Podcasts about chief information security officer ciso

Cyber criminals have seriously damaged some household names recently - M&S, Co-op, North Face, Harrods - but what really happens behind the scenes when a business is hacked?Evan Davis speaks to the former head of information security at Royal Mail about the major attack it suffered in 2023 - from the initial alert and the eye-watering ransom demand, to the media leak and the long, slow rebuild.Plus, how should you negotiate with hackers, how sophisticated have they become, and how do they choose their victims?Evan is joined by:Jon Staniforth, former Chief Information Security Officer (CISO) at Royal Mail; Lisa Forte, founder and partner, Red Goat.Production team:Producer: Simon Tulett Editor: Matt Willis Sound: Nathan Chamberlain and James Beard Production co-ordinator: Sophie Hill and Janet Staples

In this episode of Security Matters, host David Puner sits down with Marene Allison, former Chief Information Security Officer (CISO) of Johnson & Johnson, for a candid and wide-ranging conversation on trust, identity, and leadership in cybersecurity. From securing global vaccine supply chains during the COVID-19 pandemic to navigating the rise of AI and machine identities, Marene shares hard-earned insights from her decades-long career in national security and the private sector.They explore what it means to be a mission-driven CISO, how to build trust from the boardroom to the front lines, and why identity has always been the true perimeter. Marene also reflects on her post-CISO chapter and the evolving role of cybersecurity leaders in a rapidly evolving threat landscape.

Sherweb has launched a white-label self-service portal aimed at empowering managed service providers (MSPs) and their clients by streamlining operational tasks. This innovative platform enables clients to manage their technology licenses, subscriptions, and payments independently, reducing the need for service providers to handle routine inquiries. According to Rick Stern, Senior Director of Platform at Sherweb, this autonomy not only expedites the resolution of simple requests but also allows MSPs to concentrate on strategic initiatives. The portal features automated invoicing, curated service catalogs, and integrated chat support, and is already in use by over 450 MSPs following a successful pilot program.The podcast also discusses the evolving landscape of artificial intelligence (AI) pricing models, with companies like Globant and Salesforce adopting usage-based approaches. Globant has introduced subscription-based AI pods that allow clients to access AI-powered services through a token-based system, moving away from traditional effort-based billing. Salesforce is experimenting with flexible pricing structures, including conversation and action-based models, to better align with the value delivered by AI services. These shifts indicate a critical inflection point in how AI services are monetized, emphasizing the need for IT service providers to rethink their offerings in light of usage-based economics.Concerns regarding the unauthorized use of generative AI tools in organizations are highlighted by a report from Compromise, which reveals that nearly 80% of IT leaders have observed negative consequences from such practices. The survey indicates significant worries about privacy and security, with many IT leaders planning to adopt data management platforms and AI monitoring tools to oversee generative AI usage. Additionally, advancements in AI are showcased through a Stanford professor's AI fund manager that outperformed human stock pickers, while a study reveals limitations in AI's ability to make clinical diagnoses from radiological scans.The podcast concludes with a discussion on the role of the Chief Information Security Officer (CISO), which is facing an identity crisis due to its increasing complexity and the misalignment of its responsibilities. Experts suggest reevaluating the CISO role to better address modern cybersecurity threats. The episode also touches on the implications of generative AI in education, highlighting concerns about its impact on critical thinking and learning processes. Overall, the podcast emphasizes the need for IT service providers to navigate the evolving landscape of AI and cybersecurity with a focus on governance, accountability, and sustainable practices. Four things to know today 00:00 Sherweb's White-Labeled Portal Signals MSP Shift Toward Scalable, Client-Centric Service Models03:31 AI Forces Billing Revolution: Globant and Salesforce Redefine How Tech Services Are Priced06:49 From Shadow AI to Specialized Tools: Why Governance, Not Hype, Defines AI's Next Phase12:46 From CISOs to Classrooms to Code: Why AI Forces a Strategic Rethink Across the Enterprise This is the Business of Tech.    Supported by: https://www.huntress.com/mspradio/https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorship All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

The Great Security Debate crew recorded a live episode at the GTS Security Summit in Detroit, Michigan with special guest, Zah Gonzalvo, SVP of Financial, Climate, and Operational Risk at Banco Popular. Tune in for a great discussion on risk, risk mitigation, risk prioritisation, and risk in context. Yep, it's all about risk!Takeaways: The evolution of security has shifted from a binary perspective to a more nuanced understanding of risk management, acknowledging the need for flexibility in addressing diverse security challenges. In contemporary discussions, it is increasingly evident that security must be integrated into business strategy, highlighting the imperative for security professionals to communicate effectively with stakeholders. The role of the Chief Information Security Officer (CISO) has transcended traditional technological boundaries, necessitating a comprehensive grasp of business risk and operational efficiency. Effective risk management within organizations requires a shared responsibility model, where every employee contributes to the overall security posture, thus reinforcing the concept that security is a collective endeavor. Scenario analysis is a potent tool in risk management, enabling organizations to anticipate potential threats and understand the implications of various risk scenarios on their operations. Engaging with business units to contextualize security risks in terms of operational impact and financial implications is vital for securing necessary budgets and resources for security initiatives.

SCAMS, HACKING AND CYBERSECURITY The internet is a powerful tool connecting us in ways unimaginable just a few decades ago. However, it also harbors risks—cyber scams, cyber crimes, and hidden dangers lurking on the dark web. Hackers and cybercriminals exploit vulnerabilities to steal data, commit identity theft, and manipulate systems using social engineering. But how safe are we online? Should we avoid the digital world entirely? Not at all. Just like real-world dangers, we can navigate online security risks with the right tools and knowledge. This cybersecurity bible is the ultimate guide to protecting yourself in the digital landscape. Whether you're looking for cybersecurity for beginners, insights into cyber hacking and the law, or best cybersecurity books to improve your internet safety, this book equips you with practical tools and strategies.   ABOUT THE AUTHOR May Brooks-Kempler is a cybersecurity expert whose career began in the 1990s, exploring the realms of game “cheats” and “hacks” on IRC chats. This early fascination led her through a distinguished journey in cybersecurity, from Penetration Testing to Security Architect and eventually a Chief Information Security Officer (CISO). Today, she is a highly sought-after strategic consultant, speaker, and mentor, known for her dynamic involvement in developing and promoting innovative cybersecurity initiatives and guiding startups. May's expertise and engaging delivery have made her a favorite at numerous speaking engagements, including a TEDx talk, keynotes, and commentator on critical cybersecurity issues. Her role as a podcaster further amplifies her reach, where she shares vital security insights with a global audience. As a member of the ISC2 Board of Directors, an authorized CISSP and HCISPP instructor, and co-author, May's dedication to advancing the cybersecurity profession is unmistakable. Her book, “Scams, Hacking and Cybersecurity – The Ultimate Guide to Online Safety and Privacy”, and her online courses, reflect her commitment to making the digital world a safer place for all, especially families, as underscored by her personal mission as a mother of three. Through her extensive experience and influential voice in the field, May Brooks-Kempler continues to shape the future of online safety, making her a pivotal figure in the world of cybersecurity education and advocacy.   TOPICS OF CONVERSATION Evolution of Threats: Online scams have evolved from obvious phishing emails to sophisticated ads, fake profiles, and AI-generated content. Emotional Manipulation: Scammers rely on fear, urgency, and curiosity to trick people through social engineering. Online Safety Habits: Good habits like thinking before sharing, using password managers wisely, and enabling two-factor authentication are essential. Protecting Kids Online: Parents should teach children to think critically before posting and clicking to protect their privacy and safety. Responding to Cyber Incidents: If you suspect a hack, stay calm, assess the damage, and act quickly based on the importance of the compromised asset.   LEARN MORE AND CONNECT WITH MAY BROOKS-KEMPLER: https://maybrooks.net/  https://www.linkedin.com/in/may-brooks-kempler https://www.instagram.com/may.brooks.kempler https://www.youtube.com/@CyberMAYnia https://new-may.framepro.io/guidebooks-and-resources  

A special episode this week, featuring an interview with John Carse, Chief Information Security Officer (CISO) of SquareX. John speaks about his background in the security industry, grants insight into attacks on browsers, and talks about the work his team at SquareX is doing to detect and mitigate browser-based attacks.

Vanta is the first ever enterprise-ready trust management platform – one place to automate compliance workflows, centralize and scale your security program, and build and manage trust with customers and partners.We speak with Jadee Hanson, Chief Information Security Officer (CISO) for Vanta. Security is at the heart of what Vanta does —helping customers improve their security and compliance posture - and this starts with their own.For further information visit https://mysecuritymarketplace.com/vanta/ #mysecuritytv #vanta #stateoftrust

Join Josh, Chris, and Mark as they host an exclusive interview with Mishka, the Chief Information Security Officer (CISO) of PowerSchool, following a significant cyber incident that changed the landscape of K-12 cyber-security. Discover the human side of crisis management, starting with Mishka's initial reaction to the attack and learn about the rapid response to contain the damage. The discussion delves into PowerSchool's decision to be transparent with affected districts and hear practical advice on vendor assessments and the importance of internal security measures to minimize future threats. Reflecting on the lessons learned, Mishka discusses the steps PowerSchool has taken to bolster its security infrastructure and maintain an open communication channel with its clients. 00:00:00-Introduction to the Incident 00:08:21-Timeline Overview and Communication Strategy 00:24:08-Evaluating Third-Party Vendors 00:34:45-Future Security Measures and Improvements -------------------- Email us at k12techtalk@gmail.com OR info@k12techtalkpodcast.com Call us at 314-329-0363 Join the K12TechPro Community Buy some swag X @k12techtalkpod Facebook Visit our LinkedIn Music by Colt Ball Disclaimer: The views and work done by Josh, Chris, and Mark are solely their own and do not reflect the opinions or positions of sponsors or any respective employers or organizations associated with the guys. K12 Tech Talk itself does not endorse or validate the ideas, views, or statements expressed by Josh, Chris, and Mark's individual views and opinions are not representative of K12 Tech Talk. Furthermore, any references or mention of products, services, organizations, or individuals on K12 Tech Talk should not be considered as endorsements related to any employer or organization associated with the guys.

Do you dream of becoming a Chief Information Security Officer (CISO)? In this episode of CyberTalks with InfosecTrain, we reveal the insider secrets to climbing the cybersecurity leadership ladder and securing the prestigious CISO role.

In this episode, we sit down with Dr. Christopher Mitchell, Chief Information Security Officer (CISO) for the City of Houston, to explore the evolving landscape of cybersecurity in a major metropolitan hub. Dr. Mitchell shares his journey into cybersecurity, the key strategies for building and managing a high-performing security team, and the metrics that define success in cybersecurity programs. We dive into the role of AI and machine learning in cyber defense, the risks posed by generative AI, and how threat intelligence shapes decision-making. Dr. Mitchell also provides insights into tracking global threat actors and effectively communicating cyber risks to executive leadership. Tune in for a deep dive into securing a smart city in an era of evolving digital threats.

In today's evolving threat landscape, the Chief Information Security Officer (CISO) plays a critical role in safeguarding an organization's digital assets. In this insightful episode of the InfosecTrain podcast, we explore the modern CISO's responsibilities, challenges, and strategies for effective cybersecurity leadership.

Today we discuss the risks and opportunities of AI with Frank Breedijk. Dominic and Frank discuss the biases of AI, whether AI will pose an imminent threat to jobs or not, whether AI usage can be ethical or not, environmental consequences of AI, the rise of scams with AI usage, and much much more!Tune in now!Frank Breedijk is the Chief Information Security Officer (CISO) at Schuberg Philis. In this role he has three objectives, (1) making Schuberg Philis more secure, (2) making our customers more secure, and (3) developing Schuberg Philis' security business. Building relationships with both C-level and deep technical staff is one of his key instruments. In addition, Frank has been part of the Dutch Institute for Vulnerability Disclosure (DIVD) since day two. At DIVD, he started the Cyber Security Incident Response Team (CSIRT) and is currently the Manager of CSIRT. This team is responsible for responsibly informing companies and consumers of vulnerabilities in their infrastructure.Since 14 February 2022, Frank is a founding board member of "Het Nederlands Security Meldpunt" a non-profit organisation that aims to make the country more (cyber-)secure by promoting and facilitating the exchange of information about vulnerabilities, vulnerable configurations, and threat intelligence between trusted parties.He is an experienced public speaker on (cyber-)security related topics and can frequently be heard and seen on various podcasts and conferences.The International Risk Podcast is a weekly podcast for senior executives, board members, and risk advisors. In these podcasts, we speak with experts in a variety of fields to explore international relations. Our host is Dominic Bowen, Head of Strategic Advisory at one of Europe's leading risk consulting firms. Dominic is a regular public and corporate event speaker, and visiting lecturer at several universities. Having spent the last 20 years successfully establishing large and complex operations in the world's highest-risk areas and conflict zones, Dominic now joins you to speak with exciting guests around the world to discuss international risk.The International Risk Podcast – Reducing risk by increasing knowledge.Follow us on LinkedIn for all our great updates.Tell us what you liked!

Episode 88. On this episode of All Quiet, host Tyler Sweat chats with cybersecurity expert Greg Touhill, director of the CERT Division at Carnegie Mellon's Software Engineering Institute. With a rich background as the U.S. government's first Chief Information Security Officer (CISO) and a seasoned executive in the U.S. Air Force and Department of Homeland Security, Greg discusses the trajectory of cybersecurity from its foundational days to its current critical role in national security and private sector strategy. Explore how AI and cybersecurity intersect and the essential steps today's leaders must take to safeguard our digital future.What's Happening on the Second Front:Greg's journey from the U.S. Air Force to leading national cybersecurity initiatives.The impact of AI on cybersecurity—what does the future hold?Cybersecurity in the corporate world: How is it shaping business strategies at the highest levels?Emerging challenges: What are the next big threats, and how are we preparing to tackle them?Connect with GregLinkedIn: Gregory TouhillConnect with TylerLinkedIn: Tyler SweattSEI resources discussed:SEI website: https://www.sei.cmu.edu/AI/AI Security: Artificial Intelligence Security Incident Response Team (AISIRT)Risk and Resilience: Enterprise Risk and Resilience ManagementSEI GitHub: Software Engineering Institute · GitHub

Organizations need to understand what AI can do and can't do. Start creating the best use cases within their organizations and also train people on how to use them responsibly." - Diana Kelley In this episode, host Ana Melikian delves into the pivotal role of Artificial Intelligence (AI) in today's world, particularly in the business world. Joined by guest Diana Kelley, a seasoned Chief Information Security Officer at ProtectAI, they explore the integration of AI into our daily lives and the business sphere. Ana and Diana discuss the importance of understanding AI's capabilities and limitations, likening it to a hundred-foot wave that businesses need to learn to surf rather than be overwhelmed by. They emphasize the necessity of increasing AI literacy to make informed decisions and identify the best use cases within organizations. Diana sheds light on the potential risks and vulnerabilities of AI, including data privacy concerns and the need for responsible adoption. Organizations are encouraged to enhance their security measures and train employees to use AI effectively and safely. As Ana and Diana examine AI's rapid advancement, they highlight the critical balance between embracing innovation and maintaining security. The conversation is filled with insightful analogies and expert advice, making it a must-listen for anyone interested in navigating the complexities of AI in business and security. Let's dive in! This week on the MINDSET ZONE: 00:00 Introduction to AI in Everyday Tools 01:02 Meet Diana Kelly: Cybersecurity Powerhouse 01:49 The AI 100-foot Wave 03:42 Understanding AI Risks and Vulnerabilities 11:43 AI Literacy: A Necessity for All 18:02 Data Privacy and Security Concerns 26:00 Resources for AI Literacy and Security 29:25 Conclusion and Final Thoughts About The Guest Diana Kelley is the Chief Information Security Officer (CISO) for Protect AI. She also serves on the boards of WiCyS, The Executive Women's Forum (EWF), InfoSec World, CyberFuture Foundation, TechTarget Security Editorial, and DevNet AI/ML. Diana was Cybersecurity Field CTO for Microsoft, Global Executive Security Advisor at IBM Security, GM at Symantec, VP at Burton Group (now Gartner), a Manager at KPMG, CTO and co-founder of SecurityCurve, and Chief vCISO at SaltCybersecurity. Her extensive volunteer work has included serving on the ACM Ethics & Plagiarism Committee, Cybersecurity Committee Advisor at CompTIA, CTO and Board Member at Sightline Security, Advisory Board Chair at WOPLLI Technologies, Advisory Council member Bartlett College of Science and Mathematics, Bridgewater State University, and RSAC US Program Committee. She is a sought-after keynote speaker, the host of BrightTALK's The (Security) Balancing Act, co-author of the books Practical Cybersecurity Architecture and Cryptographic Libraries for Developers, instructor for the LinkedIn Learning classes Security in AI and ML and Introduction to MLSecOps, has been a lecturer at Boston College's Masters program in cybersecurity, one of AuditBoard's Top 25 Resilient CISOs in 2024, a 2023 Global Cyber Security Hall of Fame Inductee, the EWF 2020 Executive of the Year and EWF Conference Chair 2021-Present, an SCMedia Power Player, and one of Cybersecurity Ventures 100 Fascinating Females Fighting Cybercrime. Connect with: Linkedin.com/in/dianakelleysecuritycurve ProtectAI.com Resources: NIST AI RMF: https://www.nist.gov/itl/ai-risk-management-framework OWASP AI Sec: https://genai.owasp.org/ OWASP AI Security and Privacy Guide: https://owasp.org/www-project-ai-security-and-privacy-guide/ MITRE ATLAS: https://atlas.mitre.org/ MLSecOps Community: https://mlsecops.com/ LinkedIn Learning: Introduction to MLSecOps Security Risks in AI and Machine Learning: Categorizing Attacks and Failure Modes Related Content: Expand What's Possible

In this episode of Life of a CISO, Dr. Eric Cole dives into one of the most pressing topics in cybersecurity today—Artificial Intelligence (AI) and its impact on the role of a Chief Information Security Officer (CISO). He emphasizes that the key to being an effective CISO is thinking ahead, looking beyond the daily firefighting that many security leaders get caught up in. He shares insights from working with top CISOs, noting that a significant number of them find themselves overwhelmed with reactive tasks rather than focusing on long-term strategy. The best CISOs, he argues, are those who can anticipate threats and solutions months or even years in advance. Dr. Cole then explores the unstoppable rise of AI in the business world, explaining that whether organizations like it or not, AI is here to stay. Instead of resisting it, CISOs must embrace AI and learn how to manage its risks effectively. He breaks down the fundamentals of AI, explaining how it relies on human data to make predictions and decisions. Using real-world examples, such as AI in the medical field and chess-playing computers, he highlights both the potential benefits and dangers of AI. The discussion ultimately leads to a thought-provoking warning—if AI systems become too powerful by absorbing extensive human expertise, they could challenge human roles in unforeseen ways. This episode is a must-listen for security leaders looking to stay ahead of the AI revolution while ensuring cybersecurity remains a top priority.  

In this engaging conversation, Chris Glanden interviews Mariano Mattei, VP of Cybersecurity and AI at Azure Solutions. Mariano shares his extensive background in software engineering and cybersecurity, emphasizing the importance of metrics in communicating security risks to executive teams. He discusses the challenges organizations face in quantifying security effectiveness and adapting metrics to the rapidly evolving threat landscape, particularly with the rise of AI. The conversation also explores the intersection of creativity and cybersecurity, highlighting Mariano's passion for filmmaking and innovation. As they wrap up, they touch on future projects and the importance of maintaining a balance between work and creative pursuits.TIMESTAMPS:00:00 Introduction to Cybersecurity and AI01:44 Mariano's Journey into Cybersecurity04:34 The Importance of Metrics in Cybersecurity08:57 Challenges in Quantifying Security Effectiveness12:04 Adapting Metrics to Evolving Threats14:31 Creativity in Cybersecurity and Filmmaking18:51 Finding Balance Between Work and Creativity22:25 Future Plans and Projects24:40 Closing Thoughts and Fun IdeasSYMLINKS:Mariano A. Mattei - LinkedIn - https://www.linkedin.com/in/mariano-a-matteiThe professional LinkedIn profile of Mariano A. Mattei, offering insights into his career, experiences, and professional connections.Security Metrics – Mastering the Data Behind Cybersecurity - https://www.manning.com/books/security-metricsA comprehensive guide authored by Mariano Mattei, focusing on data-driven approaches to cybersecurity. Available through Manning Publications.Mattei InfoSec - https://matteiinfosec.com/A consulting firm founded by Mariano Mattei, specializing in Chief Information Security Officer (CISO) services and data-driven information security solutions.Security Metrics - Manning Publications - https://www.manning.com/books/security-metricsA comprehensive guide on quantifying cybersecurity efforts, helping organizations measure, improve, and communicate the value of their security programs.Sacrum Vindictae Official Website - https://sacrumvindictae.com/The official site for the film "Sacrum Vindictae," providing information on the storyline, cast, crew, and upcoming events related to the movie.CONNECT WITH USwww.barcodesecurity.comBecome a SponsorFollow us on LinkedInTweet us at @BarCodeSecurityEmail us at info@barcodesecurity.comCONNECT WITH USwww.barcodesecurity.comBecome a SponsorFollow us on LinkedInTweet us at @BarCodeSecurityEmail us at info@barcodesecurity.com

Dr. Dave Chatterjee hosts a discussion on elevating your offensive program with Mark Carney, CEO @ Evolve Security, and Yaron Levi, Chief Information Security Officer (CISO) at Dolby Labs. They emphasize the importance of a proactive, continuous approach to cybersecurity, contrasting it with traditional reactive measures. Key points include the need for a threat-informed, programmatic mindset, continuous threat exposure management (CTEM), and the integration of business objectives. They stress the importance of intelligence, risk assessment, and the role of third-party providers as partners. The conversation highlights the necessity of senior leadership commitment and the challenges of defining and measuring risk in cybersecurity.To access and download the entire podcast summary with discussion highlights -- https://www.dchatte.com/episode-81-elevating-your-offensive-security-program/Latest Articles and Press Release on The Cybersecurity Readiness Podcast Series:Dr. Dave Chatterjee Hosts Global Podcast Series on Cyber Readiness, Yahoo!Finance, Dec 16, 2024Dr. Dave Chatterjee Hosts Global Podcast Series on Cyber Readiness, Marketers Media, Dec 12, 2024.Cybersecurity Readiness Podcast by Dr. Dave Chatterjee Reaches 10,000 Downloads Globally, Business Insider/Markets Insider, Dec 10, 2024.Connect with Host Dr. Dave Chatterjee and Subscribe to the PodcastPlease subscribe to the podcast so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes are released every two weeks. Connect with Dr. Chatterjee on these platforms: LinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712Latest Publications & Press Releases:Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness"Getting Cybersecurity Right,” California Management Review — Insights, July 8, 2024.

Being a Chief Information Security Officer (CISO) is not only stressful, but it can also feel isolating, especially as you move up in leadership. In this episode of Life of a CISO, Dr. Eric Cole discusses the unique challenges CISOs face as they transition from a technical role into executive leadership. He highlights how this shift often removes CISOs from their familiar environments—surrounded by other cybersecurity professionals—and places them in a world where decision-making is driven by business priorities rather than technical considerations. Dr. Cole emphasizes the importance of letting data—not emotions—drive decisions. He explains how emotions, while essential for survival, can sometimes cloud judgment in business and cybersecurity leadership. He shares a real-world coaching example of helping a security leader prepare for a promotion by focusing on factual performance data rather than self-doubt or anxiety. Finally, Dr. Cole touches on personal resilience, including the role of physical health in mental well-being and how small changes in routine can help validate whether certain habits are truly beneficial. The key takeaway? To be a world-class CISO, you must develop the ability to make decisions based on data, not fear, stress, or assumptions.

Podcast: PrOTect It All (LS 25 · TOP 10% what is this?)Episode: Bridging the Gap: IT vs. OT Challenges and Solutions in Cybersecurity with Chris RobertsonPub date: 2025-02-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow welcomes Chris Robertson, CISO at Apogee Defense, to discuss the evolving landscape of cybersecurity, focusing on the distinction and strategy behind Virtual CISO (vCSO) roles.  Chris shares insights from his dual roles at Apogee Defense and as a virtual chief security officer for various companies. The conversation dives into the intricacies and responsibilities of vCSOs, the importance of understanding IT and OT risks, and the necessity of integrating cybersecurity deeply into business practices.  Chris and Aaron explore practical solutions for businesses, emphasizing adaptability and continuous improvement in security measures, drawing parallels between accounting a century ago and cybersecurity today.  They also touch on future trends, the impact of AI on security, and the importance of setting aside egos to foster a culture of learning and collaboration.  Join them as they navigate the challenges and opportunities at the intersection of IT and OT cybersecurity, offering actionable advice and anecdotes from their extensive experience in the field. Key Moments:  00:00 Outsourcing Risk Management Expertise 08:22 Hiring External Experts: Cost-Effective Strategy 12:04 Understanding OT Risks in Cyber Leadership 20:36 MBA Curriculum Needs Security Focus 23:31 Integrating Security in Legacy Systems 27:47 Tech Efficiency and Shadow IT Challenges 35:56 Optimizing Inefficient Appointment Systems 39:08 Bridging Tech and Business Worlds 45:43 Simplifying Risk Communication 51:52 Joe Rogan's Impact and Risks 57:09 AI Evolution: Professionals Riding the Wave 01:05:53 "Embrace Vulnerability, Seek Help" About the guest :  Chris Robertson is a seasoned cybersecurity expert, currently serving as the Chief Information Security Officer (CISO) at Apogee Defense. In addition to this role, Chris extends his expertise as a virtual CISO for various companies across multiple sectors. He specializes in implementing robust security solutions that Apogee Defense delivers to its clients, predominantly within the Small and Medium Business (SMB) space.  With a keen focus on the defense industrial base, Chris's work also spans various other industries, enabling businesses to strengthen their cybersecurity frameworks. He is highly regarded in the industry for facilitating vital connections and contributing to advancing cybersecurity practices. How to connect Chris: https://www.linkedin.com/in/christophersrobertson/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In this episode of Life of a CISO, Dr. Eric Cole dives deep into the journey of becoming a world-class Chief Information Security Officer (CISO). He emphasizes that this podcast goes beyond the role of a CISO—it's about helping cybersecurity professionals unlock their full potential and discover the best version of themselves. Whether you're a current CISO seeking to refine your leadership skills, a security engineer aspiring to transition into the role, or someone still exploring your career path in cybersecurity, this episode provides valuable guidance. Dr. Cole challenges the traditional notion of career progression, debunking the misconception that a CISO is simply a promotion for a technical expert. Instead, he explains that becoming a CISO requires a unique skill set and mindset that demands clarity, focus, and a shift in career trajectory. Dr. Cole also stresses the importance of self-awareness and alignment when pursuing success. He shares his philosophy on decision-making, encouraging listeners to ensure they have sufficient data before making critical career moves. Additionally, he reveals the four high-level career tracks in cybersecurity, each offering distinct paths for growth and specialization. With insights from his coaching experience, Dr. Cole inspires listeners to embrace their unique strengths, seek clarity about their goals, and make decisions that align with their purpose. Whether you're navigating your first steps in cybersecurity or striving to become an impactful CISO, this episode provides actionable strategies and deep motivation to guide your journey.  

Send us a textDebbie Reynolds “The Data Diva” talks to Matthew Rosenquist, Mercury Risk's Chief Information Security Officer (CISO), cybersecurity strategist, and LinkedIn Top Voice. With over 35 years of experience, Matthew shares his dynamic career journey, which started with internal investigations, building Intel's first Security Operations Center, and leading crisis response teams. His extensive background includes advising governments, businesses, and academia on emerging threats and cybersecurity best practices.Matthew highlights the critical evolution of cybersecurity from a “nice-to-have” to a mission-critical business necessity while discussing how rising consumer and regulatory expectations are reshaping the cybersecurity landscape. He explains the growing gap between mounting security demands and available resources, emphasizing that cybersecurity leaders must demonstrate value beyond risk prevention. Matthew advocates for evolving cybersecurity's role from compliance-focused operations to strategic business enablers that deliver competitive advantages and even revenue opportunities.The conversation explores the interconnectedness of privacy and cybersecurity, framing both as foundational to digital trust. Matthew emphasizes that privacy failures and cybersecurity breaches undermine trust with customers, regulators, and business partners, making collaboration between cybersecurity and privacy professionals essential. He also illuminates the importance of proactivity in cybersecurity, contrasting it with the reactive “firefighting” mindset often seen in organizations.Matthew goes into the threat of insider risks, distinguishing between malicious insiders and non-malicious actors who unintentionally create vulnerabilities. Drawing from his experience, he underscores the need for strong leadership, clear policies, and an organizational culture where employees feel empowered to report issues without fear. Looking to the future, he stresses the importance of having cybersecurity expertise on boards of directors, enabling organizations to navigate rising risks and better align cybersecurity initiatives with business objectives.As the discussion concludes, Matthew shares his wish for the cybersecurity industry: improved communication, collaboration, and leadership. He calls for greater strategic thinking, proactive risk management, and a collective effort to stay ahead of evolving threats in an increasingly complex digital world. He also highlights his hope for Cybersecurity and Data Privacy in the future.Support the show

This episode of Life of a CISO with Dr. Eric Cole he dives deep into the fundamental question: "Why are you here?" Dr. Cole explores the importance of understanding your personal and professional motivations as a Chief Information Security Officer (CISO) or aspiring CISO. He emphasizes that clarity about your "why" is essential to achieving world-class success in this demanding role. Through thought-provoking insights, Dr. Cole challenges you to look inward, consult the "ultimate AI"—your own mind—and recognize the power of self-coaching in driving your career forward. The episode also unpacks the common misconceptions about the role of a CISO, highlighting the need to focus on bigger, meaningful purposes rather than external pressures or short-term gains. Dr. Cole discusses how aligning your career with your true motivations leads to greater fulfillment, less frustration, and a stronger connection to your work. Whether you're just starting your journey or seeking to reignite your passion for cybersecurity leadership, this episode will inspire you to reflect, recalibrate, and take actionable steps toward becoming the best version of yourself. Tune in for a transformative conversation that bridges the technical and personal aspects of what it truly means to be a CISO.  

In the latest episode of Life of a CISO,  Dr. Eric Cole explores the transformative power of asking the right questions and embracing self-awareness as a cornerstone of success for any Chief Information Security Officer (CISO). He begins by emphasizing the difference between being smart and being brilliant—where brilliance lies in the ability to question, reflect, and adapt. Dr. Cole highlights the critical need for CISOs to regularly assess their strategies and habits, acknowledging that what worked yesterday may not be sufficient for tomorrow. By stepping back from the daily grind and asking foundational questions like "Why am I here?" and "What needs to change?" CISOs can break free from stagnation, foster growth, and position themselves as indispensable leaders in their organizations. Dr. Cole also dives into the importance of self-reflection in all aspects of life, using personal anecdotes to underscore the value of confronting discomfort and embracing change. Whether it's assessing one's professional role or reevaluating personal routines, the ability to look inward and make adjustments is key to achieving world-class performance. He shares insights on building rapport with executives, recognizing blind spots, and maintaining relevance in a rapidly evolving field. This episode serves as both a wake-up call and a motivational guide for CISOs and aspiring leaders, encouraging them to cultivate self-awareness, embrace growth, and continuously strive for excellence.  

In this insightful episode of The New CISO, host Steve Moore sits down with Sanju Misra, Chief Information Security Officer (CISO) at Alnylam Pharmaceuticals, to explore the pivotal moments that have shaped her impressive career in cybersecurity leadership. Sanju shares her strategies for navigating career transitions, the importance of aligning with a company's mission, and how to identify the right time to move on from a role.Listeners will gain valuable insights into:How Sanju built her career by embracing challenging projects and maintaining authentic professional relationships.The decision-making processes behind her moves from GE to Praxair, and eventually to Alnylam Pharmaceuticals.The evolution of her leadership style from a technical expert to a business risk executive.Why aligning with a company's culture and mission is crucial for long-term success.Tips for aspiring CISOs on taking initiative, growing their networks, and articulating risk in business terms.Sanju's reflections on imposter syndrome, professional growth, and the rewards of working in a patient-focused organization offer both inspiration and practical advice for leaders at every stage of their careers. Tune in to hear her story and discover actionable strategies for thriving as a modern CISO.0:00 - Introduction and Show Overview1:10 - Sanju Misra's Career Path: From GE to Praxair4:00 - Building Security Programs and Leadership Growth6:30 - Navigating Mergers and the Role of Culture10:00 - Transitioning from Technologist to Business Risk Leader15:50 - Career Advice for Aspiring CISOs22:00 - Key Takeaways: Communication and Leadership EvolutionLinks: LinkedIn

In the latest episode of Life of a CISO, Dr. Eric Cole reflects on the importance of understanding the “season” you're in, both in life and in your cybersecurity career. Using vivid analogies, Dr. Cole explains how rushing processes or forcing outcomes in the wrong timing can lead to unnecessary struggles. Just like planting seeds in winter won't yield results, trying to force growth when conditions aren't right in your personal or professional life can waste energy and resources. Dr. Cole also discusses the need to redefine the role of a Chief Information Security Officer (CISO). He proposes the title of "Chief Officer of Information Security" to shift focus from a purely technical mindset to a broader, business-aligned strategy. This change underscores the need for CISOs to align their purpose and passion, not just in cybersecurity but in life. Dr. Cole emphasizes the power of belief, urging listeners to see themselves as capable leaders who can bridge gaps between technical knowledge and executive needs. Through this empowering journey, Dr. Cole offers tools and techniques to help listeners accelerate their growth, embrace their roles, and ultimately thrive as world-class leaders in cybersecurity.  

Anthony Diaz, Chief Information Security Officer (CISO) for EDRM Trusted Partner, Exterro, sits down with Kaylee & Mary to talk about his journey to eDiscovery, Exterro's attainment of the coveted HITRUST certification and trends he sees emerging in our practices. Anthony also explained how Exterro's HITRUST initiative correlates with the stages of the EDRM, and the data hygiene Exterro practices around encrypting data, not only at rest and in transit. He emphasized that besides the encryption of data, Exterro does not have access to client credentials, ending with a fun fact about him and an AI movie recommendation.

A Chief Information Security Officer (CISO) helps to architect and drive an organization’s security strategy. The role requires technical chops and business acumen. You also need strong communication skills to help executives understand risk and response, choose the right metrics to measure infosec effectiveness, and provide guidance to the technical teams actually running security operations.... Read more »

A Chief Information Security Officer (CISO) helps to architect and drive an organization’s security strategy. The role requires technical chops and business acumen. You also need strong communication skills to help executives understand risk and response, choose the right metrics to measure infosec effectiveness, and provide guidance to the technical teams actually running security operations.... Read more »

Let us know your thoughts. Send us a Text Message. Follow me to see #HeadsTalk Podcast Audiograms every Monday on LinkedInEpisode Title:

Join host Tony Bryan, Executive Director of CyberUp, as he welcomes Steve Zalewski, Cybersecurity Advisor at S3 Consulting and former Chief Information Security Officer (CISO) at Levi Strauss & Co., for an exciting episode.Get an exclusive peek into the world of a CISO as Steve shares how to tackle today's biggest cyber threats, practical advice for professionals aiming to break into or grow in the cybersecurity field and answers to the questions you've always wanted to ask a CISO!Whether you're a seasoned pro or just starting out, this episode is packed with insights and actionable tips you won't want to miss.

In this episode of Life of a CISO, Dr. Eric Cole invites listeners on a journey to rediscover balance—both in life and in the role of a Chief Information Security Officer (CISO). Starting with the idea that humans are natural problem-solvers, he emphasizes the importance of managing life's pendulum: addressing issues before they reach a critical tipping point, while maintaining momentum without overexertion. Dr. Cole uses this metaphor to highlight the significance of finding equilibrium in personal and professional realms. For CISOs, balance means navigating the dual responsibilities of strategic leadership (the "chief officer" role) and tactical expertise (the "information security" component). Dr. Cole explains how many professionals, particularly those from technical backgrounds, struggle to transition into the strategic aspects of the role. He offers practical advice for shifting focus, recommending a 75/25 split in time and effort to rebalance priorities. The episode provides actionable steps for recalibrating these dynamics, empowering CISOs to engage more effectively with executives and lead with clarity. Along the way, Dr. Cole's engaging storytelling, enthusiasm, and practical insights inspire listeners to embrace balance in every aspect of their lives.  

In this in-depth conversation, Jason Waits, Chief Information Security Officer (CISO) at Inductive Automation, provides a comprehensive exploration of Industrial Control System (ICS) cybersecurity. With decades of experience securing critical infrastructure and navigating the complexities of Operational Technology (OT) environments, Jason offers actionable insights into the current state and future of cybersecurity in industrial sectors like manufacturing, energy, and water treatment.The discussion begins with an overview of what makes ICS cybersecurity distinct from traditional IT security. Jason explains how OT systems prioritize availability and safety, presenting unique challenges compared to the confidentiality-driven focus of IT. The conversation highlights key vulnerabilities in ICS environments, such as legacy systems that lack modern security features, poorly designed protocols without encryption, and the risks posed by IT/OT convergence.Jason dives into common attack vectors, including social engineering (phishing), lateral movement from IT to OT networks, and physical access breaches. He explores real-world case studies like the Colonial Pipeline ransomware attack, the Oldsmar water treatment plant hack, and the Stuxnet worm, illustrating how these vulnerabilities have been exploited and the lessons they offer for building stronger defenses.The video also emphasizes the critical role of compliance and standards, such as ISA/IEC 62443, the NIST Cybersecurity Framework, and CIS Controls. Jason underscores the difference between compliance and real security, advocating for a "security first, compliance second" philosophy to ensure that organizations focus on mitigating actual risks rather than merely checking regulatory boxes.As the conversation unfolds, Jason discusses the role of vendors and OEMs in securing ICS environments, detailing how Inductive Automation uses proactive measures like Pwn2Own competitions, bug bounty programs, and detailed security hardening guides to improve the security of their products. He highlights the importance of collaboration between vendors and customers to address challenges like long equipment lifecycles and the growing adoption of cloud services.Emerging technologies also take center stage, with Jason exploring how artificial intelligence (AI) is transforming threat detection and response, while also enabling more sophisticated attacks like personalized phishing and adaptive malware. He addresses the implications of IT/OT convergence, emphasizing the need for collaboration between traditionally siloed teams and the importance of building shared security frameworks.For organizations looking to strengthen their cybersecurity posture, Jason offers practical steps, starting with foundational measures like asset management and configuration baselines. He explains how leveraging free resources, such as CIS Benchmarks, and creating a roadmap for cybersecurity maturity can help organizations of all sizes navigate these challenges, even with limited budgets.Timestamps0:00 – Introduction and Overview of ICS Cybersecurity3:15 – Meet Jason Waits: Background and Journey to CISO6:45 – What Is ICS Cybersecurity? Key Differences Between IT and OT10:30 – The Importance of Availability and Safety in OT Systems13:50 – Challenges of Legacy Systems and Long Equipment Lifecycles17:20 – Attack Vectors: Social Engineering, Lateral Movement, and Physical Access20:10 – Case Studies: Colonial Pipeline, Oldsmar Water Treatment Plant, and Stuxnet25:35 – Compliance vs. Security: Jason's “Security First, Compliance Second” Philosophy30:00 – The Role of Vendors and OEMs in Cybersecurity34:45 – Inductive Automation's Approach: Pwn2Own, Bug Bounties, and Security Hardening Guides40:00 – Emerging Technologies: AI in Threat Detection and the Risks of Sophisticated Phishing45:10 – The Growing Adoption of Cloud in ICS and Its Implications50:00 – IT/OT Convergence: Opportunities and Challenges55:15 – Practical Steps for Organizations: Asset Management and Roadmaps1:00:10 – Building a Security Culture: Collaboration Between IT and OT Teams1:05:30 – Future Outlook: Increasing Regulations, Ransomware Risks, and Innovation1:10:00 – Using Cybersecurity as a Competitive Advantage1:15:00 – Closing Thoughts: The Need for Continuous Learning and Proactive ActionAbout Manufacturing Hub:Manufacturing Hub Network is an educational show hosted by two longtime industrial practitioners Dave Griffith and Vladimir Romanov. Together they try to answer big questions in the industry while having fun conversations with other interesting people. Come join us weekly! ******Connect with UsVlad RomanovDave GriffithManufacturing HubSolisPLCJoltek

Guest post by Seamus McCorry, country manager, Ireland, at Check Point Software The EU's Network and Information Security Directive 2 (NIS2) took effect on 17 October 2024, imposing stricter cybersecurity standards across the EU. This directive, designed to combat the evolving threat landscape, targets a broader range of sectors, including critical infrastructure and digital services. While the full implementation deadline for compliance doesn't set in until 2028, organisations should start making changes now so that the deadline is met. Understanding and complying with these regulations is critical for organisations in Ireland, or else they risk significant penalties, including legal action against executives. However, the NIS2 directive is, as yet, widely undefined, which can make compliance tricky. So, how can Irish organisations get ahead in understanding and implementing the appropriate cybersecurity measures to achieve compliance? Defining and Decoding NIS2 Building upon the 2016 NIS Directive, NIS2 directly responds to the evolving and increasingly complex cyber threat landscape. Its primary goal is to minimise cyber risk and standardise cybersecurity measures across the European Union. It will also impact any organisation that trades within the EU, regardless of where they are in the world. As previously stated, NIS2, while well-intentioned, presents a challenge for Irish organisations due to its lack of concrete, legally defined minimum requirements. The lack of definition in terms of specific compliance minimums is to provide flexibility and adaptability to the changeable cybersecurity landscape. Instead of prescribing rigid, one-size-fits-all rules, NIS2 establishes a framework of principles and general obligations. This approach allows organisations to tailor their security measures to their specific risk profiles and operational needs as long as they meet the recommendations set out by member states. One such principle is promoting a risk-based approach to cybersecurity, requiring organisations to adequately assess risks specific to the organisation and implement appropriate security measures. NIS2 also expands the scope of this risk by expecting organisations to have adequate supply chain security, incident response plans, and risk management in place. Finally, NIS2 emphasises the importance of cybersecurity by design and default. However, this flexibility also presents challenges. Organisations may struggle to interpret the directive's requirements and determine the exact level of security measures needed to comply. This ambiguity can lead to uncertainty and potential non-compliance, even for the experienced information security professional. While NIS2 doesn't provide a checklist, it implies a level of protection that likely includes fundamental security measures such as firewalls, intrusion prevention systems, endpoint protection, multi-factor authentication, data encryption, and access controls. Liability and Litigation Despite these initial challenges, NIS2 has the potential to enhance Ireland's cybersecurity landscape significantly. By emphasising the importance of robust security programmes and fostering collaboration between legal and IT teams, NIS2 can elevate Irish organisations' overall information security maturity. This directive also clarifies the distinct roles of Chief Information Security Officer (CISO) and Data Protection Officer (DPO), empowering CISOs to become strategic advisors to management. However, this increased responsibility also raises concerns around accountability and potential liability for Irish organisations. A unique aspect of NIS2 is that it holds executives and managers personally liable for cybersecurity failures. Unlike previous regulations, NIS2 explicitly states that management bodies can be held accountable for gross negligence and misconduct, like not properly reporting or covering up potential breaches, like in the case of the 2016 Uber breach, potentially facing leg...

In this engaging episode of Life of a CISO, Dr. Eric Cole challenges listeners to rethink their relationship with cybersecurity. Whether you're a seasoned Chief Information Security Officer (CISO), aspiring to the role, or simply working in cybersecurity, the question is: do you like it, love it, or can't live without it? Dr. Cole emphasizes that treating cybersecurity as just a job might pay the bills, but to achieve greatness, it must become a mission. Drawing from personal experiences, including a close call with cybercriminals targeting his family, Dr. Cole underscores the importance of vigilance and education. He highlights the growing risks to vulnerable populations, such as seniors, and stresses the need for cybersecurity professionals to serve as evangelists, spreading awareness and fostering a culture of protection. From securing our families to safeguarding entire organizations, Dr. Cole reminds us that the greatest threats often exploit human behavior, making persuasion and education key tools for every CISO. Tune in to learn how passion, purpose, and leadership can transform cybersecurity into a strategic asset, while also making the digital world a safer place for everyone.  

Tammy Klotz is a highly accomplished cybersecurity executive leader with over 30 years of experience in the field. Here are a few highlights about her:She is a Chief Information Security Officer (CISO), a Certified Information Systems Security Professional (CISSP), and is Certified in Risk and Information Systems Control (CRISC);She was awarded the 2022 'Covanta Leadership Award' and named a Top 100 CISO by Cyber Defense Magazine in 2023;She is the author of 'Leading with Empathy & Grace' (see Amazon link below); and,She has expertise in building high-performing teams, embracing empathy and grace in the corporate world, and developing resilience as a single mother, daughter, and partner.In this episode, Tammy and I chatted about:Her leadership roles Her leadership style Her leadership journey The leaders that helped her rise The challenges she faced on her journey How she navigated those challenges How she thinks you can become a strong and kind leader Her ‘take home' leadership messages for the listeners, and What she is currently excited to be working on.Tammy can be found and contacted via the following online platform addresses:LinkedIn: https://www.linkedin.com/in/tammyklotz/'Leading with Empathy and Grace': https://www.amazon.com/Leading-Empathy-Grace-Developing-Performing/dp/1950336573/ref=sr_1_1?crid=89R60ZSIF08K&dib=eyJ2IjoiMSJ9.S1QtpoO2Zxp48z19sr0o2cSqAraubuMEwXVZgJKzIh4-QOFUtt-CGSnaZ7rN49aEmGWC4upYPARs92MgOuuHql8_v-zFzX_yYU60YMbnp7UIPddhCNYRnSoz1RCIS8-pSrsVj4H5KMk9rpTgyO3WtEvZvD4mwcSwk6nb-nY3AX6M9waovQa3s-FhRtOv2BSSlJTOShJdqJOpUCM9Y6kh_gakF0yLa3rak5RX6J5UybU.74FwhLAlPGPECxqY9j4Zy1zj9zwYlNGKx2_mTXukyLM&dib_tag=se&keywords=leading+with+empathy+and+grace+book&qid=1730977510&sprefix=leading+with+empathy+and+%2Caps%2C399&sr=8-1Please reach out to Dr Harrison for individual coaching and/or organisational training via dr.adam@coachingmentoringdoctors.com.His web address and social media profile links / handles include:www.dradamharrison.comhttps://www.linkedin.com/in/dradamharrison/www.youtube.com/c/DrAdamPhysicianCoachhttps://www.facebook.com/coachingmentoringdoctors/https://www.instagram.com/dradamharrison/

In this eye-opening episode of Legacy Leaders Show, we are joined by cybersecurity visionary Chuck Brooks, a renowned author, Georgetown University professor, and two-time presidential appointee, to unpack the future of digital security. Discussing his groundbreaking book, Inside Cyber: How AI, 5G, IoT, and Quantum Computing Will Transform Privacy and Our Security, Chuck dives into why every organization needs dedicated roles like Chief Information Security Officer (CISO) and Chief Strategy Integration Officer (CSIO) to meet today's cybersecurity challenges. We explore how the digital landscape has evolved over the past five years, reshaping corporate strategy and cyber risk management. Tune in to learn why cybersecurity leadership is crucial to protecting your organization's legacy in an increasingly connected world.

Cory Musselman is the Chief Information Security Officer (CISO) at Kyndryl. In this episode, he joins host Paul John Spaulding and Kris Lovejoy, Global Security and Resilience Practice Leader at Kyndryl, to discuss AI, deepfakes, and phishing threats, including how cyberattack sophistication continues to rise, the value of security awareness training programs, and more. As the global leader in IT infrastructure services, Kyndryl advances the mission-critical technology systems the world depends on every day. Collaborating with a vast network of partners and thousands of customers worldwide, Kyndryl's team of highly skilled experts develops innovative solutions that empower enterprises to achieve their digital transformation goals. Learn more about our sponsor at https://kyndryl.com.

In this episode of The Gate 15 Interview, Andy Jabbour speaks with Rob Sherman. Rob is the Chief Information Security Officer (CISO) for American Tower Corporation, a global digital infrastructure provider. Among his role and responsibilities, he established the global information security program responsible for governance, risk, compliance and security operations for the company's corporate and line-of-business operations. Among his many hats, Rob is a CISO, attorney, cyber program builder, involved in incident response, with over 25+ years of it and infrastructure experience. Learn more about Rob: LinkedIn In the discussion Rob and Andy discuss: Rob's Background. Organizational Culture Leaning into resilience Ransomware What worries Rob Sherman Burnout in cybersecurity Three Questions - beta tapes, Top Gun, a Salt and Pepper America and more!

Nick Kakolowski is the Senior Research Director at IANS Research, where he specializes in the managerial, leadership, risk management, privacy, and regulatory compliance components of the company's curriculum. In this episode… The role of the Chief Information Security Officer (CISO) is expanding. Many CISOs are now responsible for more than just security — they are also managing privacy, AI risk, and other critical business functions. Organizations like IANS are helping security teams navigate these changes by providing critical data on CISO compensation, budget trends, and organizational structures through its research and surveys. So, how can companies ensure their security leadership is equipped to align with broader business goals while managing these new responsibilities effectively? IANS focuses on helping CISOs and their teams address real-world security challenges through its faculty of industry practitioners. Through its annual CISO Compensation and Budget Survey, conducted in partnership with Artico Search, IANS uncovers valuable insights into compensation disparities, evolving CISO responsibilities, and how security roles are expanding to include privacy and AI risk management. By leveraging real-world data, IANS equips businesses with the information they need to build more resilient security programs and infosec teams. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Nick Kakolowski, Senior Research Director at IANS, about the CISO's expanding role. Nick shares valuable insights from IANS' research, highlighting how CISOs are taking on new responsibilities in areas like privacy, AI, and security governance. He underscores the growing importance of business and leadership skills for CISOs and emphasizes the need for collaboration across teams as boards increasingly turn to CISOs for security governance and risk management.

In this episode of the Connected FM podcast, host Edward Wagner, with over 30 years of experience in real estate, chats with Erik Hart, Chief Information Security Officer (CISO) at Cushman and Wakefield. Together, they dive into the crucial role facility managers play in keeping their tech choices secure. It's not just about picking the right technology — it's about implementing it correctly to avoid cybersecurity pitfalls, like ransomware, and major financial losses.Drawing from the real-life example of the CrowdStrike incident, Erik Hart shares valuable insights into the role of a CISO, the importance of strong vendor relationships, and how FMs can safely navigate the tech landscape. They also discuss the pressure facility managers face to adopt new technologies, and how to strike the right balance between innovation and maintaining strong security practices.This episode is packed with practical advice on fraud awareness, risk management, and how to tap into internal IT and legal resources to stay ahead in the ever-evolving world of facility management. Whether you're a seasoned FM professional or just starting out, this conversation will help you think smarter about your tech decisions.Resources from the episode:A Facility Professional's Guide to Understanding Cybersecurity Course: https://www.fm.training/topclass/topclass.do?expand-OfferingDetails-Offeringid=13716853The Convergence: Managing Digital Risk and FM's Role in Protecting Digitized Buildings White Paper: https://ifma.foleon.com/white-paper/cybersecurity/Edward Wagoner's LinkedIn: https://www.linkedin.com/in/edwardwagoner/ Connect with Us:LinkedIn: https://www.linkedin.com/company/ifmaFacebook: https://www.facebook.com/InternationalFacilityManagementAssociation/Twitter: https://twitter.com/IFMAInstagram: https://www.instagram.com/ifma_hq/YouTube: https://youtube.com/ifmaglobalVisit us at https://ifma.org

In this episode, Mike Manrod, the Chief Information Security Officer (CISO) of Grand Canyon Education, and Ori Eisen, the Founder and CEO of Trusona, joined me to discuss how best to reduce the risks of social engineering attacks on IT support and help desk personnel. This episode was motivated by the major cyber attack that brought MGM Resorts International's operations to a screeching halt. It was a social engineering attack where the attackers gained super administrator privileges by providing the MGM Help Desk with basic employee information.Action Items and Discussion Highlights"Bypassing the human verification is something super critical we need to address. It's something we can't afford to wait on, and it's low-hanging fruit."Implement a driver's license validation solution to authenticate callers to the IT help desk.Explore expanding the use of identity verification technologies beyond the IT help desk, such as for wire transfers and other high-risk financial transactions.Adopt a layered approach to establishing a robust defense. "You need a good tech stack, user entity behavior analytics, conditional access policies, MFA, and security awareness training." Educate IT support staff on identifying potential social engineering attempts, even when the caller appears to be using advanced techniques like voice cloning.Implement a policy instructing employees to hang up and call back when they receive requests for sensitive information or transactions.Stay vigilant and continue to explore new solutions to combat the evolving threat of social engineering attacks.Time Stamps00:02 -- Introduction02:45 -- Mike Manrod's professional highlights03:38 -- Ori Eisen's professional highlights06:36 -- Why is Mike Manrod so passionate about this discussion topic?08:45 -- Breaching MFA13:25 -- Securing the Organization from Human Vulnerabilities17:57 -- Defense-in-Depth and People-Process-Technology19:44 -- Technology underlying authentication22:40 -- Seamless adoption of authentication technology26:15 -- Evolution of authentication technologies30:02 -- What advice would you have for practitioners like you who are on the fence about investing in such technologies?31:10 -- Closing ThoughtsMemorable Mike Manrod Quotes/Statements"Multifactor authentication (MFA) carried us a long way, but now that it's everywhere, it naturally creates a cyber evolutionary force, driving adversaries to have to solve it.""I think the future is that of a layered approach. No one solution solves the whole problem. You need a good tech stack; You need user entity behavior analytics; You need conditional access policies; You need MFA; You need security awareness training." "You can't simply rely on five verification questions that anybody could guess.""We were really excited about the driver's license validation aspect, you know, let's take a trusted authority like a driver's license bureau. Let's take a trusted identification with multiple attributes that can be verified and then put it on a clock so that if somebody somehow tries to socially engineer those chains, we detect and report on that too.""Bypassing the human verification is something super critical we need to get on top of, and it's something we can't afford to wait on, and it's low-hanging fruit."Memorable Ori...

SESSION TITLE: BCP LIVE on Rendezvous Yacht IIRECORDED: 9/26/24VENUE: Rendevous Yacht - https://www.cityexperiences.com/philadelphia/city-cruises/our-fleet/fleet-rendezvous/LOCATION: Philadelphia, PAGUEST: Damian Oravez, CISO of City of Philadelphia | Jessica Hoffman, DCISO of City of PhiladelphiaSPONSOR: Philly Tech CouncilABOUT GUESTS:​Damian Oravez is the Chief Information Security Officer (CISO) for the city of Philadelphia. With a focused career in cybersecurity, Damian previously served as the CISO for the Philadelphia International Airport for five years, where he honed his skills in monitoring and securing a vast array of technological systems in both the public sector and critical infrastructure.Jessica Hoffman plays a pivotal role in Philadelphia's cybersecurity landscape, working side by side with Damian Oreves. With experience in both private and public sectors, Jessica brings a comprehensive understanding of cybersecurity and is keenly focused on safeguarding citizens and workforce digital environments. Her expertise encompasses both tactical implementation and strategic oversight, demonstrating her dedication to making a difference in her community.Key Takeaways:Scrutinizing the broad scale of city-level cybersecurity necessitates efficient, automated asset inventory management.The public sector is distinctly impacted by regulatory entities, and cybersecurity officers uphold a crucial role in maintaining not only digital safety but also public trust.Engaging with city departments on cybersecurity imperatives fosters greater buy-in and alignment with defensive measures.The team stresses balancing innovation with caution, especially in the realm of emerging technologies like AI, to maintain operational security.There is inherent cultural importance in municipal service roles, reflecting a deeper connection to meaningful cybersecurity contributions.CONNECT WITH USwww.barcodesecurity.comBecome a SponsorFollow us on LinkedInTweet us at @BarCodeSecurityEmail us at info@barcodesecurity.com

Tammy Klotz is an award-winning technology leader and seasoned Chief Information Security Officer (CISO) with extensive experience in transforming cybersecurity programs for multinational manufacturing companies. Beginning her career in internal audit, Klotz transitioned into cybersecurity, holding leadership roles at major firms like Air Products, Covanta Energy, and now Trinseo. She is the author of Leading with Empathy and Grace: Secrets to Developing High-Performing Teams, where she shares her holistic approach to leadership. A distinguished speaker and thought leader in the Philadelphia cybersecurity community, Klotz actively engages with various initiatives and forums to inspire future leaders.Her book highlights 25 essential qualities for leaders across any industry. Focusing on traits like empathy, grace, and self-awareness, the book underscores the growing importance of these soft skills in building resilient, high-performing teams—crucial to modern leadership. The "TTIPPC" Framework emphasizes the need for transparency, inclusion, and consistency in fostering united and productive teams. Through engaging career stories, Klotz offers valuable insights into navigating professional challenges while balancing personal life with a compassionate and determined leadership approach.TIMESTAMPS:0:16 - Leading With Empathy and Building High-Performing Teams2:18 - Cybersecurity Leadership Across Industries and Unique Challenges7:15 - Balancing Leadership, Family, and Community Involvement17:02 - Empathy and Grace: Essential Leadership Qualities for Success25:03 - Building High-Performing Teams Through Positive Energy and Collaboration 37:04 - Leading With Empathy and Grace Through the TTIPPC Framework 45:25 - Cybersecurity Conversations and Creative Bar ConceptsSYMLINKSLeading with Grace and Empathy - https://www.amazon.com/Leading-Empathy-Grace-Developing-Performing/dp/1950336573URL where Tammy Klotz's book Leading with Empathy and Grace is available for purchase. LinkedIn - https://www.linkedin.com/in/tammyklotz/Platform where Tammy Klotz is available for professional networking. Redstone Grill - https://redstonegrill.comTammy's go-to restaurant in Plymouth Meeting,PA with a great atmosphere and outdoor patio. Frequently used for professional dinners and happy hours. Trinseo - https://www.trinseo.comTammy's current employer, where she is focused on improving the cybersecurity program with a particular emphasis on OT security. DRINK INSTRUCTIONEmpathy Elixer2 oz Bourbon1 oz Elderflower Liqueur1/2 oz Lemon JuiceDash of BittersOptional: Lemon TwistCombine all ingredients in a shaker with ice. Shake thoroughly, then strain into a glass. Optionally, garnish with a lemon twist.CONNECT WITH USwww.barcodesecurity.comBecome a SponsorFollow us on LinkedInTweet us at @BarCodeSecurityEmail us at info@barcodesecurity.com

This week's guest is Dr. Erika Voss, Chief Information Security Officer (CISO) at DAT.  Erika joined DAT earlier in 2024 as our first CISO coming from a long career in security and risk at companies such as MicroSoft, Salesforce, Oracle, and CapitalOne.  In her role, she is really changing the game in cybersecurity for the entire trucking transportation industry.  Erika explains that the types of fraud and theft that occur in our industry are all essentially cybersecurity issues.  Interestingly, the introduction of greater digitalization of operations, while greatly increasing efficiency, has a dark side in that it opens the door for potential cybersecurity breaches.  In our conversation, we discuss the concepts of each person's ‘identify fabric,' how the ‘attack landscape' for companies has expanded dramatically over the past several years, what ‘zero-trust' transportation with continuous authentication might look like, and exactly what a ‘script kiddy' is.  Finally, we talk about how a shipper should include cybersecurity capabilities as part of their carrier and broker vetting for any RFPs.  As shippers, carriers, and brokers continue to automate and digitize various functions, the importance of cybersecurity is only going to increase.  

In this episode of Life of a CISO, Dr. Eric Cole continues the conversation on key trends that every Chief Information Security Officer (CISO) should be aware of. Building off the last episode where he discussed AI regulations, zero trust, and cyber numbness, Dr. Cole shifts focus to critical topics like metrics, communication, leadership, cloud security, third-party risks, and ransomware. He emphasizes the importance of CISOs developing a strong communication strategy and metrics to stay ahead of emerging cyber threats. Drawing parallels with executive-level leadership, he stresses that CISOs must be seen as strategic business leaders, not just technical experts, in order to have a meaningful impact on an organization's growth. Throughout the episode, Dr. Cole highlights the value of having clear, long-term goals and outlines practical steps for becoming a world-class CISO. He urges current and aspiring CISOs to reflect on their career paths, continuously assess their progress, and focus on the skills needed to sit at the executive table. By aligning themselves with core business leaders and consistently providing value through clear, actionable security insights, CISOs can elevate their roles and drive better outcomes for their organizations.  

In this episode of Life of a CISO, Dr. Eric Cole focuses on the importance of continuous personal and professional growth, particularly for those pursuing or working in the role of a Chief Information Security Officer (CISO) or Virtual Chief Information Security Officer (vCISO). He emphasizes that being successful in these high-stakes roles requires more than technical expertise—it demands ongoing self-assessment and personal development. Many professionals in cybersecurity, especially those in leadership roles like CISO and vCISO, tend to focus solely on their current accomplishments and responsibilities. However, Dr. Cole stresses that true growth comes when you move beyond maintaining your status quo and start pushing yourself to achieve more. He encourages CISOs and vCISOs to assess their progress, both in terms of income and influence within their organizations, and to continuously strive for new challenges. Moreover, Dr. Cole explains how the identity and belief system of a CISO or vCISO directly impact their career trajectory. He highlights that professionals in these roles often reach a plateau when they stop evolving their mindset. To break through to the next level—whether in terms of career advancement or financial growth—Dr. Cole advises them to shift their belief structure and adopt a mindset of abundance. He challenges cybersecurity leaders to re-envision themselves as not just protectors of data, but as strategic leaders who can drive the organization forward. By doing so, they can expand their influence, make more significant contributions, and ultimately thrive both personally and professionally.  

The fallout from the SolarWinds intrusion took a new turn with the U.S. Securities and Exchange Commission's (SEC) decision to file a cybersecurity-related enforcement action against the SolarWinds corporation and its Chief Information Security Officer (CISO), Timothy G. Brown, in October of 2023. But In July, District Court Judge Paul A. Engelmayer dismissed a number of charges in the SEC's complaint against SolarWinds and Brown. To talk about this significant development in the case, Stephanie Pell, Lawfare Senior Editor and Brookings Fellow, sat down with Shoba Pillay, a partner at Jenner & Block and a former federal prosecutor, and Jennifer Lee, also a partner at Jenner & Block and a former Assistant Director in the SEC's Division of Enforcement. They discussed the court's rationale for allowing some charges to stand, while dismissing others, what stood out most in the dismissal of the case, and how this case may shape the SEC's cybersecurity enforcement actions in the future.To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/c/trumptrials.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.

Guest: Kush Sharma, Director Municipal Modernization & Partnerships, Municipal Information Systems Association, Ontario (MISA Ontario)On LinkedIn | https://www.linkedin.com/in/kush-sharma-9bb875a/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin___________________________Episode NotesIn this part two of the three-part series on The Redefining CyberSecurity Podcast, host Sean Martin is joined by Kush Sharma to discuss the critical topic of building a Chief Information Security Officer (CISO) office from the ground up. Both speakers bring invaluable insights from their extensive experiences, illustrating key points and real-world scenarios to help organizations navigate the complexities of cybersecurity and business transformation.Sean kicks off the conversation by emphasizing the strategic role of the CISO in business transformation. He explains that a successful CISO not only secures what the business wants to create but also contributes to developing a powerful and secure business. He points out that CISOs often have a unique perspective, experience, and data that can significantly impact the way business processes are transformed and managed.Kush expands on this by highlighting the need for adaptability and a mindset of continuous change. He shares that CISOs should view their organization as a business function solely dedicated to protecting assets. He uses examples to demonstrate how missions change every few years due to the rapid evolution of technology and processes, making it essential for security teams to pivot and adjust their strategies accordingly.Kush stresses the importance of collaboration across different teams—from digital to physical—and notes that a key to successful security management is building a culture that is adaptable and aligned with the business's changing objectives. One of the most interesting points brought up is the significance of involving security from the outset of any new project.Sean and Kush discuss the importance of integrating the CISO into discussions around business requirements, system architecture, and technology selection. By being involved early, CISOs can help ensure that the organization makes informed decisions that can save time, reduce risks, and ultimately contribute to a more secure business environment.Another critical aspect discussed is the approach to risk management. Kush describes a structured method where security teams provide options and recommendations rather than outright saying 'no' to business requests. He mentions the use of risk acceptance forms, which require high-level sign-offs, thus ensuring that decision-makers are fully aware of the risks involved and are accountable for them. This transparency fosters a sense of shared responsibility and encourages more informed decision-making.Both Sean and Kush provide a comprehensive look at the evolving role of the CISO. They make it clear that today's CISOs need to be strategic thinkers, skilled negotiators, and effective communicators to successfully lead their organizations through the complexities of modern cybersecurity challenges. The insights shared in this episode are invaluable for anyone looking to understand the multifaceted responsibilities of a CISO and the indispensable contributions they make to business success.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

In today's episode of Tech Talks Daily, I sit down with Nick Walker and Giles Inkson from NetSPI to explore how proactive approaches are reshaping cybersecurity. NetSPI recently rebranded and launched a unified security platform designed to help organizations take a more proactive stance against cyber threats. This platform combines Penetration Testing as a Service (PTaaS), Attack Surface Management (ASM), and Breach and Attack Simulation (BAS) to provide a comprehensive view of assets, risks, and security improvements. We discuss the latest trends in cybersecurity, including the rapid adoption of generative AI and the complex risks it introduces. As cyber attacks grow more sophisticated, there's a significant shift towards holistic risk management beyond just vulnerability patching. This involves understanding critical assets and the pathways that could be exploited. The role of the Chief Information Security Officer (CISO) is evolving too, with an increasing focus on board-level communication and strategic risk management. CISOs are now essential in translating cyber risks to leadership and ensuring cost-effective security programs. We also discuss the EU's Digital Operational Resilience Act (DORA), set to take effect in January 2024. This regulation mandates practices like threat-led testing and intelligence sharing for financial institutions, aiming to enhance resilience through rigorous scenario-based tests and improved information sharing. How do you see the role of proactive measures in cybersecurity evolving? We'd love to hear your thoughts. Connect with us online to continue the conversation and learn more about the topics we covered today.

Arkansas sues Temu over privacy issues. Polyfil returns and says they were wronged. An NYPD database was found vulnerable to manipulation. Google slays the DRAGONBRIDGE. Malwarebytes flags a new Mac stealer campaign. Patch your gas chromatographs. Microsoft warns of an AI jailbreak called Skeleton Key.  CISA tracks exploited vulnerabilities in GeoServer, the Linux kernel, and Roundcube Webmail.  In our  'Threat Vector' segment, host David Moulton speaks with Jim Foote, CEO of First Ascent Biomedical, about his transition from Chief Information Security Officer (CISO) to leading a biotech company utilizing AI to personalize cancer treatments. Metallica is not hawking metal crypto.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of the Palo Alto Networks podcast 'Threat Vector,' host David Moulton speaks with Jim Foote, CEO of First Ascent Biomedical, about his transition from Chief Information Security Officer (CISO) to leading a biotech company utilizing AI to personalize cancer treatments. They discuss how Foote's personal experience with his son's cancer diagnosis drove him to apply cybersecurity principles in developing an innovative approach, called Functional Precision Medicine, which tailors cancer treatment to individual patients. The conversation also covers the role of mentorship, the importance of interdisciplinary skills, and the transformative potential of AI in both cybersecurity and medical fields. You can listen to the full episode here.  Selected Reading Arkansas AG lawsuit claims Temu's shopping app is ‘dangerous malware' (The Verge) Polyfill claims it has been 'defamed', returns after domain shut down (Bleeping Computer) NYPD officer database had security flaws that could have let hackers covertly modify officer data (City & State New York) Google TAG: New efforts to disrupt DRAGONBRIDGE spam activity (Google) ‘Poseidon' Mac stealer distributed via Google ads (Malwarebytes) Gas Chromatograph Hacking Could Have Serious Impact: Security Firm (SecurityWeek) Microsoft warns of novel jailbreak affecting many generative AI models (CSO Online) CISA Warns of Exploited GeoServer, Linux Kernel, and Roundcube Vulnerabilities (SecurityWeek) Metallica's X account hacked to promote crypto token (Cointelegraph) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices