Do You Think These Compliance Boxes Check Themselves? (LIVE in Clearwater, FL)

In this live episode of the CISO Series Podcast recorded in Clearwater, FL, host David Spark explores the growing frustration with security compliance theater—where organizations check boxes without meaningful impact. Featuring guests Pam Lindemann, CSO and VP of Strategy for Retail and Hospitality ISAC, and Jason Mayer, Deputy CISO at Raymond James Financial, the conversation dives into the limitations of traditional security awareness training and the shift toward human risk management (HRM). Both guests agree that while rebranding training as HRM is not a panacea, success lies in embedding security into daily workflows, using real-time behavioral data, and aligning security messaging with business outcomes. They emphasize the importance of moving beyond compliance to building a culture where employees understand the 'why' behind security practices. Real-world examples of security theater—like advance-announced phishing tests and ineffective third-party risk questionnaires—are critiqued, with solutions focused on coaching, continuous improvement, and leadership buy-in. The episode concludes with actionable insights on demonstrating ROI, engaging the C-suite, and transforming security from a cost center to a business enabler.