In this episode of The Professional CISO Show, David Malicoat is joined by Lenny Krol, Head of Services Sales at Check Point Software, recorded live at GPSEC DFW.

Lenny breaks down how Check Point’s services organization supports customers across both Check Point and third-party technologies, why an open ecosystem matters, and how CISOs can realistically scale security operations amid a global talent shortage. From fractional SOC coverage to process maturity and real-world engagement models, this conversation delivers practical insight for security leaders at every stage of their journey.

Sponsors:

Check Point Software (Premier Sponsor) (www.checkpoint.com)

Guidepoint Security (Associate Sponsor) (www.guidepointsecurity.com)

🎙️ Listen on Spotify and Apple Podcasts

🌐 Learn more at www.thpc.co

🔥 Episode Summary

Guests: Steve Lupo (Chevron, Retired FBI) & Orlan Streams (RA Infrastructure)

Sponsor: CyberOne Security (www.cyberonesecurity.com)

Recorded live at HOU.SEC.CON, this episode brings together two unique perspectives shaping the cybersecurity landscape.

First, David speaks with Steve Lupo, Event Security Advisor at Chevron and a retired FBI agent, about the deep and often overlooked connection between physical security and cyber operations. From the role of InfraGard to counterintelligence insights and the enduring human attack surface, Steve brings clarity on how CISOs must merge both worlds.

Then, Orlan Streams, Cyber Threat Intelligence Analyst at RA Infrastructure, joins to explore the rapidly evolving space of threat intelligence, AI-driven analysis, OT security, mentorship, and communication at the board level. He also shares his own professional development journey—particularly his focus on improving writing and presentation skills to better influence executive decision-making.

🎧 Key Highlights

• What InfraGard is and why CISOs should engage
• How the FBI leverages private-sector intelligence
• Why physical and cyber security must be unified
• Human risk: the universal vulnerability
• Future of nation-state adversaries and cyber warfare
• Threat intelligence challenges in 2025
• The rise of AI + human judgment in intel analysis
• Why OT security is now unavoidable
• Professional development: writing, communication & influence
• Building the next generation of cyber talent through mentorship

🔗 Episode Sponsor: CyberOne Security

CyberOne Security delivers custom cybersecurity solutions built around your business strategy using their Defendable Network Framework. Whether you’re designing resilient architecture or strengthening threat readiness, CyberOne drives measurable outcomes aligned to your environment. CyberOne Security — Strategic. Measurable. Built to Defend.

📲 Follow The Professional CISO Show

Website: www.thpc.co

YouTube: http://www.youtube.com/@TheProfessionalCISO

LinkedIn: https://www.linkedin.com/company/the-professional-ciso-show

Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673

Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021

🔥 Episode Summary

In this St. Louis tour-stop episode, David Malicoat sits down with cybersecurity leader Moses Bulus to explore what it truly means to evolve into a professional CISO.

Moses shares his journey from early developer to building security programs from scratch, and ultimately into executive leadership — showing how business acumen, networking, and intentional mentorship shape the future of the CISO role.

Together they dive deep into the accelerating impact of AI, the rising urgency of data security, the realities of hybrid cloud environments, and how CISOs can better prepare both themselves and the next generation for what’s coming.

🎙️ What You’ll Learn

• Why CISOs must be intentional about developing the next generation of cybersecurity leaders
• How AI is exposing long-standing data governance gaps inside every organization
• The importance of returning to “Security 101” with access management and visibility
• Why hybrid IT + multi-cloud have expanded the attack surface beyond traditional models
• How to build influence, trust, and presence across the business — not just IT
• The power of networking and why it’s not optional for early-career professionals
• Moses’ doctoral research in phishing attacks targeting the manufacturing sector
• The limitations of traditional cybersecurity education and how leaders can fill the gap
• 
  

💡 Key Quotes from This Episode

• “It’s not about cybersecurity. It’s about the business.” — Moses Bulus
• “You cannot protect what you don’t know or what you don’t understand.” — Moses Bulus
• “CISOs must be intentional — not just about their own growth, but about developing the role itself.” — David Malicoat
• “Networking is your future. Think of it like calling your brother when you need help.” — Moses Bulus
• “AI has introduced new advantages, but it’s also exposed vulnerabilities we’ve ignored for years.” — Moses Bulus

🧠 Episode Highlights

• Moses’ origin story: developer → network engineer → first cybersecurity hire
• The executive leap: presenting to leadership early and building business fluency
• Why business conferences can matter more than technical ones
• AI’s dual nature: opportunity + internal risk amplifier
• Cloud governance challenges and API-driven risk
• Why security leaders must be present, approachable, and embedded in the business
• Rethinking hiring: degrees are helpful, but curiosity and problem-solving matter more
• Moses’ personal story of pursuing a doctorate for his mother — and how research changes thinking

🤝 Episode Sponsors

Premier Sponsor: Check Point (www.checkpoint.com)

Associate Sponsors: Armis (www.armis.com), GuidePoint Security (www.guidepointsecurity.com)

📌 Call to Action

Follow the show, share this episode with a colleague, and join us as we continue the mission to professionalize the role of the CISO.

🔗 Links & Resources

Website:https://www.thpc.co

YouTube Channel:http://www.youtube.com/@TheProfessionalCISO

LinkedIn Page:https://www.linkedin.com/company/the-professional-ciso-show

Spotify:https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673

Apple Podcasts:https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021

🏷️ Keywords

CISO, Cybersecurity Leadership, AI Security, Data Security, Cloud Security, Hybrid IT, Cyber Careers, Cyber Education, Moses Bulus, Professional CISO, Cyber Podcast, Cyber Risk Management, CISO Development

🎙️ Episode Summary

Episode 90 of The Professional CISO Show kicks off the GPSEC DFW series, recorded live in Dallas. Host David Malicoat welcomes Andy Lux, Kendall Reese, and Patrick Gillespie for a dynamic discussion on risk leadership, AI governance, and OT security. Together, they explore how the role of the CISO is evolving — from managing control frameworks to enabling business outcomes through smarter, risk-informed strategies.

🔑 Key Takeaways

• The CISO’s role continues to mature toward enterprise risk and business alignment
• AI adoption is accelerating, but governance and ROI remain top concerns
• Frameworks and cross-functional cooperation define future-ready security programs
• OT security is no longer separate — it’s central to national and business resilience

💬 Notable Quotes

🎧 Listener Benefits

By listening to this episode, you’ll gain insight into:

• Modern CISO decision frameworks
• Practical AI integration strategies
• Governance approaches for emerging tech
• The human and operational side of cybersecurity

📣 Call to Action

Subscribe, share, and join the movement to professionalize the role of the CISO.

Visit www.thpc.co for upcoming events, recordings, and sponsor opportunities.

🏆 Sponsors

• Premier Sponsor: Check Point (www.checkpoint.com)
• Associate Sponsor: GuidePoint Security (www.guidepointsecurity.com)

Brought to you by:

Check Point (www.checkpoint.com)

Armis (www.armis.com)

Guidepoint Security (www.guidepointsecurity.com)

🎙️ Episode Summary

During The Professional CISO Show – St. Louis Tour Stop, Zach Lewis joins host David Malicoat to discuss his path from IT support to the executive suite, his experience navigating a real ransomware incident, and his forthcoming book Locked Up (Wiley, 2026).

Wiley Books: https://www.wiley.com/en-us/Locked+Up%3A+Cybersecurity+Threat+Mitigation+Lessons+from+A+Real-World+LockBit+Ransomware+Response-p-9781394357048

Zach also explores how wilderness survival parallels cybersecurity—teaching preparedness, adaptability, and mental endurance—and why CISOs must lead with transparency and authenticity.

🔑 Key Takeaways

• CIO and CISO roles are converging faster than ever in modern enterprises.
• Sharing real breach stories removes stigma and helps the community grow.
• Wilderness survival mirrors the mindset needed for effective incident response.
• Writing a book can transform your professional credibility and brand.
• Visibility matters: every CISO should cultivate a public voice.

💬 Notable Quotes

🎁 Listener Benefits

• Hear a first-hand ransomware leadership story
• Learn how to balance dual CIO and CISO responsibilities
• Gain inspiration to publish your own cybersecurity insights
• Discover the surprising connection between wilderness survival and cybersecurity strategy

📣 Call to Action

Follow The Professional CISO Show on your favorite platform for conversations that move the cybersecurity profession forward.

🔗 Connect with Us

🌐 www.thpc.co

💼 The Professional CISO Show on LinkedIn

🎥 Watch on YouTube

🎧 Spotify

🍏 Apple Podcasts

Episode Summary

Recorded live at HOU.SEC.CON, The Professional CISO Show welcomes Tommy Perniciaro, Director of Solutions Architecture at LayerX, to explore why the browser has become the least-instrumented layer in the modern security stack — and how CISOs can finally gain visibility and control over it.

David and Tommy discuss everything from malicious browser extensions and OAuth-based phishing to AI prompt leakage and the emergence of “AI browsers.” Listeners will walk away with a new appreciation for the browser as the enforcement point of the future — and practical insights on deploying LayerX to close this growing gap.

Key Takeaways

• The browser is now a primary attack surface for enterprise users.
• LayerX gives security teams visibility and control without replacing browsers.
• GenAI tools and prompts can leak sensitive data if not monitored at the DOM level.
• OAuth-based phishing is bypassing traditional email and network defenses.
• Secure enterprise browsers struggle with user adoption — LayerX works inside the browsers you already have.
• AI browsers are emerging as the next battleground for identity and data protection.
• Post-quantum cryptography will further challenge network-layer inspection.

Notable Quotes

Listener Benefits

• Understand why browser visibility is critical in today’s SaaS-driven enterprise.
• Learn how to prepare your organization for the age of GenAI and AI browsers.
• Get practical deployment and change management insights for LayerX and similar solutions.
• Discover how browser-level inspection complements your EDR and network security stack.

Call to Action

Subscribe to The Professional CISO Show on your favorite platform and join the movement to professionalize the CISO role.

🎧 Spotify: https://open.spotify.com/show/2C7JojNZPdg1g6AXvpKDfn?si=a7ac3172bb414673

🍎 Apple Podcasts: https://podcasts.apple.com/us/podcast/the-professional-ciso/id1731138021

🌐 Website: www.thpc.co

Episode Summary

In this episode, host David Malicoat sits down in St. Louis, Missouri with Gary Chan, Chief Information Security Officer at SSM Health — and a professional Security Mentalist. Gary blends his background in cybersecurity, engineering, and mentalism to bring a refreshingly human and creative approach to leadership, awareness, and influence in the world of cyber.

From performing mind-reading demonstrations to explaining how storytelling drives executive buy-in, Gary shows us how creativity and communication can transform a CISO’s impact inside and outside the organization.

They dive deep into how CISOs can become better leaders, storytellers, and advocates for security — and why selling the “why” is far more powerful than explaining the “how.”

Key Takeaways

• 🎩 Magic Meets Cybersecurity: How Gary uses mentalism and showmanship to make security awareness engaging and unforgettable.
• 🧭 The Future of the CISO: Why tomorrow’s security leaders must master storytelling, influence, and emotional intelligence — not just technology.
• 💼 Selling the Business Case: How to translate “reduce risk” into tangible stories that matter to the CFO, board, and business leaders.
• 🧠 Leadership Lessons from the Stage: What performing magic taught Gary about persuasion, empathy, and audience connection.
• 💡 From VAR to Healthcare CISO: Gary’s career journey through consulting, sales, and healthcare leadership — and the lessons he carried forward.

Notable Quotes

Listener Benefits

• Learn how to communicate cybersecurity’s value through stories, not stats
• Discover practical ways to make security awareness fun and memorable
• Gain insight into leadership and influence beyond the technical realm
• Hear real-world lessons on career growth from consulting to the CISO seat

Call to Action

✅ Follow The Professional CISO Show on LinkedIn

🎧 Listen and Subscribe on Spotify or Apple Podcasts

🌐 Visit THPC.co for show updates and events

Guest Information

Gary Chan

Chief Information Security Officer, SSM Health

Security Mentalist & Speaker

🔗 Website: gschan2000.com

🔗 Search “Gary Chan Security Mentalist” for more information

Sponsors

This episode is made possible by:

• Check Point – 2025 Workspace Security Insights Roadshow (www.checkpoint.com)
• Armis – 2025 Cyber Warfare Report (www.armis.com)
• GuidePoint Security – Trusted cybersecurity expertise across Fortune 500 and government agencies (www.guidepointsecurity.com)

Hashtags

#TheProfessionalCISO #CybersecurityLeadership #CISO #GaryChan #SecurityAwareness #CyberCulture #SecurityMentalist #LeadershipDevelopment #StorytellingInSecurity #CISOShow #THPCShow