Sponsor: HivePro (www.hivepro.com)

EP67: Threat Exposure Clarity, CISO Certification Origins & Startup Security Strategy

Live from CISO XC DFW, this episode of The Professional CISO Show features two powerhouse conversations. First, David Malicoat sits down with Critt Golden of Hive Pro to demystify Continuous Threat Exposure Management (CTEM) and explore how Hive Pro helps CISOs move from fragmented assessments to unified risk clarity. Then, we hear from Eric Svetcov, CISO and VP of IT at XCures, co-author of the original CCISO Body of Knowledge, and ISO 27001 pioneer at Salesforce, as he shares candid lessons from shaping certifications and securing SaaS startups.

🔐 From understanding attacker-centric threat exposure to the real story behind Salesforce’s first ISO 27001 certification, this episode is packed with actionable insights for CISOs and rising security leaders alike.

Key Highlights:

• Why CTEM is a process, not a product
• Hive Pro’s mission to unify fragmented assessments
• Asset criticality, risk prioritization, and validation
• The origin story of the EC-Council’s CCISO certification
• ISO 27001 at Salesforce: Lessons from the first SaaS certification
• Security tooling strategy in early-stage startups
• Real-world CISO challenges, from certifications to budgets

Guest Info:

• Critt Golden, Vice President at Hive Pro
• Eric Svetcov, CISO & VP of IT at XCures; co-author of EC-Council’s CCISO Body of Knowledge

🎙 Hosted by David Malicoat, CISO and founder of The Professional CISO Show.

Sponsor: Infoblox (www.infoblox.com)

🎙 EP66: Building CISO Community – Live from CISO XC Austin (Presented by Infoblox)

The Professional CISO Show with David Malicoat

From DFW to Austin and beyond, the CISO XC community is expanding—fueled by genuine connection, trust, and shared purpose. In this live episode from CISO XC ATX, David Malicoat sits down with security leaders Mickey Disabato and John Sapp to explore the future of cybersecurity leadership, AI adoption, and how community-driven initiatives are reshaping how CISOs grow together.

Mickey shares why organic, local-led growth is key to protecting the integrity of CISO XC’s mission, while John offers a powerful vision for the secure, responsible use of AI—and how today’s CISOs must evolve into strategic risk managers.

🔥 In this episode:

• Why mid-market firms need better visibility from MSPs
• Expanding CISO XC into 13+ cities without losing its authenticity
• The power of community-led chapters and cross-pollination
• Creating vendor-neutral, value-rich events
• Responsible AI adoption and risk-based CISO leadership
• What it really means to “professionalize the CISO role”

🧠 Guests:

• Mickey Disabato – Advisory Board, CISO XC | CIO, FIDUS Cyber Security Solutions
• John Sapp – CISO, Texas Mutual | CISO XC Austin Chapter Lead

🔗 Presented in partnership with Infoblox

Visit infoblox.com to learn how Protective DNS helps secure your organization before threats strike.

🎧 Listen, Follow & Share:

🔗 Website: www.thpc.co

📺 YouTube: @TheProfessionalCISO

🔊 Spotify: The Professional CISO Show

📱 Apple Podcasts: The Professional CISO Show

💼 LinkedIn: The Professional CISO Show

#CybersecurityLeadership #CISOXC #ProfessionalCISO #Infoblox #ProtectiveDNS #AIinSecurity #CISOCommunity #CyberResilience #RiskManagement #CISORoleEvolution #TheProfessionalCISOShow

Sponsor: Magic Mirror Security (www.magicmirrorsecurity.com/thpc)

🎙 When the Lawyers Come for CISOs — Aravind Swaminathan on Risk, Responsibility & the Law

Guest: Aravind Swaminathan, Global Co-Chair, Cybersecurity & Data Privacy, Orrick

Episode Summary

CISOs have always managed risk — but are they ready to manage legal exposure? In this gripping episode, David Malicoat sits down with Aravind Swaminathan, a leading cyber attorney and former federal prosecutor, to unpack the legal landscape threatening CISOs today. Aravind shares behind-the-scenes insights from the Joe Sullivan case, explains the chilling implications of the Ninth Circuit’s decision for bug bounty programs, and delivers straight talk on CISO liability, reputation, and professional protection.

Whether you’re a seasoned CISO or an aspiring security leader, this episode will sharpen your understanding of how legal, privacy, and reputational issues intersect with cyber leadership in 2025.

What You’ll Learn

• The human and legal realities behind the Joe Sullivan case
• Why mission, vision, and values must guide breach response
• The evolving role of legal counsel in cybersecurity crises
• What every CISO must know about indemnification and D&O coverage
• Where cyber and privacy overlap — and why it matters
• The importance of storytelling in incident response and litigation
• Why CISOs need to ask the right legal questions during job offers

Guest Bio

Aravind Swaminathan is a Partner and Global Co-Chair of the Cybersecurity & Data Privacy practice at Orrick. A former Assistant U.S. Attorney and CHIP prosecutor, he has led responses to hundreds of cybersecurity incidents and represents organizations and executives facing some of the most complex legal issues in cyber today — including serving as the attorney for Joe Sullivan.

🎧 Listen & Subscribe

• Website: www.thpc.co
• Spotify: The Professional CISO Show
• Apple Podcasts: The Professional CISO Show
• YouTube: @TheProfessionalCISO
• LinkedIn: The Professional CISO Show

Related Episodes

• Joe Sullivan – The Human Cost of Prosecution
• David Chamberlain – Crisis Communications for CISOs

#Hashtags

#CISO #CybersecurityLaw #BugBounty #JoeSullivan #LegalRisk #ProfessionalCISO #DataPrivacy #IncidentResponse #CyberLaw #SEC #CyberLeadership