In this episode of CyberOXtales, host Neatsun Ziv leads a dynamic role-play exercise with cybersecurity leaders Heather Hinton, a four-time CISO, and Christopher Crummey, Global Director at Sygnia. Together, they walk through a simulated npm supply-chain compromise, revealing how CISOs, IR teams, and executives should respond in the first critical hours of a dependency attack.

The discussion dives into triage under pressure, defining crisis levels, onboarding IR partners in advance, the role of communication in limiting panic, and the importance of practice and culture in incident response. From establishing 'circles of trust' to managing business continuity tradeoffs, this episode is a blueprint for leaders who want to stay ahead of the next supply-chain shock.

Risk Rewired: Samir Sherif’s Cybersecurity Playbook for Executives
In this episode of CyberOXtales, Samir Sherif challenges executives to drop outdated boundaries and start thinking in systems. Drawing on years in both financial services and security operations, he outlines why integrating the Security Operations Center (SOC) and Network Operations Center (NOC) is no longer optional. It's essential for resilience.

Samir maps out how AI is doing more than just reducing noise in SecOps. It’s already making Level 1 decisions, and soon it’ll take on Level 2 logic, pushing organizations to rethink their human capital strategies. But the tech alone isn’t enough. Culture matters. He breaks down how shifting from a vulnerability-based mindset to a risk-centric language can unlock alignment across engineering, IT, and business functions.

This is a no-nonsense guide to breaking silos, choosing the right tools, and designing for continuity from the code layer to the C-suite. If you're leading a digital transformation, this episode belongs in your war room.

About Our Guest
Samir Sherif is a veteran Chief Information Security Officer with decades of experience across banking, enterprise software, and infrastructure. He has served as CISO at F5 Networks, Absolute Software, and Imperva, and previously spent over 20 years at Citigroup leading application security. Samir currently sits on multiple advisory boards including Mitiga, NetSPI, Secure Code Warrior, and others. His perspective blends technical expertise with board-level strategy to build integrated, resilient security programs.

Connect with Samir
LinkedIn

Key Takeaways

• SOC and NOC must merge both technologically and culturally to tackle today’s threats
• Focus on risk instead of vulnerabilities to drive better decision making
• AI is already reshaping Level 1 and Level 2 operations
• Business resilience depends on shared visibility across tech and security
• True integration requires cultural change, not just new tools

Listen to this episode of CyberOXtales to hear how Samir Sherif is helping organizations rethink security from the inside out.

Building a Risk Narrative: Gary Hayslip’s Cybersecurity Playbook for Executives

In this episode of CyberOXtales, host Neatsun Ziv, CEO of OX Security, sits down with Gary Hayslip, CISO at SoftBank Investment Advisors, to explore how CISOs can build risk narratives that influence business decisions. Gary shares lessons from his experience in five CISO roles and emphasizes why cybersecurity leaders must act as business executives first. He outlines how to align strategy with operations, engage with boards through compelling storytelling, and maintain peer-driven situational awareness in a fast-moving threat landscape.

About Our Guest:

Gary Hayslip is the Chief Information Security Officer at SoftBank Investment Advisors (the Vision Fund). With a career spanning more than two decades, including roles in both government and private sectors, Gary has led security teams at Webroot, the City of San Diego, and more. He’s a systems thinker with a strong operational background rooted in his military service and is known for his strategic approach to cybersecurity leadership.

Connect with Gary: LinkedIn

Key Takeaways:

• CISOs are Business Executives First – Gary emphasizes that cybersecurity leadership today is about managing risk, enabling operations, and supporting business goals.
• Build a Tailored Risk Narrative – A one-size-fits-all story doesn’t work. Risk narratives must reflect the unique needs, operations, and regulatory context of the business.
• Storytelling Drives Strategy – Gary uses risk/threat matrices, control frameworks like NIST CSF, and ongoing assessments to communicate a clear story to executive teams.
• Peer Networks are Essential – Active engagement with fellow CISOs helps benchmark strategy and adds credibility in boardroom discussions.
• Balance Ops and Strategy – Mornings are for operational awareness; the rest of the day is for strategic collaboration, reporting, and forward-looking planning.

Listen to this episode of CyberOXtales to learn how Gary Hayslip builds risk narratives that resonate—from the boardroom to the security operations center.