames- Ian Levy's Magic Amulet Speech to cyber security vendors in which he accused them of selling medieval witchcraft to the public. - The Register on Ian Levy's Speech‘The World’s First Cyber Weapon’- Stuxnet Computer Virus; the infamous worm aimed at Iran's nuclear facilities- BBC Overview of Stuxnet | Kaspersky Resource on StuxnetAdditional Resources:- BBC Full Dossier on Iraq | Transcript of Andrew Gilligan's original report- BBC Report on Iraq Dossier ControversyContact:Have questions or comments? Email us at ciso-network@sans.org

In this episode, Ciaran and James sit down with investigative journalist and author, Geoff White, to explore the booming business of cyber crime. Geoff sheds light on this murky criminal underworld, its far-reaching consequences, and how cybersecurity has evolved in the public eye.Highlights:[1:30] Overview of Geoff’s notable work[4:00] Cybersecurity in the Limelight[10:15] Transformative Hacking Stories[20:00] Global Cyber Criminals Overview[30:00] Gripping Stories Covered by Geoff in his latest book, Rinsed[45:00] National Crime Agency EffortsLinks:Crime Dot Com - Crime Dot ComThe Lazarus Heist - Podcast | BookRinsed - RinsedWorld Economic Forum on Misinformation | World Economic Forum Annual  Meeting 2024 AlphaBay ShutdownSnowden Leaks: The Guardian| BBC NewsAnonymous Hacking: Britannica on AnonymousSony Pictures Entertainment Hacking: Vox | CCDCOE Nation State Hackers: Nation State HackersOrganized Cybercrime: Rise of RansomwareHacktivists: HacktivismAxie Infinity Hack: The BlockTornado Cash: US DoJ | FBIMoney Laundering Sisters from Bury: GMP News | Bury TimesNCA on DDoS AttacksContact:Have questions or comments? Email us at ciso-network@sans.org

In this episode, Ciaran and James sit down with Helen Rabe, CISO for the BBC, to discover the challenges of breaking into the industry and her experiences leading security for one of the world’s largest broadcasters. Helen shares her expertise as a certified industry leader, discussing the rising tide of personal liability for CISOs and the intense media scrutiny that comes with managing incident responses in the public eye. Highlights: [8:30] The Evolution of Organizational Security Postures[11:00] CISOs and Personal Liability[18:00] The Challenges of Media Scrutiny in Incident ResponseLinks:Why more transparency around cyber attacks is a good thing for everyoneThe History of the General Data Protection Regulation Impact of the GDPR on Cyber Security Outcomes Backstory Of The World’s First Chief Information Security OfficerFormer Uber security chief convicted for concealing a felony | Sentencing SEC Charges SolarWinds and CISO with Fraud | Case Dismissed MOVEit hack: BBC, BA and Boots among cyber attack victims CL0P Ransomware Gang Exploits MOVEit Vulnerability EDS, an HP Company 'Cat Herders' video Contact:Have questions or comments? Email us at ciso-network@sans.org

In this episode, Ciaran and James welcome their first guest from the SANS Institute, Frank Kim, to share insights on bridging the gap between cybersecurity and business leadership. Frank unpacks why cybersecurity is often overlooked by business leaders and discusses effective strategies to elevate its importance in boardrooms and beyond.Highlights:[4:30] Cyber on the World Stage[12:00] Dispelling FUD and Finding What ResonatesLinks:Crowdstrike Outages Fear, Uncertainty, and Doubt (FUD) Contact:Have questions or comments? Email us at ciso-network@sans.org

In this episode, Ciaran and James meet Jen Ellis, founder of NextJenSecurity, to discuss the pervasive threat of ransomware, the power of cyber security advocacy and importance of security best practices. Jen shares her expertise on humanising security and working with governments to build robust defenses against cyber attacks. Highlights: [3:00] Overview of Jen’s achievements and engagements[8:30] Legislating Cyber Crime[11:00] Notable Ransomware Attacks[18:00] Ransomware Task Force[21:00] Global Counter Ransomware Initiative[23:30] Debating Ransomware Payments[26:00] Current Concerns[30:00] Cybersecurity Collaboration Links:Rapid7 | Center for Cybersecurity PolicyNational Cyber Strategy 2022 policy paperDistilling Cyber PodcastJen testifying to the Senate on cyber crime [1:08:00 onwards]DMCA exemption for security researchDepartment of Justice policy on Computer Fraud and Abuse ActGerman Hospital Attack: Details of the attack.Colonial Pipeline: Incident overview | White House remarks| CISA analysisHSE Attack: Incident details | Post-incident review.JBS Attack: BBC report.Contact:Have questions or comments? Email us at ciso-network@sans.org

In this episode, Ciaran and James are joined by Christine Bejerasco, the CISO of WithSecure, for an insightful conversation about navigating the complexities of cybersecurity in today’s global landscape. Christine shares her experiences; from the wild early days of network worms and mobile malware, to the evolving role of the modern CISO and what it takes to lead cybersecurity experts towards a safer digital world.Highlights:[3:00] After GDPR: the regulations defining how organisations do privacy and security[8:30] Thoughts from a Former Forbes Councils Member[11:00] The Early 2000s: The Era of Network Worms and Mobile MalwareLinks:GDPR | GDPR Guidance and ResourcesThe Rise of loT Attacks: Endpoint ProtectionDORA RegulationNIS2 Directive | SANS NIS2 ResourcesLet’s Stop Blaming Users For Our Bad Security Design'After two decades in the cybersecurity industry, I have never been bored'The Perfect Worm10th Anniversary of the World's first Mobile Malware 'Cabir'Maliciously Mobile: A Brief History of Mobile MalwareRonald Reagan's famous speech: ‘I'm from the government and I'm here to help.’ Contact:Have questions or comments? Email us at ciso-network@sans.org

In this episode, Ciaran and James are joined by Shashank Joshi, Defence Editor at The Economist, to discuss the geopolitics of cyber security. Shashank offers his expert analysis on critical cyber security events, strategies, and their global implications.Highlights[2:00] Entry into Cyber[5:00] Iran-Israel Cyber Skirmishes[8:00] The XZUtils Story[11:00] Historical example highlighting the human side of technological advancement[14:00] Cyber warfare and geopolitical tensions[23:00] US-China cold tech war[26:00] Domestic Cyber Vulnerabilities[29:00] Counter-Terrorism Strategies[32:00] Evolution of thought from the Intelligence Community[41:00] Intelligence and Problem-Solving[44:00] Simplifying Complex TopicsLinks:Financial Timesreview [paywall] | PDFversionEconomist article on Iran's Cyberwar Economist article on XZUtils attack BBC article on overlooked Polish Codebreakers Keith Alexander's testimony Easterly’s testimony | Congress videoBBC article on sanctions | Defence Production Act NHS cyber incident update| British Library incident review. RUSI commentaryJames Babbage interview| Doctrine of cognitive effect Dark Wire WSJ book review Operation Lochbit video| Operation Endgame Hannigan’s book Contact:Have questions or comments? Email us at ciso-network@sans.org

Join us for an unfiltered journey into the minds of the leaders shaping the future of cybersecurity. In each episode, we embark on a curiosity-driven exploration to uncover hidden truths, share unlearned lessons, and offer critical insights to help you enhance your knowledge, sharpen your strategies, and lead the way in a rapidly evolving digital landscape.Contact:Have questions or comments? Email us at ciso-network@sans.org