SIEM costs are spiraling out of control for organizations. Increasing log volumes, longer compliance-driven retention requirements, and the habit of collecting everything "just in case," the list goes on.

Traditional SIEM architecture forces painful choices between cost control and security visibility, with teams constantly fighting to keep log volumes down while still maintaining adequate coverage for investigations.

In this episode, Cliff Crosland, co-founder and CEO of Scanner, explains how their data lake approach can reduce SIEM costs by 80-90% while giving organizations full custody of their data in their own cloud storage. Joining him are Nick Espinosa, host of the Deep Dive Radio Show, and Howard Holton, COO and industry analyst at GigaOm.

In this episode:

• Data retention policies
• The fundamental challenge of managing growing log volumes over time
• How AI copilots are bridging the gap between security analysts and software engineers in detection workflows.

Huge thanks to our sponsor, Scanner

Traditional SIEMs are a tax on your security team—bloated, brittle, and budget-killing. Scanner.dev fixes this. Use it as your SIEM, or to supercharge the one you already have. Our AI co-pilot summarizes alerts, suggests next steps, and reduces noise—making analysts faster and smarter. See it in action at Scanner.dev.

All links and images can be found on CISO Series

Security awareness is critical to cultivate in your organization. But security awareness training can often miss the mark. Traditional training is slow and reactive. As deepfakes and LLM-enhanced attacks become common, organizations need training solutions that can adapt and provide relevant training.

In this episode, Brian Long, CEO of Adaptive Security, explains how their platform provides engaging training that can be customized in a matter of minutes. Joining him are Janet Heins, CISO at ChenMed, and Gary Chan, CISO at SSM Health.

Huge thanks to our sponsor, Adaptive Security

AI-powered social engineering threats like deepfake voice calls, GenAI phishing, and vishing attacks are evolving fast. Adaptive helps security leaders get ahead with an AI-native platform that simulates realistic genAI attacks, and delivers expert-vetted security awareness training — all in one unified solution.

And now, with Adaptive’s new AI Content Creator, security teams can instantly transform breaking threat intel or updated policy docs into interactive, multilingual training — no instructional design needed. That means faster compliance, better engagement, and less risk.

Trusted by Fortune 500s and backed by Andreessen Horowitz and the OpenAI Startup Fund, Adaptive is helping security teams prepare for the next generation of cyber threats.

Learn more at adaptivesecurity.com.

All links and images can be found on CISO Series.

Wire fraud and payment security remain persistent challenges for organizations, with the FBI reporting a 33% increase in BEC losses between 2023 and 2024. The complexity of B2B payment processes creates multiple attack vectors that traditional email security solutions can't fully address.

In this episode, Shai Gabay, co-founder and CEO of Trustmi, explains how their platform connects the dots across the entire payment ecosystem to prevent fraud before money leaves the organization. By integrating with existing payment workflows and leveraging AI to build behavioral baselines, Trustmi aims to eliminate the manual controls and siloed systems that make B2B payments vulnerable to attack. Joining him are Bethany De Lude, CISO Emeritus, and Adam Glick, CISO at PSG Equity.

Huge thanks to our sponsor, Trustmi

Eliminate socially engineered fraud with Trustmi’s Behavioral AI platform. Empower IT and finance teams to detect BEC, vendor impersonation, and payment errors in real time—protecting your business and bottom line. Learn more at trustmi.ai.

Implmenting new technologies for the business is already a daunting task. Cloud and SaaS have made some of the implementation easier, but it also makes it easier to not fully comprehend the risks you're taking on. All it can take is a company credit card. Organizations struggle with shadow IT, misconfigurations, and unauthorized access across multiple cloud environments, often lacking visibility into their actual cloud assets.

In this episode, Tyson Garrett, CTO of TrustOnCloud, explains how their platform provides constantly updated threat models for major cloud services, helping organizations implement controls based on their risk appetite. Joining him are Derek Fisher, Director of the Cyber Defense and Information Assurance Program at Temple University, and Davi Ottenheimer, vp, digital trust and ethics at Inrupt.

Huge thanks to our sponsor, TrustOnCloud

TrustOnCloud delivers actionable, continuously updated threat models for 220+ AWS, Azure, and GCP services. Empower CISOs and security teams to pinpoint risks, adapt controls, and accelerate secure cloud adoption. Stay ahead of cloud threats with research trusted by global systemic banks, enterprises, and governments. Learn more at TrustOnCloud.com

Security orchestration sounds great in theory, but in practice, coordinating between different security tools remains a headache. As workflows need to move faster to keep pace with AI-driven attacks, security professionals find themselves overwhelmed with manual "muck work" rather than focusing on business enablement.

In this episode, Matt Muller, field CISO at Tines, explains how their no-code workflow automation platform helps security teams eliminate manual work that bogs them down. Joining him are Bil Harmer, information security advisor at Craft Ventures, and Brett Conlon, CISO at American Century Investments.

Build, run, and monitor your most important workflows with Tines. Tines’ AI-enabled, secure workflow platform empowers your whole team regardless of their coding abilities, environment complexities, or tech stack. From low code, no code to natural language, anyone can get up and running in minutes – not days or weeks. Learn more at Tines.com.

All links and information can be found on CISO Series.

DLP can be a bit of a four-letter word in cybersecurity. False positives are a major problem with any traditional DLP solution because setting the right policy for your organization's needs is always a moving target.

In this episode, Nitay Milner, co-founder and CEO of Orion Security, explains how they provide a "zero-policy" approach to DLP that brings in the missing piece of context to the category. Joining him are Steve Knight, former CISO at Hyundai Capital America, and Jack Kufahl, CISO at Michigan Medicine.

Huge thanks to our sponsor, Orion Security

Orion is the first AI-native DLP that prevents data exfiltration with a zero-policy approach. Powered by Orion’s proprietary “Indicators of Leakage” AI engine, they automatically detect data incidents with context-aware accuracy - eliminating false positives and manual work. Orion brings a new approach to DLP - it’s like EDR for your data. Already trusted by enterprises in finance, aviation, healthcare, and beyond. Learn more at https://orionsec.io

Managing risk is the name of the game for a CISO. Quantification is a major part of that job, but it doesn't end there. Without a means of communicating that quantification to the rest of the business, quantification just adds to the noise.

In this episode, UJ Desai, Senior Director of Product Management, Partner Programs at Qualys explains how they provide a comprehensive solution for the Risk Operations Center, with comprehensive ways to ingest data from your applications, make sense of the data, and give your organization the tools to make the right priorities with it. Joining him are our panelists, Montez Fitzpatrick, CISO at Navvis, and Derek Fisher, Director of the Cyber Defense and Information Assurance Program at Temple University.

Huge thanks to our sponsor, Qualys

Cut through cybersecurity noise with Qualys Enterprise TruRisk Management. Quantify risk in financial terms, prioritize critical threats, and streamline remediation. Gain actionable insights for faster risk reduction and communicate business impact clearly to stakeholders. Empower your teams to measure, communicate, and eliminate cyber risk more effectively. Learn more at qualys.com/etm.

Security teams today are expected to manage two fronts—building and maintaining proactive defenses, and staying ready to respond at any moment to threats that slip through. But unless someone actively watches those alerts 24/7, your detection tools are expensive noise generators.

In this episode, Rob Allen, chief product officer at ThreatLocker, lays out why their Cyber Hero® MDR offering is built not as a standalone security strategy, but as a complement to a deny-by-default, proactively hardened environment. With real-time visibility, flexible communication, one-click remediation, and human-backed support—not just automation—ThreatLocker’s MDR offering is positioned to deliver value even when the alerts are quiet. Joining him are TC Niedzialkowski, head of IT and security at Opendoor, and Sasha Pereira, CISO at WASH.

Huge thanks to our sponsor, ThreatLocker

ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.