When I hear a CISO speaking about threats on an information security podcasts I know most everyone probably thinks they are talking about nation-state or criminal actors.
The truth is that they are more likely talking about things like retaining talent, holding onto budget, getting IT to get their shit together, over-zealous auditors, dealing with seemingly constant vendor failures, and trying to keep insurance underwriters in line.
More on these thoughts at a later time.
./dg
