In this episode of The New CISO (Episode 137), host Steve Moore speaks with Gideon Knocke, CISO at Visage Imaging, about rethinking how we grow in our careers and why learning to “think outside the job” is key to long-term success.

From studying cybersecurity when the field was still new to leading security for millions of patient records in healthcare, Gideon shares how his early curiosity and “career accidents” helped shape his mindset as a modern CISO. He reflects on shifting from technical problem-solving to people-centric leadership, learning how visibility and credibility shape opportunity, and why networking—inside and outside your company—is essential for resilience and growth. Gideon also explains why risk quantification isn’t just about numbers, but about decision-making, communication, and understanding what your organization truly values.

Key Topics Covered:

• Early lessons from studying cybersecurity before it went mainstream
• Why some of the best careers evolve through “happy accidents” and curiosity
• How to build visibility and relevance beyond doing good work
• The difference between being seen as an asset versus a person
• How networking and outreach can transform your mindset and open new doors
• Turning fear of public speaking into confidence through preparation and iteration
• The leadership balance between taking accountability and fostering team candor
• Why large-organization politics can hinder honest communication
• The art of quantifying risk for better decision-making, not just reporting
• Why the new CISO must start with company beliefs and build security on shared values

Gideon’s journey reveals that career success often comes from stepping outside your comfort zone—whether that’s reaching out to 100 strangers on LinkedIn, giving your first talk, or reframing how you communicate risk. His insights remind leaders that growth begins when you stop thinking only about your job and start thinking about your impact.

In this episode of The New CISO (Episode 136), host Steve Moore speaks with Carl Cahill, CISO, about a deliberate, methodical approach to career growth—and why every leader must “pick their pain” to progress.

From combat arms in the U.S. Army to Active Directory engineering and large-enterprise incident response, Carl shares the pivotal choices that shaped his leadership. He opens up about moving from certifications to business fluency, using a personal gap analysis to chart his path to the C-suite, and how feedback like being called a “propeller head” pushed him to translate geek speak into the language of finance, law, and strategy. Carl also explains his five-phase 100-day plan, why IR readiness comes first, and how “radical collaboration” defines the modern CISO.

Key Topics Covered:

• Early career pivots: Army leadership, perseverance, and precision → IT foundations
• Certifications as a fast track (then) vs. blended learning and passion projects (now)
• The “pick your pain” decision: staying comfortable vs. returning to school to advance
• Building a CISO gap analysis from job reqs and targeting stretch assignments
• Upgrading the lexicon: finance, legal, and general management (e.g., Wharton GMP)
• Turning tough feedback into growth: from geek speak to boardroom dialogue
• Consulting variety vs. ownership: when to switch for long-term impact
• The 100-day plan: assess → plan → act → measure → adjust (with IR first)
• Stakeholder mapping, team SWOTs, and making strategy stick beyond 90 days
• Metrics as a “health language” and why today’s CISO must be a radical collaborator

Carl’s story shows how intentional trade-offs—education, language, and leadership style—compound into career momentum. His roadmap helps CISOs and aspiring leaders navigate transitions with discipline, communicate across the business, and build resilient teams that lead with clarity.

Most security professionals know what a CISO does. But what about a BISO? And why are Fortune 500 companies increasingly creating this executive role?

In this episode of The New CISO Podcast, host Steve Moore sits down with Evan Ferree, Staff Vice President and Business Information Security Officer at a Fortune 50 company, to decode one of cybersecurity's most misunderstood leadership positions.

Understanding the BISO Role:

• What a Business Information Security Officer actually does (and how it differs from a Deputy CISO)
• When organizations need a BISO - the size, industry, and complexity indicators
• Why the BISO serves as a "force multiplier" for the security organization
• How to measure and defend BISO value during organizational change

The Career Journey:

• Evan's unconventional path from IT infrastructure to executive security leadership
• How a major cybersecurity breach became his "MBA in cybersecurity" in six months
• Why volunteering for uncomfortable work during crisis creates career opportunities
• The progression from vulnerability analyst to SOC leadership to Staff VP

The 90% Influence Principle:

• Why the BISO role is about influence, not authority
• How to navigate multiple business units with different security needs
• Mastering the "why" behind security initiatives for non-technical audiences
• Building relationships and organizational awareness over time

Executive Skills That Matter:

• The "log lines" storytelling framework from Deloitte CISO Academy
• Developing executive presence through failure and self-awareness
• When to end a meeting and start over (and why that's okay)
• Speaking plain English vs. technical jargon with business leaders

Practical Career Advice:

• Transitioning from tactical security operations to strategic leadership roles
• Why getting uncomfortable is essential for growth
• Building business acumen alongside technical expertise
• Why Evan's best security hires came from outside cybersecurity

Key Insight: "You are 90% an influencer in this role. Unlike tactical security work where authority and urgency create credibility, the BISO must master explaining why security matters to the business - in terms the business understands."

Whether you're a security professional planning your path to executive leadership, a CISO considering adding a BISO function, or a business leader trying to understand how security enables business outcomes, this episode delivers actionable insights from someone who's lived the journey.

Guest: Evan Ferree, Staff Vice President & Business Information Security Officer at a Fortune 50 company, with 11 years of progressive security leadership experience spanning Security Operations, threat management, vulnerability management, and business information security.

Hosted by: Steve Moore | Produced in partnership with: Exabeam