In this episode, Michael Piacente shares insights on career transitions in IT and security, the evolving role of CISOs, and the impact of AI on security talent and practices. Discover how community, storytelling, and strategic hiring shape the future of cybersecurity leadership.

Resources

The 2026 Global CISO Leadership Report

Hitch Partners

NIST AI Framework

Send a text

This episode of the Cloud Security Today podcast is a little different from the others because this time host Matthew Chiodi gives the interviewer’s seat over to Yousuf Khan and they talk about an exciting new development in Matt’s career.

Matt announces a big career move and talks about how he’s hoping to fix some of the biggest problems in SaaS security today. He tells Yousuf about his new role and the fresh approach that his new company is bringing to the field. At the end of the episode, they discuss working in a start-up environment and give advice to anyone considering working in a start-up.

If you enjoyed this episode, subscribe, or follow Cloud Security Today wherever you get your podcasts.

Timestamps

[0:28] Matt introduces the topic for today’s episode

[1:50] Exciting news from Matt about his latest career move

[5:10] Matt explains one of the biggest challenges in app security today

[7:25] How have we managed app security up to now?

[9:20] So how does Cerby work?

[11:32] Matt’s new role at Cerby and an outline of his first few months

[12:50] Why Matt likes working in a start-up environment

[14:05] How Matt became interested in Cerby

[16:20] What’s next for Cerby?

[18:10] The advice that Matt would give to anyone looking to join a start-up

[20:40] Yousuf adds his thoughts about working for a start-up

Episode Links
Ridge Ventures
Yousuf Khan's Linkedin Profile
Cerby's website
Matt's Linkedin Profile

Send a text

In this conversation, MK Palmore shares insights from his diverse leadership journey, spanning the Marine Corps, FBI, and cybersecurity. He emphasizes the importance of a people-centered leadership approach, the balance between technical and leadership skills, and the significance of effective communication. MK reflects on his experiences, the impact of mentorship, and the lessons learned from both successes and failures in leadership roles. MK highlights the challenges in attracting diverse talent to cybersecurity and the necessity of nurturing new professionals. He concludes with insights on continuous learning and the importance of maintaining a beginner's mindset.

Takeaways

• Diverse experiences shape leadership philosophy.
• Mentorship plays a significant role in professional development.
• Silence from leaders can lead to assumptions and uncertainty.
• Leaders should increase communication during times of uncertainty.
• Maintaining a mindset of continuous learning is vital for personal growth.

Chapters

00:00
Introduction to Leadership and Music

02:57
Diverse Leadership Experiences

06:05
The Importance of People-Centered Leadership

09:05
Technical Skills vs. Leadership Skills

11:49
Communication as a Leadership Skill

14:53
Learning from Mistakes in Communication

18:01
The Impact of Silence in Leadership

20:44
Navigating Uncertainty in Leadership

25:06
Bridging the Gap: Technical and Business Communication

30:22
Building Personal Brand and Eminence

32:53
Overcoming Barriers in Cybersecurity Talent Acquisition

38:31
Staying Sharp: Continuous Learning and Adaptability

Send a text

Summary
In this conversation, Chris Hetner discusses the evolving role of boards of directors in cybersecurity, emphasizing the need for improved communication and understanding of cyber risks. He highlights the challenges boards face in adapting to new SEC rules and the importance of leveraging AI responsibly. Hetner also shares insights on tools for quantifying cyber risk and prioritizing investments while advocating for continuous learning and proactive engagement with board members.

Takeaways

• Boards are becoming more aware of cybersecurity risks.
• Cybersecurity discussions often receive limited airtime in board meetings.
• The SEC's new disclosure rules can drive more frequent discussions on cyber risk.
• AI governance is crucial as AI technologies become more prevalent.
• Collaboration with general counsel and risk officers is essential.

Chapters

00:00 Introduction and Background on Cybersecurity and Boards
03:05 Current Challenges Facing Boards in Cybersecurity
06:11 Understanding Cyber Risk and Communication with Boards
08:58 Improving Board Engagement with Cybersecurity
11:56 Leveraging SEC Guidelines for Cyber Risk Discussions
15:02 The Role of AI in Cybersecurity Governance
18:05 Tools for Quantifying Cyber Risk
21:12 Prioritizing Cybersecurity Investments
24:02 The Importance of AI Governance
26:57 Staying Informed in Cybersecurity
30:13 Final Thoughts and Continuous Learning

Send a text

In a world where cyber-attacks are ever-changing, cybersecurity has to adapt accordingly. Joining us today to delve into the world of cloud security for federal agencies is Sandeep Shilawat, Vice President of Cloud and Edge Computing at ManTech. Sandeep has extensive experience in both Commercial and Federal technology markets. We’ll get to hear his predictions on where the cloud world is heading, as well as what the Federal Authority to Operate (ATO) process will look like in the future. We learn the benefits of cloud compliance standards, as well as how FedRAMP is leveling the playing field in federal cloud computing. We also touch on the role of 5G in cloud computing, and why its presence will disrupt going forward. Join us as we pick Sandeep’s brain for some insights into the present and future of federal cybersecurity.

Tweetables
“Visibility has become [the] single biggest challenge and nobody's dealing with cloud management in a multi-cloud perspective from cradle to grave.” — @Shilawat [0:09:03]

“I think that having a managed cloud service is probably the first approach that should be considered by an agency head. I do think that that's where the market is heading. Sooner or later, it will probably become a de facto way of doing cloud security.” — @Shilawat [0:19:43]

Send a text

In this month's installment, Toni De La Fuente shares his journey into cybersecurity, detailing his early experiences with computers and his passion for hacking. He discusses the creation of Prowler, an open-source cloud security tool, and its differences from commercial solutions. The conversation explores cloud security challenges, the importance of open-source solutions, and the dynamics of scaling a startup. Toni also emphasizes the significance of passion in one's career and offers advice for aspiring tech professionals.

And yes...we also talk about his LOVE for Iron Maiden ;-)

Send a text

Episode Summary

On this episode, Matt speaks with Senior Executive, Board Director, and leader in Cybersecurity, risk management, and regulatory compliance, Chris Hetner about cybersecurity and the newly-proposed SEC cybersecurity rules. With over 25 years of experience in the cybersecurity space, Chris has served in roles including as Senior Cybersecurity Advisor to the Chairman at the SEC, Managing Director of Information Security Operations at GE Capital, and SVP Information Security at Citi.

Today, Chris talks about understanding the proposed cybersecurity rules, defining materiality, and the importance of focusing on cyber-resilience. Where does the Cloud come into it? Hear about the cost of cyberattacks, the core risk exposures, and Chris’s formula to personal growth.

Timestamp Segments

· [02:47] Chris’s proudest moments.

· [10:00] The new proposed rules.

· [14:26] Defining materiality.

· [23:56] Bridging the language gap.

· [32:14] Focusing on cyber-resilience.

· [35:36] Cybersecurity expertise on the board.

· [41:27] The cloud.

· [45:32] The formula to personal growth.

Notable Quotes

· “Ransomware extortion is relatively insignificant relative to the overall cost of the event.”

· “You can’t outsource the risk.”

· “Realize that you’re not always the smartest person in the room.”

· “We don’t know it all, and we never will.”

Send a text

Nearly all companies that have started in the last few years have been cloud-native from the very start. Someone who has experienced this is today’s guest Nate Lee. Nate is the Chief Information Security Officer for Tradeshift, a cloud-based business networking platform for supply chain payments, marketplaces, and applications. In this episode, Nate joins us to talk about the company’s journey, its success, and what he has learned here over the past seven years. Nate explains how Tradeshift’s vision is to digitize and connect everything that happens between a buyer and a seller anywhere in the world, and how being cloud-native from the start has supported this mission. We discuss how you can leverage automation and DevSecOps to scale on some very difficult items like ISO 27000 among other certifications. You will also hear how security has been the key differentiator that led to Tradeshift’s success, how the strategic focus of Tradeshift’s security program has shifted over time and the key metrics that Tradeshift tracks to maintain its certifications and compliance efforts.

Tweetables
“[The vision] is connecting every company in the world. You can't do that with a bunch of islands running in individual data centers. It was an easy choice to be cloud-native back then, as well as a smart choice in general for any company starting these days.” — @JustAnotherNate [0:08:56]

"In security and software development these days, if you're not constantly learning, you're falling behind just as quickly.” — @JustAnotherNate [0:32:48]

Links Mentioned in Today’s Episode

• Nate's LinkedIn profile
• Tradeshift's website
• Nate's blog on Transforming Technical Debt from Burden to Tool
• The Unicorn Project