Most security professionals know what a CISO does. But what about a BISO? And why are Fortune 500 companies increasingly creating this executive role?

In this episode of The New CISO Podcast, host Steve Moore sits down with Evan Ferree, Staff Vice President and Business Information Security Officer at a Fortune 50 company, to decode one of cybersecurity's most misunderstood leadership positions.

Understanding the BISO Role:

• What a Business Information Security Officer actually does (and how it differs from a Deputy CISO)
• When organizations need a BISO - the size, industry, and complexity indicators
• Why the BISO serves as a "force multiplier" for the security organization
• How to measure and defend BISO value during organizational change

The Career Journey:

• Evan's unconventional path from IT infrastructure to executive security leadership
• How a major cybersecurity breach became his "MBA in cybersecurity" in six months
• Why volunteering for uncomfortable work during crisis creates career opportunities
• The progression from vulnerability analyst to SOC leadership to Staff VP

The 90% Influence Principle:

• Why the BISO role is about influence, not authority
• How to navigate multiple business units with different security needs
• Mastering the "why" behind security initiatives for non-technical audiences
• Building relationships and organizational awareness over time

Executive Skills That Matter:

• The "log lines" storytelling framework from Deloitte CISO Academy
• Developing executive presence through failure and self-awareness
• When to end a meeting and start over (and why that's okay)
• Speaking plain English vs. technical jargon with business leaders

Practical Career Advice:

• Transitioning from tactical security operations to strategic leadership roles
• Why getting uncomfortable is essential for growth
• Building business acumen alongside technical expertise
• Why Evan's best security hires came from outside cybersecurity

Key Insight: "You are 90% an influencer in this role. Unlike tactical security work where authority and urgency create credibility, the BISO must master explaining why security matters to the business - in terms the business understands."

Whether you're a security professional planning your path to executive leadership, a CISO considering adding a BISO function, or a business leader trying to understand how security enables business outcomes, this episode delivers actionable insights from someone who's lived the journey.

Guest: Evan Ferree, Staff Vice President & Business Information Security Officer at a Fortune 50 company, with 11 years of progressive security leadership experience spanning Security Operations, threat management, vulnerability management, and business information security.

Hosted by: Steve Moore | Produced in partnership with: Exabeam

In this episode of The New CISO, host Steve Moore speaks with Dr. Timo Wandhöfer, Group CISO and Head of Information Security & Business Continuity Management at Klöckner & Co, about the evolving responsibilities of modern CISOs and why influencing—not just convincing—stakeholders is essential for success.

From his early career as a researcher in computer science to leading global security and resiliency efforts in the steel industry, Timo shares how critical thinking, skepticism, and cross-functional collaboration shaped his leadership style. He reflects on the dangers of overconfidence in detection, the risks of over-relying on tools, and the lessons learned from merging information security with business continuity. Timo also explores how AI can both accelerate remediation and introduce new risks, and why resilience planning and transparent communication are at the core of effective leadership.

Key Topics Covered:

• The evolving role of the CISO: from protection to resilience and adaptability
• How research skills translate into critical thinking and cross-functional collaboration
• Why overconfidence and lack of visibility remain major pitfalls in security programs
• The importance of transparency, maturity, and asset inventory for strong defenses
• Resiliency planning: ransomware recovery, crisis management, and operating models
• Insider threat investigations and the role of HR, Legal, and IT in response
• The shift from convincing to influencing stakeholders through dialogue
• The promise and risks of AI and automation in remediation and decision-making
• Why today’s CISO must be a communicator, storyteller, and business leader

Timo’s journey highlights how resilience, adaptability, and influence define the “new CISO.” His insights provide a roadmap for leaders who want to strengthen security programs, build trust with stakeholders, and guide their organizations with both technical and business acumen.

In this episode of The New CISO, host Steve Moore speaks with Steve Lodin, VP of Information Security at Sallie Mae, about the career challenges that shaped his leadership style and the lessons he’s learned across decades in cybersecurity.

From breaking into his high school to experiment with Apple II computers to leading global security teams in Europe, Steve shares the pivotal experiences that defined his career. He opens up about career missteps, the importance of asking the right questions before accepting a new role, and how succession planning and crisis preparation are critical for every security leader. Steve also reflects on how medical emergencies, breach response, and shifting industries—from automotive to healthcare to financial services—taught him resilience, adaptability, and perspective.

Key Topics Covered:

• Early career pivots, from engineering to cybersecurity leadership
• Lessons learned from career missteps and short-lived roles
• The five factors Steve now evaluates before taking a new job
• Succession planning and preparing teams to lead during emergencies
• Why tabletop exercises and exposure to executives matter for resilience
• Managing stress, staying calm, and keeping perspective in high-pressure roles
• The long-tail business impact of breaches beyond immediate costs
• Why financial services foster collaboration and innovation in security
• The importance of mentoring and introducing students to cybersecurity careers

Steve’s story reveals why the most valuable lessons often come from challenges, not successes. His insights provide a roadmap for CISOs and aspiring leaders who want to navigate setbacks, lead with composure, and build stronger teams for the future.