Former CISO turned CEO Joe Silva joins CISO Kyle Bubp for an unfiltered debut: survival tips, career truths, and a few laughs from the cyber hot seat.
About the podcast — Hosted by former CISO-turned-CEO Joe Silva, this show delivers unfiltered stories, lessons, and laughs from the frontlines of cybersecurity leadership.
Vulnerability management has barely changed in twenty years. Joe Silva and CISO Kyle Bubp open the first episode of Security Theater by taking that apart, starting with the CVE and National Vulnerability Database system itself: an opportunistic, crowdsourced catalog shaped by uneven researcher motivation, not a systematic measure of real-world risk.
From there the conversation turns to what the CVE model leaves out. Privilege level rarely factors into scoring, even though software running as domain admin carries far more blast radius than the same flaw in user mode. CVSS scores can be wrong. Kyle and Joe are blunter still about compliance-driven programs and third-party vendor questionnaires: necessary but not sufficient, with breaches that passed SOC 2 attestations as the evidence.
Kyle’s prescription is organizational as much as technical: stop centralizing every vulnerability in one team, push ownership back to the people who run the systems, then stop treating every “critical” as equally critical. Joe connects it to the paradox that application security tooling is at an all-time high while CVE volume keeps climbing and outcomes stay flat.
Scan data is a starting point, not an answer. Runtime and behavioral context turn a long list into a defensible one.
The guest
VP & CISO, Avid
Kyle Bubp is VP and Chief Information Security Officer at Avid. A security leader with more than two decades of experience, he co-founded Savage Security, has served as IANS faculty, and has built and led security programs across government, defense, cloud, and enterprise environments.
The host
Co-founder & CEO, Spektion
Joe Silva is co-founder and CEO of Spektion and host of Security Theater. A former Fortune 200 CISO with a background in security and intelligence, he started Spektion to close the gap between what scanners flag and what is actually exploitable at runtime.