The Human Side of Cybersecurity

In this episode of the series from Cyber Intelligence Weekly, Echelon Risk + Cyber CEO Dan Desko sits down with Dawn Cappelli, former CISO at Rockwell Automation and current Head of OT CERT at Dragos. Dawn shares her remarkable journey from programming nuclear power plants to helping pioneer the insider threat discipline at Carnegie Mellon’s CERT program. Along the way, she helped develop some of the first data-driven insider threat models used by government and industry today. The conversation explores leadership lessons from decades in cybersecurity, including the importance of authenticity, building trust with executives and boards, and why cyber fundamentals still matter more than hype. Dawn also shares insights on OT security, AI risks, and the leadership qualities future CISOs need to succeed in an increasingly complex threat landscape. If you enjoyed this episode, please leave review, it helps more people find the show!Want first access to future interviews? ⁠Subscribe to the CIW⁠Watch these interviews on ⁠YouTube⁠Check out the ⁠Echelon Risk + Cyber website⁠

In this episode, Dan Desko sits down with Jamie Giroux, Chief Information Security Officer at Platinum Equity. With more than 30 years in cybersecurity, Jamie shares what it was like working in the industry long before it was even called “cyber,” and how the field has evolved over the decades. The conversation explores leadership, emotional intelligence, and the human side of cybersecurity. Jamie also discusses themes from his book on security leadership and culture, where he examines how emotional intelligence, employee engagement, and leadership mindset shape stronger security programs and healthier organizations. If you enjoyed this episode, please leave review, it helps more people find the show!Want first access to future interviews? ⁠Subscribe to the CIW⁠Watch these interviews on ⁠YouTube⁠Check out the ⁠Echelon Risk + Cyber website

In this episode of the Human Side of Cybersecurity, Dan Desko sits down with Jon Garza, a cybersecurity leader with more than 25 years of experience in IT and over a decade in security leadership across multiple industries. Jon shares how his career evolved from early roles in network and systems administration to leading enterprise security programs, and the lessons that shaped his approach to risk, leadership, and cybersecurity fundamentals. The conversation explores Jon’s early encounter with a real-world security incident and how experiences like that leave lasting “professional scars” that shape security leaders throughout their careers. Dan and Jon also discuss the importance of mentorship, relationship building across the organization, and why cybersecurity success often depends just as much on communication and trust as it does on technology. They also examine the trends surrounding technologies like cloud and AI, and why strong security programs still depend on mastering the fundamentals. If you enjoyed this episode, please leave review, it helps more people find the show!Want first access to future interviews? Subscribe to the CIW⁠Watch these interviews on ⁠YouTube⁠Check out the ⁠Echelon Risk + Cyber website⁠

In this episode of the Human Side of Cybersecurity, Dan Desko sits down with Arif Hameed, CISO at C&R Software, to talk about the path to cybersecurity leadership, the realities of the CISO role, and what it takes to build a program that actually supports the business. Arif shares his journey from software QA into IT audit, risk management, customer trust, and eventually the CISO seat. Along the way, he built a perspective that goes beyond technical controls, focusing instead on how cybersecurity leaders communicate risk, adapt to changing business priorities, and create programs that are practical, sustainable, and effective. The conversation explores how CISOs have to evolve with the organizations they serve, why fear-based messaging often falls flat, and why many teams are still better served by focusing on fundamentals like identity, endpoint protection, and security awareness rather than getting consumed by the latest hype cycle. Arif also shares lessons from early career challenges, how he thinks about preventing burnout on security teams, and why understanding the business is one of the most important skills an aspiring CISO can develop. If you enjoyed this episode, please leave review, it helps more people find the show!Want first access to future interviews? ⁠Subscribe to the CIW⁠Watch these interviews on ⁠YouTube⁠Check out the ⁠Echelon Risk + Cyber website⁠

In this episode of the Human Side of Cybersecurity, Dan Desko sits down with Roy Luongo, former CISO of the U.S. Secret Service and a cybersecurity leader with more than 30 years of experience spanning military intelligence, the NSA, Cyber Command, and the private sector. Roy shares the journey from offensive cyber operations and red teaming to leading enterprise security programs, and how those experiences shaped his approach to risk, leadership, and resilience. The conversation explores lessons from intelligence work, the leadership realities of running security teams, and the future of cybersecurity in an AI-driven world. Roy also shares why perfection in cybersecurity isn’t possible, why leaders must build teams smarter than themselves, and why non-human identities and AI agents may soon become one of the most important security challenges organizations face. Leave us a review wherever you get your podcasts!Want first access to future interviews? Subscribe to the CIWWatch these interviews on YouTubeCheck out the Echelon website

In this episode of the Human Side of Cybersecurity, Dan Desko, Founder & CEO of Echelon Risk + Cyber, speaks with Dr. Trebor Evans, SVP and CISO at Dollar Bank, about leadership, pressure, and maintaining perspective in one of the most demanding roles in the industry. Leading security at a 170-year-old financial institution, Trebor shares how experience, judgment, and self-awareness shape effective decision-making over time. The discussion moves beyond tools and frameworks into how leaders manage urgency, assess real impact, and show up calmly when others are under stress. Trebor reflects risk, anxiety, mentorship, and why not every issue deserves a full-scale reaction. For current and aspiring security leaders, this conversation offers a grounded look at what it takes to sustain leadership and credibility over the long run. Leave us a review wherever you get your podcasts!Want first access to future interviews? ⁠Subscribe to the CIW⁠Watch these interviews on ⁠YouTube⁠Check out the ⁠Echelon Risk + Cyber website⁠

In this episode of the Human Side of Cybersecurity, Dan Desko, Founder & CEO of Echelon Risk + Cyber, speaks with Julie Ray, VP and CISO at Wabtec Corporation, about building an effective security leadership style over time. Drawing on a career that spans infrastructure, compliance, and manufacturing, Julie shares how her perspective on cybersecurity has evolved, moving beyond tools to focus on governance, communication, and judgment. The conversation explores why clear, concise communication is one of the most critical skills for CISOs, how mentorship and community shape long-term success, and why continuous learning matters in a role defined by constant change. For both current and aspiring security leaders, Julie offers practical insight into what it takes to lead with credibility in complex organizations. Leave us a review wherever you get your podcasts!Want first access to future interviews? ⁠Subscribe to the CIW⁠Watch these interviews on ⁠YouTube⁠Check out the ⁠Echelon Risk + Cyber website⁠

In this episode of The Human Side of Cybersecurity, Dan Desko, Founder & CEO of Echelon Risk + Cyber, sits down with Margarita Rivera, Global CISO at Carnival Corporation, to explore an unconventional path into cybersecurity leadership. Margarita shares how her career began in business and risk management, evolved through mentorship and persistence, and ultimately led her to securing one of the most complex environments in the world. The discussion covers leadership growth, the value of mentorship, and what it means to protect a global organization made up of multiple brands operating as “floating cities.” For current and aspiring security leaders, this conversation offers a grounded look at how curiosity, commitment, and adaptability shape long-term success in the role. Leave us a review wherever you get your podcasts!Want first access to future interviews? ⁠Subscribe to the CIW⁠Watch these interviews on ⁠YouTube⁠Check out the ⁠Echelon Risk + Cyber website⁠

In this episode of The Human Side of Cybersecurity, Dan Desko, Founder & CEO of Echelon Risk + Cyber, sits down with Paul Guerra, CISO at Rackspace Technology, to discuss what security leadership really looks like inside fast-moving organizations. Paul shares how building and fixing security programs during moments of change shaped his view of the role, not as a technical function, but as a discipline rooted in trust, communication, and business outcomes. The discussion explores why the CISO role is often a sales role, how leaders earn executive alignment, and why talent alone is never enough without discipline and follow-through. Paul also reflects on mentorship, teamwork, and the importance of doing the hard work when it matters most. Leave us a review wherever you get your podcasts!Want first access to future interviews? ⁠Subscribe to the CIW⁠Watch these interviews on ⁠YouTube⁠Check out the ⁠Echelon Risk + Cyber website⁠

In this episode of The Human Side of Cybersecurity, Dan Desko, Founder & CEO of Echelon Risk + Cyber, sits down with John Scrimsher, CISO at Kontoor Brands, to explore how security leadership evolves over decades of change. John reflects on a career that began before modern security programs existed, shaped by early malware outbreaks, large-scale incidents, and the need to innovate when tools didn’t yet scale. The discussion focuses on how experience, adaptability, and community shape long-term effectiveness in the role. The conversation moves beyond technology into leadership, communication, and resilience. John shares lessons learned from professional missteps, cultural adaptation, and managing pressure over time, while also challenging misconceptions about what senior security leadership actually entails. For current and aspiring leaders, the discussion offers a grounded perspective on why security is as much about people, trust, and persistence as it is about controls. Leave us a review wherever you get your podcasts!Want first access to future interviews? ⁠Subscribe to the CIW⁠Watch these interviews on ⁠YouTube⁠Check out the ⁠Echelon Risk + Cyber website⁠

In this episode of The Human Side of Cybersecurity, Dan Desko, Founder & CEO of Echelon Risk + Cyber, sits down with Michael South, CISO at Dick’s Sporting Goods, for a candid discussion about leadership, pressure, and how the role changes over time. Drawing on nearly three decades of experience across the Navy, IT, operations, government, and retail, Michael shares how his perspective on risk has been shaped less by technology and more by operational reality, human impact, and business context. The conversation moves beyond tools to examine what sustained urgency does to people and judgment. Michael reflects on learning the hard way, particularly during early cloud adoption, why restraint, empathy, and prioritization matter as much as technical expertise. He also addresses burnout as an operational risk, explaining why leaders must be intentional about protecting teams from unnecessary pressure. The discussion offers a grounded look at what it actually takes to lead security programs at scale.

In this episode of The Human Side of Cybersecurity, Dan Desko, Founder & CEO of Echelon Risk + Cyber, speaks with Dom Glavach of CyberSN about what security leadership looks like once the responsibility extends beyond systems and into people. Dom reflects on a career that began deep in the technical work, long before many modern security roles were formalized, and how that foundation continues to shape how he views risk, leadership, and accountability. The discussion centers on Dom’s belief that cybersecurity is ultimately a human problem, not a technical one. He shares a defining incident where unclear communication during a response led to unintended escalation, reinforcing how fatigue and pressure expose leadership gaps faster than tooling ever will. The conversation also challenges the industry’s tendency to chase headline threats without fully understanding the environment, including how organizations approach AI risk today. For current and aspiring leaders, Dom offers a grounded perspective: invest in people, treat communication as a core security skill, and recognize that leadership in security is a long game shaped by judgment under pressure. Leave us a review wherever you get your podcasts!Want first access to future interviews? ⁠Subscribe to the CIW⁠Watch these interviews on ⁠YouTube⁠Check out the ⁠Echelon Risk + Cyber website⁠

In this episode of The Human Side of Cybersecurity, Dan Desko, Founder & CEO of Echelon Risk + Cyber, speaks with Aaron Stanley, Head of Security at DBT Labs, about what the security role becomes once the focus shifts away from tooling and toward long-term leadership. Aaron reflects on a career shaped less by titles and more by persistent questions around privacy, trust, and accountability—an outlook that frames security as an ongoing responsibility rather than a discrete function. The discussion explores formative leadership moments that reshaped how Aaron builds teams, including a hard lesson learned when an application security organization faltered after leaning too heavily into an engineering-first model. The conversation also challenges familiar enterprise security patterns, from the real return on phishing simulations to overly granular access controls, and reframes burnout as a leadership signal tied to disengagement and lack of visible impact. For those earlier in their careers, Aaron offers a grounded perspective on the role itself: meaningful progress in security comes from influencing people, shaping culture, and playing the long game. Leave us a review wherever you get your podcasts!Want first access to future interviews? ⁠Subscribe to the CIW⁠Watch these interviews on ⁠YouTube⁠Check out the ⁠Echelon Risk + Cyber website⁠

In this episode of The Human Side of Cybersecurity, Dan Desko, Founder & CEO of Echelon Risk + Cyber, sits down with Bob Kemp, Global CISO at Federated Hermes, to discuss how credibility is built and sustained in the security leadership role. Bob reflects on a career path that began in accounting and finance, moved through IT and customer-facing roles, and ultimately led to security leadership, an experience that deeply shapes how he thinks about risk, communication, and accountability inside complex organizations. The conversation moves quickly beyond titles and tools. Bob shares how his leadership style evolved as expectations and organizational complexity increased, including a formative moment early in his tenure when an executive update turned into an extended interrogation that forced him to rethink how security decisions were framed. He also challenges common industry habits, from chasing hype to over-investing in activities with limited return, and emphasizes grounding security conversations in fundamentals and business context. For those earlier in their careers, Bob offers a clear reframing of the role: risk belongs to the business, and the CISO’s job is to surface it clearly, communicate tradeoffs honestly, and build trust over time. Leave us a review wherever you get your podcasts!Want first access to future interviews? ⁠Subscribe to the CIW⁠Watch these interviews on ⁠YouTube⁠Check out the ⁠Echelon Risk + Cyber website⁠

In this episode of The Human Side of Cybersecurity, Dan Desko, Founder & CEO of Echelon Risk + Cyber, sits down with John O’Rourke, CISO at PPG Industries, to discuss how the security role evolves inside a large, globally distributed manufacturing organization. Drawing on his 18-year career at PPG, John reflects on his transition from software development and M&A integration into security leadership, and how that path shaped his views on risk, governance, and accountability. The conversation moves beyond tools to the realities of leadership at scale. John shares how his approach changed as threats accelerated, stepping back from day-to-day technical decisions to focus on building strong teams, establishing trust-based operating models, and remaining accountable for outcomes. He also challenges common assumptions in enterprise security, including the limited return many organizations see from third-party risk questionnaires, and explains why governance quality, process rigor, and clear executive communication often matter more than additional tooling.Leave us a review wherever you get your podcasts!Want first access to future interviews? ⁠Subscribe to the CIW⁠Watch these interviews on ⁠YouTube⁠Check out the ⁠Echelon Risk + Cyber website⁠

In this episode of The Human Side of Cybersecurity, hosted by Dan Desko with guest Corey Kaemming from Valvoline, the discussion explores how the CISO role evolves once you’re in it, emphasizing leadership, judgment, and communication over technical skill. It highlights a leadership mistake causing security issues and the need to educate leadership. Corey Kaemming, shares his skepticism of “silver bullet" tools, stressing people, process, and honest workload talks. Whether you’re a current CISO, aspiring leader, or curious about the role beyond titles, this offers a practical, real-world view.Leave us a review wherever you get your podcasts!Want first access to future interviews? Subscribe to the CIWWatch these interviews on YouTubeCheck out the Echelon Risk + Cyber website