Podcasts about Chief information security officer

It's a topic we discuss often on Business Security Weekly: CISO Burnout. It's real, but how should you manage it? Dr. Yonesy Núñez, Global Cybersecurity Executive at Chain Bridge Bank and former Managing Director, Chief Cybersecurity Risk Officer, and Chief Information Security Officer at The Depository Trust & Clearing Corporation (DTCC), joins Business Security Weekly to share his personal insights. An advocate of CISO Health and Wellness, Yonesy will discuss how we can "Optimize the Operator" by creating harmony with mind and spirit. Segment Resources: https://councils.forbes.com/profile/Yonesy-Nunez-Global-Cybersecurity-Executive-Chain-Bridge-Bank/e79e72a5-4b18-48b1-b5ab-8a0afd47d782 In the leadership and communications segment, CISOs are cracking under pressure, How BISOs enable CISOs to scale security across the business, Great Leaders Empower Strategic Decision-Making Across the Organization, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-422

It's a topic we discuss often on Business Security Weekly: CISO Burnout. It's real, but how should you manage it? Dr. Yonesy Núñez, Global Cybersecurity Executive at Chain Bridge Bank and former Managing Director, Chief Cybersecurity Risk Officer, and Chief Information Security Officer at The Depository Trust & Clearing Corporation (DTCC), joins Business Security Weekly to share his personal insights. An advocate of CISO Health and Wellness, Yonesy will discuss how we can "Optimize the Operator" by creating harmony with mind and spirit. Segment Resources: https://councils.forbes.com/profile/Yonesy-Nunez-Global-Cybersecurity-Executive-Chain-Bridge-Bank/e79e72a5-4b18-48b1-b5ab-8a0afd47d782 In the leadership and communications segment, CISOs are cracking under pressure, How BISOs enable CISOs to scale security across the business, Great Leaders Empower Strategic Decision-Making Across the Organization, and more! Show Notes: https://securityweekly.com/bsw-422

It's a topic we discuss often on Business Security Weekly: CISO Burnout. It's real, but how should you manage it? Dr. Yonesy Núñez, Global Cybersecurity Executive at Chain Bridge Bank and former Managing Director, Chief Cybersecurity Risk Officer, and Chief Information Security Officer at The Depository Trust & Clearing Corporation (DTCC), joins Business Security Weekly to share his personal insights. An advocate of CISO Health and Wellness, Yonesy will discuss how we can "Optimize the Operator" by creating harmony with mind and spirit. Segment Resources: https://councils.forbes.com/profile/Yonesy-Nunez-Global-Cybersecurity-Executive-Chain-Bridge-Bank/e79e72a5-4b18-48b1-b5ab-8a0afd47d782 In the leadership and communications segment, CISOs are cracking under pressure, How BISOs enable CISOs to scale security across the business, Great Leaders Empower Strategic Decision-Making Across the Organization, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-422

https://www.FutureOfRisk.com/As artificial intelligence (AI) transforms the way we work and protect our businesses, are you ready for the risks—and the rewards—it brings? In this episode of the Future of Risk by Zurich North America, host Justin Hicks discusses the evolving risks of AI and machine learning with Barry Perkins, Chief Operations Officer, and Adam Page, Chief Information Security Officer. The conversation highlights concern about AI's impact on talent, entry-level jobs, and the increasing sophistication of cyber threats, including deepfakes and targeted phishing. Both Adam and Barry emphasize that while AI presents new risks—such as data breaches and disinformation—it also offers opportunities to streamline business processes and improve decision-making. The discussion underscores the importance of governance, continuous education, and adapting workforce skills to stay ahead of technological change. Ultimately, the podcast encourages businesses to embrace AI's potential while remaining vigilant about its challenges, ensuring a safer and more resilient future.Record date: 10/10/25Air date: 11/19/25In this miniseries, other episodes include:10/22/25: What is AI delivering so far11/5/25: 5 ways everyone can benefit from AI today12/3/25: What's next in AI?

It's a topic we discuss often on Business Security Weekly: CISO Burnout. It's real, but how should you manage it? Dr. Yonesy Núñez, Global Cybersecurity Executive at Chain Bridge Bank and former Managing Director, Chief Cybersecurity Risk Officer, and Chief Information Security Officer at The Depository Trust & Clearing Corporation (DTCC), joins Business Security Weekly to share his personal insights. An advocate of CISO Health and Wellness, Yonesy will discuss how we can "Optimize the Operator" by creating harmony with mind and spirit. Segment Resources: https://councils.forbes.com/profile/Yonesy-Nunez-Global-Cybersecurity-Executive-Chain-Bridge-Bank/e79e72a5-4b18-48b1-b5ab-8a0afd47d782 In the leadership and communications segment, CISOs are cracking under pressure, How BISOs enable CISOs to scale security across the business, Great Leaders Empower Strategic Decision-Making Across the Organization, and more! Show Notes: https://securityweekly.com/bsw-422

Garrett Schumacher is Business Unit Director of Product Security at Velentium Medical and the co-founder and CTO of GeneInfoSec. Garrett discusses his journey from medical student to cybersecurity expert and educator, dedicating his career to securing medical devices. He shares insights on the intersection of cybersecurity and healthcare, highlighting the challenges of protecting genetic data. Garrett gives honest advice about navigating cybersecurity and data privacy concerns, how to be a good leader, and what medtech startups should consider as they design and develop their devices.    Guest links: https://velentiummedical.com/ | https://www.geneinfosec.com/  Charity supported: Save the Children Interested in being a guest on the show or have feedback to share? Email us at theleadingdifference@velentium.com.  PRODUCTION CREDITS Host & Editor: Lindsey Dinneen Producer: Velentium Medical   EPISODE TRANSCRIPT Episode 068 - Garrett Schumacher [00:00:00] Lindsey Dinneen: Hi, I'm Lindsey and I'm talking with MedTech industry leaders on how they change lives for a better world. [00:00:09] Diane Bouis: The inventions and technologies are fascinating and so are the people who work with them. [00:00:15] Frank Jaskulke: There was a period of time where I realized, fundamentally, my job was to go hang out with really smart people that are saving lives and then do work that would help them save more lives. [00:00:28] Diane Bouis: I got into the business to save lives and it is incredibly motivating to work with people who are in that same business, saving or improving lives. [00:00:38] Duane Mancini: What better industry than where I get to wake up every day and just save people's lives. [00:00:42] Lindsey Dinneen: These are extraordinary people doing extraordinary work, and this is The Leading Difference. Hello and welcome back to another episode of the Leading Difference Podcast. I'm your host, Lindsey, and today I am excited to introduce you to my guest, Garrett Schumacher. Garrett is the Business Unit Director of Product Security at Velentium Medical, where he has led the cybersecurity efforts on 200 plus medical device products and systems. He is the co-founder and CTO of GeneInfoSec, a startup focused on securing the world's most valuable and private data, our genetic information. In his work, Garrett has trained engineers, developers, manufacturers, healthcare delivery organizations, and laboratories across the globe in cybersecurity, and is an active member of several related industry working groups. He also teaches secure product development and medical device cybersecurity at the graduate level for the University of Colorado Boulder's Department of Computer Science as an adjunct professor in the little bit of time left in his days, Garrett is either rock climbing or spending time with family. Thank you so much for being here, Garrett. I'm so excited to speak with you today. [00:01:48] Garrett Schumacher: Yeah. Thank you for having me. [00:01:49] Lindsey Dinneen: Of course. Well, I'd love, if you wouldn't mind, by starting out and sharing a little bit about yourself and your background and what led you to medtech. [00:01:59] Garrett Schumacher: Yeah. So I guess my background, I mean, it started as I always thought I was gonna be a doctor. I did my undergrad in physiology, thought I was gonna do med school, the whole nine yards. And towards the end of my, let's say junior year, just started being like, "I don't think this is what I want to do." I always had a fascination with tech. I was really involved with a lot of the tech groups on campus at the University of Colorado Boulder, early days of Hack CU, one of the largest collegiate hackathons. And I really regretted not doing a computer science degree, but I was three quarters of the way done. So sometimes you just gotta finish it up, right? Get the degree, find out what's next. After that I went and did a master's in genetics. I wasn't sure exactly what I wanted to do either yet, but hey, a master's degree is not a bad thing to do if you're unsure. And actually I was in a PhD program and dropped out early with a master's. Different story. But yeah. And then I started I helped the University of Colorado Boulder start their cybersecurity programs. So it was getting into the cyber world. I did a, I guess it was a bootcamp, at the University of Denver in cybersecurity. And so that all culminated in me always focusing on healthcare and cybersecurity together. And then COVID happened and that made the world change for a lot of people. And basically I was looking for a new job and I found Velentium, and I think that's where it really spoke to me, where I could do my love of medical and human health with cybersecurity and technology development. And so yeah, I think that's really how I got into it. I had been doing projects related to that before, but Velentium's where it really culminated and I found a place that let me do all the things I love, not just one or the other. [00:03:39] Lindsey Dinneen: That's awesome and such a wonderful gift. So can you share a little bit about what you do now and sort of your growth trajectory even throughout Velentium 'cause I know you've had quite an interesting and exciting career through the company as well. [00:03:56] Garrett Schumacher: Yeah. Yeah. So I started out as a cybersecurity engineer, and just started helping internal projects, external projects with groups that were seeking FDA approval on a medical device and trying to navigate these kind of new cybersecurity requirements. That's where it started. And even since then I've been, so I teach a class at the University of Colorado Boulder on Medical Device Cybersecurity. We're going into our sixth year of that, seventh semester, starting here in the fall. And I also co-founded a startup in the genetic information security space. So, and we can talk about that later. And so I, yeah, talk about what I do. It's all of those things and, it's not, doesn't happen in 40 hours, I promise you that. But after working as a cyber engineer for about a year, I think I got promoted to like Senior Staff Cybersecurity Engineer. Then probably three years ago, I took over more of an operational leadership role within the unit, the team, where I was doing project management and overseeing the other engineers and still doing engineering work. Definitely decided project management is not for the faint of heart and apparently my heart's very faint. It's not for me. So anyways, and then fast forward to just here in like January, February, Velentium made some really awesome changes. They rebranded as Velentium Medical to make sure everyone knew we do medical. And then they created four business units so that they could really say, "Look, we have different core areas of our business. Each of them have their own different operational needs and what have you." So, I was promoted into Business Unit Director of Product Security. And so now we're a business unit. We're a business within a business trying to better serve our clients and implement the processes we need for our small scope of work compared to a large contract development and manufacturing organization. So just that's been my growth goal so far is, come in as an engineer, work my way up to the leadership roles while also still loving to be an educator and and still having my own startup space in the biotech side of the house. [00:05:58] Lindsey Dinneen: Yeah. Excellent. Well, first of all, congratulations on all of that. That is very exciting and it's really fun to see that growth and that development. And I'm also so curious now, can we talk a little bit about your startup? So first of all, let's talk about that and then I wanna talk about the crossover between the two, if that's okay. So. [00:06:16] Garrett Schumacher: Absolutely. Yeah. So, well the name is GeneInfoSec, so it's just short for genetic information security. We're not trying to hide anything there. We focus on protecting the world's most sensitive data. At least that's our opinion is genetic information affects you. And the data you have today is not gonna be any different, for the most part, from the data that you have in, 10, 20, 40 years. But then even beyond that it's partially your children's data, your grandchildren, great-grandchildren, and then even on the, in the inverse, all the way up to your great-great-grandparents, right? You share some, to an extent, some genetic makeup with them. And so it's this really interesting space where networked privacy is-- it's a very different form of networked privacy. It's not just that I upload a photo to LinkedIn and now I could be implicating someone else that's in the photo. It's, I share my info, and I'm also sharing info that belongs to my cousins in, in, in a sense. And so if you think of the Golden State Killer case in California, that was a really interesting one where the federal authorities had genetic information or samples from a cold case in the eighties. And they sequenced that. They uploaded it to a third party, an open public genetic database, and said, "Hey, here's my data. Who am I related to?" And through that they were able to triangulate like, "Okay here it is. This is the guy that did it" many years later. So, there's a case where it's, there could be positives. We want to use it to find that kind of information and protect people. But at the same time, that brings up a lot of privacy implications. And then you can go all the way to the extreme, the sci-fi of designer bio weapons, maybe tailored to certain persons or ethnicities or groups of people. So during grad school, a couple guys and I, we founded this startup, and that's what we focus on through a technology that really our founder, Dr. Sterling Sawaya, he invented, called molecular encryption. It's a way of encrypting molecules before we generate data from them so that the generated genetic data is already, quote unquote encrypted, or at least protected in some manner. So, so that's what we do. And yeah, I guess why we do it a bit. [00:08:27] Lindsey Dinneen: Yeah. Wow. So, okay, so that brings up a really interesting question. I can guess the answer to this, but is there any safe way to-- this is a funny way to put it-- but recreationally to test your genetic data in the sense of the way that a lot of us would think about it in terms of, "Oh, I'd really love to learn more about my ancestors and things like that." But there are so many security concerns, like you've pointed out. So is there any quote unquote, safe way to do so at this time? [00:08:58] Garrett Schumacher: You know that-- it's a great question. There's been a lot of things going on in the news recently, like with, I'm sure people have heard of 23 & Me, and how they went bankrupt and now a company called Regeneron is buying them and all their assets for a lot of money, but not that much compared to what 23 & Me was worth a few years ago. So that brings up a lot of issues, right? 23 & Me still owns a lot of samples, like maybe around 10 million samples. And the sequencing they've been doing is very small. So if your genome's a whole book, they've been kind of flipping through the pages and picking specific letters, and that's the data they have. So that's not the most sensitive, it's not the full story. But if you have the samples, you can always generate the full book someday. And as that cost of full human genome sequencing decreases rapidly, someone's probably gonna want to do that someday. So, okay, so back to your question though, is there a safe way? What I would say is that I, I don't tell people not to do it. I would say if you have health reasons, concerns, and your doctor suggests a genetic test, a lot of those tests are also that similar, picking a few letters, a few known letters and trying to just read that for a very specific purpose. If your doctor and you come to the agreement that you should do that, you should just do that. However, I do not promote, and even to my family members, I highly don't recommend, using these services. I used to really love who's that group out of Utah? Ancestry.com. They used to be a great group. They were trying to sequence the world's DNA for understanding basically the family tree of everyone. Because anyways, they have interest in understanding who's related to who and how that relates to their religion. So they used to do it for internal purposes, keep it on pretty tight, secure. Well then, they sold to a venture capital group. So, it's really tough to say that there's these groups that there's a good place out there to do it. There are some companies that have security or privacy focused DNA sequencing services. But it's really odd, like you have to set up a cryptocurrency account, pay with cryptocurrency, set up a PO box so that you're not like actually shipping to and from your home. And then ultimately the price of it and how they're getting it to be cost effective is China's doing the sequencing. So you do all those privacy measures and your sample gets sent off to another country. And the FBI has disclosed that they know that when certain countries like that are doing the sequencing, whether you want them to do a little tiny test, like a COVID test or whatever it is, they're sequencing the whole thing. They're keeping the data. This is known, disclosed, not conjecture. So, yeah, so sorry-- long-winded answer of saying, I'm interested too, I wanna learn about this. I've got family members that have done it. But right now I recommend just thinking very carefully and critically about whether the immediate fun of it is worth the potential long-term impacts, and maybe if you're someone that's security or privacy conscious, maybe wait a few years because there are some things on the horizon that will make this a lot better. [00:12:02] Lindsey Dinneen: All right! Thank you for the honest answer. I really appreciate it. So, okay, I wanna go back to your work with Velentium specifically and talk about-- you've gotten to work with so many different clients over the years and you've seen so many different variations on a theme. And I'm curious, what are some of the common mistakes or pitfalls you might see a younger startup make when they are perhaps first designing their device, and cybersecurity is maybe not quite top of mind. So what are some of the things that you see that are challenges we can overcome? [00:12:41] Garrett Schumacher: Yeah I think one of the biggest challenges is that a lot of people aren't maybe aware yet of the scrutiny and the requirements that the FDA-- and not just FDA, but the European union's medical device regulations and the bodies over there that review submissions. And any, if you look across the board, pretty much almost every regulatory market has, very much in the last couple years, placed a lot of scrutiny on cybersecurity. So a lot of companies, especially smaller ones starting out in the space, may not be aware of this. And so then oftentimes they'll find out too late, they'll submit. They'll get feedback back, "Oh no, we have 90 days to respond and we didn't do cyber. We gotta do cyber now." And they don't know how to spell it yet, which is a joke. But there's that. And then there's also, or they'll get in just late at the game, "Hey, we're submitting in a month or three" and "Oh, we gotta do this thing retroactively." And so then therefore, we haven't been able to support someone through the full process, at the proper time, doing the right design things to inform the design during the design, not after. So I think that's probably the biggest mistake is not seeking that external support early and often. And if you're getting that, it shouldn't just be someone that can help you navigate the regulatory space. It shouldn't be someone that can just do the pen testing for you at the end. Really I think in that context, you need a partner that can do everything end to end. So that's what we've really tried to make our processes and our services geared towards is being that partner. And whether you have the bandwidth and you will do a lot of the documentation and work, but you just need someone to guide you, consult you, give you the materials to do so, or if you are truly looking for, no, we need to augment our own team and have you do a lot more of the work for us. That's great. We can do that. So, so that's, I think, the biggest challenge. And I think that the answer is just getting the right partner early and working with them often throughout that entire development, not at the end. [00:14:37] Lindsey Dinneen: Yeah, absolutely. And I really appreciate that perspective. I think that there's a lot more awareness, it seems like even in the industry that, "Oh, cybersecurity is a thing now." But as you said, getting to partner with somebody who does know the ins and outs from the start and can really help guide you through is really critical. Now you do quite a bit of speaking and presenting. You're obviously still teaching a college class and all of those wonderful things. I'm curious how that has played into your career as well, and is that something that you will always want to do? You've got this educator side of you as well. [00:15:13] Garrett Schumacher: Yeah, I mean, I love it. I actually taught at a high school for one year between my master's program and my undergraduate, decided that that's not for me, but that teaching at those higher levels where people are really wanting to be in the room. So now I teach at the graduate level, half of the students will be older than me. And now everybody wants to be there and we can have very mature conversations and they even can challenge me with some really great questions that I'm not ready for, right? And I think the best way to learn is to teach. Absolutely. That's, yeah. I think a lot of people have said that. I completely agree. So I plan to always do that. I mean, I love, even with our internal engineers and external clients, like the idea of helping people understand something and humanizing it for 'em. That's really my big flag I'm waving right now is humanizing it. We don't have to use alphabet soups and crazy language. We can make it easy to understand and we can humanize it for the masses. So that's really what I'm trying to do, one of my big pushes. And so I don't foresee myself ever going away from that, I even do a lot of international training on the cyber biosecurity space where I go to all these countries and these biosafety laboratories and help biologists understand cybersecurity as a fundamental practice and how they can improve their personal security, their professional security. And to me that's the most rewarding thing. [00:16:36] Lindsey Dinneen: Yeah. Oh my goodness. That's so cool. Thank you for sharing about that. So, as you are looking towards the future in the industry itself, but also I suppose your own career, what are some things that you're excited about? What are some trends that you see as being positive? I know that, recently, it's been a little bit challenging-- as a nice word-- for a lot of medical device companies and they're a little worried about funding and those kinds of things, and so, that's maybe a trend that's a little not as fun, but what are the things that are empowering and exciting to you as we move forward? [00:17:13] Garrett Schumacher: So not to make it about artificial intelligence or machine learning, 'cause everybody does. It's definitely, its hype curve. But that is actually one of the things that I think I'm most excited about, but also most scared about. We've seen a lot of companies with layoffs because they believe this artificial intelligence enables them to be more efficient and therefore they can do more with fewer people. And that saves money. And I understand that. I think that one of my big pushes right now is trying to help people understand that AI, at least right now, it's not taking over human jobs-- that it can instead augment, improve how we do those jobs. But people have to be ready for it. So even in, in my own space, like, making sure that our team and our people are ready for that. Because if you aren't getting into that space, if you aren't with the curve, then you're gonna fall behind. And yes, you could be replaced in that sense that someone has done it and so now they're doing it better than you. And so if you're not using these tools, these resources to, to improve your efficiency and to just maximize your capability-- like for example, my team, maybe I don't need to hire a person. Maybe we can build out things that enable us to, with the same amount of people, to better serve more clientele. So that's what I'm really trying to navigate. But it is scary thinking about that future and am I even gonna be ready and technically savvy enough to navigate that new future in the next year, in the next five, 10 years. And especially as someone who I've always had this, this goal of maybe someday, and I'm getting talked out of it very quickly, but maybe like being a Chief Information Security Officer at a large company or a Chief Product Security Officer, something like that. And yeah, quickly, I'm-- "Eh, we'll see." But it's those kind of things that, if we can navigate them correctly, may maybe that is something in my future. So that's, I think, one of my big fears and also passion projects right now. And then also, same on that funding vein-- with my startup, we're experiencing that as well. And we actually, we had a lot of funding potential pre COVID. And then even though our technology-- like in some ways COVID brought the need for our technology to the forefront of people's minds-- it also killed a lot of funding opportunity. And so yeah, I mean, navigating that space of how do you get funding and then does it come from venture capital backed or equity, private equity, and I've seen those worlds. I even advise startups. So I mean, that is also probably one of the biggest challenges I'm facing currently as well. [00:19:41] Lindsey Dinneen: Yeah. Yeah. It's gonna be really interesting to see how things evolve, and it's been fascinating to read the news and see even the headlines where it's like, the FDA is using AI to review submissions and all sorts of things, and you really do wonder how we'll move forward and time will tell, I suppose. [00:20:01] Garrett Schumacher: Yeah. [00:20:02] Lindsey Dinneen: So you have stepped into quite a number of leadership roles fairly young in your career, if you don't mind me just saying so, and so I'm curious how you have navigated that growth for yourself. First of all, do you feel like you were a natural leader or were those skills things you developed along the way? And secondly, what advice might you have for younger leaders? [00:20:27] Garrett Schumacher: Great questions. Yeah, definitely nothing is natural about it. I think for anyone, I mean, it's nothing that you just do and you're just like, "Yep, I'm a leader. That's easy." So it definitely something, just like all aspects of work and maturity, is you have to work on it. But I think how I got there was-- and someone told me a couple tips early in my career, I suppose-- and it was a couple are: find a mentor, and as the mentee you have to put in the effort. If you set up meetings and they're not there, whatever, like they're busy, and you are asking them to give their time for you. So, find mentors and then be a good mentee, meet up with them. I had several people that were critical in my early career. One was Bunky Davis and she was amazing. She was no longer with us, but her and I grabbed coffee every single month. She had navigated biotech startups for like 50 years, was also just a phenomenal cyclist, Olympian, like just amazing. And we'd meet up every month for coffee without missing. And we did that for several years. And, and I had another mentor from the University of Colorado Boulder, Lloyd Thrall, who came from the Department of Defense, and just a spectacular, stellar guy, and we would go meet up all the time. And so learning from these people I think I saw-- well, there's that. And then everybody has their bosses and their horror stories from work, whether that's a high school job or professional later on. And so you see the ways that people can be, you don't want to be. And so that, that makes it easy. But without having those mentors, yeah, I don't know if I would've exposed myself to the good ways, right, and the better ways, and be challenged. So that was really critical was finding a good mentor and then being a good mentee. And then I think the other thing is interacting with people and just listening, active listening. So going to the professional shows and meeting people, listening to them, reading a lot of great books out there on how to be a leader, and you don't take all that exactly word for word, but there are golden little nuggets that you can just pick up out of all those things. So, no, definitely something that I have actively worked on and still am trying to work on. And then I'm constantly trying to listen and being that, have that open door policy for my people too. Because if I hire really smart people, I want them to do the thinking and therefore I need to listen. [00:22:44] Lindsey Dinneen: There you go. I love it. All right, so. You've had a really interesting and exciting career so far, and you're obviously very passionate about medtech and cybersecurity and biotech and all those things, and I'm wondering if along the way there are any moments that really stand out to you as affirming, "Wow, I am in the right place at the right time." [00:23:09] Garrett Schumacher: Yeah. Yeah. One was we had a really special project where and I won't give any names away, but basically my stepmother has an implant inside of her and it's it's not life sustaining, but it's one that you want working just so that your body's working normally, and so that you're not, not embarrassed. You can go into public spaces and be a normal person, right? And whether it's pain management, incontinence, those kind of things. So she had this implant and it was, she had one that came from the leading provider of that at the time. And it, the battery life, right, is supposed to last like 10 or 15 years, and it seemed like pretty much seven or eight was all she was getting out of it. And after decades of having far more surgeries than she needed, all the way up to the very last device she got in her-- it failed within the first year, I think-- so it was like, okay, time to pivot. And we found this new company and they've become a huge leader in the space, recently acquired by another one of the big leaders in medtech in general. And we were hired to do the security work for that project. And the only reason that I actually found out-- because my stepmother was literally like in the process of getting this new device inside of her-- I was at that client's facility doing a pen testing and security testing engagement and some consulting and just visiting them. And I FaceTimed my family in the break room and there was a sign behind me and they're like, "Oh my gosh. We're literally, we just got that implanted in your stepmother like, a couple weeks ago. It's working great. She's so happy with it. It's smaller, it works better, all these things." And it's like, "Wow." So I got to lead the security effort and what they're actually doing is adding remote programming capabilities so a doctor can, over the phone, be improving that therapy for you. But that leads to a lot of cybersecurity implications, right? That kind of connectivity. And so I gotta lead the security work on that for something that is in a near and dear, your family member. And it's those kind of things where it's not, you're not just helping patients. It's, I'm helping someone that I care very deeply about. And it hits home differently when it's not just, "Oh, I want this device to be secure. I want them to get FDA clearance. I want whatever." It's, "No, I need now, I need for my own family member for it to be the best." And it's not that project got special scrutiny from us-- we bring that to every project-- but it helps to have the actual experience of one of those projects. [00:25:33] Lindsey Dinneen: Yeah. And to have that real-- well, you were mentioning it-- not just patients that I kept thinking, "Yeah. Not just patients, people," and the idea of it's sometimes probably necessary honestly, to have a little bit of separation from a clinical point of, "I'm helping all of these patients, and that's a really good thing." But then if you could take a step back and go, "And these patients are human beings that rely on what I'm doing for safety and for security and for this lifesaving, life enhancing device." That's-- what a gift to get to experience something like that. [00:26:04] Garrett Schumacher: It is, it's especially like, if you work in the diabetes-- we've had several projects with insulin pumps-- and insulin's a drug that is, highly toxic if given in the wrong dosage. 99% of the world population would die if it's in the wrong dosage if it's too high. And the only reason the other 1% exist is 'cause they're insulin intolerant. They just, they don't respond to insulin and that's why they have their own type of diabetic issues. And I've got several cousins, a brother-in-law, that also use that stuff every day, rely on those kind of technologies. So, yeah, just it's a little bit more special when it's when you get to do that. But we try to do that for everyone. We try to think of everyone's that person that we're trying to help. [00:26:42] Lindsey Dinneen: Yeah, absolutely. All right. Well, this has been so great, but pivoting the conversation a little bit, just for fun. Imagine that you were to be offered a million dollars to teach a masterclass on anything you want. What would you choose to teach and why? [00:26:59] Garrett Schumacher: Ooh. Well, yeah, first of all, a million dollars for-- I feel like I, I'd have to go with something like that I know deeply, very deeply on. But okay, if I wanna have some fun here, I would say rock climbing, because rock climbing is my other big passion. It's the one thing that takes me away from a computer screen typically. And so if you're paying me a million dollars to teach rock climbing, A, these people really wanna learn how to be good rock climbers, so they're gonna be very engaged. And B, that's going to mean that I can go now actually make money on something that has only ever been a passion for me. So, that would be fun. That would be awesome. [00:27:33] Lindsey Dinneen: Awesome. [00:27:33] Garrett Schumacher: If you're offering, Lindsey, I'll accept. [00:27:35] Lindsey Dinneen: Okay, deal, right? Yeah. I'm gonna have to earn my first million first, and then I'll let you know. [00:27:40] Garrett Schumacher: I'll wait. [00:27:41] Lindsey Dinneen: Okay, fair? Fair enough. What got you into rock climbing? [00:27:45] Garrett Schumacher: Oh man. Well, so my mother was, I grew up in like a small farming town in the northeast corner of Colorado. There's not a mountain for, until you get to Denver area, right? In the summers, she worked at the local college, and in the summers she ran the ropes course and they had a giant rock wall. So, I mean, as a 10-year-old, I'm just hanging out there. I didn't know that there was routes or certain ways or techniques. I just, who can get up the fastest, right? But that was always fun. That was my summers. I always, and I was, shoot, I was always told I was a monkey. I was always on stuff climbing something. I've had my share of injuries from it, trust me. And then in college, it just was natural. I went to CU Boulder, as I've probably already said, and a lot of outdoor climbing opportunities. A lot of, they, they built a new gym there inside the school. And so that then it became this thing where, oh, I can actually-- as you move away from high school sports, basketball and American football and those things, you miss that. You can miss some competitiveness and some team-based things. So now I had another active thing that I could-- and I, again, I wasn't so formal in technique or things like that-- so now I could work with people, socialize and work on that technique in something that I was able to do at that level, instead of, I'm not gonna go beat myself up playing football again. So, yeah, I think that's where it came from. And then it's just been my big hobby ever since. And I mean, now I have a bunch of friends down in Austin, Texas, and we go on a big climbing trip once a year, and I see them once a year. It's fun. So it's like expanded my friend group and it keeps me sane. [00:29:14] Lindsey Dinneen: Huh. Excellent. Yes. That's wonderful. All right. How do you wish to be remembered after you leave this world? [00:29:22] Garrett Schumacher: Oh, that's a good one. How do you humbly answer that? When part of the answer I would wanna say is humble, but that's something I always try to work on, is I just wanna be a good guy. I want people to remember that, he was kind, considerate-- would do something at the drop of a hat for you without expecting anything in return-- just kind, generous. And I think a family guy would be a big one. My, my friends and family first and foremost. And maybe second to that, hardworking. Yeah. [00:29:46] Lindsey Dinneen: Yeah. I love that. All right. And final question. What is one thing that makes you smile every time you see or think about it? [00:29:55] Garrett Schumacher: Oh, my wife. I wake up to her every day and that's she's the best part about everything. So yeah, she's my favorite person, and I'm lucky enough to, when I'm not traveling, wake up next to her and see her at night, and that's the best part. [00:30:08] Lindsey Dinneen: Yeah, absolutely. What a wonderful thing. Well, this has been a fantastic conversation, Garrett. I'm so thankful for your time today. Thank you for sharing some of your stories, some of your advice. And I just honestly wish you the most continued success as you work to change lives for a better world. [00:30:26] Garrett Schumacher: Thank you. Thank you, Lindsey, for having me. This was my first podcast ever. So it went great. Yeah, it was fine. [00:30:32] Lindsey Dinneen: Awesome. You rocked it. Good job. That's wonderful. All right, well, celebrating that and celebrating all your future successes to come. We are so honored to be making a donation on your behalf as a thank you for your time today to Save the Children, which works to end the cycle of poverty by ensuring communities have the resources to provide children with a healthy, educational, and safe environment. So thank you so much for choosing that charity to support, and thank you so much for being here and thank you for doing what you do. [00:31:05] Garrett Schumacher: Thank you. [00:31:07] Lindsey Dinneen: Excellent, and thank you also to our listeners for tuning in, and if you're feeling as inspired as I am, I'd love it if you'd share this episode with a colleague or two and we'll catch you next time. [00:31:19] Dan Purvis: The Leading Difference is brought to you by Velentium Medical. Velentium Medical is a full service CDMO, serving medtech clients worldwide to securely design, manufacture, and test class two and class three medical devices. Velentium Medical's four units include research and development-- pairing electronic and mechanical design, embedded firmware, mobile app development, and cloud systems with the human factor studies and systems engineering necessary to streamline medical device regulatory approval; contract manufacturing-- building medical products at the prototype, clinical, and commercial levels in the US, as well as in low cost regions in 1345 certified and FDA registered Class VII clean rooms; cybersecurity-- generating the 12 cybersecurity design artifacts required for FDA submission; and automated test systems, assuring that every device produced is exactly the same as the device that was approved. Visit VelentiumMedical.com to explore how we can work together to change lives for a better world.

Leveraging AI-powered solutions to anticipate, detect and contain asymmetric cyber threatsAugmenting security teams through AI efficiencies – reducing alert fatigue whilst improving detection speed and accuracyBest AI security practices on safeguarding critical systems and sensitive data against AI-driven cyber threatsThom Langford, Host, teissTalkhttps://www.linkedin.com/in/thomlangford/Michela Resta, Solicitor, CyXcelhttps://www.linkedin.com/in/michelarestacyxcel/Paolo Palumbo, Vice President, WithSecure Intelligencehttps://www.linkedin.com/in/paolopalumbo/Tiago Rosado, Chief Information Security Officer, Asitehttps://www.linkedin.com/in/tiagorosado/

Chris Rock is a cyber mercenary who has worked in the Middle East, US and Asia for the last 30 years, working for both government and private organizations. He is the Chief Information Security Officer and co-founder of SIEMonster. In this episode, Rock joins host Heather Engel to discuss his book, "The Baby Harvest," which sheds light on how criminals are making and raising virtual babies to adulthood to be put on the shelf for money laundering, fraud and drug and firearm importation. • For more on cybersecurity, visit us at https://cybersecurityventures.com

Today's episode is hosted by Chris Hackett and they are joined on the podcast by Vida Ahmadi Mehri, Data & AI Governance Officer at Electrolux Group, Frederick Lamartin, Chief Information Security Officer at PwC Sweden, Mikael Lagström, Head of Application Security – SE/DK Team at DNV Cyber, and Adam Machnikowski, Head of IT & Security at Schibsted & Vend Polska. The conversation explores how organisations across the Nordics are integrating artificial intelligence and automation within Microsoft Dynamics 365 to drive smarter, more secure, and more efficient operations. The guests share insights into aligning technology with governance principles and ensuring compliance while adopting intelligent tools at scale. The exchange highlights practical approaches to strengthening cybersecurity frameworks, maintaining data integrity, and supporting innovation across enterprise systems. Listeners gain valuable perspectives on the evolving relationship between AI, automation, and business transformation in complex digital environments.

In this episode of the Autonomous IT, host Landon Miles dives deep into the world of vulnerabilities, exploits, and the psychology behind cyberattacks. From the story of Log4j and its massive global impact to the difference between hackers and attackers, this episode explores how and why breaches happen—and what can be done to stop them.Joining Landon is Jason Kikta, Chief Technology Officer and Chief Information Security Officer at Automox, Marine Corps veteran, and former leader at U.S. Cyber Command. Together, they break down attacker motivations, how to recognize threat patterns, and why understanding your own network better than your adversaries is the key to effective defense.Key Takeaways:The five stages of a vulnerability: introduction, discovery, disclosure, exploitation, and patching.Why Log4j became one of the most devastating vulnerabilities in modern history.How to identify attacker types and motivations.The mindset and methodology of effective defense.Why “good IT starts with good security.”Whether you're a cybersecurity professional, IT leader, or just curious about how cyberattacks really work, this episode offers practical insights from the front lines of digital defense.

Public sector organizations are under siege—ransomware attacks are now more frequent and sophisticated than ever before. In this episode, our Cybersecurity Working Group dives into two recent cyberattacks that struck at the heart of our nation's courts, targeting justice systems that millions rely on each day.Returning to the host's chair is Larry Zorio, Chair of the Cybersecurity Working Group and Chief Information Security Officer at Mark43. Larry leads an insightful discussion with David Slayton, Court Executive Officer and Clerk of the Court for the Superior Court of Los Angeles County, and Robert Adelardi, Chief Information Officer for the 11th Judicial Circuit Court of Florida in Miami-Dade County. Both guests bring invaluable frontline perspectives from courts that have faced ransomware threats head-on and persevered.David and Robert offer a behind-the-scenes account of what it was like when ransomware disrupted core court operations. They'll recount how their teams mobilized in real time, the critical decisions made under pressure, and the practical steps every court and public sector agency can take to strengthen defenses and recovery plans.

This week we sit down with Ben Wilcox, a tech leader who straddles two high-stakes worlds as both Chief Technology Officer and Chief Information Security Officer at ProArch. Ben shares how a teenage interest in “link lists” and web hosting turned into a 25-year career at the intersection of innovation and cybersecurity. We talk about what it really means to balance the drive to move fast with the need to stay secure, and whether those two priorities can truly coexist under one roof.From high-profile AI prompt injection attacks targeting Microsoft Copilot to the growing sophistication of indirect exploits that manipulate corporate systems through AI agents, Ben breaks down what's happening behind the headlines and how companies can protect themselves. He also opens up about his passion for car racing, a world that mirrors his approach to tech: fast, calculated, and always built with safety in mind. Ben then closes with some simple advice: say yes to new things, whether it's tackling the next wave of AI risks or trying something unexpected outside of work, curiosity and courage are what keep you ahead of the curve. Ben Wilcox is the Chief Technology Officer and Chief Information Security Officer at ProArch, a global IT consulting firm helping enterprises secure their data and accelerate digital transformation through strategic Microsoft partnerships. With more than 25 years of experience in technology leadership, Ben brings a rare dual perspective—driving innovation while protecting the business from ever-evolving cyber threats. Known for making complex topics approachable, he's passionate about helping organizations move fast without breaking things, preparing their infrastructure for AI, and building security into the foundation of innovation. When he's not guiding enterprises through digital change, you might find him on a racetrack, channeling the same balance of speed and precision that defines his work in tech.

In this episode of Between Product and Partnerships, Cristina Flaschen, CEO of Pandium, speaks with Nate Lee, Founder of Cloudsec.ai, about the evolving challenges of security in SaaS ecosystems, AI, and integrations. Their conversation explores lessons from real-world incidents, risk management in fast-moving environments, and the emerging landscape of AI agents.Nate's Background and Security PerspectiveWith over a decade of experience as a Chief Information Security Officer, Nate has helped scale-ups build security programs focused on AI-native startups and cloud environments. His approach is grounded in pragmatism, meaning prevention is important, but effective detection, response, and transparency are what define resilience when incidents occur.Lessons from Real-World IncidentsReflecting on recent industry breaches such as the SalesLoft incident, Nate illustrates how small misconfigurations across systems like GitHub or AWS can trigger cascading risks. Even organizations with robust security teams remain vulnerable. He emphasizes the importance of continuous monitoring, anomaly detection, and disciplined response planning as part of a company's operating DNA.Mitigation, Communication, and RunbooksFor smaller teams, Nate and Cristina highlight the value of preparation and clarity when managing incidents. Segregating responsibilities allows engineers to focus on resolving issues while communications are handled transparently and calmly by others. Tabletop exercises (simulations of potential breaches) help teams respond confidently when real situations arise. Above all, Nate underscores the need for transparent communication with customers and stakeholders. Clear, factual updates that explain what happened, its impact, and next steps build far more trust than spin or silence. Having ready-made messaging frameworks also helps reduce the stress of decision-making during high-pressure moments.AI Agents and Emerging RisksThe conversation then turns to the rapidly expanding role of AI agents in modern workflows. Nate explains that while these systems deliver tremendous efficiency gains, they also introduce new and unpredictable risks. Unlike traditional deterministic workflows, AI agents can act in unexpected ways, sometimes interpreting instructions beyond what developers intend. Threats such as prompt injection and the rise of unmonitored AI tools (or “shadow IT”) add layers of complexity. As adoption accelerates, maintaining visibility and control becomes critical.Despite these challenges, Nate remains optimistic about AI's potential. He advocates for mindful adoption (understanding the risks, their likelihood, and the potential business impact) while ensuring that innovation and productivity continue to advance responsibly.Building Trust and Future-Proofing SecurityFor Nate, trust is the foundation of security. Whether developing integrations, deploying AI tools, or managing internal systems, organizations must design processes that foster transparency, encourage safe experimentation, and promote continuous learning. Building a culture of accountability and openness not only reduces risk but also strengthens long-term relationships with customers and partners.Looking AheadNate is currently launching Trustmind, a platform that automates security due diligence and streamlines third-party risk management for organizations working with multiple vendors and integrations.For more insights on partnerships, ecosystems and integrations, visit www.pandium.comTo learn more about Cloudsec., go to https://cloudsec.ai/

In a world where employees can now include autonomous identities with operational access and decision-making power, traditional security models are being pushed to the limit. AI agents have become embedded across enterprise operations and they’re unlocking new frontiers of productivity which is exposing unseen vulnerabilities. On Industry Insight, Lynlee Foo speaks to Kevin Kirkwood, Chief Information Security Officer at Exabeam to find out why conventional defences are falling short, and what best practices global companies are adopting to safeguard enterprise environments against a new class of AI-powered insider threats.See omnystudio.com/listener for privacy information.

Welcome back to the Identity Jedi Show! In this episode, host David Identity Jedi sits down with Rich Rhodes, Chief Information Security Officer at Choice Bank, for a candid and insightful conversation about leadership, team building, and the evolving world of identity security.Episode Highlights:Rich's journey from small-town Minnesota to the CISO seatThe evolution of identity management to identity securityWhy people and process matter more than technology in cybersecurityBuilding and leading high-performing, people-first teamsLessons learned from mergers, acquisitions, and industry consolidationThe importance of empathy, mentorship, and authentic leadershipNavigating the challenges of cloud computing and disaster recoveryIndustry trends: platform consolidation, subscription models, and the rise of new playersSpotlight: Yes ID — an Okta alternative for small businessesQuick-fire questions: best advice, favorite food spots, and travel dreamsKey Takeaways:Leadership is about empowering others, not just holding a title.The biggest challenges in identity security are still about people and process, not just technology.Team success comes from trust, clear expectations, and genuine care for each member.The industry is changing fast, but the fundamentals of good leadership remain the same.Featured Guest:Rich Rhodes — CISO at Choice Bank, with decades of experience in IT, security, and team leadership.Resources & Mentions:YeshID (Okta alternative for small businesses)Identity Jedi newsletter and blogLeovici gear (discount code: IdentityJedi)Connect with Us:Subscribe to the Identity Jedi newsletter at theidentityjedi.comSend your questions for the upcoming mailbag episode: identityjedi@gmail.comFollow us on Spotify, YouTube, and your favorite podcast platformsThank you for tuning in! If you enjoyed this episode, please like, rate, and subscribe. Be good to each other, be kind to each, love each other, and we'll see you next time on the Identity Jedi Show.

The concept of DevSecOps has been around long enough that it's now firmly established in most federal agencies, but using it to produce secure software on a regular basis takes careful planning. Darren Death is the Chief Information Security Officer at the Export Import Bank, and Madhuri Sammid is the Deputy Associate Chief Information Officer at the Bureau of Safety and Environmental Enforcement. They talked with Federal News Network's Jared serbu As part of our 2025 Cyber Leaders Exchange.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Michael chats with Russell Teague, Chief Information Security Officer (CISO) at Fortified Health Security. Together, they discuss how the role of CISO is evolving amid today's cyber threat landscape and regulatory environment, areas in which healthcare needs to improve cyber resilience, why experience is so important in the clinical environment when selecting a vendor or SOC service partner, how CISOs can mitigate massive cyber disruptions and risks, and much more. To learn more about Fortified Health Security, visit FortifiedHealthSecurity.com.

Today's episode is hosted by Chris Hackett and they are joined on the podcast by Sadetta Postareff, Principal Information Security Manager at atNorth, Heidi Holm, Chief Information Security Officer at Lindab Group, Gabriel Winnberg, Critical Flow Resilience Manager at IKEA, and Peter Saverman, Cyber Security Officer at Emulate Energy AB. The conversation explores the evolving role of security in modern organisations, examining how information security leadership contributes to business resilience, trust, and operational excellence. Together, the guests discuss the intersection of security strategy, technological transformation, and cultural awareness within digital ecosystems. The exchange highlights the importance of embedding security into decision-making, empowering teams, and managing risk proactively. Listeners will gain insights into building a strong security culture, aligning protection goals with business growth, and ensuring that security becomes a shared responsibility across all levels of the organisation.

Nassim Eddequiouaq is co-founder and CEO of Bastion, a pioneer in regulated stablecoin infrastructure and NYDFS-certified provider. Bastion is the stablecoin issuance platform for financial institutions and enterprises. Prior to founding Bastion, Nass was the Chief Information Security Officer at a16z Crypto, and held senior management roles across Security and Infrastructure at Facebook, Anchorage, Docker, and Apple. He received a M.S. in Computer Science from Ecole d'Ingénieurs en Informatique. In this conversation, we discuss:- What happened on the 10/10 crypto crash? - Winners and losers after the crypto crash  - Bridging traditional finance and digital assets through enterprise-ready solutions  - The diverse use cases of stablecoins  - Why stablecoins (especially USD-pegged) are poised for mass enterprise adoption  - The growing interest in branded stablecoins  - Bastion's NYDFS trust charter  - GENIUS Act and STABLE Act  - Why regulatory clarity is critical  - Privacy for stablecoin users  BastionX: @BastionPlatformWebsite: bastion.comLinkedIn: BastionNassim EddequiouaqX: @nassyweazyLinkedIn: Nassim Eddequiouaq---------------------------------------------------------------------------------This episode is brought to you by PrimeXBT.PrimeXBT offers a robust trading system for both beginners and professional traders that demand highly reliable market data and performance. Traders of all experience levels can easily design and customize layouts and widgets to best fit their trading style. PrimeXBT is always offering innovative products and professional trading conditions to all customers.  PrimeXBT is running an exclusive promotion for listeners of the podcast. After making your first deposit, 50% of that first deposit will be credited to your account as a bonus that can be used as additional collateral to open positions. Code: CRYPTONEWS50 This promotion is available for a month after activation. Click the link below: PrimeXBT x CRYPTONEWS50

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   In this episode, Justin interviews Katherine Henry of Bradley, Arant, Boult, Cummings, and Harold (Hal) Weston of Georgia State University, Greenberg School of Risk Science, who are here to discuss their new professional report, “A 2025 Cybersecurity Legal Safe Harbor Overview.” Katherine and Hal take the discussion beyond the pages and delve into best cybersecurity practices, cyber insurance, and Safe Harbor laws offered by some states and possibly to be offered soon by others. They discuss frameworks and standards, and what compliance means for your organization, partly based on your state law.   Listen for advice to help you be prepared against cybercrime.   Key Takeaways: [:01] About RIMS and RIMScast. [:16] About this episode of RIMScast. We will be joined by the authors of the legislative review, “A 2025 Cybersecurity Legal Safe Harbor Overview”, Katherine Henry and Harold Weston. Katherine and Harold are also prominent members of the RIMS Public Policy Committee. [:48] Katherine and Harold are also here to talk about Cybersecurity Awareness Month and safe practices. But first…  [:53] RIMS-CRMP Prep Workshops! The next RIMS-CRMP Prep Workshops will be held on October 29th and 30th and led by John Button. [1:05] The next RIMS-CRMP-FED Virtual Workshop will be held on November 11th and 12th and led by Joseph Mayo. Links to these courses can be found through the Certifications page of RIMS.org and through this episode's show notes. [1:23] RIMS Virtual Workshops! RIMS has launched a new course, “Intro to ERM for Senior Leaders.” It will be held again on November 4th and 5th and will be led by Elise Farnham. [1:37] On November 11th and 12th, Chris Hansen will lead “Fundamentals of Insurance”. It features everything you've always wanted to know about insurance but were afraid to ask. Fear not; ask Chris Hansen! RIMS members always enjoy deep discounts on the virtual workshops! [1:56] The full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's notes. [2:08] Several RIMS Webinars are being hosted this Fall. On October 16th, Zurich returns to deliver “Jury Dynamics: How Juries Shape Today's Legal Landscape”. On October 30th, Swiss Re will present “Parametric Insurance: Providing Financial Certainty in Uncertain Times”. [2:28] On November 6th, HUB will present “Geopolitical Whiplash — Building Resilient Global Risk Programs in an Unstable World”. Register at RIMS.org/Webinars. [2:40] Before we get on with the show, I wanted to let you know that this episode was recorded in the first week of October. That means we are amid a Federal Government shutdown. RIMS has produced a special report on “Key Considerations Regarding U.S. Government Shutdown.” [2:58] This is an apolitical problem. It is available in the Risk Knowledge section of RIMS.org, and a link is in this episode's show notes. Visit RIMS.org/Advocacy for more updates. [3:12] Remember to save March 18th and 19th on your calendars for the RIMS Legislative Summit 2026, which will be held in Washington, D.C. I will continue to keep you informed about that critical event. [3:24] On with the show! It's National Cybersecurity Awareness Month here in the U.S. and in many places around the world. Cyber continues to be a top risk among organizations of all sizes in the public and private sectors. [3:40] That is why I'm delighted that Katherine Henry and Harold (Hal) Weston are here to discuss their new professional report, “A 2025 Cybersecurity Legal Safe Harbor Overview”. [3:52] This report provides a general overview of expected cybersecurity measures that organizations must take to satisfy legal Safe Harbor requirements. [4:01] It summarizes state Safe Harbor laws that have been developed to ensure organizations are proactive about cybersecurity and that digital, financial, and intellectual assets are legally protected when that inevitable cyber attack occurs. [4:15] We are here to extend the dialogue. Let's get started! [4:21] Interview! Katherine Henry and Hal Weston, welcome to RIMScast! [4:41] Katherine was one of he first guests on RIMScast. Katherine is Chair of the Policyholder Insurance Coverage Practice at Bradley, Arant, Boult, Cummings. Her office is based in Washington, D.C. She works with risk managers all day on insurance issues. [5:05] Katherine has been a member of the RIMS Public Policy Committee for several years. She serves as an advisor to the Committee. [5:12] Justin thanks Katherine for her contributions to RIMS. [5:25] Hal is with Georgia State University. He has been with RIMS for a couple of decades. Hal says he and Katherine have served together on the RIMS Public Policy Committee for maybe 10 years. [5:48] Hal is a professor at Georgia State University, a Clinical Associate in the Robinson College of Business, Greenberg School of Risk Science, where he teaches risk management and insurance. Before his current role, Hal was an insurance lawyer, both regulatory and coverage. [6:05] Hal has a lot of students. He is grading exams this week. He has standards for his class. In the real world, so does a business. [6:46] Katherine and Hal met through the RIMS Public Policy Committee. They started together on some subcommittees. Now they see each other at the annual meeting and on monthly calls. [7:05] Katherine and Hal just released a legislative review during RIMS's 75th anniversary, “A 2025 Cybersecurity Legal Safe Harbor Overview”. It is available on the Risk Knowledge page of RIMS.org. [7:20] We're going to get a little bit of dialogue that extends beyond the pages. [7:31] Katherine explains Safe Harbor: When parties are potentially liable to third parties for claims, certain states have instilled Safe Harbor Laws that say, If you comply with these requirements, we'll provide you some liability protection. [7:45] Katherine recommends that you read the paper to see what the laws are in your state. The purpose of the paper is to describe some of those Safe Harbor laws, as well as all the risks. [8:04] October 14th, the date this episode is released, is World Standards Day. Hal calls that good news. Justin says the report has a correlation with the standards in the risk field. [8:43] Justin states that many states tie Safe Harbor eligibility to frameworks like NIST, the ISO/IEC 27000, and CIS Controls. [9:27] Hal says, There are several standards, and it would be up to the Chief Information Security Officer to guide a company on which framework might be most appropriate for them. There are the NIST, UL, and ISO, and they overlap quite a bit. [9:56] These are recognized standards. In some states, if a company has met this standard of cybersecurity, a lawsuit against the company for breach of its standard of care for maintaining its information systems would probably be defensible for having met a recognized standard. [10:23] Katherine adds that as risk managers, we can't make the decision about which of these external standards is the best. Many organizations have a Cybersecurity Officer responsible for this. [10:44] For smaller organizations, there are other options, including outsourcing to a vendor. Their insurance companies may have recommendations. So you're not on your own in making this decision. [11:14] Katherine says firms should definitely aim for one recognized standard. Katherine recommends you try to adhere to the highest standard. If you are global, you need to be conscious of standards in other countries. [11:46] Hal says California tends to have the highest standards for privacy and data protection. If you're a financial services company, you're subject to New York State's Department of Financial Services Cyber Regulation. [12:02] If you're operating in Europe, GDPR is going to be the guiding standard for what you should do. Hal agrees with Katherine: Any company that spans multiple states should pick the highest standard and stick to that, rather than try to implement five or 52 standards. [12:23] When you're overseas, you may not be able to just pick the highest standard; there are challenges in going from one country or region of Europe back to the U.S. If one is higher, it will probably be easier. [12:38] There are major differences between the U.S., which has little Federal protection, vs. state protection. [13:10] Katherine says if you don't have the internal infrastructure, and you can't afford that infrastructure, the best thing is to pivot to an outside vendor. There are many available, with a broad price range. Your cyber insurer may also have some vendors they already work with. [13:40] Hal would add, Don't just think about Safe Harbors. That's just a legal defense. Think about how you reduce the risk by adopting standards or hiring outside firms that will provide that kind of risk protection and IT management. [13:59] If they're doing it right, they may tell you the standards they use, and they may have additional protocols, whether or not they fall within those standards, that would also be desirable. A mid-sized firm is probably outsourcing it to begin with. [14:21] They have to be thinking about it as risk, rather than just Safe Harbor. You have to navigate to the Safe Harbor. You don't just get there. [14:31] Quick Break! RISKWORLD 2026 will be in Philadelphia, Pennsylvania, from May 3rd through the 6th. RIMS members can now lock in the 2025 rate for a full conference pass to RISKWORLD 2026 when you register by October 30th! [14:50] This also lets you enjoy earlier access to the RISKWORLD hotel block. Register by October 30th, and you will also be entered to win a $500 raffle! Do not miss out on this chance to plan and score some of these extra perks! [15:03] The members-only registration link is in this episode's show notes. If you are not yet a member, this is the time to join us! Visit RIMS.org/Membership and build your network with us here at RIMS! [15:16] The RIMS Legislative Summit 2026 is mentioned during today's episode. Be sure to mark your calendar for March 18th and 19th in Washington, D.C. Keep those dates open. [15:28] Join us in Washington, D.C., for two days of Congressional Meetings, networking, and advocating on behalf of the risk management community. Visit RIMS.org/Advocacy for more information and updates.  [15:41] Let's return to our interview with Katherine Henry and Hal Weston! [15:54] We're talking about their new paper, “A 2025 Cybersecurity Legal Safe Harbor Overview”. Katherine mentions that some businesses are regulated. They have to comply with external regulatory standards. [16:38] Other small brick-and-mortar businesses may not have any standards they have to comply with. They look for what to do to protect themselves from cyber risk, and how to tell others they are doing that. [16:54] If you can meet the standards of Safe Harbor laws, a lot of which are preventative, before a breach, you can inform your customers, “These are the protections we have for your data.” You can tell your board, “These are the steps we're taking in place.” [17:13] You can look down the requirements of the Safe Harbor law in your state or a comparable state, and see steps you can take in advance so you can say, “We are doing these things and that makes our system safer for you and protects your data.” [17:34] Hal says you don't want to have a breach, and if you do, it would be embarrassing to admit you were late applying a patch, implementing multi-factor authentication, or another security measure. By following standards of better cyber protection, you avoid those exposures. [18:07] Hal says every company has either been hacked and knows it, or has been hacked and doesn't know it. If you're attacked by a nation-state that is non-preventable, you're in good shape. [18:26] If you're attacked because you've left some ports open on your system, or other things that are usually caught in cybersecurity analyses or assessments, that's the embarrassing part. You don't want to be in that position. [18:43] Katherine says it's not just your own systems, but if you rely on vendors, you want to ensure that the vendors have the proper security systems in place so that your data, to the extent that it's transmitted to them, is not at risk. [19:07] Also, make sure that your vendors have cyber insurance and that you're an additional insured on that vendor's policy if there's any potential exposure. [19:22] Hal says If you're using a cloud provider, do you understand what the cloud provider is doing? In most cases, they will provide better security than what you could do on your own, but there have been news stories that even some of those have not been perfect. [20:22] Hal talks about the importance of encryption. It's in the state statutes and regulations. There have been news stories of companies that didn't encrypt their data on their servers or in the cloud, and didn't understand encryption, when a data breach was revealed. [20:52] Hal places multi-factor authentication up with encryption in importance. There was a case brought against a company that did not have MFA, even though it said on its application on the cyber policy that the company used it. [21:13] Hal says these are standard, basic things that no company should be missing. If you don't know that your data is encrypted, get help fast to figure that out. [21:51] Hal has also seen news stories of major companies where the Chief Technology Officer has been sued individually, either by the SEC or others, for not doing it right. [22:07] Katherine mentions there are insurance implications. If you mistakenly state you're providing some sort of protection on your insurance application that you're not providing, the insurer can rescind your coverage, so you have no coverage in place at all. [22:23] Katherine says, These are technical safeguards, but we know the human factor is one of the greatest risks in cybersecurity. Having training for everyone who has access to your computer system, virtually everyone in your organization, is very important. [22:49] Have a test with questions like, Is this a spam email or a real email? There are some vendors who can do all this for you. Statistics show that the human element is one of the most significant problems in cybersecurity protection. [23:05] Justin says it's October, Cybersecurity Awareness Month in the U.S. Last week's guest, Gwenn Cujdik, the Incident Response and Cyber Services Lead for North America at AXA XL, said the number one cyber risk is human error, like clicking the phishing link.  [23:45] Justin brings up that when he was recently on vacation, he got an email on his personal email account, “from his CEO,” asking him to handle something for them. Justin texted somebody else at RIMS, asking if they got the same email, and they hadn't. [24:14] Justin sent the suspect email to the IT director to handle. You have to be vigilant. Don't let your guard down for a second. [24:48] Katherine has received fake emails, as well. [24:51] Hal says it has happened to so many people. Messages about gift cards or the vendor having a new bank account. Call the vendor that you know and ask what this is. [25:12] Hall continues. It's important to train employees in cybersecurity, making sure that they are using a VPN when they are outside of the office, or even a VPN that's specific to your company. [25:32] Hal saw in the news recently that innocent-looking PDF files can harbor lots of malware. If you're not expecting a PDF file from somebody, don't click on that, even if you know them. Get verification. Start a new thread with the person who sent it and ask if it is a legitimate PDF. [26:08] Justin says of cybercriminals that they are smart and their tactics evolve faster than legislation. How can organizations anticipate the next generation of threats? [26:34] Katherine says, You need to have an infrastructure in your organization that does that, or you need to go to an outside vendor. You need some sort of protection, internally or externally. [27:11] Katherine says she works with CFOs all the time. If an organization isn't large enough to have a risk manager, it's a natural fit for the CFO, who handles finances, to handle insurance. When it comes to cybersecurity, a CFO needs help. [27:46] The CFO should check the cyber policy to see what support services are already there and see if there are any that are preventative, vs. after a breach. If there are not, Katherine suggests pivoting to an outside vendor. [28:07] Hal continues, This interview is for RIMS members who are risk managers and the global risk community. Risk managers don't claim to know all the risk control measures throughout a company. They rely upon the experts in the company and outside. [28:29] If the CFO is the risk manager, he or she has big gaps in expertise needed for risk management. It's the same for the General Counsel running risk management. Risk managers are known for having small staffs and working with everybody else to get the right answers. [28:55] If you're dealing with the CFO or General Counsel in those roles, they need to be even more mindful to work with the right experts for guidance. [29:09] One Final Break! As many of you know, the RIMS ERM Conference 2025 will be held on November 17th and 18th in Seattle, Washington. We recently had ERM Conference Keynote Speaker Dan Chuparkoff on the show. [29:26] He is back, just to deliver a quick message about what you can expect from his keynote on “AI and the Future of Risk.” Dan, welcome back to RIMScast! [29:37] Dan says, Greetings, RIMS members and the global risk community! I'm Dan Chuparkoff, AI expert and the CEO of Reinvention Labs. I'm delighted to be your opening keynote on November 17th at the RIMS ERM Conference 2025 in Seattle, Washington. [29:52] Artificial Intelligence is fueling the next era of work, productivity, and innovation. There are challenges in navigating anything new. This is especially true for risk management, as enterprises adapt to shifting global policies, economic swings, and a new generation of talent. [30:10] We'll have a realistic discussion about the challenges of preparing for the future of AI. To learn more about my keynote, “AI and the Future of Risk Management,”  and how AI will impact Enterprise Risk Management for you, listen to my episode of RIMScast at RIMS.org/Dan. [30:29] Be sure to register for the RIMS ERM Conference 2025, in Seattle, Washington, on November 17th and 18th, by visiting the Events page on RIMS.org. I look forward to seeing you all there. [30:40] Justin thanks Dan and looks forward to seeing him again on November 17th and hearing all about the future of AI and risk management! [30:48] Let's Conclude Our Interview about Navigating Cyber and IT Practices to Legal Safe Harbors with Katherine Henry and Hal Weston! [31:17] Katherine tells about how Safe Harbor compliance influences cyber insurance. If your organization applies for cyber insurance and you can't meet some minimum threshold that will be identified on the application, the insurer will not even offer you cyber insurance. [31:34] You need to have some cyber protections in place. That's just to procure insurance. Cyber insurance availability is growing. Your broker can bring you more insurers to quote if you can show robust safeguards. [32:05] After the breach, your insurer is supposed to step in to help you. Your insurer will be mindful of whether or not your policy application is correct and that you have all these protections in place. [32:21] The more protections you have, the quicker you might be able to shut down the breach, and the resulting damage from the breach, and that will lower the resulting cost of the claim and have less of an impact on future premiums. [32:36] If the cyber insurer just had to pay out the limits because something wasn't in place, that quote next year is not going to look so pretty. Your protections have a direct impact on both the availability and cost of coverage. [32:50] Justin mentions that the paper highlights Connecticut, Tennessee, Iowa, Ohio, Utah, and Oregon as the states with Safe Harbor laws. The Federal requirements are also listed. Katherine expects that more states will offer Safe Harbor laws as cybercrime lawsuits increase. [33:42] Hal says Oregon, Ohio, and Utah were the leaders in creating Safe Harbors. Some of the other states have followed. Safe Harbor is a statutory protection against liability claims brought by the public. [34:06] In other states, you can't point to a statute that gives protection, but you can say you complied with the highest standards in the nation, and you probably have a pretty defensible case against a claim for not having kept up with your duty to protect against a cyber attack. [34:55] Hal adds that every company is going to be sued, and the claim is that you failed to do something. If you have protected yourself with all the known best practices, as they evolve, what more is a company supposed to do? [35:18] The adversaries are nation-states; they are professional criminals, sometimes operating under the protection of nation-states, and they're using artificial intelligence to craft even more devious ways to get in. [36:19] Katherine speaks from a historical perspective. A decade ago, cyber insurance was available, but there was no appetite for it. There wasn't an understanding of the risk. [36:32] As breaches began to happen and to multiply, in large amounts of exposure, with companies looking at millions of dollars in claims, interest grew. Katherine would be surprised today if any responsible board didn't take cyber risk extremely seriously. [36:55] The board's decision now is what limits to purchase and from whom, and not, “Should we have cyber insurance at all?” Katherine doesn't think it's an issue anymore in any medium-sized company. [37:17] The risk manager should present to the board, “We benchmark. Our broker benchmarks. Companies of our size have had this type of claim, with this type of exposure, and they've purchased this amount of limits. We need to be at least in that place.” Boards will be receptive. [37:43] If they are not receptive, put on a PowerPoint with all the data that's out there about how bad the situation is. The average cost of a breach is well over $2 million. The statistics are quite alarming. A wise decision-maker will understand that you need to procure this coverage. [38:10] Katherine says, from the cybersecurity side, you procure the coverage, you protect the company, and take advantage of the Safe Harbors. All of those things come together with the preventative measures we've been talking about. [38:24] You can show your decision-makers and stakeholders that if you do all those things, comply with these Safe Harbor provisions, you're going to minimize your exposure, increase the availability of insurance, and keep your premiums down. It's a win-win package. [38:41] Justin says, It has been such a pleasure to meet you, Hal, and thank you for joining us. Katherine, it is an annual pleasure to see you. We're going to see you, most likely, at the RIM Legislative Summit, March 18th and 19th, 2026, in Washington, D.C. [39:01] Details to come, at RIMS.org/Advocacy. Katherine, you'll be there to answer questions. Katherine looks forward to the Summit. She has gone there for years. It's a great opportunity for risk managers to speak directly to decision-makers about things that are important to them. [39:42] Special thanks again to Katherine Henry and Hal Weston for joining us here today on RIMScast! Remember to download the new RIMS Legislative Review, “A 2025 Cybersecurity Legal Safe Harbor Overview”. [39:58] We are past the 30-day mark now, so the review is publicly available through the Risk Knowledge Page of RIMS.org. You can also visit RIMS.org/Advocacy for more information. In this episode's notes, I've got links to Katherine's prior RIMScast appearances. [40:18] Plug Time! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in the show notes. [40:47] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [41:05] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [41:22] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [41:39] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [41:53] Justin Smulison is the Business Content Manager at RIMS. Please remember to subscribe to RIMScast on your favorite podcasting app. You can email us at Content@RIMS.org. [42:05] Practice good risk management, stay safe, and thank you again for your continuous support!   Links: RIMS Professional Report: “A 2025 Cybersecurity Legal Safe Harbor Overview” RISK PAC | RIMS Advocacy | RIMS Legislative Summit SAVE THE DATE — March 18‒19, 2026 RIMS ERM Conference 2025 — Nov. 17‒18 RISKWORLD 2026 — Members-only early registration through Oct 30! RIMS-Certified Risk Management Professional (RIMS-CRMP) The Strategic and Enterprise Risk Center RIMS Diversity Equity Inclusion Council RIMS Risk Management magazine | Contribute RIMS Now Cybersecurity Awareness Month World Standards Day — Oct 14, 2025 Upcoming RIMS Webinars: RIMS.org/Webinars “Jury Dynamics: How Juries Shape Today's Legal Landscape” | Oct. 16, 2025 | Sponsored by Zurich “Parametric Insurance: Providing Financial Certainty in Uncertain Times” | Oct. 30, 2025 | Sponsored by Swiss Re “Geopolitical Whiplash — Building Resilient Global Risk Programs in an Unstable World” | Nov. 6 | Sponsored by Hub   Upcoming RIMS-CRMP Prep Virtual Workshops: RIMS-CRMP Virtual Exam Prep — Oct. 29‒30, 2025 RIMS-CRMP-FED Exam Prep Virtual Workshop — November 11‒12 Full RIMS-CRMP Prep Course Schedule “Risk Appetite Management” | Oct 22‒23 | Instructor: Ken Baker “Intro to ERM for Senior Leaders” | Nov. 4‒5 | Instructor: Elise Farnham “Fundamentals of Insurance” | Nov. 11‒12 | Instructor: Chris Hansen “Leveraging Data and Analytics for Continuous Risk Management (Part I)” | Dec 4. See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Related RIMScast Episodes about Cyber and with Katherine Henry: “National Cybersecurity Awareness Month 2025 with Gwenn Cujdik” “AI Risks and Compliance with Chris Maguire” “Data Privacy and Protection with CISA Chief Privacy Officer James Burd” “Cyberrisk Trends in 2025 with Tod Eberle of Shadowserver” “Legal and Risk Trends with Kathrine Henry (2023)”   Sponsored RIMScast Episodes: “The New Reality of Risk Engineering: From Code Compliance to Resilience” | Sponsored by AXA XL (New!) “Change Management: AI's Role in Loss Control and Property Insurance” | Sponsored by Global Risk Consultants, a TÜV SÜD Company Demystifying Multinational Fronting Insurance Programs | Sponsored by Zurich “Understanding Third-Party Litigation Funding” | Sponsored by Zurich “What Risk Managers Can Learn From School Shootings” | Sponsored by Merrill Herzog “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS President Kristen Peed!   RIMS Events, Education, and Services: RIMS Risk Maturity Model®   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guests: Katherine Henry, Partner and Chair of the Policyholder Coverage Practice, Bradley, Arant, Boult, and Cummings   Harold Weston, Clinical Associate Professor and WSIA Distinguished Chair in Risk Management and Insurance, Georgia State University College of Law Production and engineering provided by Podfly.  

A critical zero-day in Oracle E-Business Suite is under active exploitation.  ICE plans a major expansion of its social media surveillance operations. Discord confirms a third-party data breach. A critical vulnerability in the Unity game engine could allow arbitrary code execution. New variants of the XWorm remote access trojan spread through phishing campaigns. Researchers uncover a critical command injection flaw in Dell UnityVSA storage appliances. There's been a sharp surge in reconnaissance scans targeting Palo Alto Networks login portals.  A new hacking competition offers $4.5 million in prizes for exploits targeting major cloud and AI software. Monday Business Brief. On our Afternoon Cyber Tea segment with Microsoft's Ann Johnson, Ann and guest Volker Wagner⁠, Chief Information Security Officer at BASF, share some Lessons from the Frontlines of Industrial Security. Don't spend that ParkMobile settlement all in one place.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Afternoon Cyber Tea Segment Today we are highlighting Afternoon Cyber Tea with Ann Johnson. Ann and guest Volker Wagner⁠, Chief Information Security Officer at BASF, share some Lessons from the Frontlines of Industrial Security. You can listen to Ann and Volker's full conversation⁠ here⁠ and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app. Selected Reading PoC Exploit Released for Remotely Exploitable Oracle E-Business Suite 0-Day Vulnerability (Cyber Security News) ICE Wants to Build Out a 24/7 Social Media Surveillance Team (WIRED) Discord blames third-party support outfit for data breach (The Register) Android and Windows gamers worldwide potentially affected by bug in Unity game engine (The Record) XWorm malware resurfaces with ransomware module, over 35 plugins (Bleeping Computer) Patch Now: Dell UnityVSA Flaw Allows Command Execution Without Login (HackRead) Scanning of Palo Alto Portals Surges 500% (Infosecurity Magazine) $4.5 Million Offered in New Cloud Hacking Competition (SecurityWeek) Accenture acquires Japanese AI and DX provider, Aidemy Inc. (N2K Pro Business Briefing) ParkMobile pays... $1 each for 2021 data breach that hit 22 million (Bleeping Computer) Vote for Dave! Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our ⁠brief listener survey⁠. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our ⁠media kit⁠. Contact us at ⁠cyberwire@n2k.com⁠ to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Join Amanda Garcia and Dan Wilkins, CISO for the Arizona Department of Economic Security, as they explore the intersection of AI, automation, and collaboration in public sector cybersecurity. Dan shares practical strategies for building a proactive defense, leveraging emerging tech, and fostering the partnerships essential for resilience in an evolving threat landscape.   Dan Wilkens, Chief Information Security Officer, Arizona Department of Economic Security For more great insights head to www.PublicSectorNetwork.co  

Volker Wagner, Chief Information Security Officer at BASF, joins Ann on this week's episode of Afternoon Cyber Tea to  talk shop on what it really takes to defend one of the world's largest chemical companies. From his early days in auditing to leading global cyber for high-stakes industrial and research environments, Volker shares battle-tested insights on resilience, Zero Trust, and the fundamentals that never go out of style. He dives into the hard lessons learned from ransomware, the realities of third-party risk, and how AI is reshaping everything from incident response to supply chain security. Most importantly, he makes the case for why trust, communication, and culture aren't soft skills—they're survival skills for modern CISOs.  Resources:   View Volker Wagner on LinkedIn           View Ann Johnson on LinkedIn    Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast   The BlueHat Podcast    Uncovering Hidden Risks           Discover and follow other Microsoft podcasts at microsoft.com/podcasts      Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.

Higher education institutions are increasingly at risk from cyberattacks that threaten enrollment, accreditation, financial aid compliance, and reputation. In this episode of the Changing Higher Ed® podcast, Dr. Drumm McNaughton speaks with Brian Kelly, Chief Information Security Officer at Community Health Networks of Connecticut and former higher education CISO, about why cybersecurity must be treated as an enterprise risk—not just an IT issue. This conversation is especially relevant for presidents, trustees, and senior leaders who need to understand how cyber risk intersects with governance, strategic planning, crisis management, and accreditation readiness. Topics Covered: Why higher education is a prime target for cyberattacks How ransomware and data breaches disrupt core institutional functions The governance responsibilities of boards in overseeing cybersecurity Cyber implications for strategic planning and reputation management Why accreditation and compliance can be undermined by cyber breaches Protecting research and intellectual property from cyber threats Building a campus culture of shared cybersecurity responsibility The leadership succession gap in higher ed cybersecurity Core practices every institution should adopt during Cybersecurity Awareness Month Real-World Examples Discussed: United Healthcare and Social Security data compromises PowerSchool breach exposing minors to identity theft Target and Home Depot breaches as case studies in reputational damage F-35 design theft highlighting the value of intellectual property Scam examples including PayPal fraud, fake purchase confirmations, and LinkedIn phishing Leadership succession in action: Cathy Hubbs' retirement and Harry Hoffman's appointment Three Key Takeaways for Higher Ed Leadership: Plan for resilience, not just prevention—institutions must continue to operate during and after cyber incidents. Make cybersecurity a shared responsibility—leaders must ensure accountability across the campus community. Include cyber in board oversight—cyber risk is part of governance, enterprise risk management, and accreditation readiness. Read the transcript or extended show summary: https://changinghighered.com/cybersecurity-risk-management-in-higher-education/ #HigherEdCybersecurity #BoardGovernance #HigherEducationPodcast

70% of critical security debt stems from third-party code - what can be done upstream?How real-time threat intelligence and policy enforcement are closing the gapWhy DORA and modern CI/CD pipelines demand pre-emptive visibility and automation Thom Langford, Host, teissTalkhttps://www.linkedin.com/in/thomlangford/Paul Holland, Cyber Capability Manager, Royal Mailhttps://www.linkedin.com/in/paulinfosec/Tiago Rosado, Chief Information Security Officer, Asitehttps://www.linkedin.com/in/tiagorosado/Jean Carlos, Information Security Lead, Trade Republichttps://www.linkedin.com/in/jeanpcarlos/John Smith, CTO of EMEA, Veracodehttps://www.linkedin.com/in/jtsmith123

In this episode, Stephen Woods from the WA Department of Justice explores why cyber resilience is essential for protecting sensitive public data and services. He breaks resilience into four stages—anticipate, withstand, recover, and adapt—emphasising that cyberattacks are inevitable, but preparation and testing make the difference. From regional connectivity challenges to incident simulations like the Corporate Compromise Game, Stephen shows how planning, collaboration, and transparency strengthen response. He also highlights diversity as a superpower—with varied perspectives, cultural insights, and neurodiverse talent improving detection, decision-making, and innovation. His core message: resilience isn't just about technology, it's about people, culture, and trust. Stephen Woods, Chief Information Security Officer, Department of Justice WA   For more great insights head to www.PublicSectorNetwork.co 

The decision to leave a successful corporate position and start a company requires more than just identifying a market opportunity. For Shankar Somasundaram, it required witnessing firsthand how traditional cybersecurity approaches consistently failed in the environments that matter most to society: hospitals, manufacturing plants, power facilities, and critical infrastructure.Somasundaram's path to founding Asimily began with diverse technical experience spanning telecommunications and early machine learning development. This foundation proved essential when he transitioned to cybersecurity, eventually building and growing the IoT security division at a major enterprise security company.During his corporate tenure, Somasundaram gained direct exposure to security challenges across healthcare systems, industrial facilities, utilities, manufacturing plants, and oil and gas operations. Each vertical revealed the same fundamental problem: existing security solutions were designed for traditional IT environments where confidentiality and integrity took precedence, but operational technology environments operated under entirely different rules.The mismatch became clear through everyday operational realities. Hospital ultrasound machines couldn't be taken offline during procedures for security updates. Manufacturing production lines couldn't be rebooted for patches without scheduling expensive downtime. Power plant control systems required continuous availability to serve communities. These environments prioritized operational continuity above traditional security controls.Beyond technical challenges, Somasundaram observed a persistent communication gap between security and operations teams. IT security professionals spoke in terms of vulnerabilities and patch management. Operations teams focused on uptime, safety protocols, and production schedules. Neither group had effective frameworks for translating their concerns into language the other could understand and act upon.This divide created frustration for Chief Security Officers who understood risks existed but lacked clear paths to mitigation that wouldn't disrupt critical business operations. Organizations could identify thousands of vulnerabilities across their operational technology environments, but struggled to prioritize which issues actually posed meaningful risks given their specific operational contexts.Somasundaram recognized an opportunity to approach this problem differently. Rather than building another vulnerability scanner or forcing operational environments to conform to IT security models, he envisioned a platform that would provide contextual risk analysis and actionable mitigation strategies tailored to operational requirements.The decision to leave corporate security and start Asimily wasn't impulsive. Somasundaram had previous entrepreneurial experience and understood the startup process. He waited for the right convergence of market need, personal readiness, and strategic opportunity. When corporate priorities shifted through acquisitions, the conditions aligned for his departure.Asimily's founding mission centered on bridging the gap between operational technology and information technology teams. The company wouldn't just build another security tool; it would create a translation layer enabling different organizational departments to collaborate effectively on risk reduction.This approach required understanding multiple stakeholder perspectives within client organizations. Sometimes the primary user would be a Chief Information Security Officer. Other times, it might be a manufacturing operations head managing production floors, or a clinical operations director in healthcare. The platform needed to serve all these perspectives while maintaining technical depth.Somasundaram's product engineering background informed this multi-stakeholder approach. His experience with complex system integration—from telecommunications infrastructure to machine learning algorithms—provided insight into how security platforms could integrate with existing IT infrastructure while addressing operational technology requirements.The vision extended beyond traditional vulnerability management to comprehensive risk analysis considering operational context, business impact, and regulatory requirements. Rather than treating all vulnerabilities equally, Asimily would analyze each device within its specific environment and use case, providing organizations with actionable intelligence for informed decision-making.Somasundaram's entrepreneurial journey illustrates how diverse technical experience, industry knowledge, and strategic timing converge to address complex market problems. His transition from corporate executive to startup founder demonstrates how deep industry exposure can reveal opportunities to solve problems that established players might overlook or underestimate.Today, as healthcare systems, manufacturing facilities, and critical infrastructure become increasingly connected, the vision Somasundaram brought to Asimily's founding has proven both timely and necessary. The company's development reflects not just market demand, but the value of approaching familiar problems from fresh perspectives informed by real operational experience.Learn more about Asimily: itspm.ag/asimily-104921Note: This story contains promotional content. Learn more.Guest: Shankar Somasundaram, CEO & Founder, Asimily  | On LinkedIn: https://www.linkedin.com/in/shankar-somasundaram-a7315b/Company Directory: https://www.itspmagazine.com/directory/asimilyResourcesLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

We discuss Charlie Kirk, NATO article 4 and psyops. Tom Luongo is a former research chemist, amateur dairy goat farmer, libertarian, and economist whose work can be found on Zero Hedge and Newsmax Media. He hosts the Gold Goats ‘n Guns Podcast.LTC Steven Murray is a retired U.S. Army Lieutenant Colonel who served as an Information Warfare Officer and Cyber Defense Battalion Commander. With extensive experience in cyber operations and intelligence, he commanded units supporting the United States Pacific Command, U.S. Army Pacific Forces, and the National Security Agency. He was deployed to Iraq during Operation Enduring Freedom, earning a Bronze Star, and has held roles such as Chief Information Security Officer for a large medical company. To watch the Full Cornerstone Forum: https://open.substack.com/pub/shaunnewmanpodcastGet your voice heard: Text Shaun 587-217-8500Silver Gold Bull Links:Website: https://silvergoldbull.ca/Email: SNP@silvergoldbull.comText Grahame: (587) 441-9100Bow Valley Credit UnionBitcoin: www.bowvalleycu.com/en/personal/investing-wealth/bitcoin-gatewayEmail: welcome@BowValleycu.com Use the code “SNP” on all ordersProphet River Links:Website: store.prophetriver.com/Email: SNP@prophetriver.comExpat Money SummitWebsite: ExpatMoneySummit.com

Join us for a fascinating conversation with Zach Lewis, Chief Information Officer and Chief Information Security Officer at the University of Health Sciences and Pharmacy in St. Louis, as he reveals the surprising parallels between homesteading and cybersecurity. Discover how his experience with chickens and fences led to a philosophy of "defense in depth" that protects critical data. Zach shares his journey from individual contributor to award-winning leader, emphasizing the importance of raising your hand for new challenges and empowering your team to succeed. This episode is packed with wisdom on building trust before a crisis, navigating change, and leveraging AI for personal and professional growth. You won't want to miss his insights on what it takes to protect an organization and how he's normalizing the conversation around cybersecurity breaches in his new book, Locked Up.Guest Links:Zach's LinkedInUniversity of Health Sciences & Pharmacy St. LouisThe Homesteading CISOBook: Locked Up: Cybersecurity Threat Mitigation Lessons From a Real-World LockBit Ransomware ResponseCredits: Host: Lisa Nichols, Executive Producer: Jenny Heal, Marketing Support: Landon Burke and Joe Szynkowski, Podcast Engineer: Portside Media

In this episode of Life of a CISO, Dr. Eric Cole dives deep into simplicity, time management, and the foundations of being a world-class Chief Information Security Officer. He explains how rebooting your life and career—just like you reboot a slow computer—can help clear distractions and focus on what truly matters. Dr. Cole also shares strategies for creating a strategic cybersecurity playbook, aligning with executives, setting risk tolerance, and reclaiming wasted time. Whether you're a seasoned CISO or aspiring to lead in cybersecurity, this episode is packed with actionable advice to improve your efficiency, influence, and impact. Learn how to: Reset your priorities and eliminate inefficiencies Track your time and focus on high-value activities Develop a strategic cybersecurity playbook Communicate your vision to executives Set risk tolerance that aligns with your organization Tune in and start transforming your approach to cybersecurity and leadership today.  

In this episode, host Olivier Lafontaine speaks with Amanda Turcotte, SVP and Chief Actuary at Amalgamated Life Insurance Company, and Darwin Larrison, VP and Chief Information Security Officer at Modern Woodmen of America, about how their teams are navigating the changing landscape of artificial intelligence in life insurance. Amanda shares how her company is applying tools like Amazon Q and Intelligent Document Processing to streamline customer support and data handling. Darwin explains how governance frameworks, vendor partnerships, and licensing decisions are shaping how AI tools like Copilot are being deployed securely and responsibly. Throughout the session, Amanda and Darwin bring their unique perspectives from actuarial and security leadership to highlight what AI can realistically deliver today, and how insurers can prepare for what's ahead.   Key Takeaways: Adopting AI in insurance requires more than tools. It demands structure, governance, and cultural buy-in. Licensing strategies and vendor partnerships can quietly shape how innovation spreads inside an organization. AI can help small carriers scale smarter by turning everyday data into operational advantage.   Jump Into the Conversation: (00:00) Meet Amanda Turcotte and Darwin Larrison (02:18) Why insurance leaders are cautious with AI (06:44) Using Amazon Q to speed up service (08:11) Building a centralized CRM with AI features (11:27) Who gets access to Copilot and why (14:50) AI's role in institutional memory and training (19:00) Building a governance group for responsible AI (23:29) How to upskill non-tech employees on AI (29:17) Why transcription still faces internal resistance (38:15) What startups do differently with AI adoption (40:31) Predictions on how AI will transform insurance jobs Resources: Connect with Amanda Turcotte: https://www.linkedin.com/in/amanda-turcotte-7a436413/ Connect with Darwin Larrison: https://www.linkedin.com/in/darwinlarrison/ Check out Amalgamated Life Insurance Company: https://www.amalgamatedbenefits.com/amalgamated-life/ Check out Modern Woodmen of America: https://www.modernwoodmen.org/ Connect with Olivier: https://www.linkedin.com/in/olivierlafontaine/

In this episode of the Identity at the Center podcast, hosts Jeff and Jim dive into an enriching discussion with Shawna Hofer, Chief Information Security Officer at St. Luke's Health System in Idaho. Discover the vital link between cybersecurity and patient safety, the evolving role of AI in healthcare, and the challenges of integrating new technologies securely. Shawna shares her unique journey from an identity and access management manager to a CISO, offering valuable insights on risk management, data privacy, machine identities, and resilient security infrastructure. This is a must-watch episode for anyone interested in the intersection of healthcare and cybersecurity!Timestamps:00:00 Introduction and Podcast Overview00:37 ID Pro Membership Benefits03:35 Conferences and Events06:03 Introducing Shawna Hofer07:00 Shawna's Journey to CISO10:55 Identity Security in Healthcare13:49 Balancing Security and User Experience19:08 Challenges with IoT in Healthcare24:27 AI in Healthcare Security30:01 Upskilling for AI in Security33:07 The Ever-Improving AI Landscape33:21 Embracing the AI Mindset33:58 Resiliency in Healthcare and AI35:06 The Future of Jobs in an AI-Driven World37:37 Trusting AI in Security Decisions40:56 Learning the Language of Risk43:44 Making the Business Case for Identity45:50 Balancing Security Investments51:48 The Future of Healthcare and AI54:40 Fun and Food: The Potato Question01:02:13 Closing Remarks and FarewellConnect with Shawna: https://www.linkedin.com/in/shawna-hofer-7259b21a/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

In this solo episode of Life of a CISO, Dr. Eric Cole returns to the mic after a series of interviews to dive deep into the #1 foundational skill every Chief Information Security Officer must master—securing internet-facing servers. With the rising wave of breaches hitting not just Fortune 50 giants but small and mid-size companies, Dr. Cole walks through the exact steps you must take to go back to basics and become a world-class CISO. From identifying forgotten assets to hardening authentication and revamping your patching strategy, this episode is your blueprint to stop attacks before they start. Dr. Cole also shares real-world breach examples, discusses the risks of relying solely on IT, and explains why a functioning change control board and MFA implementation for admins are non-negotiable. 

In this inspiring episode of Life of a CISO, Dr. Eric Cole sits down with Zachary Lewis, Chief Information Security Officer at the University of Health Sciences and Pharmacy in St. Louis. With over five years in the CISO seat and a career that spans startups, coal plants, and higher education, Zach shares his unique journey from sysadmin to security leader. This episode offers a front-row seat into what it really takes to pivot into cybersecurity leadership—especially when you're coming from the IT side. Zach breaks down how to make the transition, why leadership trumps deep technical skills at the CISO level, and how to build credibility even when you don't have decades of cyber experience under your belt. But this conversation goes beyond resumes and frameworks. Zach and Dr. Cole dig deep into the realities of leading during a global crisis—Zach took his role just weeks before COVID—and how a ransomware incident became a turning point in proving the strength of his security program. For aspiring CISOs and current security leaders alike, this episode is full of wisdom on how to lead with calm, build board-level trust, and turn unexpected challenges into defining moments. Whether you're just starting out or looking to sharpen your executive edge, Zach's story is a blueprint worth studying.

This episode recorded live at the Becker's Hospital Review 15th Annual Meeting features Matt Morton, Executive Director and Chief Information Security Officer, University of Chicago. He shares how his team is securing AI tools like Phoenix AI to support clinical research, discusses the cybersecurity staffing and resource challenges faced by academic medical centers, and emphasizes the importance of adaptability in leading through rapid technological change.

This episode recorded live at the Becker's Hospital Review 15th Annual Meeting features Trevor Martin, Chief Information Security Officer, UW Health. He shares how his team is navigating AI implementation through staff literacy initiatives, advancing virtual care to improve access, and fostering a culture of flexibility and human-centered leadership.

Today's guest is Bryan Willett, Chief Information Security Officer at Lexmark, joining Emerj Senior Editor Matthew DeMello to explore how organizations can navigate the trade-offs between cloud and on-prem AI deployments—balancing speed to market, cost efficiency, and the protection of sensitive data. Bryan also emphasizes the importance of a strong governance triad—security, privacy, and AI teams working together—to ensure ethical, compliant, and effective AI adoption. From managing data surges in IoT and biometrics to creating hybrid storage strategies, he shares actionable insights for leaders in security, IT, and AI strategy. This episode is sponsored by Pure Storage. Learn how brands work with Emerj and other Emerj Media options at emerj.com/ad1. Want to share your AI adoption story with executive peers? Click emerj.com/expert2 for more information and to be a potential future guest on the ‘AI in Business' podcast!

Send Bidemi a Text Message!In this episode, host Bidemi Ologunde spoke with Scott Alldridge, a nationally recognized cybersecurity leader with over 30 years of experience transforming how organizations approach digital risk and operational excellence. As CEO of IP Services, one of the industry's most trusted cybersecurity firms, Scott has guided 150+ clients across healthcare, finance, and manufacturing toward regulatory compliance and cyber resilience.Scott is the co-founder of the IT Process Institute and visionary behind the VisibleOps methodology – a revolutionary framework that has shaped global IT standards and sold over 400,000 copies worldwide. His latest work, "VisibleOps Cybersecurity," reached Amazon bestseller status and provides the definitive roadmap for integrating Zero Trust principles with business operations.Certified as Chief Information Security Officer with an MBA in Cybersecurity and Harvard certification in Technology and Privacy, Scott bridges the gap between technical complexity and executive decision-making. His proprietary Total Control System delivers measurable business outcomes for organizations seeking operational excellence.Support the show

In this episode of The New CISO, host Steve Moore speaks with Marius Poskus, Chief Information Security Officer at Glow Financial Services and creator of the Cyber Diaries podcast. Marius shares his journey from physical security into cybersecurity leadership—and how he did it without relying on traditional certifications.Marius reflects on how self-directed learning, mentorship, and a strong personal brand helped him pivot careers and thrive in the FinTech space. He explains why the security industry needs to stop glorifying certifications, how to break in through SOC roles, and what truly makes a candidate stand out in interviews. From coaching new talent to advising startups on go-to-market strategies, Marius emphasizes that attitude and aptitude matter far more than credentials.Key Topics Covered:Why Marius walked away from a career in physical security—and how that experience shaped his cyber pathThe critical difference between certification collecting and real-world skill developmentWhy most entry-level cybersecurity roles are in SOCs—and how to leverage thatHow sharing your learning journey online builds credibility and unlocks job opportunitiesThe two A's that matter most when hiring: attitude and aptitudeCommon mistakes startups make when targeting CISOs and building security toolsThe growing risks of “AI-washing” and what real AI innovation should look likeWhy mentorship only works when mentees are willing to put in the workHow to shift from security awareness “stick” tactics to culture-based collaborationWhat it means to build a personal brand that outlasts your job titleMarius' story proves that cybersecurity success doesn't come from certificates—it comes from curiosity, consistency, and community. Whether you're just starting your career or leading a security team, this episode will inspire you to focus on what really moves the needle.Marius Poskus Podcast - Cyber Diaries Podcast

Protecting against sophisticated AI-powered attacks on APIs - identifying anomalies and threatsMeeting API compliance and data protection challenges with emerging technologiesMoving towards a mature posture for API securityThom Langford, Host, teissTalkhttps://www.linkedin.com/in/thomlangford/Tiago Rosado, Chief Information Security Officer, Asitehttps://www.linkedin.com/in/tiagorosado/Anne Coulombe, CISO, Bleuet LLChttps://www.linkedin.com/in/annecoulombe/Menachem Perlman,  Director, Global Solutions Engineering at Akamai Technologies - API Security,  Akamaihttps://www.linkedin.com/in/menachemperlman/

Today's guest is Bryan Willett, Chief Information Security Officer. Bryan discusses how organizations can shift security from a reactive compliance task to a strategic advantage by leveraging AI partnerships and transparent communication. He explains how proactive security packages and AI-driven tools streamline vendor due diligence and RFP responses, reducing bottlenecks and improving cross-team collaboration. Bryan also emphasizes the importance of evaluating vendor development hygiene and maintaining developer awareness as key components to managing evolving AI-enabled cyber threats. This episode is sponsored by Aquant. Learn how brands work with Emerj and other Emerj Media options at emerj.com/ad1. Want to share your AI adoption story with executive peers? Click emerj.com/expert2 for more information and to be a potential future guest on the ‘AI in Business' podcast!

RKON Chief Revenue Officer, Brian Jeffords, sits down with Chief Information Security Officer, Gerard Onorato, and Director of IAM & Zero Trust, Duane Clouse, to unpack how organizations are navigating the growing complexity of Identity and Access Management. Together, they explore the challenges of managing identities across hybrid environments, diverse tools, and expanding user types—while addressing mounting regulatory pressure, evolving cyber threats, and the accelerating pace of technology.

In this powerful episode, we sit down with cybersecurity executive and thought leader Tammy Klotz to explore the profound impact of compassionate leadership in high-stakes environments. Tammy shares a deeply personal story of receiving crucial support from a leader during a professional and personal crisis—a moment that shaped her own leadership philosophy and redefined how she views strength in the workplace.We discuss what it means to show vulnerability in a world that often demands perfection, and why soft skills like emotional intelligence, grace, and empathy aren't optional—they're essential. Tammy opens up about how leaders can create psychological safety, establish rituals that foster connection and trust, and give explicit permission for authenticity, rest, boundaries, and even failure.This conversation is a masterclass in human-centered leadership and a reminder that some of the most powerful things leaders can offer don't come from a playbook—they come from the heart.Topics Covered:The moment a leader's support changed everythingCreating space for vulnerability in high-performing teamsWhy emotional intelligence and empathy are critical leadership skillsBuilding team rituals that support culture and connectionThe impact of leaders giving “permission” to be humanGuest Bio:Tammy Klotz is the Chief Information Security Officer at Trinseo, a Top 100 CISO, and the author of Leading with Empathy & Grace. With over 30 years in cybersecurity leadership, she is redefining what it means to lead with both strength and soul. She holds esteemed certifications including CISM, CISSP, and CRISC, and has earned notable accolades such as the 2022 Covanta Leadership Award and recognition as a Top 100 CISO by Cyber Defense Magazine in 2023. Tammy is also the author of "Leading with Empathy & Grace: Secrets to Developing High-Performing Teams", where she shares insights on leadership, resilience, and emotional intelligence.Resources: Leading with Empathy and Grace - Tammy KlotzLeading with Empathy and Grace: Secrets to Developing High- Performing TeamsRituals Roadmap - Erica KeswinRituals Roadmap: The Human Way to Transform Everyday Routines into Workplace MagicThe Anxious Generation - Jonathan Haidt The Anxious Generation: How the Great Rewiring of Childhood Is Causing an Epidemic of Mental Illness

How are today's IT leaders adapting to the breakneck pace of AI and cybersecurity evolution? In this episode of The Professional Services Pursuit, host Banoo welcomes Taison Kearney, Chief Information Security Officer and Data Protection Officer at Kantata. With over two decades of experience, Taison shares how IT teams are shifting from traditional support roles to become strategic drivers in AI governance and cybersecurity leadership.This conversation offers a front-line view into the challenges and opportunities that come with AI adoption, from managing risk and “shadow AI” to building future-ready security teams and becoming a trusted advisor to clients.Key Topics Covered:The benefits and risks of enterprise AI adoptionHow the CISO role is expanding in the era of AIBuilding a proactive, secure, and AI-savvy IT cultureEarning client trust through strategic security partnershipThe specific risks facing professional services firms, and how data centralization helps mitigate them Hosted on Acast. See acast.com/privacy for more information.

Bob Burke, Chief Information Security Officer at Beyond Identity, challenges the effectiveness of traditional multi-factor authentication (MFA) in the evolving landscape of cybersecurity. He argues that legacy MFA solutions, which often rely on out-of-band authorization methods like push notifications or one-time passwords, are no longer sufficient against the rising tide of sophisticated cyber threats. With the advent of services like phishing-as-a-service, attackers can easily bypass these outdated security measures, necessitating a shift towards phishing-resistant authentication methods. Burke emphasizes the need for organizations to adopt solutions that not only enhance security but also consider device posture and trustworthiness.Burke also critiques the current state of FIDO2 and passkeys, acknowledging their potential while highlighting their limitations, particularly in terms of device posture and user experience. He suggests that small to mid-sized businesses (SMBs) should prioritize phishing-resistant solutions that integrate both browser protection and device authentication. Furthermore, he raises concerns about the pricing models of many Software as a Service (SaaS) providers, which often place essential security features behind higher-tier subscriptions, effectively discouraging customers from adopting more secure practices.The conversation shifts to the endpoint detection and response (EDR) market, where Burke notes that while EDR solutions are still necessary, they are evolving into more comprehensive offerings like extended detection and response (XDR). He points out that many of these solutions are priced for enterprise-level organizations, leaving SMBs and mid-market companies struggling to find affordable options. Burke encourages these organizations to seek out solutions that fit their budget while still providing essential security capabilities.Finally, Burke shares insights from his experience with the FedRAMP certification process, emphasizing the importance of building internal security competencies and integrating security into product design from the outset. He advocates for a clear internal compliance program, such as NIST, to guide organizations in their security efforts. As the cybersecurity landscape continues to evolve, Burke warns that the tempo and scope of attacks are increasing, driven by advancements in AI, and urges organizations to reassess their security architectures to stay ahead of emerging threats.  All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

In today's digital world, trust is everything. But what does digital trust really mean? And how do security leaders like CISOs help build it while working with privacy teams?In this insightful trailer episode of the FIT4PRIVACY Podcast, cybersecurity expert Aman Tara joins host Punit Bhatia to break down the evolving role of the Chief Information Security Officer. You'll learn how CISOs protect company data, follow privacy laws, and work closely with privacy teams to keep personal information safe and hear how regular meetings and teamwork between security and privacy experts help stop threats before they happen—especially with new technologies like artificial intelligence changing the game. If you want to understand how companies keep your data safe and build trust in a digital world, this episode is for you! This is an extract from the full episode of The FIT4PRIVACY Podcast. If you like this, you will enjoy the full episode. If this is your first time, the FIT4PRIVACY Podcast is a privacy podcast for those who care about privacy. In this podcast, you listen to and learn from the industry influencers who share their ideas. The episodes are released as audio every Wednesday and video every Thursday.  If you subscribe to our podcast, you will be notified about new episodes. If you have not done so, write a review and share it with someone who will benefit.  RESOURCES Websites www.fit4privacy.com, www.punitbhatia.com, https://www.linkedin.com/in/aman-tara-cisa-cdpse-cfe-b6095483/ Podcast https://www.fit4privacy.com/podcast Blog https://www.fit4privacy.com/blog YouTube http://youtube.com/fit4privacy   

In this episode of Life of a CISO, Dr. Eric Cole sits down with cybersecurity expert and fellow podcaster Christophe Foulon to dive deep into the evolving role of the Chief Information Security Officer. From breaking into cybersecurity to leading organizations through strategic risk decisions, Christophe shares real-world insights on how to transition from technical roles to executive leadership. They explore the challenges of balancing hands-on work with high-level strategy, how to communicate with business leaders without getting lost in technical jargon, and how to manage burnout while building organizational resilience. Christophe also tackles major topics like AI, zero trust, cyberwarfare, and BYOD policies, offering practical advice for today's and tomorrow's CISOs. If you're aiming to elevate your cybersecurity career or want to understand how top leaders think, this episode is packed with guidance, clarity, and perspective.  

This week, Steph & Ash keep the Tampa Bay Tech PoweredUp series rolling with a fun and insightful chat with Doug Fee, Chief Information Security Officer at Moffitt Cancer Center. We explore the complex tech challenges facing the healthcare world, including the vital role cybersecurity plays in protecting patients and their data. Doug also breaks […] The post Bold Moves in Healthcare Tech with Moffitt’s CISO appeared first on Radio Influence.

Dr. Aleise McGowan, Chief Information Security Officer of BlackGirlsHack and a 20-year cybersecurity veteran, joins Ann on this week's episode of Afternoon Cyber Tea. Aleise shares how a career-defining hack early on shifted her trajectory from developer to defender, and why she believes the future of security lies in resilience, diversity, and human-centered leadership. She talks about what separates good and great leaders during the first hours of an incident response and why delayed action equals exponential damage. She also spotlights her work with BlackGirlsHack, a rapidly growing nonprofit that opens doors for underrepresented talent in cyber, and makes the case that building an inclusive security workforce isn't just the right thing to do, it's the smart thing to do.    Resources:   View Aleise McGowan on LinkedIn   View Ann Johnson on LinkedIn       Related Microsoft Podcasts:   Microsoft Threat Intelligence Podcast   The BlueHat Podcast    Uncovering Hidden Risks           Discover and follow other Microsoft podcasts at microsoft.com/podcasts      Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.    

Google issues an emergency patch for a high-severity Chrome browser flaw. Researchers bypass BitLocker encryption in minutes. A massive Chinese-language black market has shut down. The CFPB cancels plans to curb the sale of personal information by data brokers. A cyberespionage campaign called Operation RoundPress targets vulnerable webmail servers. Google warns that Scattered Spider is now targeting U.S. retail companies. The largest steelmaker in the U.S. shut down operations following a cybersecurity incident. Our guest is Devin Ertel, Chief Information Security Officer at Menlo Security, discussing redefining enterprise security. The long and the short of layoffs. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment and direct from RSAC 2025, our guest is Devin Ertel, Chief Information Security Officer at Menlo Security, discussing redefining enterprise security. Listen to Devin's interview here. Selected Reading Google fixes high severity Chrome flaw with public exploit (Bleeping Computer) BitLocker Encryption Bypassed in Minutes Using Bitpixie Vulnerability: PoC Released (Cyber Security News) The Internet's Biggest-Ever Black Market Just Shut Down Amid a Telegram Purge (WIRED)  German operation shuts down crypto mixer eXch, seizes millions in assets (The Record) CFPB Quietly Kills Rule to Shield Americans From Data Brokers (WIRED) EU ruling: tracking-based advertising by Google, Microsoft, Amazon, X, across Europe has no legal basis (Irish Council for Civil Liberties) Operation RoundPress targeting high-value webmail servers (We Live Security) Google says hackers that hit UK retailers now targeting American stores (Reuters) Cybersecurity incident forces largest US steelmaker to take some operations offline (The Record) Infosec Layoffs Aren't the Bargain Boards May Think (Dark Reading)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices