POPULARITY
Categories
Today, we're going to go deeper into the world of cyber attacks than we have ever done before. We'll be looking at the insurance claims that they produce as well as the longer-term consequences for their victims Often as journalists covering cyber insurance we focus on the big hacks, the headline numbers, and gloss over the detail of the personal stories and the real hard yards that have to be run to recover from an attack and the potential long-term consequences for a business, its directors, its customers and all other stakeholders. As the immediate damage and business interruption triggers potential regulatory, statutory and other serious third-party consequences, these hard yards often have to be run down multiple different paths simultaneously. The in-depth interviews that follow will deepen your understanding of the more complex and long-tail nature of this peril. I'd like to put you right in the room in the shoes of the Directors of a company as an attack unfolds. We're going behind the scenes to uncover what it's really like when a business becomes the target of a digital assault, from the immediate shock to the long-term repercussions that are often ignored by boards. We're also going to go into detail on how the nature of the cyber threat and the tactics of cyber criminals are evolving. To help me in this task my guests are: Magnus Jelen, (pictured top) Director of Incident Response EMEA for Coveware, a firm that helps victims of cyber extortion recover their data; and three senior executives at Beazley: Raf Sanchez (pictured 2nd from top), Beazley's Head of Cyber Services, Cyber Risks. Melissa Collins, (pictured 2nd from bottom) Head of Third Party Cyber & Tech Claims, and Wayne Imrie, (pictured bottom) Head of London Market Wholesale Executive Risks. Magnus and Raf are right on the front line, dealing with the immediate consequences of a hack. Magnus even deals with the hackers themselves. Melissa deals with the external insurance claims that result and Wayne is a Directors and Officers (D&O) specialist who has a deep understanding of how the D&O and Cyber insurance products interact. LINKS: As promised, here is the link to Beazley's latest Risk and Resilience Survey Spotlight on Tech Transformation & Cyber Risk 2025: https://www.beazley.com/en-001/news-and-events/spotlight-on-tech-transformation-cyber-risk-2025/
In today's digital world, artificial intelligence, data storage and cybersecurity are a critical triumvirate, intersecting to form a dynamic ecosystem that underpins modern technological infrastructure. They are strategic pillars that drive innovation, operational efficiency and risk management. Thus their interaction and integration is key to building resilient and secure digital systems capable of supporting the demands of our digitally dependent future. In this episode Charlie Giancarlo, CEO, Pure Storage discusses how important it is for an organisation where your data is, and how to correctly, safely and securely store it ready for our AI future. Nicole Carignan, SVP of Security and AI Strategy at Darktrace and Anthony Ferrante, Global Head of Cybersecurity at FTI Consulting, further extol why data is the backbone of AI, the importance of securing your data, as well as the vulnerabilites organisations face in a modern digitial world.Sources: FT Resources, WEF, PWC, Allianz, National Cyber Security Centre, McKinsey, UK GovThis content is paid for by Pure Storage and is produced in partnership with the Financial Times' Commercial Department. Hosted on Acast. See acast.com/privacy for more information.
Podcast: Industrial Cybersecurity InsiderEpisode: Plant-Level Cyber Risk: Who's Actually Responsible?Pub date: 2025-07-22Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Dino Busalachi and Craig Duckworth tackle one of the most overlooked threats in cybersecurity: the number of industrial vendors and system integrators in manufacturing environments. The conversation addresses the relationship and communication gap between IT and the teams responsible for designing and supporting industrial control systems. They emphasize the need for improved governance, enhanced vendor accountability, and clear ownership of cyber risk. Whether you're a CISO, CIO, or VP of Engineering, this episode offers actionable insight into bridging the IT/OT divide, securing plant floors, and building a cybersecurity strategy that works at the edge of your business.Chapters:00:00:00 - Kicking Off: Why Transparency in Cyber Matters00:00:43 - Who's Talking? Meet Craig & Dino00:01:05 - The Big Question: What's IT's Role in Industrial Security?00:01:35 - When Too Many Vendors = Chaos00:02:37 - How to Actually Secure OT Environments00:03:46 - Choosing the Right Partners (and Asking the Right Questions)00:12:37 - Why Cyber Teams Need Plant Floor Time00:14:24 - Getting Smarter: Use External Experts & Vendor Summits00:18:22 - IT Meets OT: Closing the Culture Gap00:30:03 - What Now? Practical Next Steps for CISOsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
This week, we are pleased to be joined by George Glass, Associate Managing Director of Kroll's Cyber Risk business, as he is discussing their research on Scattered Spider and their targeting of insurance companies. While Scattered Spider has recently turned its attention to the airline industry, George focuses on the broader trend of the group's industry-by-industry approach and what that means for defenders across sectors. George and Dave discuss the group's history, their self-identification as a cartel, and their increasingly aggressive tactics, including the use of fear-based social engineering, physical threats, and the recruitment of insiders at telecom providers. They also examine how organizations—especially those with vulnerabilities similar to past targets—can proactively defend against this threat and prepare an effective response if their industry becomes the next focus. Complete our annual audience survey before August 31. Learn more about your ad choices. Visit megaphone.fm/adchoices
This week, we are pleased to be joined by George Glass, Associate Managing Director of Kroll's Cyber Risk business, as he is discussing their research on Scattered Spider and their targeting of insurance companies. While Scattered Spider has recently turned its attention to the airline industry, George focuses on the broader trend of the group's industry-by-industry approach and what that means for defenders across sectors. George and Dave discuss the group's history, their self-identification as a cartel, and their increasingly aggressive tactics, including the use of fear-based social engineering, physical threats, and the recruitment of insiders at telecom providers. They also examine how organizations—especially those with vulnerabilities similar to past targets—can proactively defend against this threat and prepare an effective response if their industry becomes the next focus. Complete our annual audience survey before August 31. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode of On Aon, our cyber experts explore the escalating scale and complexity of cyber threats, from AI-driven attacks to systemic third-party risks. Hosted by Nancy Eaves, product leader for Cyber Solutions, and featuring insights from Brent Rieth, global cyber leader, and David Molony, EMEA head of cyber solutions, the conversation explores the evolving regulatory landscape, the strategic use of cyber insurance and the critical role of executive engagement in managing cyber risk. Key Takeaways:Threat actors are using AI to scale attacks like phishing and ransomware, while organizations are deploying AI to improve detection, response and risk quantification. Cybersecurity has become a board-level priority, with executives embedding it into enterprise risk management due to its material impact. Global regulatory developments are encouraging greater transparency in cyber incident reporting, reducing reputational stigma and enhancing collective defense. Despite rising claims, cyber insurance pricing has declined thanks to market maturity, improved risk modeling and diversified underwriting strategies.Experts in this episode:Nancy Eaves — Product Leader, Cyber Solutions, Aon (Host)Brent Rieth — Global Cyber Leader, Cyber Solutions, AonDavid Molony — Head of Cyber Solutions EMEA, Aon Key moments:(0:55) The increase in frequency of reported cyber incidents, including AI-driven threats, ransomware and cloud and identity-based intrusions. (3:50) The reputational impact of cyber incidents on organizations. (13:30) The factors contributing to the buyer-friendly market for cyber insurance Additional Resources:2025 Global Cyber Risk Report Soundbites:David Molony: “Ultimately, we are seeing threat actors leveraging generative AI to create highly personalized phishing campaigns and deepfake content, making social engineering more effective.” Brent Rieth: “I'd add it's important to continue to drive a holistic approach to navigating cyber risk. It's incredibly complex. It can't be managed in isolation by any individual stakeholder.”
Quantifying cyber risk is now a necessity for businesses navigating the evolving threat landscape. In this episode of the Risk Management Show, we discussed why quantifying cyber risk is the new imperative for businesses. Our guest, Asdrúbal Pichardo, CEO of Squalify—a cyber risk quantification platform backed by Munich Reinsurance—shares how their top-down approach to cyber risk quantification is transforming the way companies prioritize cybersecurity investments and communicate with boards. We explored real-world examples, common pitfalls in cybersecurity investment, and how benchmarking cyber posture can elevate your strategy. If you're a Chief Risk Officer, CISO, or CFO looking to align strategies and speak the same language about cyber security and risk management, this episode provides the insights you need. Plus, learn about Squalify's CRQ readiness assessment tool and how it supports organizations in making informed decisions. Please check the Squalify's CRQ Readiness Assessment https://squalify.fillout.com/t/5dGf2f8tmcus If you want to be our guest or suggest a guest, send your email to info@globalriskconsult.com with the subject line "Guest Proposal."
Software enables our way of life, but market forces have sidelined security concerns leaving systems vulnerable to attack. Fixing this problem will require the software industry to develop an initial standard for creating software that is secure by design. These are the findings of a recently released paper coauthored by Greg Touhill, director of the Software Engineering Institute (SEI) CERT Division. In this latest SEI podcast, Touhill and Matthew Butkovic, director of Cyber Risk and Resilience at CERT, discuss the paper including its recommendations for making software secure by design.
What do tariffs, AI adoption, and digital readiness have in common? They're all reshaping the future of wholesale distribution.In this episode of Around the Horn in Wholesale Distribution, hosts Kevin Brown and Tom Burton unpack the forces shaping the industry from rising cybersecurity threats to the real reason distributors aren't seeing results from generative AI tools.This episode blends actionable economic insights with digital transformation strategy and is a must-listen for Revenue Leaders in Distribution preparing for what's next.What You'll Learn:Why small interest rate changes have massive implications for national debt and distributor marginsThe hidden danger of weak cybersecurity hygiene in mid-size distributorsWhat's actually holding companies back from successful AI implementation (hint: it's not the tools)How Smart CRM and Sales Co-Pilot platforms help future-proof sales organizationsWhy Collaborative Planning & Forecasting (CPFR) is a strategic advantage in uncertain timesEpisode Highlights:05:20 – What the Fed's hesitation on rate cuts means for distributors12:45 – How tariffs are being used as economic leverage, not just punishment22:10 – Why reshoring is gaining momentum in wholesale distribution35:08 – The untold reasons AI is stalling in sales organizations45:50 – How today's B2B buyers behave before they ever speak to sales57:30 – Aligning AI tools with workflow clarity and CRM data hygiene01:08:15 – Cybersecurity risks for mid-size distributors: real threats and blind spots01:17:40 – Future-proofing your strategy with AI, succession readiness & smarter sales planning
The constant emergence of new cyber threats puts a lot of pressure on businesses not just to respond, but to communicate the nature of the threat to stakeholders within a company. Sam Salehi, Managing Director ANZ at Qualys, joins Sean in the studio to talk about how to communicate these threats in a way that secures the buy-in of boards, executives, and teams. Qualys is a supporter of this podcast.Find out more: https://fearandgreed.com.auSee omnystudio.com/listener for privacy information.
Banking on Fraudology is part of the Fraudology Podcast Network.In this illuminating episode of Banking on Fraudology, host Hailey Windham sits down with Bryan Watkinson, a risk management expert from Affinity Federal Credit Union. Bryan shares his wealth of experience in operational risk, fraud prevention, and the emerging field of cannabis banking. The conversation kicks off with a look at Bryan's popular "Fraud Friday" social media posts, which break down complex fraud threats in an accessible way. Bryan reveals how these posts have become a rallying cry for other departments to embrace risk education.The discussion then dives into the challenges of managing multiple risk verticals in a mid-sized credit union. Bryan offers invaluable insights on prioritizing threats, from cybersecurity concerns stemming from global conflicts to the day-to-day battles against check fraud and account takeovers. He emphasizes the importance of staying vigilant without overreacting, sharing strategies for keeping teams at a steady "level 4 or 5" of alertness. One of the episode's highlights is Bryan's candid take on cannabis banking, detailing how Affinity navigated this complex new terrain.Listeners will come away with practical advice on making risk relatable across an organization, fostering transparency, and building a strong risk culture. Bryan's approach of "showing up" to branches with donuts and real conversations exemplifies his philosophy of hands-on leadership. Whether you're a seasoned risk professional or new to the field, this episode offers a masterclass in balancing vigilance with approachability. Don't miss Bryan's parting words on the power of networking and continuous learning in the fight against fraud. Tune in to gain insights that will elevate your risk management game and protect your institution.Bryan WatkinsonAbout Hailey Windham:As a 2023 CU Rockstar Recipient, Hailey Windham, CFCS (Certified Financial Crimes Specialist) demonstrated unbounding passion for educating her community, organization and credit union membership on scams in the market and best practices to avoid them. She has implemented several programs within her previous organizations that aim at holistically learning about how to prevent and detect fraud targeted at membership and employees. Windham's initiatives to build strong relationships and partnerships throughout the credit union community and industry experts have led to countless success stories. Her applied knowledge of payments system programs combined with her experience in fraud investigations offers practical concepts that are transferable, no matter the organization's size. Connect with Hailey on LinkedIn: https://www.linkedin.com/in/hailey-windham/
In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• The GRIP is one year old and to celebrate, we're running an anniversary sale!!• Join the GRIP in July and use promo code HOTJULY2025 to receive a 20% discount!• (TLP:CLEAR) Hostile Nation States Employing Non-State Actors• Surge in MOVEit Transfer Scanning Could Signal Emerging Threat Activity• ‘Suspended animation': US government upheaval has frayed partnerships with critical infrastructure• Short-term extension of expiring cyber information-sharing law could be on the table• Gate 15 is excited to offer a low-cost ransomware resilience exercise for executives! Contact us today for more information on this great opportunity!Main Topics:Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest. CISA, the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA) published Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest. This joint fact sheet details the need for increased vigilance for potential cyber activity against U.S. critical infrastructure by Iranian state-sponsored or affiliated threat actors. Defense Industrial Base companies, particularly those possessing holdings or relationships with Israeli research and defense firms, are at increased risk. At this time, we have not seen indications of a coordinated campaign of malicious cyber activity in the U.S. that can be attributed to Iran. Beazley Report: U.S. Executives Misjudge Their Cyber Preparedness. U.S.-based executives feel more prepared to counter cyber threats, potentially indicating a false sense of security because many companies lack the ability to be adequately preparedness, according to a new report from specialist insurer Beazley. According to the report, Spotlight on Tech Transformation & Cyber Risk 2025, the perception of cyber resilience rose to 81% from 73% a year ago. Hostile Events:• A violent ambush in Idaho leaves 2 firefighters dead and 1 injured. What to know about the attack• Suspect Identified in Deadly Ambush of Idaho Firefighters• Chilling ‘coincidence' of Idaho shooting sends internet sleuths into overdrive• Gunman started Idaho blaze and then fatally shot 2 firefighters in ambush attack, officials say• Here's a timeline of how the Canfield Mountain ambush shooting unfolded• Multiple firefighters reportedly shot while responding to fire near Coeur d'Alene• Europol: New report - major developments and trends on terrorism in Europe in 2024Quick Hits:• Canadian Centre for Cyber Security - Vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway - CVE-2025-5349, CVE-2025-5777 and CVE-2025-6543 • Over 1,200 Citrix servers unpatched against critical auth bypass flaw• The State of Ransomware 2025• Scattered Spider hackers shift focus to aviation, transportation firms • Scattered Spider's Calculated Path from CFO to Compromise • M&S fashion rivals ‘benefited from its pause on online orders after cyber-attack' • Ransomware attack contributed to patient's death• Canada orders Chinese CCTV biz Hikvision to quit the country ASAP• FBI PSA - Criminals Posing as Legitimate Health Insurers and Fraud Investigators to Commit Health Care Fraud• 50 Customers of French Bank Hit by Insider SIM Swap Scam; An intern at Société Générale is believed to have facilitated the theft of more than EUR1mn (USD1.15mn) from the bank's customers.• State of CPS Security 2025: Building Management System Exposures • H1 2025 Crypto Hacks and Exploits: A New Record Amid Evolving Threats
A compilation of 16 billion stolen credentials is now circulating online—posing a massive risk to businesses, even if they weren’t directly breached. In this episode of Industry Insight, Bernard Montel Technical Director and Security Strategist from cybersecurity risk and exposure management firm Tenable breaks down how attackers exploit these credentials at scale using automation and AI, and why identity—not networks—is now the primary attack surface. Discover why traditional defences fall short in cloud-first environments, how exposure management evolves beyond vulnerability scanning, and what business leaders can do to proactively reduce identity-related risk.See omnystudio.com/listener for privacy information.
Cyber threats are not static—and HITRUST knows assurance can't be either. That's why HITRUST's Michael Moore is leading efforts to ensure the HITRUST framework evolves in step with the threat environment, business needs, and the technologies teams are using to respond.In this episode, Moore outlines how the HITRUST Cyber Threat Adaptive (CTA) program transforms traditional assessment models into something far more dynamic. Instead of relying on outdated frameworks or conducting audits that only capture a point-in-time view, HITRUST is using real-time threat intelligence, breach data, and frameworks like MITRE ATT&CK and MITRE ATLAS to continuously evaluate and update its assessment requirements.The E1 and I1 assessments—designed for organizations at different points in their security maturity—serve as flexible baselines that shift with current risk. Moore explains that by leveraging CTA, HITRUST can add or update controls in response to rising attack patterns, such as the resurgence of phishing or the emergence of AI-driven exploits. These updates are informed by a broad ecosystem of signals, including insurance claims data and AI-parsed breach reports, offering both frequency and impact context.One of the key advantages Moore highlights is the ability for security teams to benefit from these updates without having to conduct their own exhaustive analysis. As Moore puts it, “You get it by proxy of using our frameworks.” In addition to streamlining how teams manage and demonstrate compliance, the evolving assessments also support conversations with business leaders and boards—giving them visibility into how well the organization is prepared for the threats that matter most right now.HITRUST is also planning to bring more of this intelligence into its assessment platform and reports, including showing how individual assessments align with the top threats at the time of certification. This not only strengthens third-party assurance but also enables more confident internal decision-making—whether that's about improving phishing defenses or updating incident response playbooks.From AI-enabled moderation of threats to proactive regulatory mapping, HITRUST is building the connective tissue between risk intelligence and real-world action.Note: This story contains promotional content. Learn more.Guest: Michael Moore, Senior Manager, Digital Innovation at HITRUST | On LinkedIn: https://www.linkedin.com/in/mhmoore04/Hosts:Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.com/Marco Ciappelli, Co-Founder at ITSPmagazine and Host of Redefining Society Podcast & Audio Signals Podcast | https://www.marcociappelli.com/______________________Keywords: sean martin, marco ciappelli, michael moore, hitrust, cybersecurity, threat intelligence, risk management, compliance, assurance, ai security, brand story, brand marketing, marketing podcast, brand story podcast______________________ResourcesVisit the HITRUST Website to learn more: https://itspm.ag/itsphitwebLearn more and catch more stories from HITRUST on ITSPmagazine: https://www.itspmagazine.com/directory/hitrustLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
The Risk Intel podcast welcomed back Josh Magri, CEO of the Cyber Risk Institute (CRI), for a timely Part 2 conversation focused on the evolving cybersecurity regulatory landscape and what it means for community financial institutions. As the FFIEC Cybersecurity Assessment Tool (CAT) is scheduled to sunset on August 31, 2025, Josh offers a roadmap on how financial institutions can move forward and how their CRI Profile offers a strategic, scalable alternative that's gaining traction with regulators and institutions alike. Follow us to stay in the know!
What if everything we've been doing in cybersecurity awareness training is not just outdated — but harmful?In this episode of Reimagining Cyber, Rob Aragao, Chief Security Strategist at OpenText, talks with Craig Taylor, co-founder and CISO at CyberHoot, who makes a bold claim: punishment-based training is not only ineffective — it's counterproductive. Drawing from his background in psychology and years of cybersecurity leadership, Craig explains why we need to ditch outdated tactics and embrace positive reinforcement to reduce human risk.From the failure of fake phishing tests to real-world results from forward-thinking organizations, Craig reveals a smarter, more human-centered way to train. If you're tired of scare tactics and want a strategy that actually builds cyber resilience, this episode is your wake-up call.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.
The cybersecurity landscape is changing fast. And for financial institutions, one of the biggest shifts on the horizon is the sunsetting of the FFIEC Cybersecurity Assessment Tool (CAT) in August 2025. In this episode of the Risk Intel podcast, Josh Magri, President and CEO of the Cyber Risk Institute (CRI), joined host Edward Vincent to unpack what this means for banks, credit unions, and other financial players.From emerging threats powered by AI to the evolving regulatory frameworks shaping cybersecurity governance, Josh's insights are a must-hear. Listen to the full episode here!Follow us to stay in the know!
AI-powered cyber-attacks are reshaping the threat landscape, driving new risks and challenges for organizations worldwide. CJ Dietzman, Alliant Cyber, welcomes Daniel Tobok, CEO of Cypfer, to break down the latest cyber trends from Q1 2025 and predictions for the future. They discuss the rise of generative AI in attacks, the ongoing ransomware threat and the increasing role of third-party vendors in breaches. Daniel also offers practical advice on boosting cyber awareness, protecting critical data and preparing incident response plans to stay ahead in this evolving environment.
High net worth individuals often carry public profiles that make them uniquely vulnerable to cyber threats. From executives and celebrities to board members and influencers, their visibility—and the … Read More » The post Why High Net Worth Clients Face Great Cyber Risk appeared first on Insurance Journal TV.
High net worth individuals often carry public profiles that make them uniquely vulnerable to cyber threats. From executives and celebrities to board members and influencers, their visibility—and the … Read More » The post Why High Net Worth Clients Face Great Cyber Risk appeared first on Insurance Journal TV.
High net worth individuals often carry public profiles that make them uniquely vulnerable to cyber threats. From executives and celebrities to board members and influencers, their visibility—and the … Read More » The post Why High Net Worth Clients Face Great Cyber Risk appeared first on Insurance Journal TV.
In today's episode Lucian Niemeyer, CEO of Building Cybersecurity, joins Stacey Shepard, the President of Shepard Global Strategies to explore how IFMA's new partnership with BCS is helping facility managers better understand and manage cyber risks. Together they discuss Lcuian's background at the United States Department of Defense to developing a 16-step cybersecurity framework that is available for free for facility managers. They highlight how training, collaboration, and proactive strategies are reshaping cyber safety in the built environment to drive safer, smarter facility management practices.This episode is sponsored by ABM! Learn more about ABM here. Connect with Us:LinkedIn: https://www.linkedin.com/company/ifmaFacebook: https://www.facebook.com/InternationalFacilityManagementAssociation/Twitter: https://twitter.com/IFMAInstagram: https://www.instagram.com/ifma_hq/YouTube: https://youtube.com/ifmaglobalVisit us at https://ifma.org
In this episode, ISACA's Lisa Cook engages with Yakir Golan, Executive Officer (CEO) and Co-Founder of Kovrr, to explore the critical role of Cyberrisk Quantification (CRQ) in enhancing organizational financial resilience. They discuss how CRQ solutions provide objective assessments of an organization's cybersecurity posture, enabling leaders to make informed decisions that align risk mitigation strategies with business objectives. The conversation also highlights the importance of translating cyberrisk exposure into monetary terms to facilitate high-level discussions and protect shareholder confidence. Listen & Subscribe Catch this episode—and more—on the ISACA Podcast Library: https://www.isaca.org/resources/news-and-trends/isaca-podcast-library or on your favorite podcast platform.
In this episode of the ShorelineHudson Maritime Risk Podcast, we explore how the maritime sector is confronting the growing challenge of cyber risk with data-driven clarity. Our guests include Rob Vasquez, CEO of Beacon Technologies, Rick Siebenaler, CEO of the Maritime Cybersecurity Institute and academic sponsor of this fully funded research initiative, and Sean Jensen, ShorelineHudson's cyber expert and program facilitator. Together, they discuss the Maritime Cybersecurity Institute's vessel cyber risk analysis program powered by CYFAX+ and how it is transforming the way shipowners, operators, and regulators visualize, assess, and act on vessel-level cyber threat intelligence. If you're ready to understand what it truly means to "see the threat," this is a conversation you won't want to miss. Speakers: Rob Vazquez – Beacon Technologies Rob Vazquez is the CEO of Beacon Technology Group and a pioneer in cybersecurity innovation with over 30 years of experience across global IT and data protection. He has led enterprise-scale deployments for multinational firms and is the inventor behind a patent-pending AI-based threat processing system. Rob's work at Beacon focuses on developing accessible cybersecurity solutions, including the CYFAX+ platform, which supports advanced threat visibility and regulatory compliance. Rick Siebenaler - Maritime Cybersecurity Institute Rick Siebenaler is the CEO of the Maritime Cybersecurity Institute, a nonprofit dedicated to advancing cyber resilience in the commercial maritime sector. With a distinguished background at the NSA, CyberGuard, EY, and Deloitte—holding titles such as Chief Scientist and Global CISO, Rick brings strategic depth to maritime cybersecurity. His leadership is driving the sector toward a more mature, integrated approach to cyber risk management. Sean Jensen - ShorelineHudson Sean Jensen is a cyber threat specialist at ShorelineHudson with a master's in Homeland Security and expertise in maritime risk assessment. He leads the development and deployment of the AVRA platform, delivering intelligence-driven cyber and physical vulnerability assessments for global port and vessel operations. Certified as a Facility Security Officer and Business Continuity Professional, Sean supports compliance and resilience strategies across the maritime domain.
What if the biggest threat to your cyber claims portfolio isn't ransomware—but a spreadsheet buried in someone's inbox?In this episode, host Anthony Hess chats with John Spiehs, Head of Claims at Converge, about what's shifting in the cyber claims space—and what insurance professionals should have on their radar.John breaks down how Converge is leading efforts to simplify Business Interruption (BI) claims with a cleaner, more intuitive, top-down approach. He also digs into the growing exposure around data privacy, where even small incidents can trigger costly class actions. Finally, he explains what's getting lost as the market softens, why vendor relationships matter more than price tags, and the kind of talent today's claims teams really need.You'll learn:1. Why BI claims are evolving, and how Converge is simplifying the process2. Why data privacy and class actions are emerging as cyber's new frontier3. Why soft market dynamics threaten underwriting discipline4. How poor email habits can explode breach costs overnight5. What defines a strong vendor partnership, beyond cut-rate solutions___________Get in touch with John Spiehs on LinkedIn: https://www.linkedin.com/in/john-s-b981337/___________About the host Anthony Hess:Anthony is passionate about cyber insurance. He is the CEO of Asceris, which supports clients to respond to cyber incidents quickly and effectively. Originally from the US, Anthony now lives in Europe with his wife and two children.Get in touch with Anthony on LinkedIn: https://www.linkedin.com/in/anthonyhess/ or email: ahess@asceris.com.___________Thanks to our friends at SAWOO for producing this episode with us!
Andrea Wells from Insurance Journal reports from RIMS RISKWORLD 2025, where she speaks with Patrick Thielen, Global Head of Cyber at Liberty Mutual Insurance. They discuss the evolving … Read More » The post RIMS RISKWORLD 2025: Patrick Thielen on Cyber Risk Evolution, Policy Alignment, and Incident Response appeared first on Insurance Journal TV.
This episode features risk management leader Tracey Swift, Editor-in-Chief of a new publication, HigherEdRisk. Previously, Tracey was Executive Director of Risk Management at Arizona State University, where she led the university's risk management and insurance functions. In this episode we explore the differences between academia and corporations in managing privacy, cybersecurity, and AI risks, the role of the board of trustees and university leadership, and the challenges associated with open networks, collaborative research, shadow IT, and resource pressures. AI has opened up new opportunities and challenges and academia has been one of the first to feel its impact, making higher education more advanced in AI governance than many private sector organizations. Tracey shares her thoughts on the role of insurance in higher ed risk management and the importance of cross-organizational teams in addressing privacy, cybersecurity, and AI risk management.
Send us a textJoin Joe as he reconnects with Matthew Alderman, Chief Product Officer at CyberSaint, in this insightful episode of the podcast! With over 250 episodes under his belt, Joe dives deep with Matthew, a cybersecurity veteran, podcast host, and advisor, to explore:CyberSaint's Game-Changing Approach: How CyberSaint uses historical loss data to revolutionize cyber risk quantification, helping CISOs justify budgets with real financial metrics.Career Insights: Matthew shares his journey, from running startups to advising new ventures, and how he balances multiple roles (CPO, podcast host, advisor, and family man).Leadership & Communication: Why CISOs need to speak the language of business to earn a seat at the boardroom table.Practical Tips: Advice on avoiding burnout, building a mentorship network, and leveraging your personal brand in cybersecurity. Free Cyber Risk Analysis: Visit CyberSaint.io to benchmark your organization's cyber risk against industry peers. Connect with Matthew: Find him on LinkedIn Matthew Alderman or X @Maldermania Listen to Matthew's Podcast: Check out Business Security Weekly at securityweekly.com/BSW.Chapters00:00 Reconnecting and Reflecting on Podcasting Journey02:19 Balancing Multiple Roles and Responsibilities05:44 The Importance of Personal Well-being07:53 Career Goals and Retirement Aspirations10:31 Integrating Consulting and Podcasting11:55 The Value of Mentorship in Professional Growth15:02 Building Trust and Reputation in Networking16:39 Leveraging Podcasting for Career Opportunities18:20 Innovations in Cyber Risk Management23:07 Integrating Risk and Control Data25:30 The Importance of Risk Quantification28:33 Communicating Cyber Risk to the Board30:41 CISO's Role in Business Strategy33:03 Free Cyber Risk Analysis Offering36:20 Customizing Risk Models39:58 Real-Time Risk Monitoring42:24 Targeting Public Companies for Cyber Risk Solutions45:14 Closing Thoughts and Future DirectionsSubscribe for more cybersecurity insights, leadership tips, and industry trends! Drop your thoughts in the comments below—how do you approach cyber risk in your organization?Support the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast
In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Gregory Touhill, director of the SEI CERT Division, sits down with Matthew Butkovic, technical director of Cyber Risk and Resilience at CERT, to discuss ways in which CERT researchers and technologists are working to deliver rapid capability to warfighters in the Department of Defense.
Guest: Steve Ledzian, APAC CTO, Mandiant at Google Cloud Topics: We've seen a shift in how boards engage with cybersecurity. From your perspective, what's the most significant misconception boards still hold about cyber risk, particularly in the Asia Pacific region, and how has that impacted their decision-making? Cybersecurity is rife with jargon. If you could eliminate or redefine one overused term, which would it be and why? How does this overloaded language specifically hinder effective communication and action in the region? The Mandiant Attack Lifecycle is a well-known model. How has your experience in the East Asia region challenged or refined this model? Are there unique attack patterns or actor behaviors that necessitate adjustments? Two years post-acquisition, what's been the most surprising or unexpected benefit of the Google-Mandiant combination? M-Trends data provides valuable insights, particularly regarding dwell time. Considering the Asia Pacific region, what are the most significant factors reducing dwell time, and how do these trends differ from global averages? Given your expertise in Asia Pacific, can you share an observation about a threat actor's behavior that is often overlooked in broader cybersecurity discussions? Looking ahead, what's the single biggest cybersecurity challenge you foresee for organizations in the Asia Pacific region over the next five years, and what proactive steps should they be taking now to prepare? Resources: EP177 Cloud Incident Confessions: Top 5 Mistakes Leading to Breaches from Mandiant EP156 Living Off the Land and Attacking Critical Infrastructure: Mandiant Incident Deep Dive EP191 Why Aren't More Defenders Winning? Defender's Advantage and How to Gain it!
In this compelling episode of Public Key, Eitan Danon (Content Marketing Manager, Chainalysis) speaks with Yaya Fanusie (Director of Policy for AML & Cyber Risk, Crypto Council for Innovation) to discuss the multifaceted dynamics of cryptocurrencies and their implications for national security, illicit finance and global policymaking. Yaya leverages his rich background in intelligence analysis to emphasize the widespread impact of blockchain technology on economic security and policy, including the response of various governments to blockchain and illicit finance and the integration of innovative technologies in mitigating financial crime. Listeners will gain an in-depth understanding of strategies from countries like Iran and China and how digital assets are reshaping the geopolitical landscape and creating modern day conflict zones. Minute-by-minute episode breakdown 2 | Yaya's journey From CIA analyst to crypto and illicit finance expert 6 | How crypto has evolved in the world of National Security and illicit finance 13 | Balancing innovation and regulation in crypto ecosystem 18 | China's digital currency strategy and Its geopolitical implications 23 | Data as the new electricity and currency in a digital economy 26 | Crypto's impact on traditional finance and regulatory challenges 29 | Digital Asset's dual role in conflict zones: Aid and illicit use 34 | Exploring financial crime and spy thrillers podcasts Related resources Check out more resources provided by Chainalysis that perfectly complement this episode of the Public Key. Website: The Premier Global Alliance Advancing Crypto Innovation Guide: Crypto Council for Innovation: Crypto Illicit Finance Risk Management Guide Podcast: The Jabbari Lincoln Files: A Spy Thriller Podcast Created by a Former CIA Officer Podcast: Illicit Edge: Breaking News for Financial Crime Professionals Report: The Chainalysis 2025 Crypto Crime Report (Download Your Copy Today) Blog: United States DOJ and FBI Seize Cryptocurrency in Major Disruption of Hamas Terrorist Financing Scheme Blog: What is Authorized Push Payment (APP) Fraud? Understanding Crypto-Related Scams & Prevention YouTube: Chainalysis YouTube page Twitter: Chainalysis Twitter: Building trust in blockchain Speakers on today's episode Eitan Danon *Host* (Content Marketing Manager, Chainalysis) Yaya Fanusie (Director of Policy for AML & Cyber Risk, Crypto Council for Innovation) This website may contain links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein. Our podcasts are for informational purposes only, and are not intended to provide legal, tax, financial, or investment advice. Listeners should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with your use of this material. Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in any particular podcast and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material. Unless stated otherwise, reference to any specific product or entity does not constitute an endorsement or recommendation by Chainalysis. The views expressed by guests are their own and their appearance on the program does not imply an endorsement of them or any entity they represent. Views and opinions expressed by Chainalysis employees are those of the employees and do not necessarily reflect the views of the company.
Richard Counsell from CyberRisk Alliance joins Kevin on Pathmonk Presents to reveal how this data-driven, community-focused company empowers cybersecurity marketing teams. Based in Florida, CyberRisk Alliance connects professionals through events like InfoSec World and solutions like CRA Connect, offering tailored campaigns and actionable insights. Richard shares strategies for leveraging organic traffic, optimizing websites, and navigating MarTech challenges to drive conversions. Learn how they support CISOs and marketers alike, fostering a thriving cybersecurity ecosystem with integrity and expertise—perfect for anyone aiming to elevate their marketing game!
Understanding a company’s cyber risk starts with identifying potential losses, evaluating security measures, and ensuring executive commitment to data protection. Watch this excerpt from the latest cyber webinar … Read More » The post Assessing Cyber Risk: Key Factors Insurers Must Consider appeared first on Insurance Journal TV.
In this episode, Melissa Ventrone of law firm Clark Hill and Arthur Armstrong of law firm Reed Smith joined The Insuring Cyber Podcast to unpack the Trump administration's … Read More » The post EP. 101: Insuring Cyber Risk in a Shifting Political Landscape appeared first on Insurance Journal TV.
In this episode, Melissa Ventrone of law firm Clark Hill and Arthur Armstrong of law firm Reed Smith joined The Insuring Cyber Podcast to unpack the Trump administration's … Read More » The post EP. 101: Insuring Cyber Risk in a Shifting Political Landscape appeared first on Insurance Journal TV.
Cybersecurity in Italy: ITASEC 2025 Recap & Future Outlook with Professor Alessandro ArmandoCybersecurity is no longer a niche topic—it's a fundamental pillar of modern society. And in Italy, ITASEC has become the go-to event for bringing together researchers, government officials, and industry leaders to tackle the biggest security challenges of our time.Although we weren't there in person this year, we're diving into everything that happened at ITASEC 2025 in this special On Location recap with Professor Alessandro Armando. As Deputy Director of the Cybersecurity National Laboratory at CINI and Chairman of the Scientific Committee of the SERICS Foundation, Alessandro has a front-row seat to the evolution of cybersecurity in Italy.This year's event, held in Bologna, showcased the growing maturity of Italy's cybersecurity landscape, featuring keynotes, technical sessions, and even hands-on experiences for the next generation of security professionals. From government regulations like DORA (Digital Operational Resilience Act) to the challenges of AI security, ITASEC 2025 covered a vast range of topics shaping the future of digital defense.One major theme? Cybersecurity as an investment, not just a cost. Italian companies are increasingly recognizing security as a competitive advantage—something that enhances trust and reputation rather than just a compliance checkbox.We also discuss the critical role of education in cybersecurity, from university initiatives to national competitions that are training the next wave of security experts. With programs like Cyber Challenge.IT, Italy is making significant strides in developing a strong cybersecurity workforce, ensuring that organizations are prepared for the evolving threat landscape.And of course, Alessandro shares a big reveal: ITASEC 2026 is heading to Sardinia! A stunning location for what promises to be another exciting edition of the conference.Join us for this insightful discussion as we reflect on where cybersecurity in Italy is today, where it's headed, and why events like ITASEC matter now more than ever.
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Roy Luongo. Roy is the Chief Information Security Officer for the United States Secret Service. He leads a team in the defense and information assurance of all USSS information systems and solutions. Prior to his current role he was the Director, Joint Mission Operations Center for Cyber Command, providing oversight of mission critical Cyber Operations infrastructures. He has also served as Chief, NSA Red Team and Technical Director for Interactive Operations for the NSA. Roy is a retired Army soldier with 20 years' service within the Intelligence and Cyber career fields. [March 17, 2025] 00:00 - Intro 00:17 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 01:55 - Roy Luongo Intro 02:44 - The Path to CISO of the Secret Service 04:58 - Cybersecurity in Early Education 07:50 - The Entry Level Catch-22 12:24 - Quantifying Risk 14:27 - The Best Way Forward 16:51 - The Effects and Future of AI 20:06 - Understanding Your Needs 22:11 - Advise to Young Roy 24:56 - The Cost of Training 29:01 - Mentors - Ed Skoudis - Brigadier General Brian D. Vile - Shawn Turskey 29:55 - Lollipop Moments - TEDxToronto - Drew Dudley "Leading with Lollipops" 31:33 - Book Recommendations - Cybersecurity Canon - Rick Howard - Kingpin - Kevin Poulsen - Turn the Ship Around! - L. David Marquet 33:49 - Wrap Up & Outro - www.social-engineer.com - www.innocentlivesfoundation.org
What's making supply chain risk the fastest-growing cyber-risk categoryHow to galvanise your internal and external peers to develop a shared responsibility for supply chain cyber-risksDesigning and implementing effective key controls to mitigate supply chain cyber-risks This episode is hosted by Jonathan Craven:https://www.linkedin.com/in/jonathanbcraven/Mike Johnson, Global Cyber Threat & Incident Response Manager, Verifonehttps://www.linkedin.com/in/mike---johnson/Jean Carlos, Group Head of Cyber Architecture & Engineering, TP ICAP https://www.linkedin.com/in/jeanpc/Richard Marcus, CISO, AuditBoardhttps://www.linkedin.com/in/richard-marcus-b3192261/
Rinki Sethi is the VP & CISO at BILL. In this episode, she joins host Scott Schober to discuss the topic of CISOs and cyber risk, including how the core responsibilities of a CISO have shifted over the years, what security leaders should be doing to build resilience against the many growing risks, and more. SecurityScorecard is the leading security rating company, used by more than 2,500 top companies. To learn more about our sponsor, visit https://securityscorecard.com
In this episode of AI, Government, and the Future, host Marc Leh is joined by Candy Alexander, a prominent cybersecurity leader with over 35 years of experience and current Chief Information Security Officer at NeuEon. As a two-time President of the Information Systems Security Association (ISSA) International and founding President of the ISSA Education and Research Foundation, Candy brings her extensive expertise to discuss AI trustworthiness, data governance, and enterprise security challenges.
Emily Perry Short is currently the National Director of Cyber Product at The Baldwin Group regularly consulting on cyber risk management and insurance solutions across a variety of industries with a particular focus on technology, venture capital, and private equity risks. Emily has been in insurance in a variety of forms since 2014, originally as a lawyer focusing on professional liability insurance defense. Her experience as both a defense attorney and a cyber and technology broker gives her a unique perspective when it comes to analyzing cyber risks for clients. In addition to her Juris Doctor, Emily holds the Certified Information Privacy Professional (CIPP/US) designation, Cyber COPE designation from Carnegie Mellon, and the Registered Professional Liability Underwriter (RPLU) designation. In January, after a number of years on the Executive Committee, Emily stepped into the role of Chairwoman for TechAssure, an international association of insurance brokers specializing in technology-related risks. She regularly speaks on panels as a subject matter expert on cyber and technology risks. She is licensed to practice law in Kansas and Missouri.In this episode, Eric and Emily Short discuss:Four basic principles of risk management Working with a broker that can give appropriate coverage The risk of cyberattack incidents Cybersecurity is the responsibility of the whole organizationKey Takeaways:Cyber risk management, like any risk management, involves 4 main concepts - accept the risk, avoid the risk altogether, transfer the risk, and mitigate the risk. Organizations should utilize a combination of these strategies.Cyber insurance policies are not standardized, so it's important to work with a broker who understands the nuances between different carrier policies and can help analyze the appropriate coverage.Cyber incidents can have significant financial and reputational impacts on organizations, so having an incident response plan that is regularly tested is crucial for being able to respond effectively.Cybersecurity is everyone's responsibility within an organization, not just the IT department's. Educating and training employees on cyber risks and best practices is essential for prevention.“Humans are the weak link. Here we are the ones who click on the phishing email. We reuse passwords when we shouldn't.” - Emily ShortConnect with Emily Short:Website: https://baldwin.com/ LinkedIn: https://www.linkedin.com/in/emilyperryshort/ Connect with Eric Dyson: Website: https://90northllc.com/Phone: 940-248-4800Email: contact@90northllc.com LinkedIn: https://www.linkedin.com/in/401kguy/ The information and content of this podcast is general in nature and is provided solely for educational and informational purposes. It is believed to be accurate and reliable as of the posting date but may be subject to changeIt is not intended to provide a specific recommendation for any type of product or service discussed in this presentation or to provide any warranties, investment advice, financial advice, tax, plan design or legal advice (unless otherwise specifically indicated). Please consult your own independent advisor as to any investment, tax, or legal statements made.The specific facts and circumstances of all qualified plans can vary and the information contained in this podcast may or may not apply to your individual circumstances or to your plan or client plan-specific circumstances.
Guest: Fahad Mughal, Senior Cyber Solutions Architect - SecurityOn LinkedIn | https://www.linkedin.com/in/fahadmughal/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesModern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure.The Growing Role of Cybersecurity in RailwaysRailway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security. Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure.Critical OT Systems in RailwaysMughal highlights key OT components in railways that require cybersecurity protection:• Signaling Systems: These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions.• Interlocking Systems: These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase.• Onboard OT Systems: Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls.• SCADA Systems: Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network.• Safety-Critical Systems: Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents.The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators.Real-World Cyber Threats in RailwaysMughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity:• 2023 Poland Attack: Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols.• 2021 Iran Railway Incident: Hackers breached Iran's railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust.• 2016 San Francisco Muni Ransomware Attack: A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident.These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure.Cybersecurity Standards and Best Practices for Railways (links to resources below)To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards:• IEC 62443: A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels.• TS 50701: A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems.• EN 50126 (RAMS Standard): A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations.Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks.Looking Ahead: Strengthening Railway CybersecurityAs railway systems become more automated and interconnected with smart cities, vehicle transportation, and supply chain networks, cyber threats will continue to grow. Mughal stresses the need for industry collaboration between railway engineers and cybersecurity professionals to ensure that security is integrated into every stage of railway system design.He also emphasizes the importance of real-time OT threat monitoring, anomaly detection, and Security Operations Centers (SOCs) that understand railway-specific cyber risks. The industry must stay ahead of adversaries by adopting proactive security measures before a large-scale cyber incident disrupts critical transportation networks.The conversation makes it clear: cybersecurity is now a fundamental part of railway safety and reliability. As Mughal warns, it's not a question of if railway cyber incidents will happen, but when.To hear the full discussion, including insights into OT vulnerabilities, real-world case studies, and cybersecurity best practices, listen to this episode of Redefining Cybersecurity on ITSP Magazine.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
In this Brand Story episode, Theresa Lanowitz, recently joined Sean Martin to share valuable insights drawn from LevelBlue's comprehensive 2024 Futures Report, a global study involving over 1,050 executives from C-suite levels across industries. The report offers a unique lens into the critical alignment between innovation, cybersecurity, and resilience. By examining seven key industry verticals—healthcare, retail, finance, manufacturing, transportation, energy, and state/local/higher education—LevelBlue highlights actionable strategies for building a resilient business ecosystem.Cyber Resilience: Beyond TechnologyLanowitz emphasizes that cyber resilience extends far beyond IT and cybersecurity; it represents the organization's ability to withstand and recover from disruptions affecting its entire digital and operational footprint. For instance, industries like manufacturing illustrate how sensors and IoT devices on production lines are now vital to efficiency. A single cyber event disrupting these systems could halt production, leading to cascading impacts. Lanowitz underscores the importance of cross-functional collaboration—between cybersecurity, application development, and operations teams—to ensure systems are brought back online effectively and seamlessly.Innovation vs. Security: A Delicate BalanceOne of the most striking findings from the report is that 73% of organizations prioritize innovation over mitigating risk, and 85% are willing to accept security risks in the pursuit of innovation. This trend spans industries, with examples ranging from healthcare's increased use of robotics in surgeries to transportation companies leveraging AI for optimizing fleet routes. Yet, Lanowitz points out a concerning disconnect: cybersecurity teams are often brought into projects late, treated as an afterthought rather than an integral part of the innovation process. This fragmented approach weakens resilience, leaving organizations vulnerable to threats.The Case for Secure by DesignLanowitz stresses the importance of adopting a “secure by design” approach, where security is integrated from the start. Treating security as a core architectural requirement prevents costly redesigns later and supports operational and performance goals. She draws a parallel between neglecting security during development and building a house without planning for heating or cooling systems—essential but often deprioritized elements.Trusted Advisors and Cybersecurity as a ServiceLanowitz also highlights the growing reliance on cybersecurity-as-a-service (CSaaS) and trusted advisors to bridge gaps in skills and resources. From setting up Security Operations Centers (SOCs) to conducting tabletop exercises and securing IoT networks, organizations increasingly turn to external partners like LevelBlue to fast-track initiatives. By leveraging these advisors, businesses gain industry-specific expertise, enabling tailored and scalable solutions that align security with innovation.Looking Ahead to 2025As LevelBlue prepares for its 2025 research, Lanowitz notes an increased focus on software supply chain security and the convergence of IT and operational technology (OT). These areas, coupled with a deeper exploration of how cybersecurity and business functions must align, will shape the next wave of insights into resilience and innovation.Theresa Lanowitz's expertise and LevelBlue's research underscore that building resilience requires more than just technical fixes—it demands an integrated approach where innovation, security, and business goals coexist seamlessly.Learn more about LevelBlue: https://itspm.ag/levelblue266f6cNote: This story contains promotional content. Learn more.Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber]On LinkedIn | https://www.linkedin.com/in/theresalanowitz/ResourcesTo learn more, download the complete findings of the 2024 LevelBlue Futures Report: Cyber Resilience in Retail here:https://itspm.ag/levelbjk57Learn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblueLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
On this episode of The Cybersecurity Defenders Podcast we speak with Sharon Florentine, Senior Managing Editor at CyberRisk Alliance, about the MSSP Alert 2024 Pricing Benchmark Report.Sharon is a master technology storyteller and editor with over two decades of experience in shaping the way we understand and engage with technology. Sharon's career spans an impressive range of platforms, from books and print magazines to podcasts, live events, and digital media. She's covered everything from AI and cybersecurity to career development and diversity in tech.Currently, Sharon is the Senior Managing Editor for CyberRisk Alliance's channel brands, ChannelE2E and MSSP Alert, where she's helping to expand the reach of these vital resources for the IT and cybersecurity communities. Sharon has a rich history of editorial leadership, including her previous role as Managing Editor at Techstrong Group, overseeing Cloud Native Now, DevOps.com, and Security Boulevard.She joins us to discuss the inaugural 2024 MSSP Pricing Benchmark Report—a critical resource for understanding the evolving managed security services market. You can get a copy of the report here: https://www.msspalert.com/whitepaper/mssp-alert-2024-pricing-benchmark
About the CISO Circuit SeriesSean Martin and Michael Piacente join forces roughly once per month (or so, depending on schedules) to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity for business and society. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin.____________________________Guests: Heather Hinton, CISO-in-Residence, Professional Association of CISOsOn LinkedIn | https://www.linkedin.com/in/heather-hinton-9731911/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMichael Piacente, Managing Partner and Cofounder of Hitch PartnersOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988LevelBlue | https://itspm.ag/levelblue266f6cThreatLocker | https://itspm.ag/threatlocker-r974___________________________Episode NotesIn this episode of the CISO Circuit Series, part of the Redefining Cybersecurity Podcast on ITSPmagazine, hosts Sean Martin and Michael Piacente welcomed Heather Hinton, seasoned cybersecurity leader, to discuss the evolving responsibilities and recognition of Chief Information Security Officers (CISOs). Their conversation explored the transformative work of the Professional Association of CISOs (PAC), an organization dedicated to establishing standards, accreditation, and support for cybersecurity leaders globally.This episode addressed three critical questions shaping the modern CISO role:How can CISOs build trust within their organizations?What is PAC doing to elevate cybersecurity as a recognized profession?How can CISOs prepare for increasing scrutiny and legal risks?Building Trust: A CISO's Key ResponsibilityHeather Hinton, whose career includes leadership roles like VP and CISO for IBM Cloud and PagerDuty, underscores that trust is foundational for a CISO's success. Beyond technical expertise, a CISO must demonstrate leadership, strategic thinking, and effective communication with boards, executives, and teams. Hinton highlights that cybersecurity should not be perceived as merely a technical function but as a critical enabler of business objectives.The PAC accreditation process reinforces this perspective by formalizing the skills needed to build trust. From fostering collaboration to aligning security strategies with organizational goals, PAC equips CISOs with tools to establish credibility and demonstrate value from day one.Elevating Cybersecurity as a Recognized ProfessionMichael Piacente, Managing Partner at Hitch Partners and co-host of the CISO Circuit Series, emphasizes PAC's role in professionalizing cybersecurity. By introducing a Code of Professional Conduct, structured accreditation programs, and robust career development resources, PAC is raising the bar for the profession. Hinton and Piacente explain that PAC's ultimate vision is to make membership and accreditation standard for CISO roles, akin to certifications we've come to expect and rely upon for doctors or lawyers.This vision reflects a growing recognition of cybersecurity as a discipline critical not only to organizations but to society as a whole. PAC's advocacy extends to shaping global policies, setting professional standards, and fostering an environment where CISOs are equipped to handle emerging challenges like hybrid warfare and AI-driven threats.Preparing for Legal Risks and Industry ChallengesThe conversation also delves into the increasing legal and regulatory scrutiny CISOs face. Piacente and Hinton stress the importance of having clear job descriptions, liability protections, and professional resources—areas where PAC is driving significant progress. By providing legal and mental health support, along with peer-driven mentorship, PAC empowers CISOs to navigate these challenges with confidence.Hinton notes that PAC is also a critical voice in addressing broader systemic risks, advocating for policies that protect CISOs while ensuring they are well-positioned to protect their organizations and society.Looking AheadWith goals to expand its membership to 1,000 and scale its accreditation programs by 2025, PAC is setting the foundation for a more unified and professionalized cybersecurity community. Hinton envisions PAC becoming a global authority, advising governments and organizations on cybersecurity standards and policies while fostering collaboration among professionals.For those aspiring to advance cybersecurity as a recognized profession, PAC offers a platform to shape the future of the field. Learn more about PAC and how to join at TheCISO.org.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
Matt Webb, head of cyber clients and strategy at Howden Re, joins Double Take to discuss the evolution and current state of cyber insurance, focusing on the impacts of ransomware, reputational harm and business interruption.