CyberWire Daily - Mid season reflection with Kim Jones. [CISO Perspectives]
Episode Date: February 3, 2026Please enjoy this encore of CISO Perspectives. In this mid-season episode, Kim takes a step back to reflect on the journey so far—revisiting key conversations, standout moments, and recurring theme...s that have shaped the season. During the episode, Kim sits down with N2K's own Ethan Cook to connect the dots across episodes, uncovering deeper patterns and takeaways. Whether you're catching up or tuning in weekly, this episode offers a thoughtful recap and fresh perspective on where we've been—and what's still to come. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
This exclusive N2K Pro subscriber-only episode of CISO Perspectives has been unlocked for all Cyberwire listeners through the generous support of Meter, building full-stack zero-trust networks from the ground up.
Trusted by security and network leaders everywhere, meter delivers fast, secure by design, and scalable connectivity without the frustration, friction, complexity, and calm.
of managing an endless proliferation of vendors and tools.
Meter gives your enterprise a complete networking stack,
secure wired, wireless, and cellular in one integrated solution built for performance,
resilience, and scale.
Go to meter.com slash CISOP today to learn more and book your demo.
That's METER.com slash CISOP.
Welcome back to this is.
So, I'm Ethan Cook.
I'm the writer here and 2K and editor of the Sissau Perspectives podcast.
Throughout the series, Kim's been pulling the deep conversations out of the conference
and tackling some of the most complex issues facing our industry from every angle.
Over the past few episodes, we've had some incredible guests.
Leaders who've built, broken, and rebuilt security programs,
tackled talent gaps head on and reshaped what it means to be a strategic leader in cybersecurity.
Now we're pulling back the curtain a bit to give you a deeper look into what we've been building here at SISO perspectives.
In this episode, we're hitting pause to reflect on the insights we've uncovered so far and set the stage for what's next.
Today, the mic turns to Kim as he becomes the guest.
I'll be asking him to look pack on the past eight episodes and share what stood out and talk about where the conversation goes from here.
I got to tell you, it's different being on the other side of the microphone.
I was going to say a little role reversal here.
Just a little, yeah.
So, you know, as we've gone through this journey together, you know, I've been on the behind
the scenes, watching the episodes, writing the blog post, seeing how these conversations
have transformed.
Making me look smart, and I'm very grateful for that.
Thank you.
Only a little bit.
Most of it's you.
The conversations have been really striking to me from someone who doesn't come from a
Sissau perspective.
It doesn't have a traditional.
role in cybersecurity. But I think something that has continued to stand out throughout this
conversation is not only how complex the problem is, but how multifaceted it is, as every
guest that you've talked to has approached it from a different viewpoint. So while we have had the
various episodes kind of evolve over time, one of the ones that stood out to me was episode
four with Will Markow. Oh yeah. Yeah, one of my favorites. So let me take a step back first and
get to what you talked about about the multifaceted aspect of this, Ethan.
And this gets back to one of the things we've wanted to do with this podcast.
You know, there's a lot of conversation everywhere I go and all my media feeds
regarding some of the more complex issues, including this one regarding talent.
Everyone seems to have an opinion, and everyone seems to give that opinion in the soundbite,
I just came back from a conference out in Denver where I was talking and listening to people talk about talent issues and concerns.
And whether or not college is worthwhile or not, whether or not certifications are worthwhile or not, whether or not there is a cyber talent gap.
And everyone is very quick to render a soundbite opinion that is firmly steeped in their own experience.
or just adamant, passionate belief.
And when you start to get them to peel that onion away,
no one seems to have time.
No one seems to have time to do the work to do the research.
And nobody seems to, in some cases,
maybe even have the desire
because they're too busy fighting the fires
that they have to fight today.
So I'm not trying to disparage anyone
who doesn't have the time to get down and dirty with things.
but you miss some of the nuance and complexity
if you don't do that.
Then as you've said, Ethan,
we're seeing that,
we're definitely seeing that as we go forth.
I was going to say,
people have this unwillingness,
whether it's maybe because of a lack of time
or maybe because a lack of desire
to really investigate this problem,
dive into it,
and instead are focusing on fighting the fight
that is incredibly important across the nation.
And this is a theme that has come up, not just in Will's episode, but across many of our episodes about why do we have this misconception?
Why do we have the sound bite moments or people unwilling to?
And Will stood out to me in his conversation.
It would be a nice little transition to talk about that episode a little bit more.
But he talked about how people are engaging in this almost bloodbath, I think, was the term he used.
To acquire top talent and will always, you know, kind of feast upon talent and engage in the
this sort of arms race almost to a degree rather than nurturing and developing talent.
And that was a theme that we found throughout many of the conversation.
So, you know, I think I would love you to dive a little deeper into that and talk about,
is that because it's simpler?
Is that because it's more cost effective?
Is that because why do you think that we have this bloodbath, so to speak?
Several reasons.
I genuinely believe it is not an issue of negligence.
or malfeasance, I think it's an issue of time more than anything else on one end.
A lot of people don't have the time, given the firefight that they're in,
to look at investing in a long-term strategic approach when the issue is tactically,
I need someone who can do this now.
The other end of that is fear.
one of the things I said at the keynote I did at the conference is that we're living in a cycle that's being driven by fear as cyber professionals, which is really interesting since we talk about driving out fear, uncertainty, and doubt.
And here's where I'm coming from with that.
As the job description gets larger, as the stakes potentially get larger in terms of fines, penalties,
sanctioned by the SEC, even potentially jail time by other organizations.
The challenge here is nobody wants to make a mistake.
We have created an environment in that ecosystem that says,
I have to be right 100% of the time,
which by definition sets the profession up for failure.
yet we have set ourselves up and created an expectation that we can't fail, we can't get it wrong.
And we perpetuate that with our constituents.
So why am I going to take someone who has the potential for doing great and wonderful things and nurture them and grow them, etc., when I can steal someone who has the ability to do it,
now has demonstrated they have the ability to do it now.
All I have to do is pay them 5 to 10% more than they were making over there,
and I can grab them and bring them here.
So there's a lot of fear within our ecosystem that is perpetuating this problem,
if that makes any sense.
No, absolutely.
I think there is a question that I kind of come back to then,
which is then how do we change this perspective?
Is this something that we have to do internally?
Is this something, you know, you mentioned fines, that's something that comes from a government body?
Is that something we have to change from an executive perspective?
Where do we bridge this gap?
Or how do we even begin to solve this?
Because this was a reoccurring problem that we found throughout the season so far.
Well, I think, and, you know, the short, flippant, yet accurate answer is listen to the season up to now as well as the other four episodes that are coming.
Because that's what we're trying to tee up within the environment.
But that's the short, flippant, though accurate answer.
What I would say the long answer is, is consistency.
And the thing that I think, with the direction I think I'm heading in right now,
is there a perfect one-size-fits-all answer out there?
No.
But you have to be consistent in your approach.
And as an example, you can't tell me that college doesn't matter,
yet the only place you recruit from are people with college degrees and universities.
You can't tell me that all it matters is skill sets and your ability and not define.
And there's that dirty, nasty word I use every episode, knowledge, skills, abilities, and experience.
and can't define the KSAEs that you're looking for,
or you're not testing for those KSAEs when you go to interview people
and you're not accurately putting them within your job descriptions.
So what I'm beginning to get a sense of,
just based upon me stepping back
and talking to the thought leaders within this space for eight episodes
and four more to come,
is if I were to label our biggest headache,
its inconsistency.
And whichever approach we choose to take either as a profession or you as a C-So within your
organization, I contend that the vast majority of us are being inconsistent in our approach.
And that's what's shooting us in the foot.
So again, I think the first solution is consistency, regardless of what opinion you have
as to what the correct, big air quotes, correct approach to the problem is.
And I feel comfortable saying, and again, I said this recently at a conference,
we have nothing, if not, inconsistent regarding our approach to this problem, and we continue to be.
No, I think that is a great starting point.
You know, and I think a thing you noted in there where, you know, how we assess and approach
talent ties into another episode that we had.
And this episode revolved around diversity
and in assessing where we get talent,
what is the value of talent
and the different values that various people
coming from different backgrounds
bring to your organization.
But this episode was a little different
from the other ones that we did.
This episode, we did not have a guest.
You ran this one by yourself.
So before we talk about the content
of what you talked about in that episode,
I would love for you to kind of shed some light
for our audience about why you chose
to take this one head on.
Yeah.
Diversity, equity, and inclusion have become a contentious rallying point within our nation right now.
There are political ramifications and overtones that sit around that issue.
And I got to tell you, I've had almost 40 years of experience and intelligence and security and risk.
You know, about 25% of that, you know, in service to my nation.
And I've done a lot of hard things.
And to this day, I have been in situations where people have questioned whether or not I've earned the right to be where I am.
Questioned whether or not I'm just a diversity hire, despite the fact that I tend to take the jobs
that nobody else wants to take.
In this environment,
it's difficult to make statements regarding DEI
that people don't assume are politically motivated.
And the way I've chosen to approach DEI is,
look, on one end, I don't want anyone
to assume that I'm making a political statement.
I tend to be very apolitical regarding things.
I have opinions.
I'm not averse to expressing my opinions,
but I'm also not qualified to make statements
regarding politics or economics within the environment.
Where I am qualified, more than most, to be very direct,
is to talk about security.
and is to talk about the potential impact of diversity or a lack thereof on our ability to secure this great nation, on our ability to meet the needs of our constituents.
So it's important to me as an African-American male who were members when there are only 27 CSOs in the entire U.S. who looked like me, and we all know.
knew one another and several of us are still in the game to make sure that I am communicating
properly and factually where I can regarding the importance of diversity within cybersecurity.
And I would contend that it's not a political issue.
It's an issue regarding critical thinking.
And given that our job is to make lemonade out of two apples of grapefruit,
to come caught and make it look easy and move from telling people no to trying to tell them how
to do something in a more secure fashion than the idiotic method they may have approached this with.
I need people who can think outside of the box.
And for me, outside of the box, and I think I said this during that episode, is just applying
previous experience and knowledge in a different way to the problem that you have here now.
And if we all have similar backgrounds, similar ethnicity, you know, similar stories, et cetera,
then we're all going to think about the problem in a similar fashion.
That limits our creativity.
It limits our ability as teams to think critically and therefore to come up with unique and innovative solutions to problems that work in this fast-paced state-driven economy.
So I fervently and staunchly believe that diversity,
is absolutely essential for a cyber professional and their team to succeed.
Well, I think you're right.
You know, outside of your episode where you talked about this issue,
when I wrote the blog post that kind of echoed that,
the evidence supports everything you say.
There are studies that have supported it about the value it brings,
not just from a business perspective in terms of returns and productivity,
but also in terms of within a team,
we're making less errors, accounting for errors, raising more facts, et cetera.
And that extends beyond just race or gender.
It extends to background.
And I think that also...
Background, economic status.
The list goes on.
You know, I'm not just talking race and gender.
Those are definite factors.
But I'm also talking, like, any measure, I don't want people who think like me.
I know how I think and I know how crazy I am.
I want people who think different.
I want people who are going to challenge the way I look at problems.
I tell this war story and you know in terms of thinking critically about a problem, thinking
differently about a problem.
One of my last CSO gigs, I was a physical as well as information security officers where
I ran the guns and the geeks and I used to walk our two buildings every day.
So the first two hours of my day were nothing but going on a walkabout.
this one morning, three of my best engineers were huddled around the desk, tried to deal with
Rob.
And I, as I normally, say, hey, do you need me?
And they said, nope, okay, fine.
You know, the boss doesn't need to stick his nose in.
He's going to keep going.
I got back an hour and a half later, and they were still huddled around the desk.
That's a lot of thought power.
That's a lot of money sitting around.
It's like, okay, you guys have been here for 90 minutes.
What's going on?
So what happened was we were putting in a new security tool.
We owned our data centers, and the requirement for the tool was that we have high availability,
preferably between two data centers.
The problem is one of our data centers was tapped out for power.
We could not put another box in that data center.
So they were trying to figure out how we create a high availability situation,
given the fact I couldn't put anything in two data centers.
So I stopped for 30 seconds and said, okay, wait a second.
Correct me if I'm wrong.
Both of our data centers have power coming from two separate transformers, right?
And the plugs are labeled regarding the two separate transformers they come from.
So if I were to put two boxes in the same data center plugged into power that comes from two separate transformers, it's not perfect.
But I can create a high availability situation until we can get more power on the same.
the other data center, right? And the person who has to approve that is the first senior
vice president in the food chain, which, oh, by the way, happens to be me. So why can't we
do that? I had three very, very smart technical people who I would trust my infrastructure to
any given day, who had spent an hour and a half and admitted freely that it never occurred to
them. They had never even thought that that was a possibility. That's the value of critical thinking.
That's the value of making lemonade out of two apples or grapefruit and a cumquot. I came up differently than
they had, you know, from my military background, et cetera, and I'm used to solving problems with duct tape
chewing gum and bailing wire. And it allowed me to look at the problem a little differently than
they had, there's only really two ways to develop better critical thinking skills.
One is experience. The other is somebody else's experience. And unless you want to be old like I am,
you know, wait for four decades. I like to lean on other people's experience and learn from
them and get better. Have you ever imagined how you'd redesign and secure your network
infrastructure if you could start from scratch?
What if you could build the hardware,
firmware, and software with a vision of frictionless
integration, resilience, and scalability?
What if you could turn complexity into simplicity?
Forget about constant patching,
streamline the number of vendors you use,
reduce those ever-expanding costs,
and instead spend your time focusing on helping your business
and customers thrive.
Meet Meter, the company building full-stack
zero-trust networks from the ground,
up with security at the core, at the edge, and everywhere in between.
Meter designs, deploys, and manages everything in enterprise needs for fast, reliable,
and secure connectivity.
They eliminate the hidden costs and maintenance burdens, patching risks, and reduce the
inefficiencies of traditional infrastructure.
From wired, wireless, and cellular to routing, switching, firewalls, DNS security, and VPN,
every layer is integrated, segmented, and continuously protected through a single unified platform.
And because Meter provides networking as a service, enterprises avoid heavy capital expenses and unpredictable upgrade cycles.
Meter even buys back your old infrastructure to make switching that much easier.
Go to meter.com slash CISOP today to learn more about the future of secure networking and book your debt.
That's M-E-T-E-R-com slash C-I-S-O-P.
So jumping gears a little bit here.
You mentioned the key word at the end of that phrase,
and that was experience and the value of gaining experience.
And this was a conversation in episode seven
where you sat down with Laura and talked about education.
Yeah.
And talked about how colleges structure their programs
and some of the difficulties that people have had getting experience to their students.
And my favorite sign, and all this came from a different episode,
but I think it applies very much so to Lars' episode,
was there are no such thing as purple unicorns.
Yeah.
And I love that, and it has stuck with me since the very beginning of the season,
and I felt like it came full circle with that episode.
So I would love for you to talk about, you know, what it means to get,
get experience, the challenges associate a little bit more and dive into why you tapped Laura for that episode and why her perspective on that really shed some light.
So let's answer the last question first.
Dr. Laura Ferry is now the vice president of research at Arizona State.
I met Laura because she had the dubious distinction of being my boss when I was building a cyber degree program at ASU.
So she got some direct exposure to some of the challenges associated with cybersecurity in general.
Combined with me learning how to maneuver within a university setting,
which if you've never done it, you don't fully understand some of the real challenges that exist
in terms of trying to make certain that we're meeting the mission of the university,
the needs of the university and academia,
while they continue to figure out how to meet the needs of the business they support.
And one of the things that I tapped Laura Ford was because they're in the midst of the cyber talent argument,
there is this, well, I'll go so far as to say there is this staunch misperception that college is worthless
and that there is no need for you to have a college degree to get into cyber.
Well, yes, there are jobs that do not require a college degree,
but there's a one, there's some value proposition,
part of that is critical thinking,
because it forces you to do and think about things that are outside of your realm of expertise
if you do it properly.
But there are also a lot of good programs out there
that are attempting to make certain,
that students come out with some real-world hands-on experience so that they understand not only the tool sets, but the realities associated with operating cyber in any sort of environment to go forth.
And I would contend that that bias against academia and that very, very staunch, it's almost like a civil.
war within cybersecurity is truly hurting our ability to solve the talent problem.
You know, despite the fact that while we're biased against it, we're still recruiting
from colleges and universities, you know, in many organizations as we go forth.
So, well, that's why I asked Laura, and that's why I wanted to talk about the value of
college.
But the experience piece, which has come up a couple of times to include the Purple
Unicorn first episode that we did.
It gets to the, we're stealing talent.
We're not creating talent.
We're stealing talent.
And we're breaking our talent decisions on experience.
I want you to have already done what I am looking for you to do
and have done that specifically for me to hire you.
So we're stealing people.
And there's a great mind and I'm going to steal it from,
I told Will Mark how I was going to steal this.
We're hiring mercenaries, not missionaries.
We're hiring people who can come in and say, hey, for 10% more money, we'll come in and do this thing for you.
I know you don't care about training or growing me, et cetera, so that when somebody offers me 10% more than you offer me, I'll go somewhere else.
And then we're complaining that we can't find the talent or resources, and we don't want to spend the time to build it.
So we're looking for that purple unicorn with the rainbow butterfly,
wings sitting out there right now who has three years of experience in exactly the tools I'm
looking for, has all the certifications I'm looking for and wants to work for $50,000 a year.
And then we complain when we can't find him or her.
And I think it goes to the point that we're brought up, which was when we design these
programs or when she was designing these programs and working with industry leaders, there was
this huge expectation, well, I want you to code the way I can.
code. I want you to use the tools that I use. It's not that I don't want just to your point,
I just want you to have experience. I want you to have hyper-specific experience.
Which is antithetical to what a college can or should be doing.
Because, and again, I'm probably going to paraphrase Laura in the episode, we now create an individual
who is absolutely positively perfect for your job requirement, but may not be high.
anywhere else or promotable anywhere else in the environment,
neither of which is we should want any university or, hell, even any trade school, to be.
I mean, that's a problem.
And I found it to be a funny, you know, conversation because, you know,
I graduated from college a couple years ago for my undergrad,
but there was a point where I was sitting during the episode and writing the blog post
where I sat to myself and asked this question.
it sounds like businesses or organizations are trying to offload training costs onto the individual
or the college, the college will train them to get exactly what they want.
They get the person right out the gate who they want or the experience, whatever they want
without having to put in any of the work.
And kind of feeds into this mercenary mindset where it's, I don't really want to develop
or nurture any talent.
I want the solution now.
And if the person can do it on their own time, all the better.
Yeah, and it also harkens back to episode two that I did with very wide side, which is, are we a trade versus a profession?
And there's a lot of truth to say that we may be both and that there's a pivot point for both, but we still haven't been consistent regarding what the requirements are during that trade.
So if we're going to be a trade, then, and we say that we need these technical things, we need to create, there's that nasty C word again, consistent.
regarding what those things are.
And if we were willing to say that if you knew these things,
then I can take you and drop you into any of my environments to do any of the things
that I need to, then I would buy the fact that, yeah, you know,
it's okay for us to expect that a university or an individual or a two-year college
or insert method here should be training that individual
so that when they get out, they can do this thing,
that thing can go anywhere.
That's not what we want.
We want to do this specific thing,
pivoted about five degrees that I've done customized here,
and I want you to prove it by doing it somewhere else.
So in that respect, yes, we are inappropriately,
unfairly, and unrealistically.
attempting to shirk, you know, responsibilities of any good profession and any good trade
to make sure that we create a virtuous cycle that allows for training and growth.
This relates to another, you know, really good conversation that you had with my former boss, Simone.
You all talked about, and one of the things that she stood out and mentioned was, you know,
you brought up her law background and the value of implementing a bar-like association for cyber.
and this universal certification system that's accepted across the board within lawyers and the legal profession.
And akinning that to some of the – because with her background and certifications and how muddy, I guess, that sector has become, so to speak.
Yeah, I mentioned at the time, I think, and I know you pull the reference to the blog post,
that there were like over 450 separate search that you could get within cyber and what's required and what's not.
But the challenge that we have here is when somebody asked me, and this was another question I answered at the conference I was at last week, actually, no, this wasn't the conference.
One of the other things I do is I'm a lecturer in UC Berkeley's Master's and Information and Cybersecurity Program.
And I was talking to a group of incoming students.
And they normally have one of the professors talk to the students with some of the people in the program.
and some of the grads so that the new students can figure out what it's like.
So I was supposed to talk for five or ten minutes,
and then we were going to open up the questions,
and I answered questions for 45 minutes.
And one, because these are, some of them are straight from bachelor's into master's degree,
but a lot of them are working professionals,
either working professionals in IT who want to go cyber
or career transitioning, et cetera, within the environment.
and I was talking to a network engineer who was passionate about going to cyber,
in addition to getting his master's program, asking what certifications he should get
that would be recognized by industry as something that is valuable that will help him
or him get his next job or break into the profession.
So the challenges that we've had is as we've begun to narrow in on certain skill sets and certain capabilities, et cetera,
and we're looking for certain specific things within the environment,
it's getting to the point that there are specific certifications for specific technologies or specific functions.
And if you don't know what specific function that you wish to deal with or what specific technology,
the company you wish to go with is using, it gets very difficult to say,
which certification should you get A or B?
Well, yes.
And then conversely, there are more generic certifications out there that tend to be more holistic,
such as I'll pick on the CISP.
You write wrong or indifferent.
The CISSP does give you a good holistic viewpoint of the various aspects
and the common bodies of knowledge that need to be looked at within cyber.
But to get the CISP, you have to have five years of experience.
So where do you start? What do you get? And remember, all of these things cost money and time.
So where do I tell someone who knows that they want to get into cybersecurity, but doesn't necessarily know all of the potential jobs and opportunities that exist in cybersecurity, what certification should they take?
And how many should they have?
the network engineer I was talking to said at one point,
I had 15 different sets of letters after my name.
And at one point early in my career, I had 22.
So, you know, figuring out what makes sense and what's useful
and what's not useful, et cetera, is hard.
Yet we sit there and in some cases we use certifications as screenouts.
There are folks who, because of the automated tool sets, etc.,
are looking for the CISP.
They're looking for, okay, if you don't have a CISP,
we're going to flush you and not even take you to the next step
where a human being looks at your resume,
which gets very interesting because they're looking for this
for entry-level positions with two years of experience
and you can't get the CISP until you have five.
And then you get others that if I don't have the right certification,
then I don't think you know enough about your particular, you know,
the job that I'm looking for.
Yet conversely, I know, and I think I mentioned this in the episode, I know some great cyber professionals who genuinely suck at test taking.
So, you know, certification has become more of an industry or business to include the continuing professional education credits associated with maintaining them.
It has become more of an industry or a business in many cases than something that proves.
out your ability to do the gig.
Now, let me take a half step back.
I do believe, and I talk about this in detail with Simone,
that there are some value propositions to certifications,
and there's a right way to do it.
So I am not denigrating, dissing, poo-pooing certifications,
you know, any blanket statement.
And if you still don't believe me,
please take a moment and go listen to the episode
when we talk about some of the pros and cons that are there.
But it's important to remember that just as there are a pro,
there for certifications, and I still maintain several of them, there are also some cons and challenges
to, you know, what they are, how we get them, and how we are using them, you know, in terms of
seeking talent and maintaining talent in the environment.
Well, I think it harpins back to the point you made earlier.
Consistency.
Yes.
And consistency from both...
That nasty sewers going to be there for a long time.
Consistency from both a organizational perspective.
consistency from a CISO perspective,
shout out to the show name,
consistency from an employee perspective or a prospective talent.
And being consistent in how you approach it,
how we approach it as an organization,
how we approach it as an industry,
I think will be critical.
And I look forward to the conversations that are to come
and the conversations that we have yet to have
over the next three episodes
and eventually the season finale
where we break down this conversation even further
and look at it from a few other angles.
Yeah. So, Kim, I appreciate you taking the time to sit down and take this brief moment to reflect on how far we've come through this season and take a step back and give some perspective on both what you think about the season as well as share that with the audience who may not have had the chance to see some of these episodes.
And if you have not, I highly recommend becoming an N2K pro subscriber. So thank you for your time.
Yeah, I appreciate that.
So for those who are interested, we've teased that there are more episodes coming, and there are more episodes coming this season.
I would echo what you said.
Subscribe if you're interested, because I think you will enjoy the depth and breadth of the conversation we're having.
So with that, Ethan, I appreciate you allowing us to flip the mic for a change.
Yeah, it was fun.
I hope it's been useful.
It's been incredibly useful and it's been incredibly enlightening.
Thank you for coming on.
Kim. Thanks for having me. Today was a moment for reflection. An opportunity to look back at the journey
we've taken this season and we visit the powerful insights shared by the guests who joined us.
From tackling the cyber talent crunch to reimagining what strong security leadership looks like
in a shifting threat landscape, we've covered a lot of ground. If you've been with us all season
as a pro subscriber, thank you. We hope these conversations sparked new ideas.
challenged your thinking and offered actionable takeaways to bring back to your organizations.
And if you've only caught the first few episodes, now is the perfect time to subscribe.
There's more ahead, and you won't want to miss it.
Speaking of what's ahead, our season finale is just around a corner.
I'll be sitting down with Ethan Cook, who's been closely tracking each episode and authoring
the companion blog posts all season long.
Today he interviewed me.
Next, I get to turn the tables and interview him.
We'll bring it all together in one final conversation,
weaving together the themes from across the season
to explore where the role of the CISO is headed next.
So make sure you're subscribed,
and we'll see you back here for the finale.
That's a wrap for today's episode.
Your continued support enables us to keep making shows like this one.
Tune in next week for more expert insights
in meaningful discussions from CISO perspectives.
This episode was edited by Ethan Cook,
with content strategy provided by MyOn Plot,
produced by Liz Stokes,
executive produced by Jennifer Ivan,
and mixing sound design and original music by Elliot Pelsman.
I'm Kim Jones, and thank you for listening.
Securing and managing enterprise networks
shouldn't mean juggling vendors,
patching hardware, or managing endless complexity.
Meter builds full-stack, zero-trust networks
from the ground up,
secure by design,
and automatically
kept up to date.
Every layer,
from wired and wireless
to firewalls,
DNS security,
and VPN
is integrated,
segmented,
and continuously protected
through one unified platform.
With meter security
is built in,
not bolted on.
Learn more
and book your demo
at meter.com
slash CISOP.
That's METER.com
slash CISOP.
And we thank Meeter for their support in unlocking this N2K Pro episode for all Cyberwire listeners.