This week on Simplifying Cyber, Aaron Pritz and Cody Rivers sit down with Jax Scott — combat veteran, podcast host (Two Cyber Chicks), and VP of Cybersecurity at Pearson — for a conversation that’s equal parts leadership, risk reality, and “why is everyone still confused about BISOs?”

Jax shares her unconventional path into cybersecurity (perfume sales → special operations → NATO cyber strategy → Mandiant → Capital One → consulting → Pearson), then breaks down what BISOs/CISOs do when done right:

• The “single point of contact” that connects business teams to security outcomes
• Why risk management is the glue
• Why the best security leaders aren’t always the most technical (and how technical instincts can backfire)

Then we go headfirst into the AI debate:

• Where automation helps most in compliance (evidence collection, mapping, reducing manual slog)
• Where humans stay essential (judgment calls, accountability, trust-building)
• The uncomfortable truth: if we outsource all thinking to AI, we may literally get worse at thinking

We wrap with practical guidance on:

• Handling volatile regulatory changes (like DR/IR requirements) with flexible plans + frequent testing
• The reality of CMMC: why it’s not “new,” why enforcement matters, and why last-minute scrambles burn everyone out
• How to lead teams through chaos with transparency, empathy, and real talk

And finally: Jax drops a fun fact that honestly explains a lot about her calm energy.

Listen now wherever you get your podcasts.

Key topics covered

• What a BISO/VISO is (and how to explain it to non-security leaders)
• Critical thinking + EQ as security superpowers
• AI in compliance/GRC: automate the boring, keep the human judgment
• IR/DR planning for shifting rules and requirements
• CMMC realities for the defense industrial base
• Leadership during change fatigue

🔗 Connect with Us & Get in Touch

Tune in to Simplifying Cyber wherever you get your podcasts, or watch exclusive video content right here on the channel. Subscribe for hot takes on emerging technologies, tips and tricks for everyone looking to stay secure, and in-depth conversations about complex cybersecurity topics.

No gatekeeping and no BS. We’re here to simplify.

Official Website: www.revealrisk.com

LinkedIn: https://www.linkedin.com/company/reveal-risk

🤘 Stay Secure with Us

If this content helped you understand cybersecurity better, please give it a thumbs up, subscribe to our channel for more expert insights, and hit the notification bell so you don't miss our latest updates.

Reveal Risk delivers cybersecurity results, not just reports.

Cyber attacks don’t just knock systems offline—they can empty shelves, disrupt feeding schedules, endanger animals, and muddy price signals across the food supply.

We sat down with Kristin (Demoranville) King, CEO of Anzen Sage and host of Bites and Bytes Podcast, to unpack how modern agriculture runs on a mesh of OT, data, and logistics that adversaries increasingly target. From GPS-guided tractors to sensor-packed dairy parlors, the farm has become an edge-compute environment where ransomware and misconfigurations have real-world consequences you feel at the store and at the table.

Kristin traces her journey from IT into plant floors and incident response, revealing why security wasn’t designed into most food and ag systems and what that means for resilience. We explore the most common attacks—phishing, ransomware, and DDoS—and why they hit harder here than in other sectors. She shares a clear-eyed look at co-op breaches, invoice scams that exploit older operators, and thorny questions about who owns farm-generated data. We also step into underreported territory: radical activism and agroterrorism tactics like doxxing, deepfakes, and drone footage that act like insider threats and can devastate small producers.

You’ll hear practical, low-cost steps that make a difference fast: fold digital checks into safety routines, change default passwords, map critical assets, plan for backup and recovery, and vet vendors with a security-by-design lens. Kristin previews her upcoming Wiley book, "Securing What Feeds Us," which blends systems thinking, OT realities, and grounded business guidance to help leaders connect incidents to food safety and supply outcomes. If you care about cybersecurity, food safety, or just want your groceries to show up reliably, this conversation connects the dots.

🔗 Connect with Us & Get in Touch

Tune in to Simplifying Cyber wherever you get your podcasts, or watch exclusive video content right here on the channel. Subscribe for hot takes on emerging technologies, tips and tricks for everyone looking to stay secure, and in-depth conversations about complex cybersecurity topics.

No gatekeeping and no BS. We’re here to simplify.

Official Website: www.revealrisk.com

LinkedIn: https://www.linkedin.com/company/reveal-risk

🤘 Stay Secure with Us

If this content helped you understand cybersecurity better, please give it a thumbs up, subscribe to our channel for more expert insights, and hit the notification bell so you don't miss our latest updates.

Reveal Risk delivers cybersecurity results, not just reports.

How does a CISO react to a live deepfake? In this eye-opening conversation with Alan Alford, CISO at NTT Global Data Centers, we kick off with a live deepfake demonstration that showcases the capabilities and limitations of this emerging technology.

The demonstration serves as a springboard into a crucial discussion about the genuine threat deepfakes pose to organizations. While video deepfakes capture headlines, Alan reveals why audio deepfakes currently present the more dangerous and immediate risk vector for businesses. From CEO impersonation for fraudulent wire transfers to political misinformation campaigns, these technologies are already being weaponized in ways many security teams haven't prepared for.

Our conversation takes an unexpected turn as Alan challenges one of cybersecurity's most persistent myths: that humans represent the "weakest link" in security. Instead, he champions the workforce as our strongest allies, sharing how simple recognition programs created security champions throughout his organization. His approach connects workplace security to employees' personal lives, dramatically increasing engagement and effectiveness.

Alan offers a masterclass in balancing innovation with security, explaining how his organization approaches AI adoption through mandatory training programs and a top-down commitment from leadership. His race car analogy perfectly captures this balance: good security controls are like high-performance brakes that don't just slow you down—they enable you to take corners faster.

For security leaders feeling overwhelmed by AI, Alan provides practical starting points that any organization can implement today. From experimenting with AI for personal hobbies to creating automated security reports through carefully crafted prompts, these small steps can build confidence and competence before tackling larger initiatives.

Whether you're concerned about deepfake threats, searching for more effective security awareness approaches, or looking to safely implement AI in your organization, this conversation delivers actionable insights from a CISO who's successfully navigating these challenges daily. Listen now to transform how you think about humans, technology, and security in our rapidly evolving digital landscape.

🔗 Connect with Us & Get in Touch

Tune in to Simplifying Cyber wherever you get your podcasts, or watch exclusive video content right here on the channel. Subscribe for hot takes on emerging technologies, tips and tricks for everyone looking to stay secure, and in-depth conversations about complex cybersecurity topics.

No gatekeeping and no BS. We’re here to simplify.

Official Website: www.revealrisk.com

LinkedIn: https://www.linkedin.com/company/reveal-risk

🤘 Stay Secure with Us

If this content helped you understand cybersecurity better, please give it a thumbs up, subscribe to our channel for more expert insights, and hit the notification bell so you don't miss our latest updates.

Reveal Risk delivers cybersecurity results, not just reports.