In this episode of CyberOXtales, host Neatsun Ziv leads a dynamic role-play exercise with cybersecurity leaders Heather Hinton, a four-time CISO, and Christopher Crummey, Global Director at Sygnia. Together, they walk through a simulated npm supply-chain compromise, revealing how CISOs, IR teams, and executives should respond in the first critical hours of a dependency attack.

The discussion dives into triage under pressure, defining crisis levels, onboarding IR partners in advance, the role of communication in limiting panic, and the importance of practice and culture in incident response. From establishing 'circles of trust' to managing business continuity tradeoffs, this episode is a blueprint for leaders who want to stay ahead of the next supply-chain shock.

Risk Rewired: Samir Sherif’s Cybersecurity Playbook for Executives
In this episode of CyberOXtales, Samir Sherif challenges executives to drop outdated boundaries and start thinking in systems. Drawing on years in both financial services and security operations, he outlines why integrating the Security Operations Center (SOC) and Network Operations Center (NOC) is no longer optional. It's essential for resilience.

Samir maps out how AI is doing more than just reducing noise in SecOps. It’s already making Level 1 decisions, and soon it’ll take on Level 2 logic, pushing organizations to rethink their human capital strategies. But the tech alone isn’t enough. Culture matters. He breaks down how shifting from a vulnerability-based mindset to a risk-centric language can unlock alignment across engineering, IT, and business functions.

This is a no-nonsense guide to breaking silos, choosing the right tools, and designing for continuity from the code layer to the C-suite. If you're leading a digital transformation, this episode belongs in your war room.

About Our Guest
Samir Sherif is a veteran Chief Information Security Officer with decades of experience across banking, enterprise software, and infrastructure. He has served as CISO at F5 Networks, Absolute Software, and Imperva, and previously spent over 20 years at Citigroup leading application security. Samir currently sits on multiple advisory boards including Mitiga, NetSPI, Secure Code Warrior, and others. His perspective blends technical expertise with board-level strategy to build integrated, resilient security programs.

Connect with Samir
LinkedIn

Key Takeaways

• SOC and NOC must merge both technologically and culturally to tackle today’s threats
• Focus on risk instead of vulnerabilities to drive better decision making
• AI is already reshaping Level 1 and Level 2 operations
• Business resilience depends on shared visibility across tech and security
• True integration requires cultural change, not just new tools

Listen to this episode of CyberOXtales to hear how Samir Sherif is helping organizations rethink security from the inside out.

Building a Risk Narrative: Gary Hayslip’s Cybersecurity Playbook for Executives

In this episode of CyberOXtales, host Neatsun Ziv, CEO of OX Security, sits down with Gary Hayslip, CISO at SoftBank Investment Advisors, to explore how CISOs can build risk narratives that influence business decisions. Gary shares lessons from his experience in five CISO roles and emphasizes why cybersecurity leaders must act as business executives first. He outlines how to align strategy with operations, engage with boards through compelling storytelling, and maintain peer-driven situational awareness in a fast-moving threat landscape.

About Our Guest:

Gary Hayslip is the Chief Information Security Officer at SoftBank Investment Advisors (the Vision Fund). With a career spanning more than two decades, including roles in both government and private sectors, Gary has led security teams at Webroot, the City of San Diego, and more. He’s a systems thinker with a strong operational background rooted in his military service and is known for his strategic approach to cybersecurity leadership.

Connect with Gary: LinkedIn

Key Takeaways:

• CISOs are Business Executives First – Gary emphasizes that cybersecurity leadership today is about managing risk, enabling operations, and supporting business goals.
• Build a Tailored Risk Narrative – A one-size-fits-all story doesn’t work. Risk narratives must reflect the unique needs, operations, and regulatory context of the business.
• Storytelling Drives Strategy – Gary uses risk/threat matrices, control frameworks like NIST CSF, and ongoing assessments to communicate a clear story to executive teams.
• Peer Networks are Essential – Active engagement with fellow CISOs helps benchmark strategy and adds credibility in boardroom discussions.
• Balance Ops and Strategy – Mornings are for operational awareness; the rest of the day is for strategic collaboration, reporting, and forward-looking planning.

Listen to this episode of CyberOXtales to learn how Gary Hayslip builds risk narratives that resonate—from the boardroom to the security operations center.

In this episode of CyberOXtales, host Neatsun Ziv, CEO of Ox Security, explores the evolving role of CISOs in AI-driven companies with Damian Hasse. As artificial intelligence reshapes industries, security leaders must navigate new risks, balance innovation with protection, and ensure compliance with emerging regulations.

Damian shares firsthand experience leading security in an AI company, offering insights into AI-specific threat landscapes, risk management strategies, and how CISOs can build resilient security programs in an environment where data is the most valuable asset.

About Our Guest:

Damian Hasse is an experienced cybersecurity leader with a deep focus on securing AI-driven environments. As the CISO of Moveworks, his expertise spans risk management, security architecture, and governance, ensuring that AI companies can scale while maintaining a strong security posture.

Connect with Damian: LinkedIn

Key Takeaways:

• AI Security is a Moving Target – AI models introduce unique risks, from adversarial attacks to data poisoning. CISOs must adapt quickly to emerging threats.
• Balancing Innovation and Risk – Security leaders in AI companies can’t be the “Department of No.” Instead, they must integrate security into AI development without slowing innovation.
• The Role of Regulation in AI Security – The regulatory landscape for AI is still evolving. CISOs must stay ahead of compliance challenges, from GDPR to AI-specific policies.
• Operationalizing AI Security – Implementing robust access controls, model integrity checks, and continuous monitoring is essential for securing AI pipelines.
• AI Threat Intelligence is Key – Security teams must develop proactive defense mechanisms to protect AI systems from adversarial threat.

This cybersecurity playbook is inspired by Devin Rudnicki’s insights on navigating the CISO role, mastering communication, and aligning security programs with business outcomes, as shared on CyberOXtales.
The Playbook

Objective:

💡 This playbook provides actionable strategies from Devin Rudnicki, CISO at Fitch Group, on navigating the CISO role, building cross-functional security programs, and aligning security initiatives with business outcomes.

Key Goals Include:

• Equip new and aspiring CISOs with a roadmap for their first 90 days.
• Highlight the importance of communication and stakeholder management.
• Provide strategies for aligning security programs with business outcomes.
• Emphasize building cross-functional security committees.

• Speak the Board’s Language: Present risks as business impacts, not technical threats.
• Develop a Risk Narrative: Tie security initiatives to business outcomes using real-world scenarios.
• Create a Security Scorecard: Use clear metrics (e.g., time-to-patch, phishing click rates) to frame progress.

• Meet key stakeholders: Board members, CIO, CRO, and department heads.
• Audit the current security program and identify gaps.

• Develop a draft security strategy aligned with business outcomes.
• Start forming a cross-functional security committee.

• Finalize and present the security strategy to leadership.
• Launch quick-win security initiatives for early impact.

• Form the Committee: Include stakeholders from Risk, IT, Legal, and Operations.
• Establish Regular Meetings: Review security metrics and program updates.
• Assign Ownership: Make security a shared responsibility across departments.

• Conduct Business Impact Analyses (BIA): Identify and protect the most critical business processes.
• Develop Risk Scenarios: Show leadership how security mitigates business disruption.
• Track Outcomes, Not Tools: Measure success through reduced incidents, faster recovery times, and improved risk scores.

• Lead by Example: Participate in security tool evaluations and incident response exercises.
• Bridge Technical and Executive Teams: Translate complex technical challenges into business language.
• Mentor the Team: Share experiences from your own career to develop talent.

In this episode of CyberOXtales, host Neatsun Ziv, CEO of OX Security, sits down with Rohit Parchuri, CISO at Yext, to discuss the art of building a culture of security within organizations. Rohit shares his journey from a budding cybersecurity enthusiast in South India to becoming a strategic leader responsible for managing cyber risk at the executive level.

The conversation delves into the complexities of the CISO role, the significance of a structured cyber risk program, and the importance of aligning security efforts with business priorities. With actionable insights, Rohit highlights how organizations can empower their teams, establish risk committees, and seamlessly integrate audit processes to create a resilient cybersecurity strategy.

About Our Guest:

Rohit Parchuri is a seasoned cybersecurity professional and the Chief Information Security Officer at Yext, where he oversees strategic risk management and cybersecurity operations. With a technical foundation in electronics and communications and a passion for understanding cyber risks, Rohit has navigated diverse roles in network security, compliance, application security, and governance. His approach combines technical acumen with a focus on empowering organizations to embrace a culture of security.

Connect with Rohit: LinkedIn

Key Takeaways:

• Security Culture Is Key: Driving a company-wide culture of security ensures every employee contributes to the organization’s safety.
• Risk Management Should Align with Business Goals: Cyber risk programs should reflect the organization’s strategic priorities and compliance obligations.
• Communication Matters: Translating technical cybersecurity risks into language executives can act on is crucial.
• Collaboration Drives Success: Establishing committees and fostering teamwork ensures cohesive and effective cybersecurity efforts.
• Audit Integration Enhances Oversight: Seamlessly integrating audit processes into risk management provides a unified view of organizational risks.

In this episode of CyberOxTales Podcast, host Neatsun Ziv, CEO of OX Security, interviews Sam Rehman, Global CISO at EPAM, about the critical role of password and secrets management in cybersecurity. The discussion covers building a culture of security, fostering collaboration across teams, and the evolving role of CISOs in modern organizations. Sam shares actionable advice on embedding security into organizational workflows and addressing industry-specific challenges.

About Our Guest

Sam Rehman is the Chief Information Security Officer, SVP at EPAM with over 35 years of experience in cybersecurity. Known for his strategic approach, Sam has been instrumental in fostering security culture and aligning security practices with business goals. His expertise spans managing risks, addressing vulnerabilities, and implementing innovative solutions in complex environments.

Connect with Sam: LinkedIn

Key Takeaways

• Passwords should never be hard-coded into code.
• Security awareness starts with developers understanding risks.
• Injecting security champions into projects enhances security culture.
• CISOs are evolving from gatekeepers to collaborative partners.

In this episode of CyberOxTales Podcast, host Neatsun Ziv, CEO of OX Security, welcomes Mario Duarte, former CISO at Snowflake. They discuss the complexities of securing CI/CD pipelines and non-human identities, shedding light on why these areas are often overlooked and how to communicate their importance to both technical and non-technical stakeholders.

About Our Guest:

Mario Duarte is the former CISO of Snowflake, where he built the security team from scratch. With over 25 years of experience in the security industry, Mario now advises, invests, and speaks on security topics such as CI/CD and non-human identities.

Connect with Mario: LinkedIn

Key Takeaways:

• Development and QA environments are less controlled than production, making them prime targets for attackers.
• API keys and tokens often "move around" in development environments, increasing the risk of exploitation.
• Handling widespread vulnerabilities requires clear communication with management and an understanding of how vulnerabilities manifest in production.
• Mario emphasizes the importance of storytelling to explain security risks in relatable terms to both developers and executives.