The SANS Institute’s Cyber Leaders Podcast is back with a second season, and its first two episodes waste no time diving into the issues that matter most to Chief Information Security Officers (CISOs). Hosted by James Lyne, SANS Chief Strategy and Innovation Officer, and Ciaran Martin, Director of the SANS CISO Network and founding CEO of the UK’s National Cyber Security Centre, the Cyber Leaders Podcast series delivers a rare combination of practical leadership advice from people who’ve been in rooms where critical decisions are made.
The role of the CISO today has never been more demanding. Threats are growing more sophisticated, and enterprise leadership expectations are higher than ever. From AI-enabled attacks and orchestrated ransomware campaigns to corporate governance and board-level reporting, CISOs must make fast, smart decisions while navigating a high-stakes mix of geopolitics, regulation, innovation, and internal risk. Call it a perfect storm of cybersecurity complexity.
That’s where the Cyber Leaders Podcast steps in. Each episode offers clear, unfiltered conversations with some of the best and brightest minds in cybersecurity. It is designed to not only keep CISOs informed, but empower them to lead with confidence—whether that means preparing for a policy briefing or mitigating an unexpected crisis.
Season 2 opens with two episodes that cast a spotlight on a pair of pressing security challenges: defending international institutions from nation-state cyberattacks, and managing enterprise risk posed by insider threats. Both episodes provide timely insights into the evolving demands placed on cyber leaders in every sector across the globe.
Episode 9: NATO’s Cyber Frontline with Manfred Boudreaux-Dehmer
The first episode of Season 2 features a conversation that brings global strategy into focus. Manfred Boudreaux-Dehmer, Chief Information Officer of NATO, joins James and Ciaran for a wide-ranging discussion around securing one of the world’s most complex digital environments. NATO operates across 32 nations, with thousands of networks and a mission grounded in collective defense. That alone would be challenging. But when you factor in the shifting nature of cyber threats from AI-driven attacks and hybrid warfare, it becomes clear that NATO’s approach could offer valuable lessons for any cyber leader managing scale, complexity, or geopolitical risk.
A standout moment in this episode is a discussion of Article 5 and its potential application to cyberattacks. While the idea of triggering a collective response to a digital incident may seem abstract, Boudreaux-Dehmer explains how NATO is actively evolving its interpretation of cyber aggression—and why legal frameworks are only one part of the equation.
The episode also explores how NATO is investing in its future through digital transformation. From new data policies to the launch of the NATO Integrated Cyber Defence Centre, the alliance is adapting to stay ahead of adversaries. For CISOs and senior leaders, the message is clear: collaboration isn’t optional. It’s mission-critical to effective cyber defense against nation-state attacks.
“If a cyberattack were to happen that was really, really bad, how would NATO respond? The answer to that is in a method of its choosing.”
— Manfred Boudreaux-Dehmer
Episode 10: Insider Threat with Lisa Forte
The second episode of Season 2 shifts the lens from nation-state threats to a risk that’s often closer to home—and arguably more complex to manage. Insider threats are no longer a niche concern for security teams. They represent a persistent risk to operational continuity, intellectual property, and organizational trust. In this episode, Lisa Forte, co-founder of Red Goat Cyber Security, joins the podcast to examine the insider threat from a leadership and governance perspective.
Forte brings experience from crisis simulations, behavioral research, and advisory work across sectors. She challenges outdated views that treat insiders as anomalies or purely technical problems. In reality, many insider incidents arise from preventable issues—low morale, lack of clarity, or internal pressure—that are often overlooked in enterprise risk planning.
The conversation explores established frameworks, including guidance from U.S. CERT and the UK’s NPSA, but goes beyond following standardized checklists. Forte emphasizes that effective insider threat mitigation is reliant on organizational culture. If employees don’t feel safe reporting concerns or don’t know how to raise issues, detection fails before any control can be applied. Her research underscores this point: barriers to internal reporting remain one of the most significant blind spots in many enterprises.
For CISOs and senior leaders, the message is clear. Insider risk cannot be solved with technology alone. It requires executive alignment across HR, legal, and security, along with a deliberate effort to build an environment where trust, accountability, and prioritization reinforce resilience.
“Identify what your most important business services are. What is it that your company does to make money? That should be the guiding light in terms of what you need to protect.”
— Lisa Forte
Stay on Top of What’s Next
If you’re a CISO or senior security leader, the Cyber Leaders Podcast belongs on your calendar as part of your decision-making toolkit. The rest of Season 2 promises more conversations with global leaders, from top government officials to private sector innovators. Each episode is crafted to deliver actionable insights you can bring into your next boardroom meeting or strategy session.
- Check out the full Season 2 lineup here.
- Subscribe on Apple Podcasts, Spotify, or YouTube here.
- Join the SANS CISO Network here.
Cyber leadership is evolving fast. This podcast will help you stay ahead. Share it with your network and use it to spark conversations!
