Podcasts about crisc

Do you want to use AI without losing trust? What frameworks help build trust and manage AI responsibly?  Can we really create trust while using AI?In this episode of the FIT4PRIVACY Podcast, host Punit Bhatia and digital trust expert Mark Thomas explain how to govern and manage AI in ways that build real trust with customers, partners, and society.This episode breaks down what it means to use AI responsibly and how strong governance can help avoid risks. You'll also learn about key frameworks like the ISO 42001, the EU AI Act, and the World Economic Forum's Digital Trust Framework—and how they can guide your AI practices.Mark and Punit also talk about how organizational culture, company size, and leadership affect how AI is used—and how trust is built (or lost). They discuss real-world tips for making AI part of your existing business systems, and how to make decisions that are fair, explainable, and trustworthy.

Ever wondered where digital trust fits in your company's strategy? We live in a world that's buzzing with AI, cybersecurity, and digital innovation. Everywhere you look, there's a new app, a smarter tool, or a faster system. But in the middle of all this tech hype, there's one thing we often overlook—trust.In this insightful conversation, Punit discusses with Bruno about the crucial influence of technology, economy, and other external factors on business strategies. They delve into how companies navigate different environments, the role of digital transformation, and the importance of maintaining a balanced ecosystem approach.If you're a leader, strategist, privacy professional, or tech enthusiast trying to make sense of innovation, trust, and governance in today's world—this conversation is a must-watch.KEY CONVERSION00:02:02 What is the concept of digital trust? Was it trust enough?00:04:40 Can we expect digital trust in an emerging world of new technology in 10-20 years?00:09:15 Is the board convinced about the value of digital trust or are they still in compliance mode?00:13:15 How do we sell this concept of digital trust on the boards? 00:18:51 Linking concept of trust, security and privacy to the broader agenda 00:25:58 What is it that you can sell them with and how can they reach out?  ABOUT GUESTBruno Horta Soares is a seasoned executive advisor, professor, and keynote speaker with over 20 years of experience in Governance, Digital Transformation, Risk Management, and Information Security. He is the founder of GOVaaS – Governance Advisors as-a-Service and has worked with organizations across Portugal, Angola, Brazil, and Mozambique to align governance and technology for sustainable business value.Since 2015, Bruno has served as Leading Executive Senior Advisor at IDC Portugal, guiding C-level leaders in digital strategy, transformation, governance, and cybersecurity. He is also a professor at top Portuguese business schools, including NOVA SBE, Católica Lisbon, ISCTE, ISEG, and Porto Business School, teaching in Masters, MBA, and Executive programs on topics such as IT Governance, Cybersecurity, Digital Transformation, and AI for Leadership.He holds a degree in Management and Computer Science (ISCTE), an executive program in Project Management (ISLA), and numerous professional certifications: PMP®, CISA®, CGEIT®, CRISC™, ITIL®, ISO/IEC 27001 LA, and COBIT® Trainer. As a LEGO® SERIOUS PLAY® Facilitator, he brings creativity into strategy and leadership development.Bruno received the ISACA John Kuyers Award for Best Speaker in 2019 and is the founder and current President of the ISACA Lisbon Chapter. A frequent international speaker, he shares expertise on governance and digital innovation globally.ABOUT HOST Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentor and coach professionals.Punit is the author of books “Be Ready for GDPR' which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts.As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one's value to have joy in life. He has developed the philosophy named ‘ABC for joy of life' which passionately shares. Punit is based out of Belgium, the heart of Europe.RESOURCES Websites www.fit4privacy.com,www.punitbhatia.com, https://www.linkedin.com/in/brunohsoares/ Podcast https://www.fit4privacy.com/podcast Blog https://www.fit4privacy.com/blog YouTube http://youtube.com/fit4privacy   

In this powerful episode, we sit down with cybersecurity executive and thought leader Tammy Klotz to explore the profound impact of compassionate leadership in high-stakes environments. Tammy shares a deeply personal story of receiving crucial support from a leader during a professional and personal crisis—a moment that shaped her own leadership philosophy and redefined how she views strength in the workplace.We discuss what it means to show vulnerability in a world that often demands perfection, and why soft skills like emotional intelligence, grace, and empathy aren't optional—they're essential. Tammy opens up about how leaders can create psychological safety, establish rituals that foster connection and trust, and give explicit permission for authenticity, rest, boundaries, and even failure.This conversation is a masterclass in human-centered leadership and a reminder that some of the most powerful things leaders can offer don't come from a playbook—they come from the heart.Topics Covered:The moment a leader's support changed everythingCreating space for vulnerability in high-performing teamsWhy emotional intelligence and empathy are critical leadership skillsBuilding team rituals that support culture and connectionThe impact of leaders giving “permission” to be humanGuest Bio:Tammy Klotz is the Chief Information Security Officer at Trinseo, a Top 100 CISO, and the author of Leading with Empathy & Grace. With over 30 years in cybersecurity leadership, she is redefining what it means to lead with both strength and soul. She holds esteemed certifications including CISM, CISSP, and CRISC, and has earned notable accolades such as the 2022 Covanta Leadership Award and recognition as a Top 100 CISO by Cyber Defense Magazine in 2023. Tammy is also the author of "Leading with Empathy & Grace: Secrets to Developing High-Performing Teams", where she shares insights on leadership, resilience, and emotional intelligence.Resources: Leading with Empathy and Grace - Tammy KlotzLeading with Empathy and Grace: Secrets to Developing High- Performing TeamsRituals Roadmap - Erica KeswinRituals Roadmap: The Human Way to Transform Everyday Routines into Workplace MagicThe Anxious Generation - Jonathan Haidt The Anxious Generation: How the Great Rewiring of Childhood Is Causing an Epidemic of Mental Illness

In today's digital-first world, understanding IT risk is essential for building secure and compliant organizations. This episode dives deep into Domain 2 of the CRISC certification—IT Risk Assessment—giving you the knowledge to identify, evaluate, and respond to risks effectively.Explore core risk assessment methodologies, enterprise risk frameworks, and real-world IT risk scenarios. Learn how to align risk strategies with business goals, implement risk mitigation techniques, and enhance your organization's resilience.Whether you're prepping for the CRISC exam or advancing your IT governance career, this session delivers actionable strategies, expert tips, and a clear path to professional growth.

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Driving OT Security Innovation: AI, Risk Reduction, and the Future of Critical InfrastructurePub date: 2025-06-23Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWelcome back to Protect It All! In this episode, host Aaron Crow sits down with longtime friend and OT cybersecurity veteran Brian Proctor for a deep dive into the current state—and future—of the OT cyber landscape. Together, they trade stories from the front lines, reflecting on how their early experiences as asset owners shaped their passion for innovation and helping critical infrastructure run safely and securely. Brian, whose career spans roles from OT engineer to startup co-founder, opens up about his journey—highlighting his drive to push the boundaries of traditional OT security and the evolution of key industry technologies. The conversation explores everything from the persistent lack of innovation in OT, to AI's growing role in tackling the daunting challenges of risk reduction, visibility, and scaling assessments across sprawling environments. If you've ever wondered how new tech like AI is reshaping industrial cybersecurity, why “we've always done it this way” just doesn't cut it anymore, or how organizations can realistically stay ahead without breaking the bank, this episode delivers honest insights, practical advice, and a look toward an exciting, if sometimes daunting, future. So grab your headphones and settle in as Aaron and Brian share stories, hot takes, and strategies designed to protect it all—because in critical infrastructure, the stakes have never been higher. Key Moments:  06:45 OT Cyber Industry Evolution 11:57 Evolving Challenges in OT Security 19:34 Bridging the OT Security Skills Gap 21:54 Enhancing OT Security Understanding 30:46 AI Model Security Challenges 34:26 Rapid Scaling for Site Assessments 40:56 Simulating Cyber Threat Responses 47:19 Operational Priorities: Equipment vs. Cyber Tools 49:30 Focus on Meaningful Security Metrics 56:30 Rapid AI Adoption vs. Internet 01:02:12 Cybersecurity: Small Targets are Vulnerable About the guest :  Brian Proctor is a cybersecurity leader with over 20 years of experience protecting critical infrastructure across energy, industrial automation, and operational technology sectors. As the co-founder and CEO of Frenos, he empowers critical infrastructure operators to proactively secure their environments against evolving cyber threats. Brian built his foundation in ICS/OT cybersecurity during his 13+ year tenure at two progressive California Investor Owned Utilities, San Diego Gas & Electric and Southern California Edison serving the 2nd and 8th largest cities in the United States. He managed a team of 15 security engineers and researchers across 150+ projects, established OT security roadmaps, and co-invented an R&D Magazine Top 100 award-winning GPS anti-spoofing mitigation technology that earned him a patent. Brian has published IEEE papers on security monitoring, served as Critical Infrastructure Co-Chair for Securing Our eCity, and regularly speaks at conferences to educate and build the ICS/OT cybersecurity community. He holds technical certifications including GICSP, CISSP, and CRISC, along with a Business Administration degree from the University of San Diego. Links:  https://frenos.io/services - Learn more about Optica, the industry's first tech-enabled rapid OT visibility service  https://frenos.io/autonomous-ot-security-assessment-platform - Learn more about how to automate OT security risk assessments Connect Brian : https://www.linkedin.com/in/brianproctor67/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

The Institute of Internal Auditors Presents: All Things Internal Audit Tech In this episode, Charles King talks with Debbie Lew about the transformative role of artificial intelligence in internal auditing. They discuss the integration of AI tools like Copilot, the importance of prompt writing, and how AI is enhancing audit processes. The conversation also covers training strategies, real-world applications, and the impact of AI on stakeholder engagement.   HOST:  Charles King, CIA, CPA, CFE, CIPP Partner, AI in Internal Controls Leader, KPMG US GUEST: Debbie Lew, CISA, CRISC, CHIAP Senior Vice President and Chief Audit Executive, Kaiser Permanente Key Points: Introduction [00:00-00:38] Inside Kaiser Permanente's Internal Audit Team [00:39-02:14] AI Adoption at Kaiser Permanente [02:15-03:21] Prompt Writing as a Core Skill [03:22-04:10] Guidance Manuals and Prompt Libraries [04:11-05:02] Building AI Agents to Support Audits [05:03-05:51] Training, Communication, and Driving Adoption [05:52-07:23] Innovative Applications of GenAI in Audit [07:24-08:28] Inspiring a Tech-Forward Culture [08:29-10:06] Final Thoughts [10:07-10:31]   IIA Related Content:  Interested in this topic? Visit the links below for more resources. 2025 International Conference Knowledge Centers: Artificial Intelligence Auditing the Cybersecurity Program Certificate Cybersecurity Topical Requirement “Undercover AI,” Internal Auditor Magazine  The IIA's Updated AI Auditing Framework   Visit The IIA's website or YouTube channel for related topics and more.   Follow All Things Internal Audit: Apple Podcasts Spotify Libsyn Deezer  

Join Kamyabi Network: https://kamyabinetwork.com/Guest Introduction: Joining us today is Shayan Shabir, the Founder and CEO of Strategic Pulse, a company helping businesses grow using AI, cybersecurity, and digital tools. Shayan has over 20 years of experience working across the UK, Australia, and South Asia.Before this, he was the CIO and CSO at Nova Systems, where he led a $35 million digital transformation and built a $7 million cybersecurity program. He has worked in defence, energy, and healthcare, and handled many real cyber attacks in his career.Shayan is certified in CISM, CRISC, and CDPSE, and is focused on helping businesses become faster, safer, and more future-ready.Do not forget to subscribe and press the bell icon to catch on to some amazing conversations coming your way!Socials:TBT's Official Instagram: https://www.instagram.com/thoughtbehindthings Muzamil's Instagram: https://www.instagram.com/muzamilhasan Muzamil's LinkedIn: https://www.linkedin.com/in/muzamilhasan Shahyan's LinkedIn: https://www.linkedin.com/in/shahyan-s-6994261a3/Podcast Links:Spotify: https://spoti.fi/3z1cE7F Google Podcast: https://bit.ly/2S84VEd Apple Podcast: https://apple.co/3cgIkf

Marc Ashworth, Senior Vice President and Chief Information Security Officer at First Bank, is a respected IT executive with over 30 years of experience in cyber and physical security, IT/security architecture, management, author, a public speaker and is the host of “The Cyber Executive” podcast. He is a member of the Missouri Bankers Association Technology Committee, Webster University Cyber Advisory board, Co-Founded the State of Cyber annual security conference, and a Lifetime member of FBI Citizens Academy. He is a former board officer and treasurer for the St. Louis InfraGard Alliance. Possessing security certifications in CISSP, CISM, CRISC, Security+ and other certifications. Mr. Ashworth currently oversees First Bank's information security, financial crimes unit, physical security, and the network services departmentsLISTEN NOW to discover, "3 Cybersecurity Threats You Can't Ignore."

In this inspiring episode ofTech Beyond Gender, host Meena Satishkumar sits down with Agnes Magombedze, Divisional Risk Partner at Bank of New Zealand. Agnes shares her remarkable journey from Zimbabwe to New Zealand, navigating the tech and risk industries with resilience, authenticity, and determination. With over 15 years of experience in IT risk management and prestigious certifications (CISA, CISM, CRISC), Agnes discusses overcoming gender and cultural challenges, embracing opportunities, and empowering the next generation of women in tech. Tune in for an engaging conversation on leadership, mentorship, and staying true to oneself while adapting to new environments.#TechBeyondGender #WomenInTech #DiversityInTech #TechLeadership #RiskManagement #WomenEmpowerment #MigrantsInTech #InclusionMatters #TechCareers #PodcastNZ #TechPodcast

As organizations continue to grapple with complex cybersecurity challenges, the demand for Certified in Risk and Information Systems Control (CRISC) professionals remains high. CRISC certification demonstrates expertise in identifying and managing IT risk, making candidates sought after for roles in risk management, compliance, and cybersecurity. If you're preparing for a CRISC interview, here are some technical questions you might encounter. In this article, we have those questions along with their answers: View More: Top Interview Questions for Risk and Information Systems Control Officer

Podcast: Cyber Security Weekly Podcast (LS 38 · TOP 2% what is this?)Episode: Episode 416 - OT ISAC - Singapore Operational Technology Information Sharing and Analysis Summit 2024Pub date: 2024-11-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWe had the privilege of speaking with Steven Sim, Chair of the OT-ISAC Executive Committee, during the recent summit in Singapore. As a seasoned expert in operational technology (OT) cybersecurity, Sim shared valuable insights into the importance of information sharing, the growing threat of ransomware, and the transformative role of AI in cybersecurity.Kicking off the podcast, Steven introduced the Executive Committee and its pivotal role in driving OT-ISAC's mission to foster a collaborative community and promote best practices. By providing advisory support and strategic guidance, the committee ensures OT-ISAC stays at the forefront of cybersecurity initiatives.Balancing Information Sharing and ConfidentialityOne of the most pressing challenges in OT cybersecurity is striking the right balance between information sharing and safeguarding sensitive data. He explained that OT-ISAC has implemented robust measures, such as the Traffic Light Protocol and data anonymization techniques, to protect confidentiality while promoting collaboration. The platform also employs protocols like STIX and TAXII to automate the exchange of cyber threat intelligence, enabling members to quickly share and respond to emerging threats.Cross-Jurisdictional CollaborationWith cyber threats spanning borders, cross-jurisdictional collaboration is essential. Sim highlighted that OT-ISAC allows members to share threat intelligence across different regions without breaching data sovereignty regulations by anonymizing the information sources. This approach strengthens global defenses against transnational cyberattacks.The Growing Threat of RansomwareRansomware remains a significant risk to OT environments. Steven urged organizations to avoid paying ransoms, citing the risks and long-term consequences. Instead, he emphasized the importance of investing in strong business continuity and incident response plans. By focusing on resilience and preparedness, organizations can minimize their exposure to future attacks.AI's Role in OT CybersecurityHe also discussed the potential of AI in OT cybersecurity, noting its ability to streamline incident response and improve threat detection. However, he cautioned that while AI offers powerful advantages, it must be implemented with human oversight to manage the risks associated with automated systems.Steven Sim has worked for more than 25 years in the cybersecurity field with large end-user enterprises and critical infrastructures, undertaken global CISO role, driven award-winning CSO50 security governance and management initiatives and headed incident response, security architecture, technology, awareness and operations at local, regional and global levels. He leads cybersecurity across large MNC, heading 8 direct reports at Group Cybersecurity Department as well as indirect reports across regional offices and local business units in 42 countries. He oversees both IT and OT Security Governance, Global Cybersecurity Technology Management and Incident Response as well as Cyber Security Masterplan Office. Always keen to give back to the community, he also volunteers at the ISACA Singapore Chapter (which won ISACA Global Outstanding Chapter Achievement in 2022) as the President (from 2021 to 2022) and OT-ISAC (since 2021), the second key thrust of the SG's OT Cybersecurity Masterplan 2019, as Chair Executive Committee, as well as member of Geneva Dialogue Technical Community, and holds Masters in Computing, CCISO, CGEIT, CRISC, CISM, CISA, CDPSE, CISSP as well as technical certifications GICSP, GREM, GCIH and GPPA. Recorded 5th Sept 2.30pm. Singapore Operational Technology Information Sharing and Analysis Summit 2024#otcybersecurity #mysecuritytv #cybersecurity #singaporecybersecurityThe podcast and artwork embedded on this page are from MySecurity Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

We had the privilege of speaking with Steven Sim, Chair of the OT-ISAC Executive Committee, during the recent summit in Singapore. As a seasoned expert in operational technology (OT) cybersecurity, Sim shared valuable insights into the importance of information sharing, the growing threat of ransomware, and the transformative role of AI in cybersecurity.Kicking off the podcast, Steven introduced the Executive Committee and its pivotal role in driving OT-ISAC's mission to foster a collaborative community and promote best practices. By providing advisory support and strategic guidance, the committee ensures OT-ISAC stays at the forefront of cybersecurity initiatives.Balancing Information Sharing and ConfidentialityOne of the most pressing challenges in OT cybersecurity is striking the right balance between information sharing and safeguarding sensitive data. He explained that OT-ISAC has implemented robust measures, such as the Traffic Light Protocol and data anonymization techniques, to protect confidentiality while promoting collaboration. The platform also employs protocols like STIX and TAXII to automate the exchange of cyber threat intelligence, enabling members to quickly share and respond to emerging threats.Cross-Jurisdictional CollaborationWith cyber threats spanning borders, cross-jurisdictional collaboration is essential. Sim highlighted that OT-ISAC allows members to share threat intelligence across different regions without breaching data sovereignty regulations by anonymizing the information sources. This approach strengthens global defenses against transnational cyberattacks.The Growing Threat of RansomwareRansomware remains a significant risk to OT environments. Steven urged organizations to avoid paying ransoms, citing the risks and long-term consequences. Instead, he emphasized the importance of investing in strong business continuity and incident response plans. By focusing on resilience and preparedness, organizations can minimize their exposure to future attacks.AI's Role in OT CybersecurityHe also discussed the potential of AI in OT cybersecurity, noting its ability to streamline incident response and improve threat detection. However, he cautioned that while AI offers powerful advantages, it must be implemented with human oversight to manage the risks associated with automated systems.Steven Sim has worked for more than 25 years in the cybersecurity field with large end-user enterprises and critical infrastructures, undertaken global CISO role, driven award-winning CSO50 security governance and management initiatives and headed incident response, security architecture, technology, awareness and operations at local, regional and global levels. He leads cybersecurity across large MNC, heading 8 direct reports at Group Cybersecurity Department as well as indirect reports across regional offices and local business units in 42 countries. He oversees both IT and OT Security Governance, Global Cybersecurity Technology Management and Incident Response as well as Cyber Security Masterplan Office. Always keen to give back to the community, he also volunteers at the ISACA Singapore Chapter (which won ISACA Global Outstanding Chapter Achievement in 2022) as the President (from 2021 to 2022) and OT-ISAC (since 2021), the second key thrust of the SG's OT Cybersecurity Masterplan 2019, as Chair Executive Committee, as well as member of Geneva Dialogue Technical Community, and holds Masters in Computing, CCISO, CGEIT, CRISC, CISM, CISA, CDPSE, CISSP as well as technical certifications GICSP, GREM, GCIH and GPPA. Recorded 5th Sept 2.30pm. Singapore Operational Technology Information Sharing and Analysis Summit 2024#otcybersecurity #mysecuritytv #cybersecurity #singaporecybersecurity

Preparing for the Certified in Risk and Information Systems Control (CRISC) exam? In this episode, we review the top 5 best resources to help you succeed. From official ISACA materials and practice exams to online courses and study groups, our experts share their recommendations to ensure you are fully equipped for exam day.

You've earned your Certified Information Security Manager (CISM) certification—what's next? In this episode of the InfosecTrain podcast, we explore the career paths and advanced certifications available to professionals who have achieved CISM. Our experts discuss options like CISSP, CRISC, and CISA, as well as leadership roles in cybersecurity, risk management, and IT governance. We'll also provide tips on how to leverage your CISM certification to advance your career, expand your skill set, and position yourself for executive roles in information security. Whether you're looking to further specialize or step into a leadership role, this episode will guide you on the next steps after achieving CISM. Tune in to chart your path forward in the ever-evolving field of cybersecurity!

Ezz Tahoun, a distinguished cyber-security data scientist, who won AI & innovation awards at Yale, Princeton and Northwestern. He also got innovation awards from Canada's Communications Security Establishment, Microsoft US, Trustwave US, PIA US, NATO, and more. He ran data science innovation programs and projects for OrangeCyber Defense, Forescout Technologies, Royal bank of Canada, Governments, and Huawei Technologies US. He has published 20 papers, countless articles and 15 open source projects in the domain. When he was 19 years old he started his CS PhD in one of the top 5 labs in the world for cyber & AI, in the prestigious University of Waterloo, where he published numerous papers and became a reviewer for top conferences. His designations include: SANS/GIAC-Advisory-Board, aCCISO, CISM, CRISC, GCIH, GFACT, GSEC, CEH, GCP-Professional-Cloud-Architect, PMP, BENG and MMATH. He was an adjunct professor of cyber defense and warfare at Toronto's school of management. Ezz has cofounded Cypienta, an on-prem rule-less event correlation & contextualization solution that plugs into SIEMs, XDRs, and SOARs, to help SOCs find relevant alerts, logs, and events to any investigation in real-time. Cypienta is backed by Techstars, ORNL, TVA, Univ of Tennessee Sys, and supported by 35Mules-Next Era, BAE Systems, and others. Ezz authored MITRE Attack Flow DetectorFor more SecTools podcast episodes, visit https://infoseccampus.com

What is Governance? Governance involves the duty of supervising and safeguarding an entity's assets, typically managed by the directors or board of an organization. These individuals establish strategic goals and policies, while the senior management team keeps an eye on the daily operations, ensuring alignment with the established strategies. This organizational structure is prevalent across different types of entities such as corporations, cooperatives, and partnerships, although specific titles and roles may differ. Examples of Governance Imagine a company like Apple. The board of directors decides on the big-picture strategies – like entering a new market or launching a new product line. Then, the senior management, including the CEO and other executives, takes care of the everyday tasks to make these strategies work, like designing products, marketing, and sales. View More: CRISC Domain 1: Governance

Are you aspiring to become a Certified in Risk and Information Systems Control (CRISC) professional? Join us for an insightful session where our expert will share invaluable tips, strategies, and insights to help you ace the ISACA CRISC exam on your first attempt!

AI is creating an impact on privacy, security, and jobs. And this is what we discussed with our guest Jan Anisimowicz and host Punit Bhatia in this episode. We explore how technologies like ChatGPT have revolutionized data privacy practices, telling both opportunities and challenges. Analyzing the major risks AI poses to information security and the ethical concerns that arise in the wake of AI-powered systems.   KEY CONVERSATION POINT  00:02:48 How has AI transformed privacy practices? 00:04:00 How is AI evolution crucial to handling volumes of data?  00:04:43 What are the major AI risks?  00:06:23 Would this create ethical concerns?   00:07:53 Is the algorithm biased?   00:11:28 What is the current state of AI regulations?   00:11:28 Are they also revolutionizing cyber security? How is it working?  00:14:38 Is there consent for data usage? What are the potential solutions to ensure transparency when it comes to data processing?  00:18:00 Is there a risk that Al would take all the jobs of the people around the world?  00:20:11 Can ChatGPT substitute auditors?    ABOUT THE GUEST  Jan Anisimowicz, experienced senior IT Executive with an impressive career spanning over 23 years. Jan's expertise encompasses a wide spectrum, including Governance, Risk and Compliance (GRC), Data Warehousing, Business Intelligence, and Data Analysis. Throughout his professional journey, he has contributed significantly to the telecommunication, banking, pharmaceutical, and insurance sectors, leveraging his comprehensive business and technical acumen. He is particularly skilled in orchestrating the creation and development of IT products and services tailored to suit specific business needs. His philosophy is centered around a pragmatic end-to-end product lifecycle that seamlessly integrates various aspects such as technical design, marketing, digital campaigning, sales, solution delivery, and maintenance. He is a proponent of lean, cost-effective approaches toward implementing regulatory requirements within organizations. His work also extends to the analytical evaluation and validation of the role of Artificial Intelligence (AI) in assisting auditors, particularly within Big Data and cloud IT landscapes. He is a firm believer in the potential of blockchain technology, particularly its capabilities with Smart Contracts concerning data privacy principles. Furthermore, He is an ardent supporter of Quantum Computing and AI, including LLM models supporting solutions akin to ChatGPT. His professional certifications include CISM and CRISC from ISACA, PMP from PMI, and membership with the Institute of Internal Auditors (IIA). Additionally, He is an ESG Approved Officer, a credential awarded by the Institute of Compliance.  ABOUT THE HOST  Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentor and coach privacy professionals.  Punit is the author of books “Be Ready for GDPR'' which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts.  As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one's value to have joy in life. He has developed the philosophy named ‘ABC for joy of life' which passionately shares. Punit is based out of Belgium, the heart of Europe.   RESOURCES: Websites: www.fit4privacy.com , www.punitbhatia.com  Podcast: www.fit4privacy.com/podcast  Blog: www.fit4privacy.com  YouTube: youtube.com/fit4privacy   --- Send in a voice message: https://podcasters.spotify.com/pod/show/fit4privacy/message

Organizational governance forms the backbone of effective risk management within an organization. From setting standards to defining roles and responsibilities, governance ensures alignment with legal, ethical, and operational requirements. In this article, we delve into the intricacies of organizational governance, its components, and its critical role in mitigating risk. Introduction to Organizational Governance At its core, governance serves as the glue that binds an organization's mission, strategy, goals, and objectives together. It encompasses both internal and external elements, dictating how the organization operates within the framework of laws, regulations, and industry standards. External governance originates from regulatory bodies and industry mandates, while internal governance is shaped by organizational culture and leadership directives. Example: In the context of the CRISC certification, organizational governance ensures that an organization's risk management practices align with its strategic objectives and comply with relevant industry standards and regulations. For instance, CRISC professionals play a crucial role in integrating risk management into the organization's governance framework to ensure alignment with business goals and regulatory requirements. View More: Organizational Governance in CRISC

Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I are joined once again by Marc Ashworth. Mr. Ashworth is the Senior Vice President and Chief Information Security Officer at First Bank, is a respected IT executive with over 30 years of experience in cyber and physical security, IT/security architecture, project management, author and a public speaker. He is a member of the Webster University Cyber Advisory board, Co-Founded the State of Cyber annual security conference, and a Lifetime member of FBI Citizens Academy. He is a former board officer for the St. Louis InfraGard Alliance. Possessing security certifications in CISSP, CISM, CRISC, Security+ and other certifications. Mr. Ashworth currently oversees First Bank's information security, fraud, physical security, and the network services departments. [Dec 18, 2023]   00:00 - Intro 00:22 - Ryan Intro 00:53 - Intro Links: -          Social-Engineer.com - http://www.social-engineer.com/ -          Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ -          Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ -          Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ -          Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb -          CLUTCH - http://www.pro-rock.com/ -          innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 04:16 - Marc Ashworth Intro 05:51 - Recap 08:26 - Speaking the Same Language 09:36 - The Threats Get Better 11:45 - Clash of the Robots 13:42 - AI for Bad 17:46 - AI for Good 19:32 - Decepticons 22:39 - Regulations: Money Talks 26:48 - The Perfect Storm 30:16 - Insider Threat Safety Tips 33:00 – Mentors -          Bala Nibhanupudi -          Shelley Seifert -          Tom Bakewell 35:17 - Book Recommendations 36:37 - Find Mark Ashworth Online -          LinkedIn: linkedin.com/in/marcashworth/ 38:06 - Wrap Up & Outro -           www.social-engineer.com -          www.innocentlivesfoundation.org

In this episode, Becky Gaylord talks about the "human layer" of cybersecurity—a realm often underestimated but important to protecting your digital world.

Marc Ashworth is a respected IT executive with over 30 years of experience in cyber and physical security, IT/security architecture, project management, is an author and a public speaker.  He is a board member of the St. Louis Chapter of InfraGard, Webster University Cyber Advisory board, Co-Founded the State of Cyber annual security conference, and a Lifetime member of FBI Citizens Academy, possessing security certifications in CISSP, CISM, CRISC, Security+ and other certifications.  As the Senior Vice President and Chief Information Security Officer at First Bank, Marc currently oversees First Bank's information security, fraud, physical security, and the network services departments. He is also the 2022 Cyber Defense Magazine winner of “Top 100 CISOs in the World.” [Nov 21st, 2022]   00:00 – Intro 00:49 – Intro Links: -       Social-Engineer.com - http://www.social-engineer.com/ -       Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ -       Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ -       Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ -       Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb -       CLUTCH - http://www.pro-rock.com/ -       innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 03:15 – Marc Ashworth Intro 05:17 – What was the path that led you to InfoSec? 07:41 – Cultivating good security practices 09:31 – Learning to "scale" your security 11:22 – The value of Strategic Thinking 13:40 – It's all in the presentation 15:25 – The importance of Customer Service 18:32 – The Art of Translation 21:32 – Small Wins 24:34 – Letters to a young CISO 26:20 – Don't avoid Pen Testing! 28:11 – Adopting a "Partnership" mindset 30:30 – Long line of influence 33:40 – Book Recommendations -       We Are Legion (We Are Bob) – Dennis E. Taylor -       Bad Blood: Secrets and Lies in a Silicon Valley Startup – John Carreyrou -       The Goals Program – Zig Ziglar -       The 7 Habits of Highly Effective People – Stephen Covey 36:14 – Find Marc Ashworth online -       LinkedIn: www.linkedin.com/in/marcashworth/ 38:36 – Wrap Up 38:56 – Outro -          www.social-engineer.com -          www.innocentlivesfoundation.org

Podcast: Cyber Security Weekly Podcast (LS 38 · TOP 2% what is this?)Episode: Episode 379 - Cybersecurity information sharing – OT-ISAC Summit 2023 highlightsPub date: 2023-10-08In this interview, both John and Thian introduce the history of ISACs (formed in 1999, subsequent to the 1998 signing of U.S. Presidential Decision Directive-63), and in particular, the creation of OT-ISAC (Operational Technology Information Sharing and Analysis Centre) as one of the key trusts of the Cyber Security Agency of Singapore's “OT Cybersecurity Masterplan 2019 to facilitate the sharing of information.Reflecting on the journey from conceptualization to today, Thian Chin remarked that “OT-ISAC has become that safe harbour the platform for the organisations of the different parties with vested interest to different business lines come together to share, because their common goal is how do we then exchange information to reduce the risks that caused by threat actors.” Other topics covered in the interview include:• The types of information being shared – such as strategic threat landscape including cyber incidents and vulnerabilities, standards and best practices, and TTPs.• Closing the cultural / communication gap between the engineers and the IT cybersecurity practitioners because “because the problem statement they're dealing with is the same. It's a threat actor out there to try to disrupt.”• The maturing of conversations from beyond terminology such as zero trust, air gap to actual implementation• What does success mean in information sharing - diversity of opinions – in particular, including C-suite in cybersecurity conversations, and more more stakeholders coming forward to share real-life case studies of actual incidences. John Lee, Managing Director, Global Resilience FederationJohn has more than 20 years of experiences in ICT and Information Security. He is currently the Managing Director of the Operational Technology Information Sharing Analysis Centre (OT-ISAC) that supports member organizations (public and private) in OT threat information. The centre was setup in 2019 and has members from Transport, Aviation, Maritime, Healthcare, Manufacturing, Water, Energy, Government etc. His past roles were in Information Security Governance, Risk Management, Security Operations, Infrastructure and Application Delivery. He has led teams in Asia-Pacific as well as managing global services. He is also a certified cybersecurity trainer for ISACA.Thian Chin Lim Senior Director (Governance Group) GovTechThian Chin has over 20 years of experience in Information & Technology governance, risk management, resilience and compliance, and operational Technology cybersecurity. Prior to his current appointment at GovTech, he led the Critical Information Infrastructure (CII) Division at the Cyber Security Agency of Singapore (CSA). Before joining CSA in August 2015, he was responsible for the regional Technology Governance function in United Overseas Bank. He also led the Technology Risk function in GIC Pte Ltd from 2008 – 2013. In his earlier years, he was a manager leading a team of Information Technology auditors in Ernst & Young.Thian Chin holds an Executive Masters in Cybersecurity from Brown University, Bachelor's Degree in Computer Engineering from Nanyang Technological University and is an alumnus of the George C Marshall European Center for Security Studies. He is a certified CGEIT, CRISC, CISM, CISSP, CISA, CDPSE, GICSP and SABSA practitioner.Recorded 7th Sept 2023, OT-ISAC Summit 2023, Voco Orchard, Singapore, 5pm.The podcast and artwork embedded on this page are from MySecurity Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Cyber Security Weekly Podcast (LS 38 · TOP 2% what is this?)Episode: Episode 379 - Cybersecurity information sharing – OT-ISAC Summit 2023 highlightsPub date: 2023-10-08In this interview, both John and Thian introduce the history of ISACs (formed in 1999, subsequent to the 1998 signing of U.S. Presidential Decision Directive-63), and in particular, the creation of OT-ISAC (Operational Technology Information Sharing and Analysis Centre) as one of the key trusts of the Cyber Security Agency of Singapore's “OT Cybersecurity Masterplan 2019 to facilitate the sharing of information.Reflecting on the journey from conceptualization to today, Thian Chin remarked that “OT-ISAC has become that safe harbour the platform for the organisations of the different parties with vested interest to different business lines come together to share, because their common goal is how do we then exchange information to reduce the risks that caused by threat actors.” Other topics covered in the interview include:• The types of information being shared – such as strategic threat landscape including cyber incidents and vulnerabilities, standards and best practices, and TTPs.• Closing the cultural / communication gap between the engineers and the IT cybersecurity practitioners because “because the problem statement they're dealing with is the same. It's a threat actor out there to try to disrupt.”• The maturing of conversations from beyond terminology such as zero trust, air gap to actual implementation• What does success mean in information sharing - diversity of opinions – in particular, including C-suite in cybersecurity conversations, and more more stakeholders coming forward to share real-life case studies of actual incidences. John Lee, Managing Director, Global Resilience FederationJohn has more than 20 years of experiences in ICT and Information Security. He is currently the Managing Director of the Operational Technology Information Sharing Analysis Centre (OT-ISAC) that supports member organizations (public and private) in OT threat information. The centre was setup in 2019 and has members from Transport, Aviation, Maritime, Healthcare, Manufacturing, Water, Energy, Government etc. His past roles were in Information Security Governance, Risk Management, Security Operations, Infrastructure and Application Delivery. He has led teams in Asia-Pacific as well as managing global services. He is also a certified cybersecurity trainer for ISACA.Thian Chin Lim Senior Director (Governance Group) GovTechThian Chin has over 20 years of experience in Information & Technology governance, risk management, resilience and compliance, and operational Technology cybersecurity. Prior to his current appointment at GovTech, he led the Critical Information Infrastructure (CII) Division at the Cyber Security Agency of Singapore (CSA). Before joining CSA in August 2015, he was responsible for the regional Technology Governance function in United Overseas Bank. He also led the Technology Risk function in GIC Pte Ltd from 2008 – 2013. In his earlier years, he was a manager leading a team of Information Technology auditors in Ernst & Young.Thian Chin holds an Executive Masters in Cybersecurity from Brown University, Bachelor's Degree in Computer Engineering from Nanyang Technological University and is an alumnus of the George C Marshall European Center for Security Studies. He is a certified CGEIT, CRISC, CISM, CISSP, CISA, CDPSE, GICSP and SABSA practitioner.Recorded 7th Sept 2023, OT-ISAC Summit 2023, Voco Orchard, Singapore, 5pm.The podcast and artwork embedded on this page are from MySecurity Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In this interview, both John and Thian introduce the history of ISACs (formed in 1999, subsequent to the 1998 signing of U.S. Presidential Decision Directive-63), and in particular, the creation of OT-ISAC (Operational Technology Information Sharing and Analysis Centre) as one of the key trusts of the Cyber Security Agency of Singapore's “OT Cybersecurity Masterplan 2019 to facilitate the sharing of information.Reflecting on the journey from conceptualization to today, Thian Chin remarked that “OT-ISAC has become that safe harbour the platform for the organisations of the different parties with vested interest to different business lines come together to share, because their common goal is how do we then exchange information to reduce the risks that caused by threat actors.” Other topics covered in the interview include:• The types of information being shared – such as strategic threat landscape including cyber incidents and vulnerabilities, standards and best practices, and TTPs.• Closing the cultural / communication gap between the engineers and the IT cybersecurity practitioners because “because the problem statement they're dealing with is the same. It's a threat actor out there to try to disrupt.”• The maturing of conversations from beyond terminology such as zero trust, air gap to actual implementation• What does success mean in information sharing - diversity of opinions – in particular, including C-suite in cybersecurity conversations, and more more stakeholders coming forward to share real-life case studies of actual incidences. John Lee, Managing Director, Global Resilience FederationJohn has more than 20 years of experiences in ICT and Information Security. He is currently the Managing Director of the Operational Technology Information Sharing Analysis Centre (OT-ISAC) that supports member organizations (public and private) in OT threat information. The centre was setup in 2019 and has members from Transport, Aviation, Maritime, Healthcare, Manufacturing, Water, Energy, Government etc. His past roles were in Information Security Governance, Risk Management, Security Operations, Infrastructure and Application Delivery. He has led teams in Asia-Pacific as well as managing global services. He is also a certified cybersecurity trainer for ISACA.Thian Chin Lim Senior Director (Governance Group) GovTechThian Chin has over 20 years of experience in Information & Technology governance, risk management, resilience and compliance, and operational Technology cybersecurity. Prior to his current appointment at GovTech, he led the Critical Information Infrastructure (CII) Division at the Cyber Security Agency of Singapore (CSA). Before joining CSA in August 2015, he was responsible for the regional Technology Governance function in United Overseas Bank. He also led the Technology Risk function in GIC Pte Ltd from 2008 – 2013. In his earlier years, he was a manager leading a team of Information Technology auditors in Ernst & Young.Thian Chin holds an Executive Masters in Cybersecurity from Brown University, Bachelor's Degree in Computer Engineering from Nanyang Technological University and is an alumnus of the George C Marshall European Center for Security Studies. He is a certified CGEIT, CRISC, CISM, CISSP, CISA, CDPSE, GICSP and SABSA practitioner.Recorded 7th Sept 2023, OT-ISAC Summit 2023, Voco Orchard, Singapore, 5pm.

Large organizations are often faced with complex, wide-ranging challenges related to standards and regulations they need to meet. Wes Shattler (CISSP, CISA, CRISC, CGEIT, CDPSE), Vice President, Assurance and Testing at FIS, and Chelsea Lopez (CIA, CISA, CISSP, CRISC, PCI-ISA), Enterprise Risk Director at FIS, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:Elements of a mature regulatory compliance programSteps you can take to create a mature compliance program in your organizationChallenges you might face, and how to resolve themHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

Máte skúsenosť s incidentom kybernetickej bezpečnosti? Štvrtina malých a stredných firiem na Slovensku áno. Na to, aby ste boli potenciálnym cieľom útoku stačí, že máte počítač, mobil, webovú stránku alebo účet v banke. Digitálne zručnosti a povedomie o kyberbezpečnosti by malo byť v súčasnosti povinnou výbavou každého zamestnanca. Čo môže firma urobiť, aby si ochránila svoje cenné dáta? Aké sú aktuálne hrozby? Aj o tom sme sa rozprávali s odborníkom, ktorý pôsobí v IT odvetví už od roku 1993. Spolupracoval tiež na slovenskej a európskej legislatíve súvisiacej s informačnou a kybernetickou bezpečnosťou. Naším hosťom bol Ing. Ivan Makatura, CRISC, CDPSE – generálny riaditeľ Kompetenčného a certifikačného centra kybernetickej bezpečnosti. Zároveň je predsedom správnej rady Asociácie kybernetickej bezpečnosti, certifikovaným audítorom informačnej bezpečnosti a súdnym znalcom v odvetví bezpečnosť a ochrana informačných systémov. V rozhovore sa dozviete: Aké sú hlavné úlohy Kompetenčného a certifikačného centra kybernetickej bezpečnosti (KCCKB) a prečo ho Národný bezpečnostný úrad zriadil? Kyberbezpečnosť ako nové znalecké odvetvie – odkedy je platná novela zákona a čo to znamená pre prax? Kto sa môže obrátiť na KCCKB a s akou otázkou? Čo je kybernetická bezpečnosť a prečo by sa ňou mala zaoberať každá firma? Kto je zodpovedný za kybernetickú bezpečnosť vo firme? Dá sa merať úroveň kybernetickej bezpečnosti vo firme? Ako súvisia digitálne zručnosti s kyberbezpečnosťou? Čo o digitálnych zručnostiach a kyberbezpečnosti vo firmách hovorí najnovší prieskum? Aké sú aktuálne hrozby? Aký je rozdiel medzi kybernetickým incidentom a kybernetickým útokom? Čo by mala firma urobiť pre zaručenie bezpečnosti svojich dát? Aké sú možnosti vzdelávania sa v oblasti kyberbezpečnosti? Október je v Európskej únii mesiacom kybernetickej bezpečnosti. Preto pre vás Poradca podnikateľa prináša 5. ročník EPI konferencie Kybernetická bezpečnosť 2023 pod záštitou NBÚ. Odborníci sa budú venovať aktuálnym témam bezpečnostných hrozieb, príležitostí umelej inteligencie, cez etické otázky vo vzťahu k auditu kyberbezpečnosti, ľudské zdroje a ochranu údajov až po odolnosť v kyberpriestore. ⁠Bližšie informácie a podrobný program nájdete TU. ⁠ Poradca podnikateľa - za každou radou je človek. pp.sk

We're continuing our Industry Podcast Series with a dive into the current opportunities and challenges specific to financial institutions. The Current Expected Credit Loss (CECL) Accounting Standard ushered in a new era for financial institutions that they are still grappling with, but the industry's recent focus has shifted towards discussions about liquidity after the failures of Silicon Valley Bank and others. Join our financial industry experts Jeff Burleson, CPA, and Josh Bowen, CPA, CGMA, CAMS, CITP, as they discuss the evolving landscape for financial institutions and the continued influence of CECL, as well as strategies for driving stability, growth and adaptability in the face of change.  Special Guest: Justin Headley, CISSP, CISA, CDPSE, CRISC, member of the firm's Risk Advisory & Assurance Services GroupIn this episode, you'll hear: Discussion surrounding CECL and its implementationHow the 2023 failures of Silicon Valley Bank and Signature Bank led to shifts in liquidity managementInformation about how economic uncertainty has led to the tightening of lending practicesThe importance of third-party risk management within a financial institution's cybersecurity policyStrategies to help financial institutions manage staffing levels Resources for additional information:Blog: Don't Turn Your Back on CECLBlog: Current Expected Credit Loss (CECL) Standard Update: Best Practices for ImplementationBlog: What is Enterprise Risk Management?Blog: The Biggest Cyber Risks for Your Company and How to Manage ThemPrevious Podcast Episode: Employee Retention and Recruiting in Today's Competitive EnvironmentEvent Invitations: Subscribe to receive invitations to future Bank and Credit Union Roundtables.

The second thing I did for overcoming impostor syndrome was just adopting this 1% better mindset that you're not seeking perfection. Every month or every year, you're going to improve yourself a little bit. The third thing is to just say yes to opportunity, even if you don't feel like you're 100% fit. And I think that goes more for applying for roles if you're looking for jobs, if you don't meet 100% of the job description, that's okay, you should still apply. Privacy is such an emerging field, and people encourage diversity, so you never know what your unique skill set would bring to the organisation, and maybe that's what they're looking for. So just say yes to job opportunities. Apply to speak at different conferences. Even if you don't think you have a very compelling story, you are judging yourself more harshly than others are.Attention Privacy Professionals, this episode is tailor-made for YOU! Join us as Jamal and Nandita dive deep into the strategies that will skyrocket your career.In this episode, we discuss:Practical tips to continue upskill and stay ahead of the curve.How to position yourself effectively and switch roles without starting from scratchHow to step out of your comfort zone and develop your personal brand with confidence Uncover the secrets to supercharge your privacy career!Nandita Rao Narla is the Head of Technical Privacy and Governance at DoorDash, where she leads the privacy engineering, privacy assurance and privacy operations teams. Previously, she was part of the founding team of NVISIONx.ai, a data profiling startup that classifies enterprise data to optimize security controls and solve privacy compliance challenges. As an advisory manager at EY, she focused on leveraging data governance to enhance privacy programs, scaling risk management functions, and driving data protection initiatives for Fortune 500 companies. Nandita currently serves on the Advisory Boards and committees for privacy and cybersecurity focused non-profits such as Extended Reality Safety Initiative (XRSI), Institute of Operational Privacy by Design, NIST, Techno Security & Digital Forensics Conference, and IAPP - Privacy Engineering. Nandita holds an MS in Information Security from Carnegie Mellon University, a BTech in Computer Science from JNT University, and privacy and security certifications such as FIP, CIPP/US, CIPT, CIPM, CDPSE, CISM, CRISC, and CISA.If you're ready to transform your career and become the go-to GDPR expert, download the first chapter of 'The Easy Peasy Guide To The GDPR' here: https://www.bestgdprbook.com/Follow Jamal on LinkedIn: https://www.linkedin.com/in/kmjahmed/Follow Nandita on LinkedIn: https://www.linkedin.com/in/nandita-narla/Get Exclusive Insights, Secret Expert Tips & Actionable Resources For A Thriving Privacy Career That We Only Share With Email Subscribers► https://newsletter.privacypros.academy/sign-upSubscribe to the Privacy Pros Academy YouTube Channel► https://www.youtube.com/c/PrivacyProsJoin the Privacy Pros Academy Private Facebook Group for:Free LIVE TrainingFree Easy Peasy Data Privacy GuidesData Protection Updates and so much...

InfosecTrain hosts a live event entitled “CRISC Exam Approach & Preparation” with certified expert ‘Aswini.' For more details or free demo with our expert write into us at sales@infosectrain.com ➡️ Agenda for the Webinar

On this week's Trailblazers episode, Russ welcomes CHIME CIO of the Year, Theresa Meadows, and CHIME's own resident cybersecurity expert, David Finn, to talk all things cybersecurity! Both esteemed guests recently received recognition through the Baldrige Foundation, and they share what this recognition means to them personally and professionally. Discussions on recent cybersecurity "battles" take place, plus they share the biggest cybersecurity challenges they have each faced over the course of their careers. Tune in for their insights and expert guidance, and learn from Theresa and David's perspectives on what the next five years in the industry will look like.  Russ Branzell, CHIME President & CEO  Theresa Z. Meadows, FCHIME, CHCIO, LCHIME, CDH-E  David Finn, CISA, CISM, CRISC, CDPSE 

The great Marc Quibell visits The Brett Johnson Show for a chat. Marc Quibell is a cybersecurity blue team expert with over 30 years of professional IT experience. In addition to being an Infosec Skills author, he's a consultant and security architect with a Bachelors of Science in Technology Information Management from Upper Iowa University and an Associate of Applied Science in Computer Systems Networking from Texas State Technical College in Waco. Marc has been CISSP certified since 2009 and was previously CCNA, MCSE and CRISC certified. Marc is a fantastic individual.

From November 22, 2022 - Robin Wilde is the Director of Business Solutions for TeamHealth. She is passionate about project management and cyber security, particularly Identity Management, as well as promoting women in cyber. She holds a variety of certifications, including the CISSP, CRISC, PMP, ACP, CSP, and Prosci, demonstrating her vast skillset and experience. She introduces the phrase "privilege sprawl" - listen to find out what that means! --- Send in a voice message: https://podcasters.spotify.com/pod/show/virtual-ciso-moment/message

From September 28, 2022 - Mark Burnette, Shareholder-In-Charge at LBMC Information Security, discusses his path from Senior IT Auditor to overseeing and directing LBMC's Risk Services practice nationwide. He is very active in the information security community, including as co-founder and past president of the Middle Tennessee ISSA chapter (one of the largest in the world), and co-founder and board member of the Southern CISO Security Council. His certifications include CPA, CISA, CISSP, CISM, and CRISC, and he frequently speaks on information security topics, including a fabulous TEDx talk on the Humanity Behind Cyber Attacks - https://www.ted.com/talks/mark_burnette_the_humanity_behind_cybersecurity_attacks. --- Send in a voice message: https://podcasters.spotify.com/pod/show/virtual-ciso-moment/message

Today's guest is Steve Walbroehl, Chief Technology Officer / Chief Security Officer and cofounder of Halborn. Halborn is a blockchain cybersecurity firm that aims to secure the blockchain and protect users against data and monetary. Operating across the software development lifecycle, Halborn provides a suite of products and services designed to identify and close vulnerabilities in Web3 applications, helping to create the security standards that the market lacks. The company serves a diverse global client base spanning Layer 1 blockchains, infrastructure providers, financial institutions, and application and game developers. Halborn was founded in 2019 and is based in Miami, Florida. Steve has over 15 years of experience in cybersecurity, he is an expert, trainer, and technical leader in penetration testing, ethical hacking, web application, and cloud security, infrastructure security, vulnerability scanning and detection, IT compliance, and risk mitigation. He's worked with Fortune 500 companies spanning the Financial, Insurance, Mortgage, Technology, Utilities, Hospitality, and Blockchain industries. He holds several information technology and security certifications, including CISSP, CEH, CRISC, OSCP, OSWP, CISM, GWAPT, GAWN, AWS Solutions Architect Associate, CCNA, and Six Sigma. We begin our conversation by discussing the differences between traditional and crypto cybersecurity. Steve explains why security is the most important sector of industry, the crypto. We discuss why being a security specialist in crypto is very stressful. We discuss the connection between regulation and cybersecurity. We stress that regulation can foster decentralization and provide better user protection guidelines. Steve shares how the internet regulation during the early days of the internet could provide a blueprint for how to foster proper regulation and compliance in crypto. Our next conversation topic centered around the systemic risks that developed in DeFi due to greed. We discuss how greed fueled flawed protocol design spurring the wrong incentives resulted in the collapse of various centralized institutions. Steve expresses his concern about proof-of-stake as a centralizing force. Steve shares a story where he explains the systemic risks that can come from cross-chain liquidity, similar to the 2008 financial crisis. We transition our conversation to focus on the security risks in crypto. Steve explains the full spectrum of vulnerabilities that are present in crypto. We discuss how these vulnerabilities can be exploited and why a particular type of protocol is targeted more routinely than others. Steve explains that security in crypto requires taking into account technical vulnerabilities and socio-economic incentives to properly assess a project's vulnerabilities. Our next conversation topic centered around Halborn. Steve shares that one of the requirements to work as a security engineer at Halborn is to hack their way in. We discuss how coding and security testing is both an art and a science. We discuss the security of SHA-256 and why Bitcoin was a cryptography marvel. Our conversation transitions to focus on Seraph, the world's first blockchain security notary platform powered by Halborn. Steve explains how Seraph can help provide a security framework and guardrails for projects looking to standardized security practices. Our final discussion topic centered around the connection between adoption and security. Steve explains how increased security will lead to increased adoption of DeFi. Please enjoy my conversation with Steve Walbroehl.

InfosecTrain hosts a live event entitled “CRISC Exam Prep” with certified expert ‘Mukesh Kumar'. CRISC is one of the most well-known certifications that verifies your ability to avoid security breaches. Since CRISC holders are in high demand all over the world, this certification gives you a specialization in your field with higher pay. The webinar will give an insight into how to prepare for the CRISC exam. The webinar will be delivered by a domain expert with extensive industry experience. Thank you for watching this video, For more details or free demo with out expert write into us at sales@infosectrain.com Agenda for the Webinar

In this episode, Omar Turner, Managing Director of Cloud Security at Microsoft, discusses data privacy and protection. Key takeaways: Data protection and privacy Evaluating smaller vs. big companies Stakeholder buy-in Data protection/privacy divergence from security Classifying data Privacy defines who has access Being aware of the data you have Understanding data sovereignty About today's guest: Omar A. Turner is a Managing Director of Cloud Security for Microsoft. He brings over 25 years of experience supporting, deploying, architecting, and securing solutions for startups and globally recognized organizations. He holds numerous certifications, including the CISSP, CCSP, CRISC, CISA, CDPSE, and CISM, and holds B.S. degrees in Mathematics and Computer Science. Omar is passionate about cybersecurity enablement and training and career mentoring for those looking to start their journey in the fantastic and important field of cloud security. LinkedIn: https://www.linkedin.com/in/omarturner/ ___ Thank you so much for checking out this episode of The Tech Trek, and we would appreciate it if you would take a minute to rate and review us on your favorite podcast player. Want to learn more about us? Head over at https://www.elevano.com Have questions or want to cover specific topics with our future guests? Please message me at https://www.linkedin.com/in/amirbormand (Amir Bormand)

Marc Ashworth is a respected IT executive with over 30 years of experience in cyber and physical security, IT/security architecture, project management, is an author and a public speaker.  He is a board member of the St. Louis Chapter of InfraGard, Webster University Cyber Advisory board, Co-Founded the State of Cyber annual security conference, and a Lifetime member of FBI Citizens Academy, possessing security certifications in CISSP, CISM, CRISC, Security+ and other certifications.  As the Senior Vice President and Chief Information Security Officer at First Bank, Marc currently oversees First Bank's information security, fraud, physical security, and the network services departments. He is also the 2022 Cyber Defense Magazine winner of “Top 100 CISOs in the World.” [Nov 21st, 2022]    00:00 – Intro  00:49 – Intro Links:  Social-Engineer.com - http://www.social-engineer.com/  Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/  Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/  Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/  Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb  CLUTCH - http://www.pro-rock.com/  innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/  03:15 – Marc Ashworth Intro  05:17 – What was the path that led you to InfoSec?  07:41 – Cultivating good security practices  09:31 – Learning to "scale" your security  11:22 – The value of Strategic Thinking  13:40 – It's all in the presentation  15:25 – The importance of Customer Service  18:32 – The Art of Translation  21:32 – Small Wins  24:34 – Letters to a young CISO  26:20 – Don't avoid Pen Testing!  28:11 – Adopting a "Partnership" mindset  30:30 – Long line of influence  33:40 – Book Recommendations  We Are Legion (We Are Bob) – Dennis E. Taylor  Bad Blood: Secrets and Lies in a Silicon Valley Startup – John Carreyrou  The Goals Program – Zig Ziglar  The 7 Habits of Highly Effective People – Stephen Covey  36:14 – Find Marc Ashworth online  LinkedIn: www.linkedin.com/in/marcashworth/  38:36 – Wrap Up   38:56 – Outro  www.social-engineer.com  www.innocentlivesfoundation.org   

Robin Wilde is the Director of Business Solutions for TeamHealth. She is passionate about project management and cyber security, particularly Identity Management, as well as promoting women in cyber. She holds a variety of certifications, including the CISSP, CRISC, PMP, ACP, CSP, and Prosci, demonstrating her vast skillset and experience. She introduces the phrase "privilege sprawl" - listen to find out what that means! --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message Support this podcast: https://anchor.fm/virtual-ciso-moment/support

"The network people are worried about data being stolen. The engineers are worried about a process being affected. This is where our big difference lies." In this episode, I'm in conversation with Joe Weiss, who is the Managing Partner, of Applied Control Solutions, and Managing Director of ISA99. The ISA99 committee establishes standards and practices for defining procedures for implementing electronically secure manufacturing and control systems and security practices and assessing electronic security performance. A mouthful, but a cyber expert. We discuss the impacts that cyber problems are having on the oil and gas industry. "[Cyber is] electronic communication between systems where people and systems that affects confidentiality, integrity, or availability. The point being nowhere in that definition, is the word malicious ever used." "Cyber became an IT issue, which is what we're dealing with, to this day." Joe Weiss is an expert on control system cyber security. He has published over 80 papers on instrumentation and control systems, control system cyber security, book chapters on cyber security for electric substations, water/wastewater, data centers, and cyber policy, and authored Protecting Industrial Control Systems from Electronic Threats. He is an ISA Fellow, Managing Director of ISA99, a Ponemon Institute Fellow, and an IEEE Senior Member. He was featured in Richard Clarke's book- Warning – Finding Cassandras to Stop Catastrophes. He has patents on instrumentation, control systems, and OT networks, is a registered professional engineer and has CISM and CRISC certifications. "Y2K. Because they knew exactly when it was going to end and what it was, there was a law that basically made all officers and directors personally liable. And because of that, a personal silos came down personally liable for what exactly? Anything that would occur from Y2K." Links: LinkedIn profiles (personal, business): Personal: https://https://www.linkedin.com/in/joew1 Website: http://www.controlglobal.com/unfettered Book http://www.momentumpress.net/books/protecting-industrial-control-systems-electronic-threats    

Cybersecurity and Information security are the most demanding career options in today's world. This comprehensive blog is curated to provide the key difference between Certified Information Security Manager (CISM) and Certified in Risk and Information Systems Control (CRISC) certifications, which are the highest earning IT certifications in the Information security domain. What is CISM? Certified Information Security Manager (CISM) is a professional certification accredited by the Information Security Audit and Control Association (ISACA) that validates the level of expertise in information security governance, incident management, program development and management, and risk management. It is an advanced certification mainly focusing on the enterprise's information security. What is CRISC? Certified in Risk and Information Systems Control (CRISC) is an advanced certification accredited by Information Systems Audit and Control Association (ISACA). It validates skills and knowledge in implementing risk management programs and best practices to identify, analyze, assess, prioritize, and respond to risks. This certification mainly focuses on enterprise IT risk management.

A conversation with Maria Thompson, CISSP, CRISC, SLG Leader, Cybersecurity Amazon Web Services (AWS). Maria has a passion for public service and in particular, cybersecurity awareness and readiness. Maria served as North Carolina's top cybersecurity official, after six-and-a-half years as its chief risk officer where she often advocated for a “whole-of-state” mentality in protecting securing IT and infrastructural assets, an approach that resulted in closer collaboration not just between agencies in Raleigh, but with local governments and the education and private sectors. Before state government, Maria had a 20-year career in the Marine Corps, during which she was among the branch's first group of cybersecurity personnel, ultimately retiring as its first cybersecurity and information assurance chief. We discuss the need to bring greater diversity into public service – and in particular tech.

In this episode, Grant Reveal, the Director of Identity and Access Management at Micron Technology, talks about how we can demonstrate the business value of Identity and Access Management and how we get away from being viewed as the department of “NO” to “more SECURE”. Key Takeaways: From the department of “no” to “more secure” Three components of IAM (People, Process, and Technology) Why does the story matter? Why Is Information Security important? Time component in learning IAM is a must. The day-1 Process is building relationships and making people secure. Identity and Access Management vs Traction The Automation of training and hiring time. How does the SDLC process help customers' needs? Having a defined roadmap for a team is very helpful. When leaders share their stories, they also build credibility. Compliance with IAM policies and procedures Strong procurement and audit systems Importance of building relationships and awareness in the organization. About today's guest: Connect to Grant at: www.linkedin.com/in/grantreveal Grant is an experienced leader with breadth and depth throughout the IT and InfoSec disciplines. His focus for almost ten years has been within the Identity and Access Management space, with experience building and leading the IAM teams for three Fortune 500 firms. Before focusing on the InfoSec discipline, Grant led IT teams and held senior-level leadership positions within Higher Education, including CIO. He has several professional certifications, including CISSP, CCSP, CRISC, CISM, CDPSE, and earned his Bachelor of Science in Information Technology from Franklin University. Grant has spoken at numerous conferences and gatherings regarding the business values IAM can deliver and was named to Security Magazine's 2019 List of Most Influential People in Security. Grant also values lifelong learning as he continues to pursue his Master's degree and works to give back through training and mentoring the next generation of technologists. ________ Thank you so much for checking out this episode of The Tech Trek and if you enjoyed this episode, please take a minute and leave a quick rating and review on the Apple podcast app! Want to learn more about us? Head over at https://www.elevano.com Have questions or want to cover specific topics with our future guests? Please message me at https://www.linkedin.com/in/amirbormand (Amir Bormand)

Podcast: Control System Cyber Security Association International: (CS)²AIEpisode: 42: How Skills Outside of the CyberSecurity Space Lay the Groundwork for a Great CyberSecurity Career with Art ConklinPub date: 2022-06-14Derek Harp is happy to have Art Conklin, another legendary ICS control systems cybersecurity figure joining him on the show today! Art is an experienced Information Systems Security professional. He has a background in software development, systems science, and information security. He is qualified with CISSP, GICSP, GRID, GCIP, GCFA, GCIA, GCDA, CSSLP, CRISC, and Security+.His specialties include information systems security management, network, and systems security, intrusion detection and intrusion detection monitoring, penetration testing, Incident Response, security policy and procedures, risk/threat assessments, Security training/awareness, user interface design and evaluation, FISMA, Secure code design/software engineering, cyber-physical systems security, and security metrics.Art is a hacker at heart. Art was born in St. Louis, Missouri, in 1960. He has been a professor at the University of Houston for many years! He is also a well-known speaker, military veteran, technologist, author, sailor, rocket scientist, father, husband, and grandfather. In this episode of the (CS)²AI Podcast, he talks about his formative years, a life-changing Navy experience, taking advantage of learning situations outside of college, the application of knowledge, the benefits of getting an MBA, and the benefits of on the job training,If you want to get into the cybersecurity space, you will not want to miss this episode - even if you have qualifications in a different area. Show highlights:There is a different level of thinking that gets taught and applied today. (5:49)After doing courses at different universities and then starting med school, Art realized it was not where he wanted to go because it was science, not tech, and it was very theory-driven. (8:10)Art wanted a career where he could do stuff, so he was advised to get an MBA from Harvard or join the military to learn how to lead men, manage a budget, and learn the difference between those things. Harvard was out of reach, so he joined the Navy. (9:07)Art talks about the unique military experience that changed his perspective and made him who he is today. (11:05)The cyber-world can benefit from people with no college degree who have problem-solving abilities, communication skills, and the ability to lead. (15:08)Learning is about more than just knowledge because knowledge needs to be applied. (18:38)Art wanted to leave the Navy to join IBM, but the Admiral did not want him to leave and offered him the opportunity to go to Navy Post Graduate School with no payback. So Art spent three years studying space system engineering, got a Ph.D. equivalent, and flew on a spacecraft. (20:40)In some respects, transitioning out of the military is not easy, from a job perspective. (24:01)Art explains why he did another degree after getting his doctorate. (27:44)Art talks about the qualities of his various mentors and the importance of having connections with people with aspects that will broaden you and make you smarter. (29:14)What he has done and is currently doing at the University of Houston. (32:32)If you want to work in cybersecurity and you have a breadth of knowledge and experience, you are likely to succeed in the space. (39:16)If you want to learn more about OT, many resources are available. Use and apply them. You can also email Art for local resources at waconklin@uh.edu. Most people are willing to share their knowledge and become mentors, so reach out to those you look up to. (44:42)How to invest in yourself. (46:20)Links:(CS)²AIArt Conklin on LinkedInThe University of Houston (Search for cybersecurity)The podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Derek Harp is happy to have Art Conklin, another legendary ICS control systems cybersecurity figure joining him on the show today!  Art is an experienced Information Systems Security professional. He has a background in software development, systems science, and information security.  He is qualified with CISSP, GICSP, GRID, GCIP, GCFA, GCIA, GCDA, CSSLP, CRISC, and Security+. His specialties include information systems security management, network, and systems security, intrusion detection and intrusion detection monitoring, penetration testing, Incident Response, security policy and procedures, risk/threat assessments, Security training/awareness, user interface design and evaluation, FISMA, Secure code design/software engineering, cyber-physical systems security, and security metrics. Art is a hacker at heart. Art was born in St. Louis, Missouri, in 1960. He has been a professor at the University of Houston for many years! He is also a well-known speaker, military veteran, technologist, author, sailor, rocket scientist, father, husband, and grandfather. In this episode of the (CS)²AI Podcast, he talks about his formative years, a life-changing Navy experience, taking advantage of learning situations outside of college, the application of knowledge, the benefits of getting an MBA, and the benefits of on the job training, If you want to get into the cybersecurity space, you will not want to miss this episode - even if you have qualifications in a different area.  Show highlights: There is a different level of thinking that gets taught and applied today. (5:49) After doing courses at different universities and then starting med school, Art realized it was not where he wanted to go because it was science, not tech, and it was very theory-driven. (8:10) Art wanted a career where he could do stuff, so he was advised to get an MBA from Harvard or join the military to learn how to lead men, manage a budget, and learn the difference between those things. Harvard was out of reach, so he joined the Navy. (9:07) Art talks about the unique military experience that changed his perspective and made him who he is today. (11:05) The cyber-world can benefit from people with no college degree who have problem-solving abilities, communication skills, and the ability to lead. (15:08) Learning is about more than just knowledge because knowledge needs to be applied. (18:38) Art wanted to leave the Navy to join IBM, but the Admiral did not want him to leave and offered him the opportunity to go to Navy Post Graduate School with no payback. So Art spent three years studying space system engineering, got a Ph.D. equivalent, and flew on a spacecraft. (20:40) In some respects, transitioning out of the military is not easy, from a job perspective. (24:01) Art explains why he did another degree after getting his doctorate. (27:44) Art talks about the qualities of his various mentors and the importance of having connections with people with aspects that will broaden you and make you smarter. (29:14) What he has done and is currently doing at the University of Houston. (32:32) If you want to work in cybersecurity and you have a breadth of knowledge and experience, you are likely to succeed in the space. (39:16) If you want to learn more about OT, many resources are available. Use and apply them. You can also email Art for local resources at waconklin@uh.edu.  Most people are willing to share their knowledge and become mentors, so reach out to those you look up to. (44:42) How to invest in yourself. (46:20) Links: https://www.cs2ai.org/ ((CS)²AI) https://www.linkedin.com/in/waconklin/ (Art Conklin on LinkedIn) https://uh.edu/ (The University of Houston) (Search for cybersecurity) Mentioned in this episode: Our Sponsors: We'd like to thank our sponsors for their faithful support of this podcast. Without their support we would not be able to bring you this valuable content. We'd appreciate it if...

Privacy & Compliance expert from Microsoft, Ingrid Rodriguez, joins hosts Jerich Beason& Whitney McCollum to discuss taking risk out of silos. They talk about how the entire organization needs to have understanding of the enterprise risks.  Specifically, how does security & compliance fit into the enterprise risk framework?  What are the situational perspectives of the C-Suite and how can those perspectives drive compliance goals?  How can the CISO and legal work together and with the enterprise for compliance? They will also talk about risk appetite, the tolerance of risk by leadership, and aligning acceptance of risks with business goals.  How much and how often should you communicate risks and mitigation strategy?  Note: “The statements of the guest speakers and hosts in this podcast should not be construed as legal advice.  They represent their views only and not those of Epiq or their respective employers.”BIOGRAPHYIngrid is an Advanced Compliance Global Black Belt with Microsoft Security Solutions Area supporting the South, Southeast of the US, and LATAM regions. In her role, Ingrid shares her enterprising multinational information and security risk management executive experience, to help customers strategize within their Risk and Compliance obligations leveraging our solutions in Compliance, Information Protection, Privacy Management, and Insider Threat management capabilities. During her 18 years tenure in IT Risk & Compliance Leadership, Ingrid designed for an innovative Global Technology Risk Management Framework, as well as a vision for tactical implementation of technology and security controls by combining a variety of data security standards such as: NIST, ISO, PCI, HIPAA, FFIEC, GDPR, to mention a few. Ingrid designed and built the first Global Technology Risk Management programs in most of her previous employers. She lead, supported and guided over 45 countries to meet US and country-level compliance and privacy needs and well as Global Standards.  Ingrid is from Puerto Rico, based in Dallas, TX but soon relocating to beautiful Pensacola, FL. She is a frequent speaker on Risk Management and Compliance topics, in both languages English and Spanish, in many global, national and regional events including ISACA, Microsoft Executive Briefing Center, Fintech, Partners and many other associations and affiliations within the Privacy, Risk and Compliance industry in the US and LATAM.  Ingrid received a Bachelor's Degree in Computer Engineering from the University of Puerto Rico, and also holds a Master's Degree in Sciences, Computer Sciences from the University of Phoenix. She holds various industry certifications, including CRISC, CDPSE, ITIL among others. LinkedIn: https://www.linkedin.com/in/inrodz/ Find us on LinkedIn, Twitter, Facebook, and Instagram or email us at cyberside@epiqglobal.com.

#CISOThursday - Breaking into Cybersecurity: Matt Stamper 5.5.22 Matt Stamper, MPIA, MS, CISA, CIPP-US, CISM, CDPSE, CRISC, ITIL https://www.linkedin.com/in/stamper/ It's really a conversation about what they did before, why did they pivot in cyber, what was the process they went through Breaking Into Cybersecurity, how do you keep up, and advice/tips/tricks along the way. About Breaking Into Cybersecurity: This series was created by Renee Small & Christophe Foulon to share stories of how the most recent cybersecurity professionals are breaking into the industry. Our special editions are us talking to experts in their fields and cyber gurus who share their experiences of helping others break-in. #cybersecurity #breakingintocybersecurity #informationsecurity #JamesAzar #ChrisFoulon #ReneeSmall #InfoSecHires Check out our new book, Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level: https://amzn.to/3443AUI _________________________________________ About the hosts: Renee Small is the CEO of Cyber Human Capital, one of the leading human resources business partners in the field of cybersecurity, and author of the Amazon #1 best-selling book, Magnetic Hiring: Your Company's Secret Weapon to Attracting Top Cyber Security Talent. She is committed to helping leaders close the cybersecurity talent gap by hiring from within and helping more people get into the lucrative cybersecurity profession. https://www.linkedin.com/in/reneebrownsmall/ Download a free copy of her book at magnetichiring.com/book Christophe Foulon focuses on helping to secure people and processes with a solid understanding of the technology involved. He has over 10 years as an experienced Information Security Manager and Cybersecurity Strategist with a passion for customer service, process improvement, and information security. He has significant experience in optimizing the use of technology while balancing the implications to people, processes, and information security by using a consultative approach. https://www.linkedin.com/in/christophefoulon/ Find out more about CPF-Coaching at https://cpf-coaching.com - Website: https://www.cyberhubpodcast.com/breakingintocybersecurity - Podcast: https://anchor.fm/breakingintocybersecurity - YouTube: https://www.youtube.com/c/BreakingIntoCybersecurity - Linkedin: https://www.linkedin.com/company/breaking-into-cybersecurity/ - Twitter: https://twitter.com/BreakintoCyber

#CISOThursday - Breaking into Cybersecurity: Matt Stamper 5.5.22 Matt Stamper, MPIA, MS, CISA, CIPP-US, CISM, CDPSE, CRISC, ITIL https://www.linkedin.com/in/stamper/ It's really a conversation about what they did before, why did they pivot in cyber, what was the process they went through Breaking Into Cybersecurity, how do you keep up, and advice/tips/tricks along the way. About Breaking Into Cybersecurity: This series was created by Renee Small & Christophe Foulon to share stories of how the most recent cybersecurity professionals are breaking into the industry. Our special editions are us talking to experts in their fields and cyber gurus who share their experiences of helping others break-in. #cybersecurity #breakingintocybersecurity #informationsecurity #JamesAzar #ChrisFoulon #ReneeSmall #InfoSecHires Check out our new book, Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level: https://amzn.to/3443AUI _________________________________________ About the hosts:   Renee Small is the CEO of Cyber Human Capital, one of the leading human resources business partners in the field of cybersecurity, and author of the Amazon #1 best-selling book, Magnetic Hiring: Your Company's  Secret Weapon to Attracting Top Cyber Security Talent. She is committed to helping leaders close the cybersecurity talent gap by hiring from within and helping more people get into the lucrative cybersecurity profession. https://www.linkedin.com/in/reneebrownsmall/ Download a free copy of her book at magnetichiring.com/book Christophe Foulon focuses on helping to secure people and processes with a  solid understanding of the technology involved. He has over 10 years as an experienced Information Security Manager and Cybersecurity Strategist with a passion for customer service, process improvement, and information security. He has significant experience in optimizing the use of technology while balancing the implications to people, processes, and information security by using a consultative approach. https://www.linkedin.com/in/christophefoulon/ Find out more about CPF-Coaching at https://cpf-coaching.com - Website: https://www.cyberhubpodcast.com/breakingintocybersecurity - Podcast: https://anchor.fm/breakingintocybersecurity - YouTube: https://www.youtube.com/c/BreakingIntoCybersecurity - Linkedin: https://www.linkedin.com/company/breaking-into-cybersecurity/ - Twitter: https://twitter.com/BreakintoCyber

People often talk about upskilling from a physical security role to becoming a cyber or converged security specialist. But what does that really mean?   On this episode of the podcast, we speak with Shaun Southall, an operator that has expertly and effectively converged the two worlds of physical and cyber together as a working security specialist. Join us this week as we talk about:  Shaun's asymmetric career journey into cyber security. How the ‘uninitiated,' physical security specialist can augment their skills. What steps to take and what to avoid when breaking into the field. The single biggest mindset shift that will determine your success.  As we say here, knowledge is power and, in our industry, “what you don't know can hurt you.” So, tune in and get skilled up with our latest expert sharing his tricks of the trade and gems of experience!   More about Shaun: Shaun is a Cyber Security Oversight Specialist for the Civil Aviation Authority, with almost twenty years of experience, a plethora of certifications, and an ambitious hashtag - #cisoby60! He holds a Level 6 diploma in Security Risk Management and an itch for formal self-improvement that has led to becoming an ISO 27001 Lead Implementer and gaining audit experience through voluntary work, before embarking on four ISACA certifications – CISM, CRISC, CDPSE and COBIT Foundation – in just four months. He is heavily influenced by Doug Hubbard, Alexei Sidorenko and Norman Marks and is driven to shift the mentality from ‘red amber green and five by fives' to a holistic appreciation of risk that considers the complexity of the threat landscape. Shaun is also a regular presenter at ASIS CPE events, promoting risk quantification and ‘debiasing the human', an active member of SIRA, FAIR and ISACA London Chapter, is a proud to be part of an organisation tasked with maintaining the safety and security of aviation in the UK. https://www.linkedin.com/in/shaunsouthall/ (Linkedin) More about the Circuit: The Circuit Magazine is written and produced by volunteers, most of who are operationally active, working full time in the security industry. The magazine is a product of their combined passion and desire to give something back to the industry. By subscribing to the magazine you are helping to keep it going into the future. https://circuit-magazine.com/read/ (Find out more >) If you liked this podcast, we have an accompanying weekly newsletter called 'On the Circuit' where we take a deeper dive into the wider industry. http://bit.ly/OntheCircuit (Opt in here >) The Circuit team is: Elijah Shaw Jon Moss Shaun West Phelim Rowe Connect with Us:  https://circuit-magazine.com/ (Circuit Magazine) https://mailchi.mp/the-bba.org.uk/bba-connect (BBA Connect) https://www.theprotectorapp.com/ (NABA Protector) https://the-bba.org.uk/ (British Bodyguard Association)

¡Aprende SecTY!  El mercado mundial de la ciberseguridad crece constantemente cada año y la tecnología avanza para demostrar que nunca se extinguirá. Se pronostica que el tamaño del mercado mundial de ciberseguridad crecerá a 345,4 mil millones de dólares para 2026. https://www.statista.com/statistics/595182/worldwide-security-as-a-service-market-size/ ¿Estas comenzando en el campo de la seguridad de información? ¿Sabes cual es el mejor campo de ciberseguridad para escoger? Consultoría de Seguridad de Información Identidad de Acceso Seguridad para Infraestructura Seguridad de la Red Etc… Escucha el episodio para que escuches el consejo de cuál es el campo mas atractivo. Estas son algunas de los enlaces de varias certificaciones: CISSP: https://www.isc2.org/landing/CISSP-path?utm_source=google&utm_medium=cpc&utm_campaign=GBL-CISSPpath&utm_term=search&utm_content=CISSPpath&gclid=Cj0KCQjwg7KJBhDyARIsAHrAXaFL-aPWLl9Dz2zcUDkbEnxyVHtll2cN3MWkqHfVM_vJTEJB3tuiWqoaAjsUEALw_wcB#   Security + : https://www.comptia.org/certifications/security   CCNA: https://www.cisco.com/c/en/us/training-events/training-certifications/certifications/associate/ccna.html   CISA: https://www.isaca.org/credentialing/cisa   CISM: https://www.isaca.org/credentialing/cism   CSX-P: https://www.isaca.org/credentialing/csx-p   CRISC: https://www.isaca.org/credentialing/crisc   CEH: https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/     ¡Gracias!:   *****Recuerda que, si deseas que te envíe una guía de 8 tips para saber como identificar un Phishing email, escríbeme en @sectycs en Instagram, Facebook, LinkedIN o Twitter. O Escribeme un correo a la dirección: itsec@sectycs.com *****   Síguenos en Facebook, Instagram, Twitter y LinkedIN como: @SecTYCS Búscanos en YouTube como Aprende SecTY Envíame tus preguntas o recomendaciones a: itsec@sectycs.com Deja tu reseña en iTunes/Apple Podcast y compártelo con personas que necesiten mejorar la seguridad en su negocio y en su vida. Puedes escucharnos por medio de: iTunes/Apple Podcast, Spotify, Stitcher, Google Podcast y YouTube.