Root To CISO

The Leadership Lessons No One Teaches You in Cybersecurity | Root To CISO Podcast

• Kris Rides

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 35:57

What does it really take to become a great leader in cybersecurity?

In this episode of the Root to CISO Podcast, Kris Rides sits down for part 2 with Jenai Marinkovic to break down more of her career and the real traits, habits, and mindset that separate average professionals from exceptional leaders in cybersecurity.

From building side projects and leading without authority to thinking differently and creating your own opportunities, this episode is packed with practical advice for anyone looking to step into leadership roles like CISO.

💡 One of the biggest takeaways:
 Great leaders aren’t given opportunities, they create them.

🔑 In this episode, you’ll learn:

  •  How to stand out in a highly competitive cybersecurity job market 
  •  Why side projects are critical for leadership growth 
  •  The mindset shift required to move into leadership roles 
  •  How to lead even when you don’t have the title 
  •  Why networking and visibility matter more than your CV 
  •  The real impact of AI on cybersecurity careers and entry-level roles 

🎯 Who this is for:

  •  Aspiring CISOs 
  •  Cybersecurity professionals looking to level up 
  •  Anyone looking to level up in their career and climb up the ladder
  •  Leaders wanting practical, real-world advice 

📢 Call to Action:

If you’re serious about growing your career in cybersecurity, make sure to subscribe and follow the Root to CISO podcast for more real conversations with top industry leaders.

#RootToCISO #Podcast #CISO #CareerAdvise #Leadership

Speaker

Hi, and welcome to the Root to CISO podcast. It's me, Kris Rides. I'm gonna be your host and I'm gonna be chatting to seasoned chief information security officers about their career journeys. We're gonna be unencrypting their real life stories and searching for the hidden keys to help you fast track your cybersecurity career

kris-rides_1_06-04-2026_152628

welcome back to season three, part two, my conversation with Jenai Marinkovic. We were literally talking about farms, tomatoes all getting eaten up, and robots. That's how we left it, robots. So let's jump back into the story. So you're on your career break. You're you- you've got your farm going, and the solution to one of your headaches is robots. Tell me all about it

jenai-marinkovic--she-_3_06-04-2026_152628

Yeah. Again, I didn't have my security hat on, I was in the business problem and the challenge, and so rather than thinking this through logically, I decided I wanted to solve this with technology. And so the idea is that, I built these little Arduino robots that would go up and down the fields and they had these little pixie cameras that would scan and look for certain patterns. So it would look for the pattern of a an insect. It would look for the pattern of an animal. Just something that it could report back to me, and then from there it would backhaul the data and then give me an alert letting me know that there was something out there causing issues. And so for me, this was a great solution, and that way I didn't have to put up all these fences. I didn't have to, put any of this stuff up. And that, that was ridiculous. And then you had... 'cause where I'm living is rural,

kris-rides_1_06-04-2026_152628

Yep

jenai-marinkovic--she-_3_06-04-2026_152628

you've got all these old-time farmers that are walking up and down the street looking at me like, "Oh, poor child, what are you doing?" And I was like, "I know. Robots are the solution." By the way, robots were not the solution. They were not ruggedized. The temperatures where we get, where get up to 120 degrees Fahrenheit. Dirt, everything that you could po- I- they caught on fire, so they did. So everything that could go wrong with these robots went wrong with these robots, and so it's this very expensive failure. And at the end of the day, the solution was dogs. Just getting dogs, that dog... we had no more incursions of any more deer anymore as a result of that. So dogs and the appropriate fencing were the two things that we needed to solve it. But it took me taking a step back, applying proper cybersecurity I'm sorry, proper security architectures and principles to think things through logically and realizing that the expensive high-tech solution isn't always the right solution. It was, something that's been around for 10,000 years, dogs. And but yeah, the robot learnings obviously manifested in other ways and so forth, but yeah robots managing your field was at that time at least, was not the right solution

kris-rides_1_06-04-2026_152628

Yeah. It's, it is really interesting when I hear about all of this sort of stuff 'cause I know how technical you are and how much you love to play with this stuff. So I remember us having the conversation, many years ago now, and you telling me about the robots, and I was like, "That's so cool."

jenai-marinkovic--she-_3_06-04-2026_152628

Paulin?

kris-rides_1_06-04-2026_152628

my head, and now obviously what we see people building now, like full on true humanoid, going in that direction, they are the answer at some point. It was just you were way ahead of it right?

jenai-marinkovic--she-_3_06-04-2026_152628

I was a, and even if robots were the right solution, robots live in ecosystems,

kris-rides_1_06-04-2026_152628

Yeah

jenai-marinkovic--she-_3_06-04-2026_152628

you don't just make a robot. That robot has to exist within the context of an ecosystem. So I ha- have even failed on that part, I haven't... I failed in terms of looking at the ecosystem in which this robot was going to exist and looking at the environment and, so forth. Even if robots were the right answer, I failed on that one too. It's just, there's a lot of learnings from it, but so many failures

kris-rides_1_06-04-2026_152628

the, interesting thing with all of this is that if you think about it, like when, like we look at people and I know GRCIE's done this, but we look at people and we look at what are the skills they had in their previous roles or previous areas, and how can they transition into whether it's security or GRC or, how can that help them understand better what they're doing? And then here you are using the cybersecurity and the security stuff that you've learned and trying to, how can we use that into the farm world, right? So is that, this is a circle that we seem to be going round.

jenai-marinkovic--she-_3_06-04-2026_152628

But it is if you think about it within the natural world is fighting against everything. The primitives for cybersecurity exist in the natural world. So by looking to the natural world for inspiration, you can end up designing I believe, far better security systems and security architectures themselves. Again, it's all of those natural systems integrate into each other, rely on each other communicate with each other. And the way that they design their own security systems, both internal as well as external lives within the greater ecosystems themselves. And yeah, I brought kind of the security concepts, but I also took concepts from the natural world and applied them into the digital systems that we build today

kris-rides_1_06-04-2026_152628

Yeah. I always find you've always got interesting perspectives on some of that. I think this was a while ago, and I know that we spoke about it. Didn't you do something that was football defense related or something? You

jenai-marinkovic--she-_3_06-04-2026_152628

Yeah.

kris-rides_1_06-04-2026_152628

you? And applied that. Was that Direct TV? I can't remember.

jenai-marinkovic--she-_3_06-04-2026_152628

totally DirecTV. Yeah. So what had happened was, is we were looking at our containment times, and they were terrible, so some of our containments were taking upwards of an hour to be able to contain. And I didn't believe, when people were telling me what was going on. So we actually got there and measured how much time it was taking for these incidents, to be detected and handled. And we ended up finding out that part of the reason why is some of the detection systems that we had, the pattern recognition systems were holding onto and analyzing the incidents for, half hour, 45 minutes before it, it progressed. But there was also, a big problem in terms of the way that we communicate, when you've handled a security incident, especially ones that are decent sized, you've had so many people get on and off the phones, and you're having to repeat the same things over and over again, and that just chews away at how much time you have to be able to contain and handle the the incident. I kinda took a step back and I said all right. Where do humans communicate most effectively?" And it came down to two things: it was sports and it was warfare. DirecTV was an entertainment company and a media company, so modern-day warfare was not gonna be the right way to go,

kris-rides_1_06-04-2026_152628

Yeah.

jenai-marinkovic--she-_3_06-04-2026_152628

was. And this is where innovation kinda comes in, and I took a step back and I started looking at all of the different American-based sports that had a formal defense theory. And I... So I looked at baseball, soccer, football hockey, you name it. And it really came down to American football, that American football had a field had the entire defensive line and the offensive line and the way that you constructed a football field, but more importantly, the different roles that you have on a football team actually mirror the type of roles that we have in cybersecurity. And so I took, It was almost a year and took about three people, three key high performers off of the team, and we started looking at and deconstructing football and building this football defense theory. And I was able to leverage some of the relationships that DirecTV had with different coaches. I was able to go to some of the colleges and talk to people who were defensive coordinators different people that were on defensive positions or played defensive positions as well. And what I found was pretty cool, and that was as we started to build this out, we started to build this common language that allowed people who played football to instantaneously understand what we were talking about. And so it was, like, really cool, especially at the executive level where it's like, "Okay I understand what you're talking about," because we're using this common language. But the key was is that, when you look at like football as an example, you can predict the way that the offense is going to respond based on the way somebody has positioned their body and holds their fingers. And based on that and a set of signals, communicate that within a couple of seconds to the rest of the team, and the rest of the defense realigns based off of this sub-second thing that they detected. And I was like if you can detect if you can have that type of communication in football or sports, then let's start building it internally for cybersecurity, and so we did. so we found things like your defensive line as an example. When you look at what their roles are, it's a lot of gap control so when you think of gap control and you think of these small movements, right? That the footwork that the defensive line has is impressive. You start thinking, "Oh, yeah, network engineers." You start thinking at the time, people who were managing and operating blocking systems, so firewalls and so forth. Then, you have your linebackers. So your linebackers, a little bit more agile, right? They need to be able to handle the line. They need to be able to handle a run. And when you start thinking of those roles, it was like, ah, cybersecurity. But then when you started thinking of your defensive backs, which is the last chance that you have, right? In order to prevent this touchdown you started looking at the people who were the subject matter experts around the asset that was ultimately being targeted by the attacker. And so by doing that, you could then start building the training programs and even the playbooks, so these were proper playbooks that we were building, as well as the language that you could use to be able to train. And then drills. Drills were huge. We were doing drills every day. and what you can do is you can go into for instance, the all of the incidents, the non-security related incidents that IT would have, and you could go in every day and look at them and then flip them into abuse cases and say, "All right, the data's there. It was intentional. Go." And it was funny because the guys that were running, the drills and so forth had stopwatches, And they were timing exactly how long it took people to be able to execute these plays and so forth. And then they start calling out how much money we were losing, 15,000, 25,000, 100,000. And so you're sitting there trying to run under duress while hearing somebody tell you how much money they're losing with a stopwatch. You start taking things... and so what ended up happening is we were able to take some of these incidents from an hour down to six minutes in terms of containment time by implementing this kind of defense framework. And then a final part of it is that you had, you had everybody who was running everything that, you have in football, the ability to call an audible, right? Because the play that you might have called might be wrong. And so you had then one person who was outside of the IR team who was, in this case, if they... I would say that they were more threat intelligence, but looking at what's happening and trying to predict if something different was gonna happen, what would that be? And then being able to look at and analyze the appropriate playbook that you could call in the event that you needed to call an audible. And yeah. We used that, and we applied it to, So when you've got the first day, the first Sunday of football it's the, of the of the year that one was the one where you always had the most problems. And the reason is that every new offer, every new device that you were connecting to, every new feature and so forth, and the DirecTV Sunday Ticket ecosystem is huge. So that first day is when you have a lot of your problems. And so what we said was is we're gonna apply this what we call defense framework to that first day. And so we did. We did.

kris-rides_1_06-04-2026_152628

Nice. So that was the start of the season. I love that. I I think that's when we talk about CISOs and attributes of CISOs, I think the ability to think outside of the box and make comparisons to things that maybe more people would understand outside of cybersecurity, isn't it, is absolutely core part of that. So I always love talking to you 'cause you always apply a lot of this stuff in so many different ways. Obviously, left DirecTV went then and still have your farm, which me and you are always talking about, always getting the latest things from the tilapia asking when they wanna be fed and, whatever. We could do a whole 'nother, a whole 'nother podcast about that. You're like, yeah, if anybody out there is listening to this, you should reach out and say hello to Jenai 'cause there's, she's got a story and she's working on something you'll wanna know about, I'm sure. Which r- really we should start bringing it into what you then, where you went from there, because after that is when you first got your very first chief information security officer title. So we should

jenai-marinkovic--she-_3_06-04-2026_152628

Yes. So up until then, I had been doing with Tiro Security, virtual CISO work. So there were, many different companies that we worked with in terms of building out cybersecurity capabilities. And I got a chance to work at Beyond starting off as a virtual CISO, and it was to build out their ISO 27001 program because their clients included, companies like Google and so forth. There was a mandate, to have these type of certified security programs, and so helped them get their ISO 27001 certification, and then was brought on board as CISO, and was there for a bit. And then after that, I had the honor of becoming a chief technology officer there as well. And so security laddered up to me, but I managed the development and engineering organizations as well as cybersecurity. Beyond was an absolute blast

kris-rides_1_06-04-2026_152628

Yeah. Great bunch of people. We've got a lot of connections to that company over many years. Rob and Rob, my business partner when we started Tiro, same. So I only met up with Matt who's I think now CEO of Americas, I think he is.

jenai-marinkovic--she-_3_06-04-2026_152628

Yeah. Yeah.

kris-rides_1_06-04-2026_152628

Talking with Guy, they're a huge Google partner. I only met up with him here a couple of months ago for Google Next. So just great bunch of people. And then let's move on from what you've done after that because, yeah we're It's interesting, like a lot of people work their way up so hard to get to that CISO title. We do see, actually, in certain size companies, we're starting to see more of those CTO and CISO roles being merged as well. Which I think is quite interesting for people that are maybe at the CISO level or looking at thinking about what do they do next. So I think it'd be interesting to talk about where you've gone from it, from there.

jenai-marinkovic--she-_3_06-04-2026_152628

Yeah so what ended up happening was like right around 2020 again, I had decided, I need to take a break and kind of pivot and find myself. So I think this was the second time in my career where I felt like I needed to find and what I wanted to do. And it was, so 2020, which is the beginning of technically the fourth industrial revolution exploding, and so you had COVID hitting. And you know what I found, it was pretty interesting. I was all over Meta/Facebook and looking at the advice of, lots of people had wanted to get into cybersecurity and GRC, and I was looking at the advice that people were, they were giving, and it was just awful advice. And the problem is that if you make the wrong decision at the beginning of your career, that can cost you a decade. so I was like, "This is obnoxious," somebody's gotta get out there and start course-correcting. And so I, I never want to embarrass people I would, like behind the scenes provide people guidance and advice. And then I started mentoring people. So I, I had, 15, 20 people that I was mentoring across the world giving them advice. And then somebody pulled me aside and said, "Why don't you start a school with as many people that you're mentoring?" And I was like, "You're right. Let's start a school." And so I came to you said, "You wanna start a school with me?" A nonprofit. And another gal her name is Melissa Elza and she was the head of HR over at at Beyond. And so the three of us got together

kris-rides_1_06-04-2026_152628

Yeah

jenai-marinkovic--she-_3_06-04-2026_152628

started at which... It actually didn't start as GRCIE. It started as the Next CISO Academy

kris-rides_1_06-04-2026_152628

Yeah

jenai-marinkovic--she-_3_06-04-2026_152628

We started there, and that was strictly... That was 20 people across the country, and it was training them strictly into GRC. And the reason we focused on GRC instead of cybersecurity was it was a lot easier and cheaper to train people and get them into those entry-level jobs than what was gonna be required in terms of getting somebody up to speed in cybersecurity. The, the runway was a lot longer there. And so we started with the, the world of GRC. And then after that, so we had, had several cohorts and so forth. And then through Cloud Security Alliance I had the opportunity to be the keynote speaker at CloudCon over in Grand Rapids, Michigan. We talked about innovation, we talked about community, and and what it takes in terms of, training people into these careers that really have the opportunity to enact generational change. If you're not doing one person or two people across the country, but you focus on a community. If you focus on a city or a neighborhood, a county even, and you're, you're training 20 to 30 people into, these emergent careers that you have the opportunity to change generations when it comes to generational wealth. And and, and those people don't relocate. They stay right there within those communities and better those communities. And so I had the my supreme honor to work with an organization called the Western Michigan Center for Arts and Technology, also called WMCAT, and build out for the last four years. We've had four years of a great run of building out their cybersecurity and GRC and cloud engineering pathways

kris-rides_1_06-04-2026_152628

Yeah. Yeah, I, I-- you've done such an amazing job with that. When we started talking about it, it was just like, just an idea. And then, and th- and these are things we sh- we should say this is not a school that w- we weren't, we're not charging people, we weren't charging people to go through this program, right? It was just something we were trying to do to give back, and that it's become this amazing nonprofit, which I'm very proud to sit on the board of and say that I was even involved with that. And truly, like, all three of us we did a lot, w- we put a lot into it i- individually to make it happen, and the WMCAT stuff's been amazing. I think we should say, this is probably a good place to say for companies and for people out there it can't be successful without the companies hiring and offering opportunities for people that come through these type of schools, right? These sort of nonprofits. And we certainly know with AI, and we'll talk a bit about that in a bit, but AI is changing, the way the world is rapidly, especially for entry-level roles. We n- we need the companies coming through. We need people coming through and committing to giving people opportunities to get more hands-on experience of this sort of stuff, and turn it into, to full-time roles.

jenai-marinkovic--she-_3_06-04-2026_152628

Oh, absolutely. Absolutely. You're definitely seeing it and the industry is seeing it that, you're seeing this large erasure of these junior roles. Because the idea is that especially with agentic AI, that, a junior person, that role can be handled through the role of an agent. And for some cases that is true that AI can do that role. You don't necessarily need a junior person there. But the key is not-- you can't train people into a singular discipline. You have to have it so that it's multi-disciplined, as an example, when we train, it is cybersecurity, it is GRC, it is cloud. We obviously there's a huge component of what we teach that deals with artificial intelligence. So they get trained on that. They build agents. They are building applications, security applications as a part of it. Part of what GRCIE also has is a think tank. And the think tank, we do a lot of research, and so we do research into areas such as cognitive AI. So we'll be publishing a white paper very shortly that talks about the concept of how AI cognition and reasoning traverses multi substrates. Meaning that can you've got cognitive, but I also have physical, and I have biological, and I have spatial. And then in terms of spatial, you're talking about things like holographic or VR and so forth. And that cognition can travel through these different substrates and what that looks like and how do you govern all of that. And we're able to do those things and then take that and train the students. We have a a, it's a physical IDS system that we built called Argus. what Argus does is it, when you have a ransomware attack or any availability-based attack against a physical supply chain when it's disrupted, it gives off physics-based signals. And so we built an IDS that has the capability of detecting changes in radio frequency, changes in magnetic geomagnetic fields that changes environmental. And so we've got, if your whole security, digital security infrastructure is compromised, physical systems that, can be able to detect. In order to be able to do that, you have to understand aspects of particle physics, as an example. You have to learn basic physics. So really, you have to bring the weight of all that is STEM into these pictures because then once you have all of those skills and you have the ability to build agents, which the students do, and you have the ability to build secure applications, which the students do, then you've got people that can come in and problem solve, just knowing how to build agents, just knowing how to automate things isn't good enough So you need to be able to map out the business processes. You need to understand how to layer the applications to those business processes. You need to understand that, hey, if I'm gonna solve this problem from an enterprise architectural perspective, how do I design that? And the students get to learn all of that as part of the program, and a lot of it comes from the research that comes out of the think tank

kris-rides_1_06-04-2026_152628

Yes. Yeah, I love it. We always, every time I speak to you, we're talking about something new and pushing people and for me it's like I'm always learning as we talk about this stuff, which is part of why I always love our conversations. We probably, I don't know, we're always We speak several times a week, so we- we're- we're on the phone quite a fair bit, I would say. So that's what makes it quite interesting when we talk about this, because I love talking about your career and your background and I feel like you're pretty insightful into where the world's going. So with that sort of stuff, I think what, the how or what should people be doing that are out there now that are thinking about, this podcast about the route into leadership with AI, with other things, what do people that maybe already are in roles or people that are trying to get back into roles, maybe have been laid off, what do they need to be doing, do you think, to stand out and to differentiate themselves from the other people they're competing against?

jenai-marinkovic--she-_3_06-04-2026_152628

Sure. Look, from the first moment I stepped into cybersecurity to today, I always have side projects that I'm working on every single day. I have something that's outside of the scope of my basic job to innovate, to experiment, to build, to try and solve problems. You've got to find a challenge that is personal, deeply personal to you, and you've gotta work on that, and you've gotta solve it. You would say, "Okay that sounds like the work of an individual contributor, but I wanna be a leader." A leader grabs people who are like-minded and brings them together to solve this challenge because guess what? There are others that would love to work on that type of project with you. So you grab people, put everybody together, and, you then run it like a project, right? You start... my budget is $100. I'm gonna manage all of these different tasks, blah, blah, blah, right? I'm gonna build my PRDs and my MRDs and all of the technical documentation in order to build this. I'm gonna build and design the architecture, right? All of you guys work together to ultimately bring this product to market, and that gives you the opportunity to try out new technologies and new things in a way that you could never do if you were working for a company. As terrifying as it is to be a human in today, it's also an incredibly exciting time to be a human today. The amount of... when I look at how much it would've cost us to do some of the things that we're doing, like right now with just open source and so forth, it would've cost us millions, tens of millions of dollars to do the things that you can do today, so for limited money, you can build whatever it is that you want to be able to build, so your mind, your creativity is not bounded the way that it used to in the past. I would say find a challenge. You have everybody who's in a house or an apartment has some type of edge device inside their environment where they can start pulling data off of those systems, so you can, if you needed to, right? And gateways that are able to pull data off of those systems to be able to build whatever dashboarding system that you want. If you've got a unique challenge that you're like, "Really I really wish I could do that," then do it. Figure out how to make it. Figure out how to find people that are like-minded who wanna work with you on it, and I think those are some of the things that you can ultimately do to make sure that you are able to then do the next thing. And that is you've got to network so you've gotta get out there and hustle and meet new people and talk about what you're doing. So I, I feel like you weren't gifted this information because you're a great person, right? You got this information because somebody else kind enough to share their knowledge with you. And so you can do the same thing and start publishing and putting out your learnings and your failures so that other people can then learn. And one of the things that you find is that, people don't necessarily when they're hiring go straight to your resume. They go to your LinkedIn profile. They go to your Linktrees. They go to the public profile that you have to get an idea of who you are and what you're about. And so if you've got papers, if you've got blogs, if you've got video and are talking about these things, they get a feel for who you are as a person, and that's another thing that, you got to start doing. And the other is teach, so there are other people that look to you, I don't care where you are in your career, look to you as an inspiration for where they wanna be. Find people that you can help, because somebody else helped you. Find people that you can help and give them a leg up and start training them so that you can help bring up the next generation of cybersecurity and GRC people. If you're already in a position and you're looking to try and move up, you've got to take those opportunities to lead. And sometimes those opportunities are destined for failure, and that's okay. So it's okay to fail, but you g- you gotta try, so take opportunities to lead inside of your company. Whether or not it's something that's formal or informal, but just something where you are managing other people. And if you're able to do that and you do a good job, people will see it, and and it's also, again, a way that you're able to, to network and communicate. But inside of your company, you may not be able to do the things that you need to do, which means that you've got to do them outside of the company, and the only way to become a good leader is to lead. And so start creating your own opportunities to to lead, and you'll be amazed with where it can take you.

kris-rides_1_06-04-2026_152628

Yeah, 100%. It's not I'll say that, when you look at leadership positions there is not a lot of those, right? For every individual contributor, there's only, for a whole team of individual contributors, there's one leadership position, right? There might be several people trying to go for that position. So for every one person that's become a made manager, there's two annoyed people in the team that didn't get that management office offer, and are now maybe looking elsewhere to try and get that, right? So every time there's a new position come up, if it's not being filled by succession, there are a lot of people that are currently managers elsewhere that might be interested. There are other people that are team leaders that are trying to get their first manager position. So I would say throughout the whole time, I founded Tiro Security, me and Rob founded it back in 2012, and even since then the management, the manager part have been, has been the one area where we've never been short of candidates, right? It's never been a real struggle because there's always a bunch of people. Now, finding the right ones is still the challenge, right? Making sure you can filter them and you understand who's great, who's being recommended. But that level is always gonna have the most competition. And so I think you're right, like it's making yourself stand out, making people know and understand. I've spoken to a whole bunch of people at leadership positions, and a lot of the stuff that you were talking about there, I've been asking them "What are you working on?" "What are you doing with AI currently?" What When you were in that last role, what were the things that you think would have helped if you had a piece of software that did that, or there was a process that was long-winded, it should have been automated?" And I've had several like almost brainstorming conversations with people where they've been, "Wow, actually, there wasn't one thing that did all of that. I should make something." And I'm like, "Yes, you should. Yes." And there's, there's VC money out there to support you. Start making it. You can do more than you ever ha- have been able to before from now. Get yourself much further along in the process, closer to to, to being bootstrapped, right? Or getting away from bootstrapped and being, seeing that that, that investment money. You can do all of that stuff. It's in your hands. And, if you've been laid off and you're out of work currently, or even if you're working, finding the time to do that should be something that you're able to do. Who knows? Maybe the route to CISO isn't where you end up. Maybe it's the route to being a business owner or a startup owner, and

jenai-marinkovic--she-_3_06-04-2026_152628

Yes

kris-rides_1_06-04-2026_152628

so there's a lot of different ways w- that we can go right now, I think.

jenai-marinkovic--she-_3_06-04-2026_152628

I'll give you a great example. So with the this the current class, which is going to graduate next week, so we're very excited about it. I was coming up with, all right, what are the AI-based projects that we're gonna work with them on? One of the things that the students had to do every single week is their threat intelligence report. So as a team, they had to put together this very extensive threat intelligence report based on the industry vertical, which was always an industrial supply chain of some kind, so semiconductor manufacturing or telecommunications or advanced manufacturing, dealing with things like robotic systems. So it was always something along those lines, and they had to do their threat intelligence report. So very manual, many hours worth of work. And so I was like, "Okay y'all are gonna build an app." And so for the grand total of $8 a month for each one of the students, they had to build out a a threat... Each person, not even just as a team, each person had to build out a threat intelligence application. So the web application, the backend database, the APIs you name it it... They had to build out, these pretty attractive-looking threat intelligence reports and, make sure that everything mapped into the critical processes themselves, and how did you visualize that, so it's pretty impressive work that they had to do with almost no budget based on the goal of ultimately automating a process that had caused them lots of pain and anguish every single month for several months, i'm not saying, "Hey, go build a threat intelligence application." I'm saying this was a resource-intensive project that was begging for automation, and they were able to leverage Co- Cloud Cove,

kris-rides_1_06-04-2026_152628

Yeah

jenai-marinkovic--she-_3_06-04-2026_152628

in terms of building all of that. So they were able to build... It's interesting because when you start training people into cybersecurity, they don't get into the application development side of things, they don't, not at the beginning of their

kris-rides_1_06-04-2026_152628

Yeah

jenai-marinkovic--she-_3_06-04-2026_152628

And by building this application, and they had to build it securely as well, that solved a security challenge. It was multidimensional. They got to look at security through a lot of different lenses. And so that just gives you an idea of the same thing that you can do. Small and medium-sized businesses have no desire to be putting in a massive GRC platform. But guess what? They're being held to the same security requirements as large companies do. If you want to build out a lightweight GRC platform, you can totally do that for $10 a month, and I'm... Obviously, it's a little bit more than 10, but not much, so y- there's all of these really creative things that you can do in the world of cybersecurity and GRC today to solve those challenges in a way that you couldn't have done even last year

kris-rides_1_06-04-2026_152628

Yeah. Yeah. It's just changing so rapidly now. It's I think it's genuinely the most exciting time to be in the industry, in any industry, 'cause I think if you're, certainly if you're utilizing AI for anything, if you're working with it to try and solve problems or even, flesh out ideas you've got it, it's yeah, it's an amazing time to be around. I think probably a great way to end this, I usually ask with just one final piece of advice to anybody that's trying to get to that CISO title. Things are changing so rapidly that if you've got one piece of advice right now that might stand the test of time or even six months,

jenai-marinkovic--she-_3_06-04-2026_152628

Yeah

kris-rides_1_06-04-2026_152628

that would be amazing.

jenai-marinkovic--she-_3_06-04-2026_152628

So I would say, and people can argue with me all they want you're coming to the point where organizations are blended where you have human actors as well as artificially intelligent systems that you will be reporting into or working alongside or managing. I think that the CISO of the future has got to understand, how do I manage an organization that may have five people in the organization, but each of those people are managing X number of non-human entities, and what that ultimately looks like. And so you're seeing the beginnings of it right now. It's gonna grow more. And a lot of the organizational design principles that we've had today may not work for tomorrow. And so if I were trying to go for a CISO role, I would be thinking of those things. And the reason is that, look, as a CISO, you're dealing not just with executive leadership, you're dealing with boards, and those board members work with other board members who are all talking about AI and the way that AI is transforming those organizations. So even if you don't believe it, it's going to be top-down pushed down on you. I would start thinking about the way that AI is from a personnel perspective, from an organizational design perspective, is transforming things

kris-rides_1_06-04-2026_152628

Yeah. Love that. Love, love that. There's so many things we haven't spoken about, but we'll end up doing a whole bunch more of the little Byte Size ones, I know. Thank you so much. No better way to start season three than speaking to you. So thank you so much, Jenai

jenai-marinkovic--she-_3_06-04-2026_152628

Of course. Thank you so much, Kris. And thank you everybody. Continue to support Root to CISO and great G- www.grcie.org

kris-rides_1_06-04-2026_152628

Yes. Go check out GRCIE. Thank you everybody for being back with us for season three. Watch this space for more episodes to come out shortly. Bye all

Speaker

Thank you for listening to the Root to CISO podcast. If there's something you really want me to ask on the next episode, or if you're a CISO who wants to inspire the next generation, please reach out. I'll leave a URL to my LinkedIn profile and make sure you connect and message me there. We're always looking for feedback, so please don't forget to like, comment, and subscribe wherever you get your podcasts.