CISO Confidential

Episodes

• Inside History's Biggest Cyberattack - SolarWinds | Tim Brown's Untold Story w/ Saket ModiMay 9, 2026 · 17 minIn this CISO Confidential episode with Saket Modi, Tim Brown - former CISO of SolarWinds, opens up about the SUNBURST attack that compromised 18,000 customers worldwide and reshaped the cybersecurity industry overnight. Tim walks through the first 48 hours of the breach, the anatomy of the nation-state attack that sat undetected in SolarWinds' build system for nearly a year, and the brutal personal toll that followed - including the SEC's unprecedented decision to charge him personally, and the heart attack he suffered in the middle of it all. The conversation goes deep on what every CISO should know about contracts, liability, and risk quantification in a post-SolarWinds world.PlayPlay Inside History's Biggest Cyberattack - SolarWinds | Tim Brown's Untold Story w/ Saket Modi
• The CISO Playbook for High-Speed Decisions w/ Ben Smith | CISO Confidential | Saket ModiFeb 12, 2026 · 11 minIn this CISO Confidential episode with Saket Modi, Ben breaks down the real playbook for high-speed security decisions: building “networks in a box” before supply chains locked up, balancing controls with urgency, and evolving from scrappy crisis-mode fixes to a mature, defensible risk program. The conversation also goes deep on why quantifying risk (and aligning with standards like FAIR and insurer expectations) is becoming essential for communicating with executives and making smarter security investments.PlayPlay The CISO Playbook for High-Speed Decisions w/ Ben Smith | CISO Confidential | Saket Modi
• The $20M Coin Flip: Cyber Risk in Real business termsSep 27, 2025 · 16 minCISO Confidential: Speaking Exec – Tony on Turning Cyber Risk into Business Decisions In this eye-opening episode of CISO Confidential , host Saket Modi sits down with Tony, a seasoned technology risk leader, to unpack one of his most vivid experiences: a SQL injection attack that triggered suspected customer data exfiltration. Tony shares not just the technical details of the breach, but the human, cultural, and boardroom dynamics that unfold when systems are at risk. He emphasizes that cyber risk is not about red, yellow, or green - executives don’t speak in colors. They speak in dollars and decisions. From incident response handoffs (security to legal, PR, and execs) to quantitative cyber risk modeling (CRQ), Tony explains how reframing risk in financial terms helps executives take decisive, proactive action. 🔥 Key Insights from Tony: ✔ Speak the language of business: CISOs must translate risk into dollars. ✔ Incident response is a company-wide effort - legal, PR, and executives matter as much as security. ✔ CRQ isn’t new - it’s actuarial science applied to cyber. ✔ Cooler heads prevail: practice through tabletop exercises. ✔ Risk isn’t the end goal - decisions are. If you’ve ever struggled with how to get buy-in from the board or explain cyber risk in a way that secures real action, this episode is a must-listen.PlayPlay The $20M Coin Flip: Cyber Risk in Real business terms
• Post-Breach Action Plan: When Systems Go Down for Days w/ Drew Simonis | Saket @ CISO ConfidentialSep 21, 2025 · 14 minCISO Confidential: Leadership Under Fire – Drew Simonis on Surviving a Week-Long Cyber Crisis Saket Modi sat down with Drew Simonis to unpack what it really feels like to lead through a prolonged cyber incident. In this episode of CISO Confidential, Drew goes beyond the technical details to reveal the hidden pressures — from executives demanding answers to teams struggling with burnout — and shares how empathy, preparation, and leadership are what truly matter in a crisis. Drew Simonis has decades of experience in enterprise cybersecurity, advising global businesses on risk, resilience, and security culture. His candid insights will resonate with CISOs who know that it’s not just about frameworks and tools — it’s about guiding people through uncertainty. 🔥 Game Changing Insights for CISOs ✔️ Preparation is everything — without continuity plans, chaos multiplies. ✔️ Security is about ensuring tomorrow looks like today — no surprises. ✔️ Too many executives in the room can kill progress — control the flow. ✔️ The CISO doesn’t own the risk — the business does. ✔️ Empathy > Technology — the best leaders focus on people first.PlayPlay Post-Breach Action Plan: When Systems Go Down for Days w/ Drew Simonis | Saket @ CISO Confidential
• You won’t believe What Happens after a Cyber Breach w/ Supro Ghose | CISO Confidential | Saket ModiAug 31, 2025 · 14 minCISO Confidential: What Really Happens After a Cyber Breach – Supro Ghose on Leadership Under Pressure Saket Modi sat down with Supro Ghose, CISO of Graphene Security, to explore what it truly means to lead with resilience in today’s evolving threat landscape. In this episode of CISO Confidential, Supro opens up about the human challenges behind the role, navigating burnout, driving cultural change, and finding balance between business priorities and security realities. From building trust with executives to mentoring teams through uncertainty, Supro shares stories and strategies that go far beyond frameworks and checklists. This candid conversation shines a light on the emotional intelligence and leadership qualities every CISO needs but few openly talk about. Supro Ghose is the Chief Information Security Officer at Graphene Security, where he oversees enterprise cyber defense, governance, and risk strategy. With a career spanning more than two decades, Supro has held senior security leadership roles across global financial institutions, consulting, and tech startups. He is known for his ability to combine technical depth with boardroom influence, translating complex security risks into actionable business priorities. At Graphene, Supro focuses on embedding a proactive, people-centric approach to security, empowering teams, fostering resilience, and enabling innovation while protecting critical assets. Beyond the office, he is a mentor and advocate for building the next generation of diverse cybersecurity leaders. 🔥 Game-Changing Advice for CISOs ✔️ Security is about people first — technology follows. ✔️ Culture eats controls for breakfast — embed security in everyday behaviour. ✔️ You can’t pour from an empty cup — prioritize mental health and resilience. ✔️ Speak in the language of business — that’s how you win board alignment. ✔️ The future CISO must balance empathy with execution — it’s not just about stopping breaches, it’s about leading people. Hosted by Saket Modi, CEO of SAFE, CISO Confidential pulls back the curtain on real-life breach stories from top security leaders. If you’ve ever wondered what really happens during a cyber crisis, or what a day in the life of a CISO is like, this podcast is your front-row seat to the action.PlayPlay You won’t believe What Happens after a Cyber Breach w/ Supro Ghose | CISO Confidential | Saket Modi
• Behind the Breach: The Pressure on CISO w/ John Sapp | Saket ModiJun 22, 2025 · 11 minCISO Confidential: CISO Pressure - Leading Through a Breach Saket Modi sat down with John Sapp, CISO of Texas Mutual Insurance Company , to talk about what it really feels like to lead a security team through the aftermath of a major breach. In this episode of CISO Confidential, John shares how he responded when a large-scale attack struck his organisation. From FBI involvement to restoring internal confidence, John reflects on the decisions, pressure, and communication challenges that tested him as a security leader. This is the kind of behind-the-scenes look CISOs rarely share—and every security leader should hear. John Sapp is the Chief Information Security Officer at Texas Mutual Insurance Company , where he leads enterprise cybersecurity strategy, governance, and risk management. With more than 20 years of experience in IT and security leadership, John is known for his ability to align cybersecurity initiatives with business priorities, ensuring resilience and trust in regulated environments. He has deep expertise in incident response, board-level risk communication, and driving cultural transformation in cyber programs. At Texas Mutual, John focuses on maturing the company’s security posture while enabling digital transformation and protecting the sensitive data of policyholders and partners. He brings a calm, analytical approach to leadership — especially in high-pressure situations—and is passionate about mentoring the next generation of security professionals. 🔥 Game Changing Advice for CISOs ✔️ Control the message, not the moment - Shaping your response without having all answers. ✔️ Risk must translate into business language - Executives respond to business risk not tech metrics. ✔️ Don’t lead alone - You need alignment with legal, PR, and federal agencies. ✔️ Rebuilding trust takes more than tech - Posture, planning, and presence matter more than your stack. ✔️ Your calm sets the pace - How you show up in the chaos influences how your board, team, and executives follow. Hosted by Saket Modi, CEO of SAFE , CISO Confidential pulls back the curtain on real-life breach stories from top security leaders. If you’ve ever wondered what really happens during a cyber crisis, or what a day in the life of a CISO is like, this podcast is your front-row seat to the action .PlayPlay Behind the Breach: The Pressure on CISO w/ John Sapp | Saket Modi
• CISO Confidential: How a CISO Turned a Misstep into a Playbook for Cyber ResilienceMay 17, 2025 · 16 minCISO Confidential: Breach Incoming – Leading Through a Live Cyber Incident What really happens when a breach hits and you're the one responsible? In this episode of CISO Confidential , SAFE’s CEO Saket Modi sits down with Brandon Pinzon, a veteran CISO in financial services and insurance, to unpack the reality of leading security through a live cyber incident. Brandon shares an unfiltered look at one of the most intense days of his career—when alerts fired, pressure mounted, and decisions had to be made in minutes. From navigating executive meetings with limited information to making fast, high-stakes calls, Brandon reflects on the lessons only real-world experience can teach. 🔒 About the Guest Brandon Pinzon is an accomplished cybersecurity leader with over 20 years of experience across top-tier financial and insurance firms. He has held senior roles at companies like Argo Group and Charles Schwab, leading security strategy, incident response, and enterprise risk initiatives. 🔥 Key Takeaways for CISOs & Security Leaders Don’t wait to perfect the plan—act decisively Set the tone, not just the strategy, in a crisis Lead people, not just processes Communicate clearly—even without all the answers Use every incident as a learning opportunity Whether you're a CISO, security practitioner, or executive navigating risk at scale, this episode offers practical insights on leadership, resilience, and real-time decision-making when the stakes are highest.PlayPlay CISO Confidential: How a CISO Turned a Misstep into a Playbook for Cyber Resilience
• Building a Smarter Cyber Strategy in Healthcare w/ Anand Singh | CISO Confidential | Saket ModiMay 4, 2025 · 9 minCISO Confidential: How a CISO Turned a Misstep into a Playbook for Cyber Resilience In this episode of CISO Confidential , SAFE’s CEO Saket Modi sits down with Anand Singh , Former Chief Information Security Officer at UnitedHealth (OptumInsight) , to uncover what it truly feels like to lead security in one of the world’s largest and most complex organizations. Anand opens up about the emotional weight of missteps, how a $10 million security investment went sideways, and what he’s done since to drive smarter, risk-driven decisions. Anand Singh is the Former Chief Information Security Officer at UnitedHealth (OptumInsight) , where he leads cybersecurity strategy for the company’s data-centric security platform. With a career spanning both large enterprises and high-growth startups, Anand brings deep expertise in building risk-driven security programs, aligning cybersecurity with business goals, and fostering innovation through secure technology adoption. Prior to his current role at Symmetry Systems, he held senior leadership roles at organizations including UnitedHealth Group and Target, where he oversaw large-scale security initiatives and complex technology deployments. 🔥 Game Changing Advice for CISOs ✔️ Don’t let compliance drive your technology roadmap ✔️ Adopt a risk-driven, not regulation-first, mindset ✔️ Leverage agile vendors to accelerate innovation ✔️ Prioritize feedback from your practitioners, not just your peers ✔️ Translate technical success into measurable business impact Hosted by Saket Modi, CEO of SAFE , CISO Confidential pulls back the curtain on real-life breach stories from top security leaders. If you’ve ever wondered what really happens during a cyber crisis, or what a day in the life of a CISO is like, this podcast is your front-row seat to the action .PlayPlay Building a Smarter Cyber Strategy in Healthcare w/ Anand Singh | CISO Confidential | Saket Modi
• What Keeps a Healthcare CISO Awake at Night w/ Erik Decker | CISO Confidential | Saket ModiApr 13, 2025 · 18 minSaket sat down with Erik Decker, Chief Information Security Officer at Intermountain Health, taking us deep into the real frontline of cyber defense in hospitals. From ransomware attacks that lock critical systems to the unseen war on patient data, this episode uncovers the threats you don’t hear about — and why healthcare might be the next battleground. If you’re in cybersecurity, risk, or tech leadership, you need to hear this. Erik Decker is the Chief Information Security Officer for Intermountain Health, a multi-state integrated delivery network based in Salt Lake City, Utah . Erik has 24 years of experience within Information Technology, with 17 years focused on Information Security. He serves as the Chairman for the Healthcare Sector Coordinating Council’s Joint Cybersecurity Working Group, which is a critical infrastructure public-private partnership organization covering more than 450 organizations and over 1,000 members. He co-leads the Department of Health and Human Services (HHS) 405(d) task group focused on implementing the Cybersecurity Act of 2015, 405D legislation within the Healthcare sector. The publication was released in December 2018, titled “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” (HICP). 🔥 Game Changing Advice for CISOs ✔️ The hidden vulnerabilities in modern hospitals ✔️ The pressure of 24/7 incident response ✔️ The Harsh Reality of the CISO Role ✔️ Building a security culture in a life-or-death industry ✔️ What CISOs must learn from healthcare playbook Hosted by Saket Modi, CEO of SAFE , CISO Confidential pulls back the curtain on real-life breach stories from top security leaders. If you’ve ever wondered what really happens during a cyber crisis, or what a day in the life of a CISO is like, this podcast is your front-row seat to the action .PlayPlay What Keeps a Healthcare CISO Awake at Night w/ Erik Decker | CISO Confidential | Saket Modi
• The Untold Truth: How to Survive as a CISO w/ Elias Oxendine | CISO Confidential | Saket ModiMar 21, 2025 · 12 minIn this episode of CISO Confidential , Elias Oxendine, now the CISO of Tractor Supply shares a raw and candid account of his nerve-wracking first board meeting as a CISO prior to his current role, where technical metrics failed to engage the room and silence signaled a disconnect. Through trial, mentorship, and a strategic shift to risk-based financial narratives, he turned the experience around—gaining board trust, driving engagement, and securing buy-in. Tune in for invaluable lessons on how CISOs can better communicate cyber risk, avoid common pitfalls, and ensure their voice is heard at the highest level. Elias Oxendine IV is the Vice President of Information Security and Privacy at Tractor Supply Company . Prior to this role, he served as the Chief Information Security Officer (CISO) at Yum! Brands, where he was responsible for protecting the company’s systems and information. Before joining Yum! Brands, Oxendine held IT and security leadership positions at Brown-Forman and GE Appliances. He also served as a U.S. Navy officer for six years, securing classified information as an IT intelligence officer. 📌 Can’t Miss Insights for CISOs! ✔️ Why Most CISOs Struggle in the Boardroom ✔️ The Harsh Reality of the CISO Role ✔️ What NOT to Do in a Boardroom ✔️ How to Fix Boardroom Communication ✔️ A Game-Change for Future of Board Meetings ✔️ The Power of Cyber Risk Quantification Hosted by Saket Modi, CEO of SAFE , CISO Confidential pulls back the curtain on real-life breach stories from top security leaders. If you’ve ever wondered what really happens during a cyber crisis, or what a day in the life of a CISO is like, this podcast is your front-row seat to the action .PlayPlay The Untold Truth: How to Survive as a CISO w/ Elias Oxendine | CISO Confidential | Saket Modi
• Inside a Cyberattack: A CISO’s Worst Nightmare with Randy Herold | CISO Confidential | Saket ModiMar 14, 2025 · 4 minIn this episode of CISO Confidential , Randy Herold, CISO of Manpower Group, shares an intense real-world cybersecurity breach. From discovering the attack to shutting down email and handling executive pressure, this episode is a must-watch for cybersecurity professionals and business leaders. Randy Herold, the Chief Information Security and Privacy Officer at ManpowerGroup. With over 25 years of experience in information security, privacy, data protection, risk management, and compliance, Randy has held leadership roles at organizations such as PHH, Chubb/ACE Group, Coca-Cola Enterprises, Nielsen/Arbitron, and multiple government defense contractors. The episode delves into the complexities of leading a team during a crisis, managing internal and external communications, and the balance between transparency and operational security. Randy shares insights on controlling panic, ensuring accurate information flow, and making tough decisions under pressure. 🔥 Game Changing Advice for CISOs ✔️ How to validate a cyber threat without causing panic ✔️ The tough decision to shut down email in an enterprise ✔️ FBI collaboration during a cyber incident ✔️ How leadership manages crisis communications ✔️ The surprising organizational response to a breach Hosted by Saket Modi, CEO of SAFE , CISO Confidential pulls back the curtain on real-life breach stories from top security leaders. If you’ve ever wondered what really happens during a cyber crisis, or what a day in the life of a CISO is like, this podcast is your front-row seat to the action .PlayPlay Inside a Cyberattack: A CISO’s Worst Nightmare with Randy Herold | CISO Confidential | Saket Modi