This week on Simplifying Cyber, Aaron Pritz and Cody Rivers sit down with Jax Scott — combat veteran, podcast host (Two Cyber Chicks), and VP of Cybersecurity at Pearson — for a conversation that’s equal parts leadership, risk reality, and “why is everyone still confused about BISOs?”

Jax shares her unconventional path into cybersecurity (perfume sales → special operations → NATO cyber strategy → Mandiant → Capital One → consulting → Pearson), then breaks down what BISOs/CISOs do when done right:

• The “single point of contact” that connects business teams to security outcomes
• Why risk management is the glue
• Why the best security leaders aren’t always the most technical (and how technical instincts can backfire)

Then we go headfirst into the AI debate:

• Where automation helps most in compliance (evidence collection, mapping, reducing manual slog)
• Where humans stay essential (judgment calls, accountability, trust-building)
• The uncomfortable truth: if we outsource all thinking to AI, we may literally get worse at thinking

We wrap with practical guidance on:

• Handling volatile regulatory changes (like DR/IR requirements) with flexible plans + frequent testing
• The reality of CMMC: why it’s not “new,” why enforcement matters, and why last-minute scrambles burn everyone out
• How to lead teams through chaos with transparency, empathy, and real talk

And finally: Jax drops a fun fact that honestly explains a lot about her calm energy.

Listen now wherever you get your podcasts.

Key topics covered

• What a BISO/VISO is (and how to explain it to non-security leaders)
• Critical thinking + EQ as security superpowers
• AI in compliance/GRC: automate the boring, keep the human judgment
• IR/DR planning for shifting rules and requirements
• CMMC realities for the defense industrial base
• Leadership during change fatigue

🔗 Connect with Us & Get in Touch

Tune in to Simplifying Cyber wherever you get your podcasts, or watch exclusive video content right here on the channel. Subscribe for hot takes on emerging technologies, tips and tricks for everyone looking to stay secure, and in-depth conversations about complex cybersecurity topics.

No gatekeeping and no BS. We’re here to simplify.

Official Website: www.revealrisk.com

LinkedIn: https://www.linkedin.com/company/reveal-risk

🤘 Stay Secure with Us

If this content helped you understand cybersecurity better, please give it a thumbs up, subscribe to our channel for more expert insights, and hit the notification bell so you don't miss our latest updates.

Reveal Risk delivers cybersecurity results, not just reports.