Guest: Matthew Rosenquist, CISO at Eclipz.ioOn LinkedIn | https://www.linkedin.com/in/matthewrosenquist/On Twitter | https://twitter.com/Matt_RosenquistOn Medium | https://matthew-rosenquist.medium.com/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb___________________________Episode NotesIn the last episode on this topic, Matthew gave us some insights into how and where he expected cybersecurity to take us in 2022. During the conversation he said, “Cybersecurity will continue to rapidly gain in both relevance and importance in 2022 as the world relies more upon digital technologies and unknowingly embraces the increasing accompanying risks of innovation. 2022 will see the rise of government orchestrated cyber-offensive activities, the growth of cybercriminal impacts at a national level, and the maturity of new technology used as powerful tools by both attackers and defenders. Overall, 2022 will be a more difficult and trying year for cybersecurity than its predecessors.”In this episode, we take a look back at the year of cybersecurity that was 2022, including the predictions, the outcomes, and the misses. It's a wild ride that you won't want to miss, even if you experienced some of it first-hand in your own InfoSec programs.____________________________ResourcesPrevious Episode #844 - It Is 2022: Here Are Some Cybersecurity Predictions And Their Impact On Business, Governments, Citizens, And Society: https://itsprad.io/redefining-security-844Original 10 Predictions: https://www.linkedin.com/pulse/10-cybersecurity-predictions-2022-matthew-rosenquist/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastWatch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqAre you interested in sponsoring an ITSPmagazine Channel?
Would you pay the ransom if you were hit with ransomware? Leaders and their companies are targets. Cyberthreats are on the rise and many companies have fallen victim. They can actually reflect what our weaknesses are when it comes to leading people and how you react under pressure. For most people, this is a really stressful time but it can also be a great opportunity to see how you handle difficult situations.I host Dan Lohrmann, Field CISO for Presidio, who shares a vital strategy for how to respond to a cyber ransom threat.Presideo is a global digital solutions and services provider delivering software-defined cloud, collaboration and security solutions to customers.Dan started his career at the National Security Agency (NSA), and has over 30 years of professional experience – including Chief Security Officer and Chief Technology Officer roles.He's also an award winning blogger and global speaker on a wide range of technology and cybersecurity topics. Best selling author of “Cyber Mayday and the Day After Dan: A Leader's Guide to Preparing, Managing and Recovering From Inevitable Business Disruption.” LinkedIn Profile https://www.linkedin.com/in/danlohrmann/Company Link: https://www.presidio.com/Link to Dan's Book: “Cyber Mayday and the Day After Dan: A Leader's Guide to Preparing, Managing and Recovering From Inevitable Business Disruption.” https://www.amazon.com/Cyber-Mayday-Day-After-Disruptions/dp/1119835305 What You'll Discover in this Episode:The story of the turning point of his career.How he accelerated his learning as a writer.A vital cybersecurity tip for leaders.How to be prepared for AI and cyber risks.The first step you should take if you receive a cyber ransom note.The role of cybersecurity for the next five years.What happened with the $28.75M ransom note.-----Connect with the Host, #1 bestselling author Ben FanningSpeaking and Training inquiresSubscribe to my Youtube channelLinkedInInstagramTwitter
As part of our ongoing coverage on the cybersecurity market, host Steve Morgan recently spoke to several top experts about how they see it. On this episode, Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 Africa, is joined by Laura Deaner, CISO at Northwestern Mutual; Jason Rader, VP and CISO at Insight Enterprises; Teresa Zielinski, Global CISO at GE Gas Power; and Paul Connelly, Chief Security Officer at HCA Healthcare. To learn more about our sponsor, KnowBe4, visit https://knowbe4.com
In this episode of The New CISO, Steve is joined by guest Mark Weatherford, CISO and Head of Regulated Industries at AlertEnterprise.After many years in CISO roles, Mark eventually found himself in the White House. Reflecting on his incredible career journey, Marks evaluates the opportunities that led him to success. Listen to part one of this episode to learn more about Mark's navy experience, the importance of delegating in leadership, and how to become the guy who always gets the call.Listen to Steve and Mark discuss when to put the fear aside and embrace the possibility of failure and the willingness to take on new opportunities:Meet Mark (1:51)Host Steve Moore introduces our guest today, Mark Weatherford. The current Chief Security Officer at AlertEnterprise, specializing in IT and OT security.Before starting his cyber security career, Mark wanted to build dams and roads in the navy. Instead, the navy had other ideas and picked Mark to be placed in the advanced electronics program, leading him to the CISO industry. Measuring Your Day (7:21)Mark measures his work day by the goals his team achieved or when a project is done. Although it's a different set of standards than when you see a road or other construction projects completed before you, cyber security work can also be assessed.Life After The Navy (9:08)By the time Mark started his job at Raytheon, the Navy had a contract to complete a security project with them. Already determining when he would leave the Navy, Raytheon called him about a position that fit his skillset: building a security operations center from the ground up.Relying On Your Team (14:14)Steve presses Mark on what he learned from managing the start of the security operations center. Mark gathered that no one can do everything and that it's essential to have a core group of leaders to rely on.Good leadership comes from delegating authority to people without micro-managing, empowering them to excel at their jobs.Working With Fear (22:07)“That's all part of learning. Things are going to break now and then,” Marks explains when expanding on his leadership philosophy.Reflecting on his own experience with gaining new skills, Mark's advice to anyone is that mistakes happen when you're learning. We may be uncomfortable when things are unfamiliar, but as long as we're not doing anything malicious, we can figure things out.What Happens Next (24:14)One day Mark received a call from his boss about a project with the Federal Government in Colorado. A year later, Mark got another call from his next job, leading him to a cabinet position.Through his impressive work experience, Mark was considered for exciting political opportunities impacting our country.That's Politics (28:53)Mark discovered pretty quickly in politics that people aren't always truthful. Unfortunately, he understands that this is the industry's nature, and that is how things are. As a result, it's natural to become wary and not take everything you hear at face value, although Mark still gives people the benefit of the doubt.Working With The Legislature (31:13)Mark's work in government allowed him to influence policy as well. Mark learned about the trade-offs in politics during this experience and why opposition can create barriers to security policy. Becoming The Terminator's CISO (34:58)After leaving Colorado, Mark was called for the opportunity to work for Governor Arnold Schwarzenegger in California. Mark recognizes that the secret to his success derives from being prepared for new positions when they arise. Mark never directly worked with Governor Schwarzenegger, but...
As part of our ongoing coverage on cybercrime, host Steve Morgan recently spoke to several top experts about how they see it. On this episode, Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 Africa, is joined by Adam Keown, Global CISO at Eastman; Laura Deaner, CISO at Northwestern Mutual; Paul Connelly, Chief Security Officer at HCA Healthcare; Teresa Zielinski, Global CISO at GE Gas Power; Ian Anthony Baxter, Chief Information Security Officer, UK, at Bank of Ireland; and Devon Bryan, Global Chief Information Security Officer at Carnival Corp. To learn more about our sponsor, KnowBe4, visit https://knowbe4.com
GuestLance SpitznerDirector, SANS Senior Instructor - SANS Technical Institute [@sansinstitute]On LinkedIn | https://www.linkedin.com/in/lance-spitzner-0ab0ba1/On Twitter | https://twitter.com/lspitznerHostSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsPentera | https://itspm.ag/penteri67aAsgardeo | https://itspm.ag/asgardeo-by-wso2-u8vc___________________________Episode NotesThere are many security frameworks, maturity models, and best practices to leverage when developing ‘user friendly' security policies to foster greater adoption and behavioral change. How these new policies are effectively communicated to ensure both compliance and collaboration across the organization (including remote workers) is equally important.____________________________ResourcesSANS: https://www.sans.org/NIST CSF: https://www.nist.gov/cyberframework____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?
Today on the show, Lena Smart, Chief Security Officer of MongoDB, and I team up to interview Dwight Merriman, co- founder and key contributor to MongoDB. Dwight Merriman is a true tech legend. In addition to co- founding and co- creating the MongoDB database and 10gen now called MongoDB, the company. He also co- founded and led several other well known successful companies including Business Insider, DoubleClick and Gilt Groupe. In today's interview, Dwight shares openly and honestly about the motivations behind creating the database, which now actually claims nearly half of the entire NoSQL market. He talks about the decision to build the database rather than use something that existed at the time.
Dan Cerrillo is the former Chief Administrative Officer for American Addiction Centers (AAC), where he led ~15 teams that improve the lives of veterans struggling with addiction and PTSD. Prior to his promotion to CAO in 2022, Dan served AAC as the Chief of Staff and Chief Security Officer. In those roles, Dan was instrumental in helping AAC obtain Tricare and Veterans Administration approval, which has enabled the organization to treat 4000+ veterans and support them in returning to normal, productive lives. Dan was an original member of BUD/S Class 194 and served with SEAL Team One as an operator and instructor after graduation. He was later accepted to the Naval Special Warfare Center/ Special Operations instructor staff and received his accreditation as a Master Training Specialist for Advanced Applied Explosives, Diving Supervisor, Diving Maintenance and Range Operations Safety. A decorated Navy SEAL, Dan has been awarded the Bronze Star, Navy Commendation and Navy Achievement Medals – all with combat distinguishing devices – as well as the Purple Heart Medal. Just before Dan was slated to transition into a civilian career in finance, after graduating with a BBA in Finance, he watched the events of 9/11 unfold. Instead of leaving the military, he chose to continue serving his country for the next six years, during which time he deployed with Naval Special Warfare Group One, SEAL Team Seven, and SEAL Team One to both Iraq and Afghanistan. Following a combat injury, Dan medically retired from the SEALs, though he continues to serve in board, advisory, and ambassador capacities for the Navy SEAL Foundation and the Navy SEAL Fund. In 2020, Dan played an instrumental role in creating the Military Wellness Initiative and Navy SEAL Support Alliance, a $30M joint endeavor of multiple strategic partners. Dan has held multiple executive protection specialist and team leader roles at Vulcan, Inc. and Bayshore Global Management which later inspired him to launch Spartan 7, Inc., a company that provides security, adventures, and executive coaching to high-net-worth individuals, families, and corporations across the US. Dan is currently the CEO of Spartan 7, Inc., and in just three years, he has taken the business from a $2500 startup to a valuable brand worth over $50M. Other work experience includes launching three CrossFit Gyms in the greater Seattle area, which were later sold for a substantial profit, and serving as the Chief of Staff and Director of recruiting for Bayshore Global Management's Global Support Division (GSD.ngo), where he created world's first privately funded disaster aid and humanitarian response team – built of staff from Harvard Humanitarian, Stanford Medicine, and former Special Operations Operators – that was deployed to 10+ natural disaster sites and 100+ humanitarian aid sites. Dan also co-founded the Memorial Day “Murph” Challenge, which has raised over $50M in donations for the Michael Murphy Family Foundation through over 1M participants to date. In addition to his BBA, Dan is finishing a Master of Science (MS) degree in Strategic Leadership from the University of Charleston. He is also a Nationally Registered Wilderness Emergency Medical Technician (Level B), a credential which he obtained from the University of Utah. Dan and his wife Leilani have been married for over 20 years. They reside outside of Nashville and enjoy traveling to visit their three grown children at every opportunity. In his free time, Dan has coached multiple high school, college, and junior football teams to winning conference, state, and national championship titles. Dan is currently the Head Coach of the Sub Varsity Team, and Varsity Assistant Linebacker Coach of the Nationally Ranked (15) and defending Tennessee State Football Champions Lipscomb Academy.
In this episode of the Remote CEO Show, I had the pleasure to interview Antonella Pisani. Antonella Pisani is the founder and CEO of Dallas-based Eyeful Media, a digital marketing and consulting firm focused on performance marketing and digital strategy for mid-market companies. Founded in 2017, the company has experienced exponential growth fueled exclusively by word-of-mouth referrals. As a result, Eyeful Media has ranked in the top 11% on the Inc. 5000 list for the past two years as one of the fastest-growing privately held companies in America, scaled at an 1178% growth rate. They ranked #17 in Dallas, #37 in Texas, and #38 in all Advertising & Marketing companies. Eyeful Media was also named to the 2022 Adweek list of fastest-growing agencies ranking number 13 on the list overall and number 5 in the West/Southwest. Eyeful Media has also been announced as a member of the Dallas 100 for 2022. Antonella places a special emphasis on giving back to the community, giving back 5% of Eyeful Media's profits to organizations such as Community Partners of Dallas, Dwell with Dignity, the Birthday Party Project, Michael J Fox Foundation, the Trevor Project, and The North Texas Food Bank. She serves as a member of The North Texas Food Bank Advisory Council and the Dwell with Dignity Board of Directors. Also important to Antonella is Eyeful Media's intellectually stimulating environment that allows for team members a balanced life and social responsibility. Eyeful Media brings expertise to their clients from a fully-remote, 40% minority team with employees spanning 16 states and 23 cities. The company brings a fresh approach by hiring only experienced holistic marketers and eliminating layers often found in digital marketing agencies. This has helped the company scale quickly, as has quality work and technical expertise. Antonella has more than 25 years of marketing and digital experience. Prior to starting Eyeful, she held VP and SVP roles at companies including Proflowers, Guitar Center, JCPenney, and Fossil where she managed annual marketing budgets of up to $100 Million. Antonella is a first-generation American raised in San Diego, Calif. She holds a bachelor's degree in communication studies from St. Edward's University in Austin, Tex., where she began her career in digital through a work-study job as a web designer and developer in 1996, and later received a Master's in Business Administration from the University of San Diego. She is an avid traveler and photographer, with a particular focus on visiting places off the beaten path including Antarctica, Easter Island, Bhutan, and the Arctic. She is fluent in Spanish, and Portuguese, and speaks French and Italian well enough to get by when traveling. Her rescue pup, Riley, serves as the company's “Chief Security Officer.” For more information, please visit https://www.eyefulmedia.com/.
ISACA's Jeff Champion welcomes Steven Ross to the ISACA podcast. Steven asks what the effect of Convergence on the Control Community and concludes that everything is connected to every role, and it is becoming risky to have employees siloed within their own practice. He also remarks on how he once wrote an ISACA Journal article about companies creating a role for Chief Security Officer and now that is becoming a reality within the industry. Tune in now! To read Steven's full-length article, visit: www.isaca.org/convergence-where-next To listen to more ISACA podcasts, visit: www.isaca.org/podcasts
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. Everyone's security is at risk when they travel — even when it's for business. Today's guest, Kelly Johnstone, has decades of risk experience, stemming from several years as a Federal Agent as well as the Chief Security Officer for a major global company. Now, with International SOS, Kelly helps keep business leaders safe when traveling to high-risk areas. In this episode, Kelly discusses security measures organizations can take to protect employees and how they can be embedded into their ERM programs. Key Takeaways: [:01] About the RIMS Membership. [:14] Registration for RISKWORLD 2023 is now open! [:33] About RIMScast. [:46] About today's episode. [:58] All about upcoming RIMS webinars, workshops, events, and more! [2:00] More about today's episode with Kelly Johnstone. [2:33] Justin welcomes Kelly to the podcast! [2:48] Kelly shares about her career background and current role as a Risk Advisor at International SOS. [5:10] Kelly elaborates on what it takes to institute a risk management framework regarding travel today. [11:08] Is there a level of protection for the officers, decision-makers, and business leaders at International SOS as they travel? [15:04] RIMS Plug time! All about upcoming workshops and webinars. [15:50] Elise Farnham joins RIMScast to discuss her two upcoming RIMS virtual workshops! [18:58] Be sure to check out the 2022 year-end issue of the Risk Management Magazine! [19:46] How challenging is it to get buy-in from multiple departments regarding security risk? [22:16] How Kelly is able to tie security risk to revenue generation or retention. [23:55] How the practice of ERM could evolve to adapt to our current (COVID-19) climate. [25:37] What are we overlooking in terms of risk? Where does ERM need to shift? [28:00] Kelly discusses talent supply risks and shares her insights. [29:22] What happens when there has to be an extraction? Kelly shares her advice. [32:40] Kelly's experience coming up in the field of security as a woman and her advice to other women considering a career in security. [38:16] How did Kelly find her mentors? [39:45] Has Kelly always been a natural speaker? How did she become a better speaker? [40:48] Justin thanks Kelly for joining the podcast and shares some links to check in today's show notes. Mentioned in this Episode: RISKWORLD 2023 — April 30‒May 3 in Atlanta, Georgia! Public registration is now open! RIMS Virtual Workshops in 2023 — a Brief Dialogue with Instructor Elise Farnham RIMS Events, Education, and Services: RIMS Risk Maturity Model RIMS Events App Apple | Google Play NEW FOR MEMBERS! RIMS Mobile App RIMS Buyers Guide Contribute to RIMS Risk Management magazine Dan Kugler Risk Manager on Campus Grant Sponsor RIMScast: Contact email@example.com or firstname.lastname@example.org for more information. Related RIMScast Episodes: “Checking In: Hotel Risk Management with AHLA President & CEO Chip Rogers” “Travel Risk Management for the 2022 Holidays with Dr. Adrian Hyzler” “Fleet Safety 2022 with Nets Executive Director Susan Gillies-Hipp” Upcoming Webinars: RIMS External Affairs Presents: “How Cyber Insurance is Shaping the Insurance Industry” | Jan. 5, 2023 “Recertification: Keep Your RIMS-CRMP Active” | Complimentary to All | Jan. 9, 2023 “What to Expect from Cyber Insurance in 2023 and Beyond” | Sponsored by Telos | Jan. 24, 2023 Virtual Workshops: Applying and Integrating ERM | January 10‒11 | 10:00 am‒4:00 pm ET Registration closes Jan. 9 Captives as an Alternate Risk Financing Technique | January 18‒19 | 10:00 am‒5:00 pm ET Registration closes Jan. 17 Fundamentals of Insurance | January 25‒26, 2023 | 9:00 am‒4:30 pm ET Registration closes Jan. 24 See the full calendar of RIMS Virtual Workshops Sponsored RIMScast Episodes: “Using M&A Insurance: The How and Why” | Sponsored by Prudent Insurance Brokers Ltd. (NEW!) “Zurich's Construction Sustainability Outlook for 2023” “Aon's 2022 Atlantic Hurricane Season Overview” “ESG Through the Risk Lens” | Sponsored by Riskonnect “A Look at the Cyber Insurance Market” | Sponsored by AXA XL “How to Reduce Lithium-Ion Battery Fire Risks” | Sponsored by TÜV SÜD “Managing Global Geopolitical Risk in 2022 and Beyond” | Sponsored by AXA XL “Keeping Subcontractors Safe Through Partner Elevation” | Sponsored by Highwire “ESG: A Responsibility and a Growing Megatrend” | Sponsored by Prudent Insurance Brokers Ltd. “Prioritizing People: Focusing on Your Team to Deliver Exceptional Quality and Service to Your Clients” | Sponsored by Gallagher Bassett “Bermuda Opportunities in 2022 with BDA Chair Stephen Weinstein” | Sponsored by Bermuda Business Development Agency “SyncR: A Tool to Enhance Your Risk Quality & Insurance Strategy” | Sponsored by Prudent Insurance Brokers Ltd. “RIMScast: Navigating the Risk Landscape in 2022” | Sponsored by AXA XL “RIMScast: Prioritizing People: Expertise and Innovation” | Sponsored by Gallagher Bassett “RIMScast: Risk Findings for the Industrial & Manufacturing Industry” | Sponsored by Aon “RIMScast: Establishing the Right Assurance to Request From Business Partners” | Sponsored by HITRUST “RIMScast: Aon's 2021 Retail Industry Overview” | Sponsored by Aon “RIMScast: A Legacy of Resilience” | Sponsored by J.B. Boda Group “The Golden Era of Insurance” | Sponsored by The Hartford “Insurance Investigation Trends Happening Now” | Sponsored by Travelers “What Could a CRO Do for Your Business?” | Sponsored by Riskonnect “Hard Reality: A Look at Rising Rates in Property & Excess Casualty” | Sponsored by AXA XL “Property Valuation Deep Dive” | Sponsored by TÜV SÜD “Property Loss Control Engineering” | Sponsored by Prudent Insurance Brokers RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops Upcoming RIMS — Virtual WorkshopsIMS Webinars On-Demand Webinars RIMS Advisory Services — Ask a Peer Risk Management Magazine Risk Management Monitor RIMS Risk Leaders Series RIMS-Certified Risk Management Professional (RIMS-CRMP) RIMS-CRMP Stories — New interview featuring Merline Barrington of the Port Authority of NY & NJ! Spencer Educational Foundation RIMS DEI Council RIMS Path to the Boardroom Want to Learn More? Keep up with the podcast on RIMS.org and listen on iTunes. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. Follow up with Our Guest: Kelly Johnstone's LinkedIn Elise Farnham's Profile Tweetables (For Social Media Use): “Risk has become … something that everybody understands. Before, it was this fuzzy thing, ‘Security just got in the way,' ‘Oh, here she comes again.' I think you have to learn how to talk to people about security so that … it's business-enabling.” — Kelly Johnstone “If you really think about it … almost everything comes back to a financial impact. So, if you're not thinking about that as important as everything else you're talking about [when it comes to] risk … you're missing the boat.” — Kelly Johnstone “If you're a business to make money, [financial risk is] what you need to be looking at as you talk about [all] risks.” — Kelly Johnstone “Companies that start thinking differently are going to be ready for the next threat and I think that's where ERM needs to shift.” — Kelly Johnstone "[At] the Chief Security Officer level, it's about 90% white men over 60. … We need more women. We need more people of color — we need more everything. Because this is a field where you need to be a critical thinker and your background [plays a part in that].” — Kelly Johnstone
Community Member Contributor: William PughSecurity Consultant at AWS [@awscloud]On LinkedIn | https://www.linkedin.com/in/billy-pugh/HostsSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco CiappelliCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli______________________Episode DescriptionCompanies looking to strengthen their cybersecurity programs would do well to look toward military veterans who are transitioning to the corporate sector. Veterans come equipped with the necessary experience and a cybersecurity paradigm that sets them up for success in helping protect vital digital assets.A vital part of that paradigm is the ambiguity of cybersecurity. New technologies keep emerging that need protection by applying security controls. At the same time, cybercriminals constantly change their tactics, exploiting known weaknesses and bypassing common controls.Both the military and the corporate world also face a dearth of security talent and often have to throw professionals with little experience at the cybersecurity ambiguity challenges. Private companies and public organizations thus need professionals who are accustomed to working under the pressure of ambiguous scenarios with limited resources to support them.______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?
Bryant Tow is the Chief Security Officer at Leapfrog, a provider of strategic IT business services. Bryant explains how having a methodology for managing cyber risk is critical and talks about the most common types of risks in the current threat landscape. He also makes some predictions about key changes in IT security space for 2023 including the rise of cyber insurance. https://leapfrogservices.com/
GuestsJavvad MalikLead Security Awareness Advocate at KnowBe4 [@KnowBe4]On LinkedIn | https://www.linkedin.com/in/javvad/On Mastodon | https://infosec.exchange/@JavvadOn Twitter | https://twitter.com/J4vv4DOn TikTok | https://www.tiktok.com/@j4vv4dOn YouTube | https://www.youtube.com/infoseccynicMarco CiappelliCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelliHostSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsAsgardeo | https://itspm.ag/asgardeo-by-wso2-u8vcPentera | https://itspm.ag/penteri67a___________________________Episode NotesSecurity awareness and security culture are talked about a lot in the community. In this episode, we get into the nitty gritty of both of these topics, hearing about them via real-world stories and discussing them in the context of real-life analogies. A program is just a program unless it can be understood, measured, and defended from all angles.As one example discussed in this episode, there's no point in just teaching people to spot a phishing email because phishing now comes in text messages, on social media, direct messages on Twitter or Instagram, on Discord channels, even in your WhatsApp messages. There's no way you can train everyone on every single channel out there. A better option is to teach them about the red flags, give them knowledge about how the bad actors will approach their targets, and what some of the signs are to look out for. Help them understand that if you're careful, then you won't fall victim to it. One analogy used to help illustrate this point comes in the form of the crosswalks in London where information is shared with the street crosser at the point when/where they are crossing as opposed to trying to train the traveler weeks in advance of visiting London.This is one of the many, many points that our guest, Javvad Malik, shares with us during this episode.Enjoy and learn!____________________________Resources____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?
The Cybersecurity and Infrastructure Security Agency (CISA) recently (Oct 31, 2022) released fact sheets urging all organizations to implement phishing-resistant multi-factor authentication (MFA). In this episode, George Gerchow, Chief Security Officer and Senior Vice President of IT, Sumo Logic, and I have an in-depth discussion on this very important security subject matter. The scope of coverage ranges from providing an overview of MFA and its benefits to discussing the challenges and hurdles of implementing phishing-resistant MFA, recommended implementation approaches, and the future of MFA.Time Stamps01:53 -- Please share with listeners some highlights of your professional journey.02:51 -- Please provide listeners with an overview of what multifactor authentication is.03:52 -- A recently published article on Dark Reading reports that a massive phishing campaign targeting GitHub users convinced at least one developer at Dropbox to enter in their credentials and the two-factor authentication code, leading to the theft of at least 130 software code repositories. Essentially, the perpetrators exploited the multi-factor authentication fatigue. George, your reactions.06:51 -- You said that many organizations don't even have multifactor authentication. That begs the question, why is that the case? Is there a technology aspect to it, a technological complexity of having multifactor authentication integrated into existing legacy systems? Is there a cost aspect to it, is it very expensive? What does your experience tell you?08:30 -- From personal experience, I haven't felt the fatigue. Even if I had to review several times or take that extra step to authenticate, I would because I am paranoid about ensuring that access is very secure. So I have brought about a change in my own mindset. I'm just curious to know if organizations are striving to bring about a change in the multifactor authentication mindset. What are your thoughts?12:23 -- As humans, it is our natural tendency to assume, Oh, it's not going to happen to me. And if it does, we'll deal with it then. And I know that organizations also often have that mindset, some organizations know they will get bailed out. George, what are your thoughts?22:21 -- Would you like to expand on how organizations go about implementing phishing-resistant MFA? What solutions are available out there?25:09 -- George, I read about this FIDO authentication, the FIDO Alliance, where they have developed this protocol to enable phishing-resistant authentication. Can you expand on that? 26:50 -- During our planning meeting, you made a couple of very poignant statements, one of which is, "leaders should create a culture where employees feel they can slow down for the sake of security." Help tie this to our discussion on multifactor authentication.30:44 -- Going back to this multi-factor authentication fatigue, is there really a fatigue? Or is it being hyped up? What's the real story?35:33 -- George, I'd like to give you the opportunity to share some final words, some key messages for the listeners.Memorable George Gerchow Quotes/Statements"Absolute laziness is really what it comes down to in the beginning; I don't want to disrupt my organization by having them go through this extra step.""Development organizations that are heavy with startups, the developers do not want to take that extra step. Sometimes executives are also unwilling to follow through with that extra authentication step -- Do I really have to do this? I know it's a policy, but can't I get around this? And the answer should be flat-out No, under any...
Richard Rushing, CISO at Motorola Mobility, brings his decades of experience to the show this week to talk about leadership, communication, and perhaps most importantly of all: prioritization. After joining Motorola through a startup acquisition, Richard has been a leader in the company and a defining example of what a CISO should be doing: simplifying the complicated. Richard talks about how his role has changed over the last 10 years and what's next for him and for cybersecurity. Timecoded Guide: [00:00] Ascending into a leadership role in cybersecurity & joining the Motorola team [06:28] Defining CSO & CISO at a time when no one understood cybersecurity [13:01] Communicating with the C-suite about cyber: best practices & tenants [24:37] Harnessing a proactive cybersecurity mindset with prioritization [32:13] Extending your cybersecurity career for decades Sponsor Links: Thank you to our sponsors Axonius and NetSPI for bringing this episode to life! The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more. What was your experience of being a Chief Security Officer in the early 2000s? Richard jokes that he became a part of the cyber industry before the industry was even called cybersecurity, but behind the joke lies the truth that cyber looked extremely different back then. However, no matter how much time passes, Richard is still used to the odd confused looks that come from saying he's a CISO. People misunderstand the role, Richard explains, but at least more people than ever before understand the importance of cybersecurity. “There were a lot of other things that you had to talk about, you had to evangelize a lot coming into this [industry] because a lot of the cybersecurity industry was brand new. People were moving around and trying to figure these things out and everybody struggled.” How many times would you say you feel like you've had a new job or a new role being in the same role for over 10 years? Being a CISO has had its ups and downs during the 10 years Richard has spent in that role at Motorola, but the changes have been welcome and interesting. Every few years, the technology landscape changes, and with those changes in tech come massive changes in company ownership, leadership, and security. However, Richard is thankful that through these changes, his core team has stayed the same, giving him a trustworthy group to learn from. “It's always changing, but at the same time, there's some static components. When I came on to Motorola 15 years ago and established teams, most of my team, except for a very small portion of people that retired or left, are still with me today.” What are your thoughts and best practices for proactive cybersecurity? Although “proactive cybersecurity” has become a buzzword we're all paying attention to, Richard warns that most companies aren't really being proactive with cybersecurity just yet. Instead, what the industry has shifted towards is prioritization. Understanding what's important, prioritizing those aspects of a business, and knowing what you don't have the resources to handle can make the security work you're doing feel more proactive. “Why do I need to prioritize? Because you're getting more alerts than you have people to be able to handle it, or technologies to be able to handle it in an automated way. So, you have to prioritize what's important.” What would you recommend people consider to extend their cybersecurity career life as long as you have? After nearly four decades in the industry and over ten years at Motorola, Richard has been in cybersecurity longer than most modern-day practitioners. When asked about his secrets for an extended cybersecurity career, Richard reflects back on his advice around prioritization over “proactive cybersecurity”, and emphasizes the importance of community. Cybersecurity is a collaborative field, and practitioners have to stay open to learning together to succeed. “In the cybersecurity world, we will talk to our competitors and share what we're seeing. I think that community effort is one of the key things. You have to enjoy what you're doing, reach out and be collaborative with people. Don't be the security guy that people are scared of.” --------------- Links: Keep up with our guest Richard Rushing on LinkedIn and Twitter Learn more about Motorola Mobility on LinkedIn and the Motorola website Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase an HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio
Community Member Contributor: Frank KimCISO-in-Residence at YL Ventures [@ylventures] and Fellow and Curriculum Director at the SANS Institute [@SANSInstitute]On Twitter | https://twitter.com/fykimOn LinkedIn | https://www.linkedin.com/in/frank-kim/Host: Sean MartinOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin______________________Episode DescriptionAs businesses migrate more and more applications to the cloud and continue relying on SaaS applications, CISOs are under pressure to ensure every IT environment is secure. This requires a new paradigm in formulating cloud security strategies because the technologies differ from on-premises technologies, and the security aspects vary from one cloud provider to another.In this episode, Frank Kim—a Fellow and a Curriculum Director at the SANS Institute—examines the approach CISOs must take to secure multiple cloud and SaaS environments. Kim also discusses the importance of understanding the differences between on-premises security and the cloud and why the speed of the cloud requires a new security paradigm. Kim then presents why CISOs need to give business units and software developers security options (rather than locking them into one tool) while balancing a combination of governance and technical expertise.Understanding the criticality of protecting access credentials and the needs of all stakeholders is also key to a CISO's success in safeguarding multiple cloud environments.______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?
TalkLP Host Amber Bradley sits down with Scott McBride, Chief Global Asset Protection Officer & Chief Security Officer at American Eagle Outfitters Inc. to discuss how he helped create and shape the asset protection program at American Eagle through the years and what he learned as a Army Staff Sergeant in the Marines. Scott talks about why it's so important to know the jobs "above and below you" and why you should NOT always offer your best ideas as soon as you have them! Are you willing to never use a great idea? You should be - Scott discusses methodical preparation at a high level and how to always be ready for whatever situation arises. Scott offers a ton of valuable insights to all levels of professionals in this meaty conversation -- take a listen!
GuestAndy RappaportData Security Architect at iRobot [@iRobot]On LinkedIn | https://www.linkedin.com/in/andyrappaport/HostSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinOn Mastodon | https://infosec.exchange/@seanmartin____________________________This Episode's SponsorsAsgardeo | https://itspm.ag/asgardeo-by-wso2-u8vcEdgescan | https://itspm.ag/itspegweb___________________________Episode NotesWe've come a long way in software development, moving from a months-long waterfall model to a software development lifecycle (SDLC) that's all about continuous improvement and continuous delivery (CI/CD). Has security testing kept up, and how can it fit in? Let's find out during this chat with Data Security Architect, Andy Rappaport.____________________________Resources____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?
Machine identity is an essential part of ensuring companies maintain a good level of data security and structural integrity. The management of digital certificates and keys allows all internal traffic to be encrypted, seriously narrowing the attack surface of an enterprise. In this episode of the EM360 Podcast, Editor Matt Harris speaks to Chris Hickman, Chief Security Officer at Keyfactor, to discuss:Where machine identity trends are headingWhy companies are paying more attention to machine identityIdentity as a single thread
GuestsJerry BellVP and CISO, IBM Public Cloud [@IBM | @IBMcloud] and founder & co-host of the Defensive Security Podcast [@defensivesec]On Mastodon | https://infosec.exchange/@jerry/109302267835657653On Linkedin | https://www.linkedin.com/in/maliciouslink/On Twitter | https://twitter.com/MaliciouslinkMarco CiappelliCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelliOn Mastodon | https://infosec.exchange/@MarcociappelliHostSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinOn Mastodon | https://infosec.exchange/@seanmartin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/pentera-tyuw___________________________Episode NotesAs turmoil ensues on the bird social platform and we witness the information security community making a mad dash to the InfoSec.Exchange instance operating on Mastodon. In this episode, we bring the creator of InfoSec.Exchange, Jerry Bell, to learn more about the Mastodon platform, the vision for InfoSec.Exchange, and what the cybersecurity community can do to ensure this platform continues to reach its potential.____________________________ResourcesInfosec.Exchange on Mastodon: https://infosec.exchange/homeVolunteer for InfoSec Exchange: https://infosec.exchange/@jerry/109302267835657653Donate to InfoSec Exchange: https://liberapay.com/Infosec.exchange/Jerry's Blog: https://infosec.engineering/Defensive Security Podcast: https://defensivesecurity.org____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?
Paul Connelly, Chief Security Officer at HCA Healthcare, joins host Alissa (Dr Jay) Abdullah, PhD, SVP & Deputy CSO at Mastercard, in this episode of the CISO 500. Connelly discusses how he got to where he is today, as well as his thoughts on some of the hottest topics for CISOs at the moment, and more. To learn more about our sponsor, Mastercard, visit https://mastercard.us/en-us.html • For more on cybersecurity, visit us at https://cybersecurityventures.com
GuestScott SchoberPresident and CEO of Berkeley Varitronics Systems [@BVSystems]On Linkedin | https://www.linkedin.com/in/snschober/On Twitter | https://twitter.com/ScottBVSOn Facebook | https://www.facebook.com/scott.schober.585HostSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsAsgardeo | https://itspm.ag/asgardeo-by-wso2-u8vcPentera | https://itspm.ag/pentera-tyuw___________________________Show NotesWhat is a cybersecurity best practice anyway? And which company is it “best” for? In this conversation, Scott Schober and Sean Martin break down common cybersecurity practices and how businesses of all sizes (especially SMBs/SMEs) can dissect what matters most for their business and how the organization as a whole can adopt the most appropriate cybersecurity practices.Scott also shares his personal story of being targeted by cyber activists and cybercriminals, along with the details for how his personal compromise became a vector to the business being threatened. This is a serious conversation that many don't talk about. However, hearing this story sheds some much-needed light on how threats and attacks become reality — targeted or not.____________________________ResourcesBooks | Hacked Again Cybersecurity is Everybody's Business: https://scottschober.com/cybersecurity-is-everybodys-business/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?
In this week's episode of CISO's Secret, Cyber Security Evangelist Grant Asplund hosts Thomas Tschersich, Chief Security Officer at Deutsche Telekom AGDeutsche Telekom is a German telecommunications company that is headquartered in Bonn and is the largest telecommunications provider in Europe by revenue. Deutsche Telekom was formed in 1995 and is featured among Fortune 500 companies, with its latest ranking at number 62 (in 2022). The company operates several subsidiaries worldwide, including the mobile communications brand T-Mobile. CISO's Secrets Podcast is powered by MIND.Visit CISO ACADEMY to access additional learning opportunities for C level executives
The large ratio gap in the availability of IT security professionals to open positions existed long before COVID-19. And that gap has grown even bigger thanks to the great resignation that has continued to take place in the IT industry since the pandemic. This has created a huge challenge for CISOs and other security leaders in their efforts to recruit and retain skilled security teams.In this episode, Megan McCann—CEO & Founder of the IT recruitment firm McCann Partners—presents creative approaches CISOs and hiring managers can apply to go beyond scanning resumes to finding prospects who can offer true value. McCann also discusses what CISOs can do to nurture their own careers._______________________Community Member Contributor: Megan McCannCEO & Founder at McCann Partners [@McCannPartners]On Twitter | https://twitter.com/meganpmccannOn LinkedIn | https://www.linkedin.com/in/meganpmccann/Hosts: Sean Martin and Marco CiappelliOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?
Scott Schober, author of Hacked Again and Chief Security Officer for Cybersecurity Ventures, joins host Steve Morgan, Editor-in-Chief at Cybercrime Magazine, for a discussion on the explosion of cryptocrime we're tracking, and emerging cryptosecurity players. This episode is brought to you by our sponsor Evolution Equity Partners, an international venture capital investor partnering with exceptional entrepreneurs to develop market-leading cyber-security and enterprise software companies. Learn more at https://evolutionequity.com
We are data driven. As leaders, we need the right data to make effective decisions. But most of the data that is provided to us only shows what happened. We are making decisions based by staring in a rear-view mirror. But what if we could forecast the future? What if the data we have collected can be leveraged to provide us scenarios that will provide us a glimpse into the impact our decisions would have on the future of our organizations. Most of the assumptions we make are based on an incomplete picture. As we have said in past conversations, CEOs are paid to navigate risk and opportunity. How do I understand all the variables in my future decision making? Do I put my finger in the air and make a choice anyway?! There are many tools that can help you organize and understand the risk models in your plan. 80-90% of the variables in your decision making can be captured. You can use computing power to go through them, check on the integrity of the numbers, sensitivities, scenario waterfalls that go beyond the numbers. The goal is to understand what the data is telling you before the future happens. Most C-Level executives have people who run the numbers and the variables. They are often called analysts. They create the frameworks or models for the executives who don't want to see the data engine and tool, (the single source of truth) but see the data take shape so a decision can be made. The model architecture can than display functional context so executives can see how the data uniquely applies to them, and they can change data that is unique to them. But each contextualized input than impacts the whole picture. Executive teams who have this ability have the opportunity to see a clearer picture of how the sum of the parts impacts the whole. In this conversation we go through this and then I ask the data strategist to apply the concept to the Chief Security Officer who is attempting to embed themselves in the contextualized risk and opportunity of the C-Suite. We have a great conversation about a big idea. Can we turn this technology approach into a qualitative tool to manage risk, resilience, security, and the opportunities that can be leveraged from a wholistic view of risk. Gianluca Bisceglie is the Founder & CEO at Visyond Technologist. He also is a strategist, private equity executive, and entrepreneur with broad international experience across both mature and emerging markets. Visyond is a cloud-native enterprise SaaS company that transforms spreadsheets into decision-making platforms to drive performance. Prior to founding Visyond, he worked in Private Equity in the Middle East and in Russia, responsible for the identification, screening, due diligence, and execution of investment opportunities in various industries. He is a regular guest speaker and a mentor at various universities and accelerators. Gianluca holds an MBA with Distinction from London Business School and an MEng in Electronics Engineering from the Polytechnic of Turin (Italy).
In this episode of the Global CISO Report, host Steve Morgan speaks with Paul Connelly, Chief Security Officer at HCA Healthcare. Together, they discuss Connelly's role as the CSO for a Fortune 100 healthcare provider and his previous position as the first-ever Information Security Officer at the White House, as well as the global cybersecurity market, the role cybercrime and cybersecurity play in the healthcare industry, and more. The Global CISO Report is sponsored by KnowBe4, the world's first and largest New-school security awareness training and simulated phishing provider that helps you manage the ongoing problem of social engineering. To learn more about our sponsor, KnowBe4, visit https://knowbe4.com
GuestsDeborah BlythExecutive Public Sector Strategist at CrowdStrike [@CrowdStrike]On Linkedin | https://www.linkedin.com/in/deborah-blyth/On Twitter | https://twitter.com/debbiblythMerlin NamuthCISO at REPAY [@REPAYholdings]On Linkedin | https://www.linkedin.com/in/merlin-namuth/HostSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Edgescan | https://itspm.ag/itspegweb___________________________Show NotesWhen security leaders are preparing to speak with executive-level leaders and the board of directors, it's important to "know your audience" — but there is so much more to it than that.Join us as we discuss how to learn more about the board of directors, what they care about, how to connect with them, and how to get what you want and need from them to succeed. Equally important is what you can do for them for the business and the greater good of the business world ... we're all connected at some level.Each and every conversation is important and potentially nerve-wracking. None more so than the very first time you are going to present to the board. Thankfully, Debbi and Merlin share some insights on this stage-setting activity as well.Enjoy!____________________________ResourcesLinkedIn Post | Why Cybersecurity Should be a Board-Level Discussion: https://www.crowdstrike.com/blog/why-cybersecurity-should-be-a-board-level-discussion/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?
In the two years since George Floyd's murder and the start of the COVID-19 pandemic, Minnesota has seen a rise in both violent crime and renewed calls for police reform. Last year, violent crimes such like aggravated assault and murder were up 22 percent in Minnesota compared to 2020, according to the Minnesota Bureau of Criminal Apprehension. Voters are carrying their public safety concerns to the ballot box. Public safety is ranked the second-most-important issue for Minnesota voters as the November election approaches, after the economy and jobs. In the election for governor, public safety is the top issue for one in four Minnesotans, according to a September poll by MPR News, the Star Tribune and KARE 11. MPR News host Angela Davis talks about public safety and the role it might play as Minnesotans cast their ballots on Election Day. Guests: James Densley is a professor and chair of the department of criminal justice at the Brooklyn Park campus of Metropolitan State University. He has done research on criminal networks, violence, and policing and is the author of the book, “The Violence Project: How to Stop A Mass Shooting Epidemic.” Matthew Horace is the Chief Security Officer at Mayo Clinic in Rochester. He has 28 years of law enforcement experience on the federal and local level, including time at the Bureau of Alcohol, Tobacco and Firearms. He's also the author of the book “The Black And The Blue: A Cop Reveals The Crimes, Racism and Injustice in America's Law Enforcement.” Subscribe to the MPR News with Angela Davis podcast on: Apple Podcasts, Google Podcasts, Spotify or RSS. Use the audio player above to listen to the full conversation.
Cybercrime Magazine CISO Minute host Theresa Payton, Former White House CIO, discusses the news that Joe Sullivan, the former Chief Security Officer at Uber, was found guilty, and the opportunity that the cybersecurity industry now has for lessons learned, including what went wrong, how to move forward, and more. The CISO Minute is sponsored by https://knowbe4.com/ • For more on cybersecurity, visit us at https://cybersecurityventures.com/
Global supply chains have grown much more complex than simply figuring out how to get products and services from Point A to Point B. Companies also depend on second-tier, third-tier, and even nth-tier vendors they don't know and have no relationship with for the services and components they require to operate.Cyberattacks on software across these complex supply chain ecosystems have resulted in disruptions, defects, and diversions that are difficult to identify and resolve—one weak link in the chain can bring the entire ecosystem to a halt.In this episode, Mark Weatherford—CSO at AlertEnterprise and Chief Strategy Officer at the National Cybersecurity Center—examines the importance of understanding vendor cybersecurity postures, not only primary suppliers but also their suppliers as well. Weatherford also discusses how enterprise software components can come from vendors all over the world and how global events can impact supply chains. Weatherford then presents why the jobs of CISOs are so difficult in defending supply chains, along with a few tips for organizations to protect their operations._______________________Community Member Contributor: Mark WeatherfordCSO at AlertEnterprise [@AlertEnterprise] and Chief Strategy Officer at the National Cybersecurity Center [@NATLCyberCenter]On Twitter | https://twitter.com/marktwOn LinkedIn | https://www.linkedin.com/in/maweatherford/Host: Sean MartinOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?
Welcome to the weekly summary of what happened this week in the Outcomes Rocket Network! We got incredible episodes, and here's what we got: We started this week on our Main show where I interviewed Jennifer Goldsack and Ryan Vega, where we discussed the current state of digital innovation in our field in this episode of the Outcomes Rocket Podcast! Listen to it here: On Marketing Mondays, Jennifer Forster, VP of Payer and Market Strategy at SimpliFed, talks about marketing the services this tele-lactation company provides for baby-feeding support to parents, payers, and providers. Be sure to tune in here: On the Sempre Health Podcast, Eric Buffkin, CEO, and President of etectRx, talked about the journey of pursuing a startup in health tech and discussed how ingestible sensors for tracking medication adherence are used in clinical research or care. Listen to this episode here: On the Future of Global Informatics, Tatyana Kanzaveli, Founder and CEO of Open Health Network, talks about her work to build a data-driven care framework to tailor personalized preventative care for patients, as well as funding issues she has faced along the way. Tune in here: In the Insights Out Podcast, Richard Schwartz, Life Sciences, Medical Device, and Digital Health Practice Lead at Medallia, about the value of insights into customers' needs, sentiments, and emotions for better financial profit, employee experience, and research outcomes. Tune in here: On the Outcomes Rocket Podcast, Saul talked with Errol Weiss, Chief Security Officer at Health-ISAC, about today's cyber threats and what measures we should take to prevent them. He also shares jaw-dropping examples of these attacks and a great recommendation to protect our accounts: multi-factor authentication processes. Tune in here: The Everyone Hates Healthcare Podcast had an episode with Allyn Rose, who made the controversial decision to undergo a double mastectomy and later created a non-profit platform with information and resources on the matter. Tune in every week to expand your horizons on various subjects in this industry! See you next week!
Joe Sullivan, Uber's former chief security officer and a former federal prosecutor, was found guilty of obstruction of justice and misprision of a felony. These charges arose from what the Department of Justice characterized as Sullivan's attempted coverup of a 2016 hack of Uber. The Sullivan case has created some consternation in the cybersecurity community. Kellen Dwyer, partner at the law firm of Alston & Bird, argues in a recent Lawfare piece that the Sullivan prosecution threatens to undermine the positive working relationship between DOJ and the tech sector. Lawfare senior editor Stephanie Pell sat down with Kellen to talk about the Sullivan case. They discussed the specific charges for which Sullivan was convicted, how those charges blur the lines between covering up a data incident and merely declining to report it, and how in order to facilitate timely reporting of serious cybersecurity incidents to the FBI, the DOJ should clarify certain aspects of its charging policy to address concerns raised by the Sullivan case.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.
In recognition of the 19 annual National Cyber Security Awareness Month, The Outcomes Rocket Network has launched a 10-part podcast series to elevate Cyber Security Awareness in Healthcare on our main channel, the Outcomes Rocket Podcast. Partnering with leaders in healthcare cybersecurity in their capacity as members of the Health Sector Coordinating Council, the podcast aims to illuminate advances made in protecting critical healthcare infrastructure and patient safety, and areas that need further focus to put a stop to Cyber Crime. Let's watch each other backs and learn from our experiences in cyberspace! In this episode, Saul Marquez sits down to talk with Errol Weiss, Chief Security Officer at Health-ISAC, about today's cyber threats and what measures we can take to prevent them. Throughout this eye-opening conversation, Errol breaks down the three main reasons why cybercrime is committed and how it can impact any organization, but healthcare ones specifically. He explains what an ISAC is, why they were created, and how your organization can benefit from it by learning which are the threats and attacks in your industry. Additionally, Errol shares some examples of these cybercrimes that will make your jaw drop, so listen closely and learn from them. Tune in to this episode to learn about cyber threats and how you and your peers can protect each other from them!
As Sumo Logic's Chief Security Officer, George Gerchow brings over 20 years of information technology and systems management expertise to the application of IT processes and disciplines. His background includes the security, compliance, and cloud computing disciplines and years of practical experience in building agile security and compliance teams, and modern day Security Operation Centers. In this episode of Secure Talk, George talks about the importance of physical security, strategies for securing hybrid IT operations, trends with DevSecOps, best practices for identifying security talent, how security certifications can be used as a sales asset, SIEMs, logs, and more. www.sumologic.com
GuestsWilliam KilmerVenture Investor | Company Builder | Author | Innovation StrategistOn Linkedin | https://www.linkedin.com/in/wkilmer/On Twitter | https://twitter.com/wkilmerMarco CiappelliCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast [@ITSP_Society]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelliOn Linkedin | https://www.linkedin.com/in/marco-ciappelli/On Twitter | https://twitter.com/marcociappelliHostSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinOn Linkedin | https://www.linkedin.com/in/imsmartinOn Twitter | https://twitter.com/sean_martin____________________________This Episode's SponsorsImperva: https://itspm.ag/imperva277117988Asgardeo | https://itspm.ag/asgardeo-by-wso2-u8vc___________________________In the business of security, the market can be viewed as driven by 3 things: advancing threats, innovative solutions, and the intersection of these two things to the business. It's this last point that many forget when we look at how a sector can grow, survive, and thrive: how well does it fit into the target customer's business model, financial model, staffing model, operational model, and more.Our guest, William Kilmer, spearheaded interviews with roughly 40 cybersecurity professionals to hear where they thought the market was going. One thing William heard, as an example, was the interest in seeing new operating and business models for cybersecurity beyond the traditional SaaS/recurring software subscription model. As we dig into this point, we get into how and where we can expect budget for cyber for new products will derive — will they be flat, grow, or decline?We also look to see if there are other industries with “similar” challenges that have been transformative where there have been signs of people thinking in a transformative fashion.In the business of security, we must remember the outcome we are trying to achieve. Are we, the collective cybersecurity community, doing what we need to do to meet — or possibly change — the desired outcome?____________________________ResourcesPodcast: Book | Transformative | Being Innovative Is No Longer Enough. To Win, You Need To Be Transformative. | Redefining Technology With William Kilmer | https://itsprad.io/redefining-technology-746Article referenced: https://news.crunchbase.com/cybersecurity/founders-apple-strategic-cybersecurity-startups-kilmer-c5-capital/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?
Steve Gibson on Security Now discusses with Leo Laporte the story of Uber's Chief Security Officer was found guilty after covering up a security breach. For the full episode, visit twit.tv/sn/892 Hosts: Leo Laporte and Steve Gibson You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/
Steve Gibson on Security Now discusses with Leo Laporte the story of Uber's Chief Security Officer was found guilty after covering up a security breach. For the full episode, visit twit.tv/sn/892 Hosts: Leo Laporte and Steve Gibson You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/
Jordan Mauriello is the Chief Security Officer at Critical Start and points out the cybersecurity challenges that healthcare organizations, hospitals, individual doctors' offices, and private practices face to protect against cyberattacks. With an eye to how data is stored, Critical Start is looking to reduce opportunities for cybercriminals while, at the same time, planning for a response to a cyberattack. Jordan explains, "The amount of change that is happening in healthcare actually needs a little bit of a boost. There are changes that have been made, but most healthcare is governed when it comes to cybersecurity by HIPAA. Most of your listeners are familiar with Health Insurance Portability and Accountability Act, which was formed in 1996. And the last time we had a significant change to HIPAA was in 2013. And so when we see the regulatory requirements lagging almost a decade behind what we see here, there's actually quite a bit of change that needs to happen still in healthcare." "I think the biggest blind spots are still understanding the potential impacts. We've seen hospitals kind of gain notoriety from attacks in the last couple of years. And it's because they have been slower to evolve. Cybercriminals are not slow to evolve. They're always looking for the fastest, most profitable way to monetize a cyberattack. Because they're all about money. It's much different than it was when we saw the hacking movies that came out 20 years ago." @CriticalStart #HospitalCybersecurity #Cybersecurity #ManagedDetectionandResponse #Cybercriminals #Cyberattack #HIPAA CriticalStart.com Download the transcript here
Jordan Mauriello is the Chief Security Officer at Critical Start and points out the cybersecurity challenges that healthcare organizations, hospitals, individual doctors' offices, and private practices face to protect against cyberattacks. With an eye to how data is stored, Critical Start is looking to reduce opportunities for cybercriminals while, at the same time, planning for a response to a cyberattack. Jordan explains, "The amount of change that is happening in healthcare actually needs a little bit of a boost. There are changes that have been made, but most healthcare is governed when it comes to cybersecurity by HIPAA. Most of your listeners are familiar with Health Insurance Portability and Accountability Act, which was formed in 1996. And the last time we had a significant change to HIPAA was in 2013. And so when we see the regulatory requirements lagging almost a decade behind what we see here, there's actually quite a bit of change that needs to happen still in healthcare." "I think the biggest blind spots are still understanding the potential impacts. We've seen hospitals kind of gain notoriety from attacks in the last couple of years. And it's because they have been slower to evolve. Cybercriminals are not slow to evolve. They're always looking for the fastest, most profitable way to monetize a cyberattack. Because they're all about money. It's much different than it was when we saw the hacking movies that came out 20 years ago." @CriticalStart #HospitalCybersecurity #Cybersecurity #ManagedDetectionandResponse #Cybercriminals #Cyberattack #HIPAA CriticalStart.com Listen to the podcast here
Former Chief Security Officer With Experience At Billion Dollar Companies Reveals The Secret To Running Successful Privacy Programmes!Hi, my name is Jamal Ahmed and I'd like to invite you to listen to this special episode of the #1 ranked Data Privacy podcast. Discover: How to rethink privacy for organisational success What it takes to sustain a thriving career in Data Privacy Plus, a surprising career regret Privacy Pros must be cautious of! And so much more.... Jad is a seasoned leader in software development, security, and privacy. He spent 9 years on Google's information security team and led security for social products. From there, Jad became Snap Inc.'s first Chief Security Officer, creating programs for security, privacy engineering, and spam and abuse from the ground up. Early in his career, Jad recognized that developing meaningful defenses takes time and resources, and decided in 2018 to create a tool that would address those challenges. He and Chris partnered to launch TerraTrue. Jad holds a bachelor's degree in computer engineering from McGill University and a master's in computer science from Stanford. Follow Jamal on LinkedIn:https://www.linkedin.com/in/kmjahmed/ ( https://www.linkedin.com/in/kmjahmed/) Connect with Jad on LinkedIn: https://www.linkedin.com/in/secplusplus/ (https://www.linkedin.com/in/secplusplus/) Find out more about TerraTrue: https://terratruehq.com/ (https://terratruehq.com/) Get Exclusive Insights, Secret Expert Tips & Actionable Resources For A Thriving Privacy Career That We Only Share With Email Subscribers► https://my.captivate.fm/%C2%A0https://newsletter.privacypros.academy/sign-up ( https://newsletter.privacypros.academy/sign-up) Subscribe to the Privacy Pros Academy YouTube Channel► https://www.youtube.com/c/PrivacyPros (https://www.youtube.com/c/PrivacyPros) Join the Privacy Pros Academy Private Facebook Group for:Free LIVE Training Free Easy Peasy Data Privacy Guides Data Protection Updates and so much more Apply to join here whilst it's still free: https://www.facebook.com/groups/privacypro (https://www.facebook.com/groups/privacypro)