All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining me is our guest, Kurt Sauer, CISO, Docusign. We recorded in front of a live audience at Microsoft’s offices in Mountain View, CA as part of the ISSA-Silicon Valley chapter meeting. Check out all the photos from the event. In this episode: Is a high profile cyberattack the best time for salespeople to come out of the woodwork asking if the affected CISO would like to see their product, which would have helped prevent the attack? Is there any way for a vendor to positively reach out to victims after a cyberattack? Also, what could be some effective ways to invest IP with generative AI to create value for the organization? Thanks to our podcast sponsors, Veza, Sysdig, and SlashNext 75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment. For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second. SlashNext Complete delivers zero-hour protection for how people work today across email, mobile, and browser apps.  With SlashNext’s generative AI to defend against advanced business email compromise, smishing, spear phishing, executive impersonation, and financial fraud, your people are always protected anywhere they work.  Request a demo today.