Podcasts about Information Security Forum

In this episode, Steve is in conversation with Betsy Cooper, director of the Aspen Policy Academy at the Aspen Institute. As an expert in cyber and tech policy, Betsy shares her thoughts on how policymakers can keep pace with the rapid developments in AI and quantum technology, building a futureproof compliance strategy, and AI risks. Steve and Betsy also discuss policymaking in a volatile world, how businesses can protect their image after a breach, and what can be done to get governments to care about online scams. Key Takeaways: Legislative experiments at the local and regional levels will be key for crafting strong, sensible, tech policy on the national level. Tabletop exercises are one of the best tools for preparing the C-suite for breaches and attacks. People must start to speak up against the growing prevalence of having to trade privacy for access to the most basic online tools and sites. Tune in to hear more about: Creating a “future-proof” compliance strategy (7:11) Protecting your brand following a breach, data theft, or disinformation campaigns (13:35) Trading access for personal information (22:31) Standout Quotes: “I do think that it would be preferable to have one coherent framework. I think industry would benefit from that if we did have that sort of framework. But also, I'm not sure that we're at the level of sophistication today that we'd be able to write the best framework because we haven't experimented enough. So I actually think that having the state and local sort of sandboxes leading to future federal policy is not a bad approach.” - Betsy Cooper “It's a very difficult thing to try to prove a negative, and that's why disinformation can be so powerful. But it's also a very fast-moving space, so the faster you can get in there with your counter-narrative, the more likely you are to be successful.” - Betsy Cooper “I'm the mother of a five-year-old, and in order to get my five-year-old's baseball schedule, I have to download an app on my phone. There is no web access for the app that has the baseball schedule. So in order to get that baseball schedule, I have to sign away a whole bunch of privacy just to get my kid to a sports game. I think that shouldn't be allowed.” - Betsy Cooper Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

In this episode, Steve is in conversation with Betsy Cooper, director of the Aspen Policy Academy at the Aspen Institute. As an expert in cyber and tech policy, Betsy shares her thoughts on how policymakers can keep pace with the rapid developments in AI and quantum technology, building a futureproof compliance strategy, and AI risks. Steve and Betsy also discuss policymaking in a volatile world, how businesses can protect their image after a breach, and what can be done to get governments to care about online scams. Key Takeaways: Legislative experiments at the local and regional levels will be key for crafting strong, sensible, tech policy on the national level. Tabletop exercises are one of the best tools for preparing the C-suite for breaches and attacks. People must start to speak up against the growing prevalence of having to trade privacy for access to the most basic online tools and sites. Tune in to hear more about: Creating a “future-proof” compliance strategy (7:11) Protecting your brand following a breach, data theft, or disinformation campaigns (13:35) Trading access for personal information (22:31) Standout Quotes: “I do think that it would be preferable to have one coherent framework. I think industry would benefit from that if we did have that sort of framework. But also, I'm not sure that we're at the level of sophistication today that we'd be able to write the best framework because we haven't experimented enough. So I actually think that having the state and local sort of sandboxes leading to future federal policy is not a bad approach.” - Betsy Cooper “It's a very difficult thing to try to prove a negative, and that's why disinformation can be so powerful. But it's also a very fast-moving space, so the faster you can get in there with your counter-narrative, the more likely you are to be successful.” - Betsy Cooper “I'm the mother of a five-year-old, and in order to get my five-year-old's baseball schedule, I have to download an app on my phone. There is no web access for the app that has the baseball schedule. So in order to get that baseball schedule, I have to sign away a whole bunch of privacy just to get my kid to a sports game. I think that shouldn't be allowed.” - Betsy Cooper Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today's guest is Dr. Keith Morneau, an experienced cybersecurity professional who currently serves as Dean of Computer and Information Science at ECPI University. Steve and Kieth discuss the future of the cyber workforce, cyber education, and if AI is taking our jobs. Steve also asks Keith to step into the shoes of a CEO…Key Takeaways: In today's cyber world, having an understanding of how systems interact is more important than ever. People with non-technical backgrounds are often quick learners when it comes to cyber, and bring in fresh perspectives.  In new hires, executives should look for people who understand how to work with AI.  Tune in to hear more about: How AI can help junior staff and those entering the cyber workforce (6:15) Dr. Morneau's ”prepare, practice, perform, assess” philosophy (13:23) One obsolete role chief executives should stop hiring for, and one emerging role they haven't even thought about yet (21:15)  Standout Quotes: “We're really still in the baby steps of AI, in the beginning stages of it. What I've noticed of a lot of folks, there's AI there, but they're not 100% understanding how it all works, how the AI actually has to be trained and all that. I think over time what we'll see is the increase in knowledge and skill set using AI for what they're doing in their jobs should help with the bottom line over time.” - Dr. Keith Morneau “The biggest issue in cybersecurity are the AI systems that are very vulnerable to attacks.” - Dr. Keith Morneau “The type of person you need to look at is the person who's able to use AI to do the job that you need them to be able to do better and faster, and be more efficient at it. What you have to be careful of is the people that are going to be obsolete are the ones that are basically fighting the AI and not using AI at all to help them, because that is pretty much they are going to be dinosaurs soon, if they're not already dinosaurs.” - Dr. Keith Morneau Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today's guest is Dr. Keith Morneau, an experienced cybersecurity professional who currently serves as Dean of Computer and Information Science at ECPI University. Steve and Kieth discuss the future of the cyber workforce, cyber education, and if AI is taking our jobs. Steve also asks Keith to step into the shoes of a CEO…Key Takeaways: In today's cyber world, having an understanding of how systems interact is more important than ever. People with non-technical backgrounds are often quick learners when it comes to cyber, and bring in fresh perspectives.  In new hires, executives should look for people who understand how to work with AI.  Tune in to hear more about: How AI can help junior staff and those entering the cyber workforce (6:15) Dr. Morneau's ”prepare, practice, perform, assess” philosophy (13:23) One obsolete role chief executives should stop hiring for, and one emerging role they haven't even thought about yet (21:15)  Standout Quotes: “We're really still in the baby steps of AI, in the beginning stages of it. What I've noticed of a lot of folks, there's AI there, but they're not 100% understanding how it all works, how the AI actually has to be trained and all that. I think over time what we'll see is the increase in knowledge and skill set using AI for what they're doing in their jobs should help with the bottom line over time.” - Dr. Keith Morneau “The biggest issue in cybersecurity are the AI systems that are very vulnerable to attacks.” - Dr. Keith Morneau “The type of person you need to look at is the person who's able to use AI to do the job that you need them to be able to do better and faster, and be more efficient at it. What you have to be careful of is the people that are going to be obsolete are the ones that are basically fighting the AI and not using AI at all to help them, because that is pretty much they are going to be dinosaurs soon, if they're not already dinosaurs.” - Dr. Keith Morneau Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today's episode, Steve sits down with John “Jock" Brocas, a former military member who is now an executive mentor and strategic intuitive intelligence advisor to the C-suite. Jock is far from your typical cyber professional, but his experience working with executives gives him a compelling perspective on challenges faced in our industry. Steve and Jock discuss how we can train ourselves to block out the noise and become better at recognizing the real threats to our business, the value of mindfulness and managing stress, and why leaders must see the big picture. Jock also shares his thoughts on deepfakes, from the perspective of a medium. Key Takeaways: Adopting a warrior mindset means blending logic and intuition. Taking a break, even just for a few seconds, is crucial to managing stressful situations. Meditating can help you become better at discerning what matters and what doesn't.  Tune in to hear more about: Discerning the signal from the noise () How leaders can help their teams manage stress, both long-term and in acute situations () Jock's thoughts on deepfakes () Standout Quotes: “Logic and intuition are not separate. And this is the biggest mistake we make. We don't fail in making decisions, especially in the cyber world because of the amount of data we have. We fail at the discernment of maybe that data.” - Jock Brocas “I think it's important as well that looking at a more spiritual outlook to things, not religious in any way, a meditative or a contemplative side of things. And how many security professionals or cybersecurity professionals take time for themselves to actually even breathe in between doing something?” - Jock Brocas “Discernment, even as a cyber professional, is important. So discernment of the self, discernment of the mind, that's important.” - Jock Brocas Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today's episode, Steve sits down with John “Jock" Brocas, a former military member who is now an executive mentor and strategic intuitive intelligence advisor to the C-suite. Jock is far from your typical cyber professional, but his experience working with executives gives him a compelling perspective on challenges faced in our industry. Steve and Jock discuss how we can train ourselves to block out the noise and become better at recognizing the real threats to our business, the value of mindfulness and managing stress, and why leaders must see the big picture. Jock also shares his thoughts on deepfakes, from the perspective of a medium. Key Takeaways: Adopting a warrior mindset means blending logic and intuition. Taking a break, even just for a few seconds, is crucial to managing stressful situations. Meditating can help you become better at discerning what matters and what doesn't.  Tune in to hear more about: Discerning the signal from the noise () How leaders can help their teams manage stress, both long-term and in acute situations () Jock's thoughts on deepfakes () Standout Quotes: “Logic and intuition are not separate. And this is the biggest mistake we make. We don't fail in making decisions, especially in the cyber world because of the amount of data we have. We fail at the discernment of maybe that data.” - Jock Brocas “I think it's important as well that looking at a more spiritual outlook to things, not religious in any way, a meditative or a contemplative side of things. And how many security professionals or cybersecurity professionals take time for themselves to actually even breathe in between doing something?” - Jock Brocas “Discernment, even as a cyber professional, is important. So discernment of the self, discernment of the mind, that's important.” - Jock Brocas Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today's episode might sound a little bit different, but it's a really important conversation. Steve sits down with Emily Holyoake, co-founder of Not A Standard and the brain behind the FRAME Network, to talk about the human harm of cyber attacks, gender-based violence, tech-facilitated abuse, and diversity in the cybersecurity industry. Steve also asks Emily to envision the future of the cyber workforce, one that creates safety for society and people, not just machines and data. Key Takeaways: Every attack begins and ends with a human and a breach can have an existential impact on people's lives. Attribution too often is aimed at individual humans, when we should look at the systems that enabled the person to cause the harm. Diversity within your teams enables a richer environment for problem-solving. Tune in to hear more about: The SAFE Framework (1:57) Why Emily pen-tests her personal life – and why you should, too (18:44) Building a cyber workforce for a safer society (20:56) Standout Quotes: “A person clicks on a phishing link that results in a breach. So we blame the individual instead of thinking what did the system, literally or figuratively, allow to happen that meant that person clicked on that link? But we think we've got to find the root cause. So we pick a human rather than thinking about what the system enabled.” - Emily Holyoake “Every attack begins and ends with a human, fundamentally. In security, we talk so often about people being the weakest link. Fair enough, right? You can have all the technical controls in the world and it just takes one person to break that. But we wouldn't have this business, we wouldn't have this culture, we wouldn't have anything without these people. And so people are, if anything, our greatest asset.” - Emily Holyoake “When you have a diverse group of people thinking about the same problem in different ways from different backgrounds, different experiences, you're going to get an infinitely richer understanding or solution to a problem.” - Emily Holyoake Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today's episode might sound a little bit different, but it's a really important conversation. Steve sits down with Emily Holyoake, co-founder of Not A Standard and the brain behind the FRAME Network, to talk about the human harm of cyber attacks, gender-based violence, tech-facilitated abuse, and diversity in the cybersecurity industry. Steve also asks Emily to envision the future of the cyber workforce, one that creates safety for society and people, not just machines and data. Key Takeaways: Every attack begins and ends with a human and a breach can have an existential impact on people's lives. Attribution too often is aimed at individual humans, when we should look at the systems that enabled the person to cause the harm. Diversity within your teams enables a richer environment for problem-solving. Tune in to hear more about: The SAFE Framework (1:57) Why Emily pen-tests her personal life – and why you should, too (18:44) Building a cyber workforce for a safer society (20:56) Standout Quotes: “A person clicks on a phishing link that results in a breach. So we blame the individual instead of thinking what did the system, literally or figuratively, allow to happen that meant that person clicked on that link? But we think we've got to find the root cause. So we pick a human rather than thinking about what the system enabled.” - Emily Holyoake “Every attack begins and ends with a human, fundamentally. In security, we talk so often about people being the weakest link. Fair enough, right? You can have all the technical controls in the world and it just takes one person to break that. But we wouldn't have this business, we wouldn't have this culture, we wouldn't have anything without these people. And so people are, if anything, our greatest asset.” - Emily Holyoake “When you have a diverse group of people thinking about the same problem in different ways from different backgrounds, different experiences, you're going to get an infinitely richer understanding or solution to a problem.” - Emily Holyoake Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today we bring back one of our favorite guests: former US most-wanted cybercriminal Brett Johnson. It's been seven years since he was last on the show, and much has happened in the world of cyber. Brett shares how his perspective has changed in the past few years, and gives his thoughts on how new technologies impact cyber crime. Steve and Brett discuss compliance and what Brett's path from prison to helping law enforcement means for other cyber criminals. Brett also answers some rapid-fire questions.Key Takeaways:  Increased ease of access to cybercrime tools and services, along with manpower problems in law enforcement, are key reasons for why cyber crime is one of the world's largest economies today. Enterprises must shift focus from trying to block every attack to protecting their crown jewels for when an attack inevitably gets through.   Bad things happen because good people remain silent.  Tune in to hear more about: Why cybersecurity awareness training often fail (13:32) If Brett's path to redemption is still viable for today's cyber criminals (16:57) Some rapid-fire questions to Brett (21:35) Standout Quotes: “Cybersecurity and security overall is not a romantic thing. It's not an exotic thing. It's simply doing the nuts and bolts of what you need to do. And the problem is that largely that's not happening in the environment. If you've got management that's more interested in butter than they are in guns, you've got those types of issues.” - Brett Johnson “Cybersecurity awareness training or fraud prevention training, scam awareness, anything like that, we tend to educate at a very rational level. For scams and a lot of fraud and stuff like that, it doesn't happen at a rational level. If I'm trying to attack a person and compromise that person, I'm not doing it at a rational level. I'm doing it at an emotional level. I'm trying to get you to set reason and logic aside and to react emotionally. So all that training takes place at that rational level. You can understand it there. That doesn't mean that you understand it at the emotional level whatsoever.” - Brett Johnson “Is it harder? In one respect it is because we now have people that are aware of how money is moved, what criminals seek to do with it. Banks have become more aware of a lot of the new ways to launder and funnel funds. In many ways, it's much harder, but at the same time, criminal networks have adapted to that difficulty.” - Brett Johnson Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today we bring back one of our favorite guests: former US most-wanted cybercriminal Brett Johnson. It's been seven years since he was last on the show, and much has happened in the world of cyber. Brett shares how his perspective has changed in the past few years, and gives his thoughts on how new technologies impact cyber crime. Steve and Brett discuss compliance and what Brett's path from prison to helping law enforcement means for other cyber criminals. Brett also answers some rapid-fire questions.Key Takeaways:  Increased ease of access to cybercrime tools and services, along with manpower problems in law enforcement, are key reasons for why cyber crime is one of the world's largest economies today. Enterprises must shift focus from trying to block every attack to protecting their crown jewels for when an attack inevitably gets through.   Bad things happen because good people remain silent.  Tune in to hear more about: Why cybersecurity awareness training often fail (13:32) If Brett's path to redemption is still viable for today's cyber criminals (16:57) Some rapid-fire questions to Brett (21:35) Standout Quotes: “Cybersecurity and security overall is not a romantic thing. It's not an exotic thing. It's simply doing the nuts and bolts of what you need to do. And the problem is that largely that's not happening in the environment. If you've got management that's more interested in butter than they are in guns, you've got those types of issues.” - Brett Johnson “Cybersecurity awareness training or fraud prevention training, scam awareness, anything like that, we tend to educate at a very rational level. For scams and a lot of fraud and stuff like that, it doesn't happen at a rational level. If I'm trying to attack a person and compromise that person, I'm not doing it at a rational level. I'm doing it at an emotional level. I'm trying to get you to set reason and logic aside and to react emotionally. So all that training takes place at that rational level. You can understand it there. That doesn't mean that you understand it at the emotional level whatsoever.” - Brett Johnson “Is it harder? In one respect it is because we now have people that are aware of how money is moved, what criminals seek to do with it. Banks have become more aware of a lot of the new ways to launder and funnel funds. In many ways, it's much harder, but at the same time, criminal networks have adapted to that difficulty.” - Brett Johnson Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve returns to Business Matters with Juliette Foster. The war continues to rage in Iran, and with it comes an increasing threat of cyber attacks. Steve shares his thoughts on what the conflict means for cyber investment in the private sector, British critical infrastructure, and the British government's approach to cyber resilience. Steve and Juliette also discuss the UK Financial Minister's Spring Statement, which didn't include any references to cybersecurity. What does this omission signal? How will multinational companies react? Is cyber a macro economic issue? This, and more, in Steve's latest appearance on Business Matters.Key Takeaways:  Cyber is a macroeconomic issue, not just a technical one.  AI has changed the way that the threat landscape is evolving, but it's also brought benefits for cyber defence.  Governments have limited abilities to support the cyber resilience of the private sector; cooperation between large enterprises supports the whole business landscape. Tune in to hear more about: If Steve thinks the UK Finance Minister's spring statement will impact cyber investments (8:57) The impact on UK businesses of slower economic growth in the UK (14:59) The state of government cyber resilience in the UK (22:39) Standout Quotes: “What you have to do is you have to look at your crown jewels and back to this minimum viable company notion that I mentioned right at the beginning of our chat. You have to understand what the most critical elements of your business are, and then you can track those through these complex supply chains. Those are the pieces you need to be protecting because that's what's gonna bring your business down or ensure that you can continue to operate.”  - Steve Durbin “The business climate in the UK at the moment is exceptionally tough, exceptionally demanding. I think if you look at some of the legislation that's recently come in particularly around hiring, retaining employees, the sheer cost of doing business has risen pretty much exponentially for most organizations, and that means that they have to make cuts somewhere. If they can't do it in terms of some of the core business, they will look to some of the fringe elements. So if you've got an organization that perhaps does not view cyber as being core to what they do, then that may well be somewhere where a cut is made.” - Steve Durbin “I think we'll certainly see a maturing of the industry. It's a very young industry still in terms of the way that it's evolving and changing, and I think that with the benefit of a couple of years under our belt, then most organizations will have moved to a stronger position from a maturity standpoint, and I would hope certainly that we're talking very much more about resilience rather than protection.” Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve returns to Business Matters with Juliette Foster. The war continues to rage in Iran, and with it comes an increasing threat of cyber attacks. Steve shares his thoughts on what the conflict means for cyber investment in the private sector, British critical infrastructure, and the British government's approach to cyber resilience. Steve and Juliette also discuss the UK Financial Minister's Spring Statement, which didn't include any references to cybersecurity. What does this omission signal? How will multinational companies react? Is cyber a macro economic issue? This, and more, in Steve's latest appearance on Business Matters.Key Takeaways:  Cyber is a macroeconomic issue, not just a technical one.  AI has changed the way that the threat landscape is evolving, but it's also brought benefits for cyber defence.  Governments have limited abilities to support the cyber resilience of the private sector; cooperation between large enterprises supports the whole business landscape. Tune in to hear more about: If Steve thinks the UK Finance Minister's spring statement will impact cyber investments (8:57) The impact on UK businesses of slower economic growth in the UK (14:59) The state of government cyber resilience in the UK (22:39) Standout Quotes: “What you have to do is you have to look at your crown jewels and back to this minimum viable company notion that I mentioned right at the beginning of our chat. You have to understand what the most critical elements of your business are, and then you can track those through these complex supply chains. Those are the pieces you need to be protecting because that's what's gonna bring your business down or ensure that you can continue to operate.”  - Steve Durbin “The business climate in the UK at the moment is exceptionally tough, exceptionally demanding. I think if you look at some of the legislation that's recently come in particularly around hiring, retaining employees, the sheer cost of doing business has risen pretty much exponentially for most organizations, and that means that they have to make cuts somewhere. If they can't do it in terms of some of the core business, they will look to some of the fringe elements. So if you've got an organization that perhaps does not view cyber as being core to what they do, then that may well be somewhere where a cut is made.” - Steve Durbin “I think we'll certainly see a maturing of the industry. It's a very young industry still in terms of the way that it's evolving and changing, and I think that with the benefit of a couple of years under our belt, then most organizations will have moved to a stronger position from a maturity standpoint, and I would hope certainly that we're talking very much more about resilience rather than protection.” Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today's episode is a special one, recorded to announce an exciting and important new partnership between ISF and the organisation Prostate Cancer Research. Joining the show is PCR CEO Oliver Kemp, who for nearly a decade has worked to ensure fewer men suffer and die from prostate cancer. Steve and Oliver talk about how prostate cancer screening works and the importance of catching it early. The two also talk about the partnership and how it will help PCR's efforts across the UK. Key Takeaways: Early detection saves lives. If you find prostate cancer before it has reached stage 3, the survival rate is 100%. A cancer battle will affect people around you, but they will also be the people whom you can draw strength and support from.  Access to cancer screening varies between regions and demographics.  Tune in to hear more about: What PSA is and how testing for prostate cancer is done (5:28) The new partnership between ISF and PCR (18:58) How AI and new technologies can help in cancer detection (22:34) Standout Quotes: “I think us men are not always the best at going and looking after ourselves and we often need to be nagged to go out and do something. But if you've got prostate cancer, it's gonna get you one way or another, and it'll gradually grow inside of you. And it's far better getting it early and having a relatively simple procedure, which you can now be in and out of hospital in a single day rather than late-stage prostate cancer, which will have very different consequences.” - Oliver Kemp  “I think one of the great things about this partnership is first of all, we're aiming at people who often don't get tested. And there are lots of PSA tests happening across this country, but they're often focused on regional areas. So southeast of England, London has lots of testing. It has lots of the best hospitals in the world, whereas other parts of the country don't have access to that.” - Oliver Kemp  “And for people in cybersecurity, it's about being as proactive about your own health as you are about protecting your organization. So it isn't about waiting for symptoms. I didn't have any. Look at PSA tests. We've said on this show it's a very low cost. And the people that I've come across who've certainly taken that step, and sadly there are more of us than people might think, all tell me the same thing. And as for partners, families, friends that are listening, don't underestimate the power of your encouragement just being there. That's really important. You don't have to do anything big. It's just a quiet conversation that could genuinely help.” - Steve Durbin Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today's episode is a special one, recorded to announce an exciting and important new partnership between ISF and the organisation Prostate Cancer Research. Joining the show is PCR CEO Oliver Kemp, who for nearly a decade has worked to ensure fewer men suffer and die from prostate cancer. Steve and Oliver talk about how prostate cancer screening works and the importance of catching it early. The two also talk about the partnership and how it will help PCR's efforts across the UK. Key Takeaways: Early detection saves lives. If you find prostate cancer before it has reached stage 3, the survival rate is 100%. A cancer battle will affect people around you, but they will also be the people whom you can draw strength and support from.  Access to cancer screening varies between regions and demographics.  Tune in to hear more about: What PSA is and how testing for prostate cancer is done (5:28) The new partnership between ISF and PCR (18:58) How AI and new technologies can help in cancer detection (22:34) Standout Quotes: “I think us men are not always the best at going and looking after ourselves and we often need to be nagged to go out and do something. But if you've got prostate cancer, it's gonna get you one way or another, and it'll gradually grow inside of you. And it's far better getting it early and having a relatively simple procedure, which you can now be in and out of hospital in a single day rather than late-stage prostate cancer, which will have very different consequences.” - Oliver Kemp  “I think one of the great things about this partnership is first of all, we're aiming at people who often don't get tested. And there are lots of PSA tests happening across this country, but they're often focused on regional areas. So southeast of England, London has lots of testing. It has lots of the best hospitals in the world, whereas other parts of the country don't have access to that.” - Oliver Kemp  “And for people in cybersecurity, it's about being as proactive about your own health as you are about protecting your organization. So it isn't about waiting for symptoms. I didn't have any. Look at PSA tests. We've said on this show it's a very low cost. And the people that I've come across who've certainly taken that step, and sadly there are more of us than people might think, all tell me the same thing. And as for partners, families, friends that are listening, don't underestimate the power of your encouragement just being there. That's really important. You don't have to do anything big. It's just a quiet conversation that could genuinely help.” - Steve Durbin Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today's episode, Steve speaks with Martina Navratilova. Martina is one of the most accomplished tennis players of all time, holding the record for most open era titles and Wimbledon wins. Since retiring from tennis, Martina has been a vocal advocate for gay rights and cancer awareness. In her conversation with Steve, she talks about the importance of screening and early detection, and why self-awareness and kindness to yourself are essential when you're going through something difficult. The two also discuss adapting to change, how to read your opponents and why rehearsing matters – both on the tennis court and in the world of cyber. Martina also gives the audience a piece of advice on staying resilient in the face of uncertainty, from the perspective of a champion.Key Takeaways: If something doesn't feel right in your body, get tested. And even if you're feeling fine, do that annual physical.  There is no substitute for practice when it comes to crisis preparedness. Breaches will happen, it's about how you respond – with clarity and honesty – that matters. Tune in to hear more about: Some news from Steve (1:33) Building the right team (10:18) Recovering after a breach (13:24) Standout Quotes: “We tend to overreact and overcorrect. Less is more in just about everything in life. Less is more. You can always add to it. But if you go too far, you've gone too far.” - Martina Navratilova “At the end of the day, if you are the big boss, you are making the decisions, you have to trust your gut. So you take all the information in, but you have to say, ‘Okay, what really feels right with my knowledge, with my intelligence, with my history, what is the best way forward?'” - Martina Navratilova “No system is bulletproof no matter what. You may hit the best serve ever, but that person guessed and they get it back. It's how you bounce back from that. But nothing is bulletproof. You just need to figure out where was the breach, how can we fix it and avoid doing it again?” - Martina Navratilova Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today's episode, Steve speaks with Martina Navratilova. Martina is one of the most accomplished tennis players of all time, holding the record for most open era titles and Wimbledon wins. Since retiring from tennis, Martina has been a vocal advocate for gay rights and cancer awareness. In her conversation with Steve, she talks about the importance of screening and early detection, and why self-awareness and kindness to yourself are essential when you're going through something difficult. The two also discuss adapting to change, how to read your opponents and why rehearsing matters – both on the tennis court and in the world of cyber. Martina also gives the audience a piece of advice on staying resilient in the face of uncertainty, from the perspective of a champion.Key Takeaways: If something doesn't feel right in your body, get tested. And even if you're feeling fine, do that annual physical.  There is no substitute for practice when it comes to crisis preparedness. Breaches will happen, it's about how you respond – with clarity and honesty – that matters. Tune in to hear more about: Some news from Steve (1:33) Building the right team (10:18) Recovering after a breach (13:24) Standout Quotes: “We tend to overreact and overcorrect. Less is more in just about everything in life. Less is more. You can always add to it. But if you go too far, you've gone too far.” - Martina Navratilova “At the end of the day, if you are the big boss, you are making the decisions, you have to trust your gut. So you take all the information in, but you have to say, ‘Okay, what really feels right with my knowledge, with my intelligence, with my history, what is the best way forward?'” - Martina Navratilova “No system is bulletproof no matter what. You may hit the best serve ever, but that person guessed and they get it back. It's how you bounce back from that. But nothing is bulletproof. You just need to figure out where was the breach, how can we fix it and avoid doing it again?” - Martina Navratilova Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

In this week's episode, Steve sits down with conductor, pianist, comedian, and broadcaster Rainer Hersch. Rainer leans on his orchestra experience to explain how leaders outside the concert hall can build deep trust and strike a balance between discipline and adaptability in a rapidly changing world. He also reveals his secret leadership weapon: humor. Key Takeaways: Conducting an orchestra has many parallels to leading a business. Not every team member must know the entire business, but the leaders do.  Good conducting—and by extension, good leadership—is a back-and-forth effort between leaders and those being led. Tune in to hear more about: How conductors make different parts of the orchestra function in harmony (1:53) Flexibility in an orchestra and in business (6:59) How Hersch uses humor in his work as a conductor (14:54) Standout Quotes: “These analogies are very similar to how any large organization works. The only person actually who's got the kind of blueprint for the product that the orchestra is presenting to its customers, that is the orchestra score, is the conductor. Everybody else has just got their individual parts of the project. So coming together in that way musically, well, requires listening, it requires following in certain occasions, leading in others.” - Rainer Hersch “The conductor is the person who's given that one job of examining this plain piece of writing and going, okay, this is what is intended, this is the emotion that is intended. And in order to bring that emotion out, we need to do this in a certain way, and inspiring and motivating everybody else to participate in that irrespective of how they would personally go about it.” - Rainer Hersch “There are mistakes that happen in a performance, and I'm not going to stop every single mistake and go, ‘Duh-uh, bar 24 flutes.' No. There are some things that happen, I know they will be fixed by the individual players. In a rehearsal, something happens, they miss the queue. I'll say, that'll be all right in the performance, won't it? Yes, it will. They've seen that I've seen it, and that's enough for them.” - Rainer Hersch Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

In this week's episode, Steve sits down with conductor, pianist, comedian, and broadcaster Rainer Hersch. Rainer leans on his orchestra experience to explain how leaders outside the concert hall can build deep trust and strike a balance between discipline and adaptability in a rapidly changing world. He also reveals his secret leadership weapon: humor. Key Takeaways: Conducting an orchestra has many parallels to leading a business. Not every team member must know the entire business, but the leaders do.  Good conducting—and by extension, good leadership—is a back-and-forth effort between leaders and those being led. Tune in to hear more about: How conductors make different parts of the orchestra function in harmony (1:53) Flexibility in an orchestra and in business (6:59) How Hersch uses humor in his work as a conductor (14:54) Standout Quotes: “These analogies are very similar to how any large organization works. The only person actually who's got the kind of blueprint for the product that the orchestra is presenting to its customers, that is the orchestra score, is the conductor. Everybody else has just got their individual parts of the project. So coming together in that way musically, well, requires listening, it requires following in certain occasions, leading in others.” - Rainer Hersch “The conductor is the person who's given that one job of examining this plain piece of writing and going, okay, this is what is intended, this is the emotion that is intended. And in order to bring that emotion out, we need to do this in a certain way, and inspiring and motivating everybody else to participate in that irrespective of how they would personally go about it.” - Rainer Hersch “There are mistakes that happen in a performance, and I'm not going to stop every single mistake and go, ‘Duh-uh, bar 24 flutes.' No. There are some things that happen, I know they will be fixed by the individual players. In a rehearsal, something happens, they miss the queue. I'll say, that'll be all right in the performance, won't it? Yes, it will. They've seen that I've seen it, and that's enough for them.” - Rainer Hersch Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve sits down with Dr. Helena Boschi, globally acclaimed psychologist, to talk about the best security system of all: the human brain. The two discuss how stress impacts performance in high stakes environments like cybersecurity, why trust and psychological safety matter more than ever, and what leaders can do to help their team stay calm, focused, and creative even when the pressure is on. Finally, Dr. Boschi also explains what neuroscience reveals about how we can train our brains to become more cyber resilient. Key Takeaways: Leaders must be aware of the early warning signs of too much stress – memory loss, absentmindedness, sudden outbursts, etc.  Leaders must strike a balance between quick results and allow teams to think about problems in new ways, even if it takes a little longer. The brain is not great at adapting to big changes, so introduce new things in chunks to make the transition easier.  Tune in to hear more about: How the brain can help us become better leaders (11:26) Digital fatigue (19:56) How leaders help teams embrace change (25:50) Standout Quotes: “If you can see that if people start behaving in a much more emotional way than normal or they're struggling to make decisions or they're a bit absent-minded, time for leaders to say, let's just take a pause and let's think about what's going on. By the time these warning signs are spilled over into physical and behavioral ones, it's normally then almost too late.” - Dr. Helena Boschi “In a world with endless distraction, we have got information coming at us from all directions, and we simply don't have the brain power to deal with it all. So the brain selects what it wants to focus on based on what's important to that person. So what's important for me may not be important for you. We have to select, the brain has to actively select – this is called selective attention. Selective attention also makes us blind to the things we are choosing not to focus on. And you might pick up something that I am blind to. So your selective attention might help me see what I can't see. So it's really important to surround yourself with people who disagree with you, who see the world differently, because their blindness will be different to our blindness.” -  Dr. Helena Boschi “Human beings are quite fallible and they're quite flawed because we have a brain that is not optimized for making the best decisions. It's optimized for making the best decisions for me, but often not for the collective. And when it comes to information security, again, it's not really optimized. If the brain is tired or hungry, it won't make great decisions. So I think coming back to basics for the brain is really important. Keeping the brain in its most healthy state is probably the best thing that cybersecurity professionals can do, and that means keeping the body very active.”  - Dr. Helena Boschi Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve sits down with Dr. Helena Boschi, globally acclaimed psychologist, to talk about the best security system of all: the human brain. The two discuss how stress impacts performance in high stakes environments like cybersecurity, why trust and psychological safety matter more than ever, and what leaders can do to help their team stay calm, focused, and creative even when the pressure is on. Finally, Dr. Boschi also explains what neuroscience reveals about how we can train our brains to become more cyber resilient. Key Takeaways: Leaders must be aware of the early warning signs of too much stress – memory loss, absentmindedness, sudden outbursts, etc.  Leaders must strike a balance between quick results and allow teams to think about problems in new ways, even if it takes a little longer. The brain is not great at adapting to big changes, so introduce new things in chunks to make the transition easier.  Tune in to hear more about: How the brain can help us become better leaders (11:26) Digital fatigue (19:56) How leaders help teams embrace change (25:50) Standout Quotes: “If you can see that if people start behaving in a much more emotional way than normal or they're struggling to make decisions or they're a bit absent-minded, time for leaders to say, let's just take a pause and let's think about what's going on. By the time these warning signs are spilled over into physical and behavioral ones, it's normally then almost too late.” - Dr. Helena Boschi “In a world with endless distraction, we have got information coming at us from all directions, and we simply don't have the brain power to deal with it all. So the brain selects what it wants to focus on based on what's important to that person. So what's important for me may not be important for you. We have to select, the brain has to actively select – this is called selective attention. Selective attention also makes us blind to the things we are choosing not to focus on. And you might pick up something that I am blind to. So your selective attention might help me see what I can't see. So it's really important to surround yourself with people who disagree with you, who see the world differently, because their blindness will be different to our blindness.” -  Dr. Helena Boschi “Human beings are quite fallible and they're quite flawed because we have a brain that is not optimized for making the best decisions. It's optimized for making the best decisions for me, but often not for the collective. And when it comes to information security, again, it's not really optimized. If the brain is tired or hungry, it won't make great decisions. So I think coming back to basics for the brain is really important. Keeping the brain in its most healthy state is probably the best thing that cybersecurity professionals can do, and that means keeping the body very active.”  - Dr. Helena Boschi Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve is in conversation with Jaya Baloo, COO at Aisle. One of the world's leading experts on quantum technology and cybersecurity, Jaya shares what the future of quantum computing looks like and what businesses can do to prepare for a quantum-prevalent world. She also offers her view of how cyber and quantum technology will co-evolve in the next 10 to 20 years. Key Takeaways: You should have started preparing for quantum yesterday. Cybersecurity stands out among areas of quantum as a space where quantum may first be used by governments to attack adversaries. More diversity is needed in quantum development.  Tune in to hear more about: How to begin your journey to quantum-ready today (8:17) How diversity can shape responsible development of quantum (13:48) Jaya Baloo's view on quantum in 10-20 years (15:58) Standout Quotes: “ Cybersecurity is something really special here because unfortunately we do not have only from quantum, the same ability to protect as we have to attack. And I worry that the first application of these technologies beyond the sensors, the first real application from governments will be that offensive use to attack our current cryptographic stack.” - Jaya Baloo “I think in general, especially now with the whole onslaught against everything DEI, I actually think it's such a shame to waste time on excluding anyone from anything. We really need the best skillset we can possibly get. And what you see is that, especially in areas like quantum, there's not enough diversity.” - Jaya Baloo “So what I really think that we need to think about is how do we democratize, as much as possible, access to our defense against a potential quantum threat, and how do we democratize the availability of quantum computing in order to benefit all of humanity?” - Jaya Baloo Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve is in conversation with Jaya Baloo, COO at Aisle. One of the world's leading experts on quantum technology and cybersecurity, Jaya shares what the future of quantum computing looks like and what businesses can do to prepare for a quantum-prevalent world. She also offers her view of how cyber and quantum technology will co-evolve in the next 10 to 20 years. Key Takeaways: You should have started preparing for quantum yesterday. Cybersecurity stands out among areas of quantum as a space where quantum may first be used by governments to attack adversaries. More diversity is needed in quantum development.  Tune in to hear more about: How to begin your journey to quantum-ready today (8:17) How diversity can shape responsible development of quantum (13:48) Jaya Baloo's view on quantum in 10-20 years (15:58) Standout Quotes: “ Cybersecurity is something really special here because unfortunately we do not have only from quantum, the same ability to protect as we have to attack. And I worry that the first application of these technologies beyond the sensors, the first real application from governments will be that offensive use to attack our current cryptographic stack.” - Jaya Baloo “I think in general, especially now with the whole onslaught against everything DEI, I actually think it's such a shame to waste time on excluding anyone from anything. We really need the best skillset we can possibly get. And what you see is that, especially in areas like quantum, there's not enough diversity.” - Jaya Baloo “So what I really think that we need to think about is how do we democratize, as much as possible, access to our defense against a potential quantum threat, and how do we democratize the availability of quantum computing in order to benefit all of humanity?” - Jaya Baloo Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve returns to Business Matters with Juliette Foster. In this conversation, Steve recaps 2025 in cyber and shares what he sees as the biggest risks heading into 2026. The two also discuss resilience and compliance, as well as the growing importance of togetherness among businesses…Key Takeaways: Companies would be wise to conduct frequent cyber audits.  Supply-chain disruptions can have long-lasting, reputational effects.  How we protect the integrity of our data is at the core of cybersecurity.  Tune in to hear more about: The relationship between government business in cyber (12:56) How boards should plan for a cyber attack (15:40) Collaborating within and across industries (22:24) Standout Quotes: “I've said many times that good compliance doesn't equal good security, but good security does equal, nine times out of 10, very good compliance. So where do we go with all of that? I do think that we're probably getting to a point, sadly, where we need to be viewing some of the security processes that we need to undergo in the same way as we consider financial audits.” - Steve Durbin “I think that the day is gone when you can rely on your defenses. So boards have to be planning for the day when the defenses fail. When an attack really starts to make an impact on your business. The starting point is to figure out how long you can be without your systems. It may sound like a strange thing to say, but that's the important starting point for me.” - Steve Durbin “Security is not, in my opinion anyway, a competitive advantage. And because it's not a competitive advantage, there shouldn't be this massive barrier to sharing some of the ideas, some of the attacks that are out there for the good of the industry.” - Steve Durbin  Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve returns to Business Matters with Juliette Foster. In this conversation, Steve recaps 2025 in cyber and shares what he sees as the biggest risks heading into 2026. The two also discuss resilience and compliance, as well as the growing importance of togetherness among businesses…Key Takeaways: Companies would be wise to conduct frequent cyber audits.  Supply-chain disruptions can have long-lasting, reputational effects.  How we protect the integrity of our data is at the core of cybersecurity.  Tune in to hear more about: The relationship between government business in cyber (12:56) How boards should plan for a cyber attack (15:40) Collaborating within and across industries (22:24) Standout Quotes: “I've said many times that good compliance doesn't equal good security, but good security does equal, nine times out of 10, very good compliance. So where do we go with all of that? I do think that we're probably getting to a point, sadly, where we need to be viewing some of the security processes that we need to undergo in the same way as we consider financial audits.” - Steve Durbin “I think that the day is gone when you can rely on your defenses. So boards have to be planning for the day when the defenses fail. When an attack really starts to make an impact on your business. The starting point is to figure out how long you can be without your systems. It may sound like a strange thing to say, but that's the important starting point for me.” - Steve Durbin “Security is not, in my opinion anyway, a competitive advantage. And because it's not a competitive advantage, there shouldn't be this massive barrier to sharing some of the ideas, some of the attacks that are out there for the good of the industry.” - Steve Durbin  Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today's episode, Steve sits down with Tom Hardin, aka Tipperx — best known for helping expose a massive Wall Street insider trading ring. Steve and Tom discuss early warning signs that an organization might be crossing ethical or legal lines, how to build an organizational culture that promotes openness and protects from insider threats, and how to get employees to buy into things like good cyber hygiene.Key Takeaways: Governments must work with the private sector to achieve a cyber-secure environment. Boards are increasingly aware of cyber risks, but more work is needed.  Global trust is dissipating. Tune in to hear more about: The changing landscape of critical national infrastructure (5:46) Security vs. privacy in the UK (9:27) An ongoing, structural geopolitical shift (15:18)  Standout Quotes: “We need to make sure that we are thinking right across government when we are thinking about the approach to critical national infrastructure and how we can make it most safe for our users and for our populations.” - Sir Jeremy Fleming “I still encounter plenty who haven't done one for 18 months, who haven't updated to the latest threat environment, who haven't thought about geopolitics coming into play. Haven't checked that they've still contracted with a company who's gonna help them wind back in the event that they are breached. Hasn't thought seriously about whether it's gonna pay a ransom. The implications of paying a ransom.” - Sir Jeremy Fleming “The first thing is that what we're seeing now around changes in geopolitics is definitely a structural change. It's not a cyclical change. So the post 1948 Bretton Woods approach to the global order, with a whole load of United Nations agencies, World Health Organization, World Trade Organization, our approach to international aid, World Bank, these are all institutions that have changed fundamentally and won't change back.” - Sir Jeremy Fleming Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today's episode, Steve sits down with Tom Hardin, aka Tipperx — best known for helping expose a massive Wall Street insider trading ring. Steve and Tom discuss early warning signs that an organization might be crossing ethical or legal lines, how to build an organizational culture that promotes openness and protects from insider threats, and how to get employees to buy into things like good cyber hygiene.Key Takeaways: Governments must work with the private sector to achieve a cyber-secure environment. Boards are increasingly aware of cyber risks, but more work is needed.  Global trust is dissipating. Tune in to hear more about: The changing landscape of critical national infrastructure (5:46) Security vs. privacy in the UK (9:27) An ongoing, structural geopolitical shift (15:18)  Standout Quotes: “We need to make sure that we are thinking right across government when we are thinking about the approach to critical national infrastructure and how we can make it most safe for our users and for our populations.” - Sir Jeremy Fleming “I still encounter plenty who haven't done one for 18 months, who haven't updated to the latest threat environment, who haven't thought about geopolitics coming into play. Haven't checked that they've still contracted with a company who's gonna help them wind back in the event that they are breached. Hasn't thought seriously about whether it's gonna pay a ransom. The implications of paying a ransom.” - Sir Jeremy Fleming “The first thing is that what we're seeing now around changes in geopolitics is definitely a structural change. It's not a cyclical change. So the post 1948 Bretton Woods approach to the global order, with a whole load of United Nations agencies, World Health Organization, World Trade Organization, our approach to international aid, World Bank, these are all institutions that have changed fundamentally and won't change back.” - Sir Jeremy Fleming Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today's episode, Steve sits down with Tom Hardin, aka Tipperx — best known for helping expose a massive Wall Street insider trading ring. Steve and Tom discuss early warning signs that an organization might be crossing ethical or legal lines, how to build an organizational culture that promotes openness and protects from insider threats, and how to get employees to buy into things like good cyber hygiene.Key Takeaways: The most underappreciated leadership skill is listening. Compliance must never be an afterthought or just a check-box exercise.  Anybody has the potential to become an insider threat. Tune in to hear more about: The fraud triangle (4:10) How cybersecurity leaders can build a culture that discourages insider risk (7:12) Striking a balance between trust and control (15:12) Standout Quotes: “But you don't get people to speak up by telling them to speak up. You actually have to, if you're gonna tell them to do that, you have to listen up. So I always encourage leadership to work on their listening skills.” - Tom Hardin “If you have a rule that a few people break, you have a people problem. If you have a rule that a lot of people are breaking, you have a rule problem.” - Tom Hardin “You could be one decision away. Never feel like it couldn't be you. Just have a healthy paranoia when you're in situations and not to feel like that could never be me crossing a line, because that's when we're most susceptible to that.” - Tom Hardin Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, we bring you the second half of Emerging Threats 2026, the first episode of which we aired last year. In the previous episode, Steve outlined the threats and challenges that enterprises and business leaders will face in 2026 and beyond. Today, he answers questions from the audience. We'll get into artificial intelligence, supply chain and geopolitical challenges, corporate governance, risk and resilience, and more.Key Takeaways: Cyber resilience today is about data, data, and data.  Enterprises must help their suppliers to meet adequate security standards.  AI will be a big challenge for the board in 2026. Tune in to hear more about: Managing supply-chain risk (5:07) How leaders can deal with risks outside of their control (12:16) An evolving cyber threat landscape (15:37) Standout Quotes: “Assuming you've got your policies and your processes in place, I would suggest you have an AI committee that actually approves or otherwise the way in which these tools are then implemented across the business. Why have a committee? Because that way you can pull in representatives from different parts. You can have security, you can have IT, you can have legal and people from the mainline businesses. Everybody makes a decision based on very well-defined criteria, no comeback on any individual, and either it's approved or it isn't.” - Steve Durbin “How do you avoid getting caught out? For me that's not what's happening. If you happen to be on a list. If you happen to be an organization that has something that is exceptionally interesting or useful, then somebody will want that information. Somebody will want that data. What you have to do is make yourself look pretty unattractive. So it is about all of the tedious things that we don't like. It's about patching, it's about making sure that you're making it difficult for people to access your systems. It means that your monitoring is top of its game.” - Steve Durbin “What measures can we put in place to ensure our suppliers and third party partners meet our security standards? Good question that I think that requires a lot more communication. It is about being really clear as to what it is you're expecting from a security standard perspective. It's about not just setting the bar, it's about helping people to achieve what it is you're expecting them to do. And the really important piece that I would emphasize there is tell them the why. Why do you have to do it? Why is it important? This isn't about people doing tick boxes. It is about people understanding why it's important and how they can help to maintain integrity and security across the whole supply chain.” - Steve Durbin Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

The ISF Podcast celebrates 10 years this year. Over the decade that we've been in your ears every week, Steve has interviewed a lot of fascinating people: visionary business leaders, neuroscientists and physicists, world leaders, and formerly notorious cyber criminals, just to name a few. We have touched on topics like AI, the human mind, cyber resilience, leadership, and the future of technology and society. So, to kick off 2026, we wanted to give you a look back, highlighting the very best of this first decade of the ISF Podcast. And don't worry – we'll link all the episodes in the show notes. Check out our favorite episodes from the last 10 years: Mo Gawdat - Rethinking the Paradigm of Artificial and Human Intelligence Brian Cox — Intellectual Honesty & Learning to be a Leader Hannah Fry - What Data Can & Can't Tell Us About Ourselves Peter Hinssen - The Never Normal Inside the Mind of Today's Cybercriminals (Brett Johnson, Part 1) Steve Wozniak In Conversation with Steve Durbin Captain Tammie Jo Shults - Habits, Hope and Heroes in a Time of Crisis Sadie Creese — Minimising Your Attack Surface Sir Bob Geldof — Challenging Orthodox Thinking Bonus Episode: Reggie Butler — Bringing Your Home to Work Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve looks toward the horizon, at the threats and challenges that enterprises and business leaders will face in 2026 and beyond. He also gives advice on how everyone, from the board to the practitioner, can meet these challenges, and answers some of the questions he's received this year.  Key Takeaways: Steve's four key drivers of cyber risk heading into 2026 are AI, supply chain, quantum, and geopolitical instability. Crucial to cyber resilience are strong governance and a security-conscious culture. Adaptive governance and adaptive security are keys to managing the challenges of 2026 and beyond.  Tune in to hear more about: Steve's four key drivers of cyber risk heading into 2026 (2:23) Questions to ask, whether you're a board member, an executive, or practitioner (16:14) The changing role of the board (18:54) Standout Quotes: “ Resilience really needs an organizational wide holistic approach that takes technology, it takes governance, it takes operational readiness, and really importantly, it takes people into account.” - Steve Durbin “I think boards need to really take it upon themselves to absolutely recognize that cyber risk is a national risk. It is a business ending risk, and they need to ensure that they don't just have incident response and resilience in place, but that they also have a tried and tested plan, so this is good old fashioned BCP — business continuity planning — with a cyber flavor.” - Steve Durbin “Cyber risk reporting has to be business outcome oriented. Boards, business executives understand revenue, operations, customer impact, legal exposure. That's the way we have to be reporting cyber risk. It's not about how many attacks we repelled, it's not about how good our systems might be. You need to translate it into business language. If you can do that, not only will you get buy-in, but you'll also have a much richer conversation about the role that cyber and therefore cybersecurity and cyber resilience play in the business.” - Steve Durbin Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In the second part of his interview with journalist Nick Witchell, Steve and Nick delve into the world of AI and cyber. Steve shares his thoughts on autonomous cyber defense and argues that major actors like the ISF, large private enterprises, and the UK's National Cyber Security Centre, must lead the way and support small and medium-sized businesses in keeping pace with technological advancements. The two also discuss the future of AI, cautioning that we aren't as prepared as we need to be… Key Takeaways: Small and medium-sized businesses must receive support to stay up-to-date with new technologies. As more automation is introduced into business operations, understanding of one's crown jewels and how to protect them is increasingly important. AI is advancing rapidly with evermore funding, and globally society is not preparing as well as it needs to for what's to come.  Tune in to hear more about: Steve's view on autonomous cyber defense (00:55) The National Cyber Security Centre and its role in the cyber resilience of UK businesses (3:36) How AI will impact jobs in cyber (7:55) Standout Quotes: “You'll never get me going into an autonomous car. I just won't do it. And people will say, ‘Yes, they're being looked after by some bloke in a tower somewhere who's watching it.” I'm not buying it. I've been working in technology for far too long to know that it is fallible. And so I think we have to really move toward much more transparency in our understanding of where the AI tool is active, the data that it's using, the decisions it's making.” - Steve Durbin “We are looking for large private enterprise to be working collaboratively with people like the NCSC, with people like the ISF, to really help some of these smaller organizations that don't have the luxury or resources available to them to keep a pace with [technology].” - Steve Durbin “If you go back to the internet, we didn't do a good enough job of trying to forecast the way in which the internet was going to be used. We put it out there and we said, ‘Let everybody use it and let's see where it goes.” We are doing, I fear, a similar kind of thing with AI.” - Steve Durbin Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today's episode, Steve sits down with journalist Nick Witchell for a conversation focused on what business leaders can learn from this year's major cyber attacks and the recent AWS outage. The two also discuss cyber regulations and the challenge of operating global enterprise during significant geopolitical turmoil. Key Takeaways: Boards and senior executives understand there is a threat, but many still lack knowledge of how to deal with it.  We are too reliant on technology; for the sake of business continuity, a backup plan must be in place.  High-quality simulation exercises are a crucial step toward more cyber resilience. Tune in to hear more about: The role of policy and regulation (3:17) Why cyber simulation exercises are so important (5:45) Steve's thoughts on the recent AWS outage (7:54) Standout Quotes: “Now, in the boardroom itself, in companies themselves, we have seen over the past few years an increasing awareness of the threat that these kinds of things can bring to really the future of an organization. But the challenge I think we now face is really helping boards, senior executives to transition from, yes, I get there's a threat, but what should I actually be doing about it?” - Steve Durbin “I think that in the main, cloud service providers are still probably far better equipped to provide the level of service that most companies need than you'd be able to do yourself. However, we do need to take into account that things will go wrong. And we have to plan for that. So if you are an organization that can quite happily exist without access to data in a cloud provider, it doesn't have to be Amazon, it could be anybody else, then fine. I would question why you're using them in that case. If on the other hand, you are dependent on them, you have to have some backup in place.” - Steve Durbin “All too often I'm seeing people particularly in the area of, say, cyber simulation exercises, because they're viewing it as a compliance exercise, going for least cost. That to me is a bit like saying I've just moved into an area where I know the burglary rate is quite high. What's the cheapest lock and door that I can get on my front door? It's madness. Not many of us would do it. We would try to work within our budget. We'd try to really figure out how important things were in our house. That's the mentality we have to adopt. So yes, you can get some of these things done very cheaply and you can tick a box, but it's not going to help you when things go wrong.” - Steve Durbin Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today's special episode features Steve's recent Business Matters broadcast interview with Juliette Foster, featuring conversation about critical cybersecurity challenges facing organizations today. Steve and Juliette discuss targeted phishing, the growing threat of Crime-as-a-Service, the increase in AI-driven cybercrime, and more.  Key Takeaways: Cyber attacks will continue to increase, and businesses must adjust. Regulators must strike a balance to have clear guidelines without stifling businesses. To take advantage of new technologies like AI, businesses must invest in upskilling their employees.  Tune in to hear more about: Why cyber crime is on the rise (2:17) How cyber criminals target their victims (4:00) Solving the cyber skills shortage (29:02) Standout Quotes: “The bad guys only need to get lucky once and they can cause havoc. And so the sorts of numbers you are seeing are them plugging away at it, trying to break down defenses, trying to find a way through. And on the defensive side, of course, we have to be at the top of our game 24/7, and that's just impossible.” - Steve Durbin “We also have very complex supply chains now that obviously are made up of small to mid-size companies. [...] So an easier way of accessing some of this high value information is often via the third party. So you don't necessarily need to be attacking the larger enterprise. You can target a smaller to mid-size, which probably doesn't have the same level of defense, maybe not the same level of awareness. And because it's in the supply chain and sharing information, you can then access through to the larger enterprise.” Steve Durbin “You have to invest in actually looking at the skill sets that you need within your organization and making some hard calls, I think, as to whether or not you do have the right capabilities within your organization. That doesn't necessarily mean that you have to get rid of a lot of people. It means you probably do need to invest significantly in upskilling and training and thinking very hard about how you're going to use some of that new technology.” - Steve Durbin Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today's episode, Steve sits down with Dr. Tunisha Singleton, Director of Clinical and Sport Psychology Services at University of Arizona and a leading expert in how media, technology, and culture shape the human experience. Dr. Singleton highlights that authenticity and humanity still matter despite all the technology around us, and the two discuss how business leaders can navigate an online presence where almost anything you post can be turned against you. Key Takeaways: Social media is a tool that can be used for good. Authenticity is key for brand-building online. Posting without purpose is worse than not posting at all. Tune in to hear more about: Dr. Singleton's background (1:21) How to grow your brand authentically (10:22) The risks of posting too much online (15:44) Standout Quotes: “At a certain point we all just have to come to grips with, we are in charge of our behaviors. We have authority, we have much more agency than we give ourselves credit for. The tech is there. But if we use it, that's up to us. How we rely on it is up to us. Are we only using Chat GPT now? So there's a bit of authority that we still have to appoint ourselves.” - Dr. Tunisha Singleton “If technology is the car, then let story be the driver behind the wheel. There has to be a point in this. Where are we going? That means what are you offering? What are you giving me that can be a utility to my life, my human experience, rather than a replacement?” - Dr. Tunisha Singleton  ”If we want to stick out and if we want to build our brand, then shouldn't we have the use the one thing that's different than everybody else, that's our voice. So why would we want to act like everybody else? If our goal is to stand out, then be an individual.” - Dr. Tunisha Singleton Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve is in conversation with Catherine Bosley, an award-winning veteran journalist, with more than thirty years of public speaking experience. Steve and Catherine discuss the importance of protecting one's online image, what to do when *it* hits the fan, and why a social media policy is something all organizations should have. Catherine also offers a reminder: pause before you post… Key Takeaways: Think before you post! It will save you a whole lot of headache. What you put online never goes away. Today, offline events can impact your online persona, so be aware of how you appear in public. Tune in to hear more about: How to shine online (4:07) How to deal with negative publicity online (11:19) Being online in the age of AI and deepfakes (19:03) Standout Quotes: “These days, that online image or online presence is so important. It almost is more important than a resume or a portfolio.” - Catherine Bosley “My first step with a response is to ignore the negative because the more you respond to the negative, especially in a defensive negative way, the more you're going to fuel that fire and the more it's going to catch on and become part of your forever and for all to see.” - Catherine Bosley “Understand that people are watching and people especially are looking for those social media gold moments, and if they capture you having one of those ‘what was I thinking?' moments, because we all have them. We're all human. We all make mistakes. Then you just don't know what that's going to do to your world on the personal side or on the professional side." - Catherine Bosley Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today's episode, Steve sits down with Dr. Amy Athey, founder of Athey Performance. Her mission is to make the tools of elite performance accessible and human. Amy is a nationally recognized performance psychologist and executive coach with more than two decades of experience working with NCAA champions, Olympians, Navy SEALs, Fortune 500 leaders, and individuals navigating complex lives. She shares how business leaders can help their teams feel more connected to their organization's purpose and talks about what drives high-achievers. Steve and Amy also discuss stress in the cybersecurity industry and why rest is absolutely crucial for success.  Key Takeaways: Leaders can address rising anxiety, burnout, and disconnection across all levels of their organization by fostering empathy, trust, and a stronger sense of shared purpose. Work with elite athletes and special forces has taught Athey that in high stress environments, recovery and rest are as essential to peak performance as hard work. Prioritize foundational wellness habits — consistent sleep, movement, hydration, and play — for sustainable performance and resilience. Tune in to hear more about: Impact of the grind (2:56) Technology and human disconnect (6:29) Keeping it simple (22:17) Standout Quotes: “What we came to learn and implement and certainly we've seen the results for, is that role of recovery is just as crucial as the tactics or the strategies you're using to solve that problem, the rehearsal and maybe it's the communication or in that performance domain, what you are drilling all the time to be able to execute.” - Amy Athey “And even to the extent that situation permits, how can you take a step away, even turn your back on your computer, even if it's for 90 seconds? Close your eyes and take three deep breaths. We've seen the return of energy stores just from that disconnection in that moment. So when you're sympathetically engaged, basically you're in that fight or flight response, you're trying to solve that problem.” - Amy Athey “And so keeping it simple with each of those. If people wanna take deep dives, certainly I could share the value of that. But some of the culture around hacking and like the quick fixes, that's what I will push up against until I'm blue in the face. Building in wellness as a foundation for performance isn't about a quick fix, if we could do just 80% of this, like how can you reduce some of the processed foods in your diet? How can you make sure you're hydrating? Movement. Then that active recovery..” - Amy Athey Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter  From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve speaks with psychologist Dr. Glen Moriarty, founder and CEO of Seven Cups, a free emotional support service with 570,000 trained volunteer listeners who support users in 189 countries. Steve and Glen explore the origins of Seven Cups, its background and its global user base, and discuss why so many feel alone in a hyper-connected online world. Glen also explains the nature of the gift economy and how we can avoid getting addicted to technology. Key Takeaways: Even as more things move online, human interaction remains important. Technology can be good and bad, it depends on how it's designed. The mental health care system needs better triaging so that people get the right help. Tune in to hear more about: How and why Seven Cups began (1:58) Technology addiction (4:59) Whether Seven Cups is replacing humans with computers when it comes to mental health (9:54) Standout Quotes: “Technology can be used for good or bad. And so the internet can be a source of amazing compassion and love. But it has to be deliberately designed that way. It won't happen by accident.” - Glen Moriarty “Certainly there are cultural differences and different pushes and pulls, but humans we're a lot similar. The way we read emotions are universal, so it doesn't matter where you live. The emotional expression is similar. Human societies are pretty similar. Relationships are similar. There's different assumptions about I'm part of more collective society, or I'm part of a more individualistic society, but by and large, people generally struggle with feelings of sadness, feelings of worry, fear, and relationship difficulties.” - Glen Moriarty “Therapists should be seeing people that can't be helped by a volunteer or a family member or a friend. They should be helping people that are in higher levels or more complex levels of distress. And so in the States, part of the challenge is that you can think about it like a pyramid or a triangle. They're at the very top and it's all clogged up there. But if we could take some of the folks that can get help for free or low cost to other folks, then that opens up the channels for more people that really need help to get help by those expert professionals.” - Glen Moriarty Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve sits down with leadership coach Dr. Sam Adeyemi. Sam is an expert in leadership who has coached C-suite executives for over two decades. Together, Steve and Sam explore the essence of who is a leader, and Sam explains why people should always be the first priority of a leader. They also discuss AI and how it will impact people and business in the coming years.  Key Takeaways: Leadership is about your ability to influence, not the position you hold. Technology has changed the nature of leading. AI will change how we work by taking over routine tasks and giving humans more time for creative challenges.  Tune in to hear more about: How leadership differs across cultures (4:28) How technology is changing leadership (8:47) How AI will change how we work (14:27) Standout Quotes: “We still need to leave those spaces where we actually ask, how are you doing, to be sure the parts of their lives that are important are going well. Because those parts actually influence what they do on the job.” - Dr. Sam Adeyemi “It's like when computers first came. They made things work faster. When I was doing mathematics in high school, we used to use log tables and things like that. It was much slower getting to work through the calculations. But with calculators these days and so on, it's faster. AI is going to create an even bigger shift than that. The computers did not take all the jobs away. However, they changed the way that we do our work. So we humans, therefore, need to move more towards creativity, and that is tied more to our uniqueness, the unique way our minds work.” - Dr. Sam Adeyemi “A lot of C-suite leaders find it difficult to reinvent, and it's one of the major reasons why people get stranded, why leaders just stagnate. Change is inevitable. It happens, the world doesn't remain the same. The conditions that facilitated our achievement of success, those conditions have changed. The context has changed. So for us to sustain our success, for us to remain relevant, for example, we also have just got to change.” Dr. Sam Adeyemi Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve talks with Dr. Kathleen Perley, founder of DemystifAI and faculty and AI advisor to the deans at Rice Business. Dr. Perley explains why leadership matters when implementing AI in your business, and shares how to bridge the gap between tech-savvy CTOs and non-technical folks. Dr. Perley and Steve also discuss the possibilities and boundaries of artificial intelligence.  Key Takeaways: AI has some exciting use cases. Executives should be involved in the implementation of AI. Business will fall behind if they don't embrace artificial intelligence.  Tune in to hear more about: How Dr. Perley got into the AI field (1:33) The role of the C-suite in AI implementation (8:17) Dr. Perley's new book about AI (18:57) Standout Quotes: “If you don't have at least a couple sleepless nights where you get a little bit anxious about the unknown in terms of job displacement, falls into the wrong hands—that should be a concern.” - Dr. Kathleen Perley “I think part of the reason why AI implementation is failing today is that leadership issue. They're maybe unsure of this technology, don't have what they feel like is appropriate technical background to navigate it. And so they've completely delegated it, versus leaning in and learning the technology themself.” - Dr. Kathleen Perley “If you have AI skills, and I'm not talking building, but leveraging these AI tools in terms of skills, you're 70% more likely to get hired. Those individuals are garnering about a 56% wage premium right now. All of your A-players, if you're not leaning into AI as an organization, are going to start looking elsewhere because they know that they need those skills and that exposure for their own career development.” - Dr. Kathleen Perley Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today's episode, Steve speaks with Karena Man, whose expertise is connecting organizations with experts in technology as a Senior Client Partner at Korn Ferry. Karena highlights the growing awareness of cyber by boards of directors — an awareness brought on by the increase in cyber intrusions. She also emphasizes the importance of storytelling and collaboration, and she and Steve discuss AI and the preparedness of the board. Key Takeaways: Boards are increasingly knowledgeable of cyber and AI.  CISOs must be good storytellers and cultivate relationships with other departments to be able to succeed in their role.  Involve board members in the processes, not just the results. Tune in to hear more about: Cyber and the board (01:27) AI and the board (19:30) How cyber and AI will impact the board in the coming years (24:53) Standout Quotes: “If we go back to what boards are really charged with, they're charged with oversight and governance. They are there to really provide guardrails in many ways, allow the organization to go fast by asking the right questions.” - Karena Man “When I am also assessing and helping my clients hire their next CISO, one of the things I'm looking for is not just someone who's technically deep, but someone who has the empathy, someone who really understands what is it that the business is trying to do.” - Karena Man “Anyone who's used one of the large language models, don't name any of them, I think there isn't a single person I've talked to who hasn't had a model hallucinate. Or give them a questionable answer to a query or to a task. And so there is this understanding that the technology is promising and that we should experiment with it and innovate with it within our enterprise. But there is this worry that it could be used for not so good purposes.” - Karena Man Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In this week's episode, Steve sits down with Debra Andrews, president and owner of Marketri. Marketri, a strategic marketing firm. Steve and Deb talk about what goes into creating a marketing plan that the C-suite can get on board with, and Deb shares how she and her team work to balance human knowledge with the speed of artificial intelligence. Deb also explains the role of Marketri's AI council… Key Takeaways: Using key performance measures to show growth toward a goal is integral to getting the C-suite on board with a marketing plan.  To gain trust for AI both inside and outside the organization, transparency is paramount.  AI will shrink marketing teams and marketers will need broader skillsets. Tune in to hear more about: How Marketri went about incorporating AI into its operations (6:23) Deb's thoughts on the ethics of AI (10:55) How AI will impact the future of marketing (13:43) Standout Quotes: “When we use AI to do the copywriting, we ask it not to supplement with any extra information, only use the information you're given and through that, AI is a wonderful copywriter. It can learn your voice and tone. You can train it on your particular voice and tone, so we can train it on our client's voice and tone. So it can be very customized to that person and how they like to speak, and words they like to use and how they like to sound. But ethically means we're not using trained data in the large language models to produce our content pieces. We're using human brains, their experience, and we're leveraging the tools as copywriters.” - Deb Andrews “We're not trying to hide that we're using AI and shortcutting the process or delivering something like an AI-produced post. What we share is that we're using it to help them gain competitive advantage, to have the best access to human thinking, our thinking, their thinking as far as their area of subject matter expertise, and then the best of what this technology can do, and it's extremely powerful.” - Deb Andrews “I think the smaller organizations, they're just struggling to keep afloat of their workload right now. I feel like AI's had this paralyzing effect on a lot of mid-size organizations where they know AI's out there and they know it's supposed to have an impact and they're reading about companies reducing head count and not hiring.” - Deb Andrews Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve sits down with Baroness Beeban Kidron, a member of the House of Lords in the UK and a global authority on online privacy and tech regulation. They discuss the critical importance of privacy on the internet in the age of surveillance capitalism, why we need to reframe how we talk about AI and new technology, and the problems with the UK government's current AI policy.  Key Takeaways: The internet has changed, making privacy online essential.  Regulating the internet and technology is still possible. The current path the world is on when it comes to AI is highly problematic and should be taken more seriously.  Tune in to hear more about: Why privacy online matters more than ever (1:22) How technology is impacting early childhood development (12:08) Baroness Kidron's take on the UK's AI strategy (28:17) Standout Quotes: “[The internet] is deliberately designed to keep your attention. Deliberately designed to make you come back, deliberately designed to know the most, to reveal the most. And in that context, actually, privacy becomes an incredible tool of protection for the user, particularly for children who may not understand the negotiation that they're in.” - Baroness Beeban Kidron “ We have to think about what kind of world we want, what kind of world is good for us, what kind of world benefits most people, and then we build ourselves a pathway to do the most we can in that direction.” - Baroness Beeban Kidron “ it is hugely important to protect the idea of copyright. It is a moral right because it is an expression of your humanity. What you write, what you draw, what you sing is yours. It is you. It is a manifestation of you. So it comes with, and in fact, in human rights law, it is specifically stated that it is your moral right to determine how that is used.” - Baroness Beeban Kidron Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Luka Ivezic is the Advisory Services Lead Cybersecurity Regulations and Emerging Technologies at the Information Security Forum (ISF). In this episode, he joins host Charlie Osborne to discuss the latest on a $243 million bitcoin theft by a teenage hacker, highlighting how advanced attacks often begin with simple vulnerabilities. This episode is sponsored by Cryptosec, a leading cybersecurity firm specializing in the protection of the decentralized future of finance, governance, and more. To learn more, visit https://cryptosec.com.

Explore how CISOs can educate the board, build resilience, and invest effectively in security, with Steve Dubin, ISF CEO, and Margaret Heffernan, a Professor of Practice at the University of Bath School of Management.  Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management

Luka Ivezic is the Advisory Services Lead Cybersecurity Regulations and Emerging Technologies at the Information Security Forum (ISF). In this episode, he joins host Charlie Osborne to discuss the Dark Partners, a new hacker group draining crypto wallets. This episode is sponsored by Cryptosec, a leading cybersecurity firm specializing in the protection of the decentralized future of finance, governance, and more. To learn more, visit https://cryptosec.com.

In this episode, Steve speaks with Dragos Tudorache, one of the members of the European Parliament who is responsible for writing the EU's AI Act. Dragos explains the thought process that went into developing the new law and tells Steve what organisations can expect and how they can prepare for its implementation. Mentioned in and related to this episode: ISF Podcast: Ellie Pavlick - Balancing the Risk and Reward of AI ISF Podcast: The Ethical Dilemma of AI & Innovation ISF Podcast: Beyond Buzzwords: AI, ML, and the Future of Cyber ISF Podcast: Mo Gawdat: Rethinking the Paradigm of Artificial and Human Intelligence ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, ISF CEO Steve Durbin speaks with Seán Doyle, Lead for the Centre for Cybersecurity at the World Economic Forum. They discuss the role of public-private partnerships in the current cyber landscape, the importance of running tabletop exercises to promote resilience, and improving cybersecurity legislation and regulation around the world to promote economic interests. Mentioned in this episode: Cybersecurity Technology Efficacy: Is cybersecurity the new 'market for lemons'? Research Report by Joe Hubback ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management

ISF CEO Steve Durbin sits down with strategic supply chain risk expert Omera Khan. They talk about the current risk landscape vis a vis supply chain, protecting your supply chain by building collaborative systems, and incentivizing your staff appropriately to ensure they vet suppliers with a security-first mindset. Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management

Today, Steve speaks with Jimmie Lee, a leadership expert with decades of experience as a senior leader at companies like Boeing, Meta, and Microsoft. He explains that one of the most important things a business leader can do in times of crisis, is to keep focus on the big picture and the long term goals. Jimmie and Steve also discuss how to manage a team in a post-covid workplace and building supply chain resilience — and why empathy matters more than ever.  Key Takeaways: Empathy for your team members is more important than ever for a thriving business. Relationship-building must begin before the crisis happens. Geopolitical instability is causing a shift from risk management to resilience. Tune in to hear more about: If empathy can be taught (12:50) How to build trust in a business environment that's more virtual than ever (15:47) Why many businesses are struggling because of today's volatile geopolitical landscape (21:33) Standout Quotes: “There's a lot of tools that I would typically lean on or go to, but the number one is honestly just empathetic connection. It is really just connecting with the leaders and help them understand that they're not alone. I think a lot of times as a leader, you get too stuck in the problems that you start trying to solve, that you focus more trying to solve them in the business, and you go deeper instead of staying up at the leadership level and start working on the business itself.” - Jimmie Lee “Now you have trust to work off of. If you didn't have that trust and that mistake happened, it's an uphill climb to get to a point of good with that person now. I don't know that we're equipping our employees, that we're actually giving our teams that visibility, that knowledge, that training. […] Are we as companies, are we as leaders investing in our training budget in that kind of way to target those areas?” - Jimmie Lee “I think the geopolitical landscape is potentially gonna shift the visibility and the approach and the strategy from small, medium- sized businesses and middle market to have more attention on that supply chain because. When it comes to geopolitical instability, when it comes to geo-economic macro and the micro instability, resilience is key. Resilience is the lifeblood. Resilience is your ability to last, to withstand the fluctuations, but if you don't have enough visibility and awareness of all the different components that are impacted, you can't navigate those waters.” - Jimmie Lee Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In this episode, Dr. Hany Demian, a pioneering medical doctor and CEO, known for his groundbreaking work in spine care and pain management, shares his journey from Cairo to Canada and the U.S., his innovative use of regenerative medicine and microscopic spine surgery, and his vision for improving patient care. He discusses the challenges and responsibilities of being a CEO in the medical field, his company BioSpine Institute's advancements in anti-aging treatments, and the importance of flexibility and discipline in leadership. This conversation is both inspiring and informative, offering valuable insights for C-suite leaders and medical professionals alike. Episode Highlights: 02:27 Dr. Demian's Journey and Career Insights 05:13 Innovations in Chronic Pain and Spine Care 08:29 Personal Stories and Impact of Treatments 19:56 Challenges and Responsibilities of a CEO Steve Durbin is a leading authority on cybersecurity and business culture transformation. As CEO of the Information Security Forum, he helps global enterprises navigate security risks and governance challenges. Since 2016, he has hosted the ISF Podcast, interviewing industry pioneers like Steve Wozniak and Helle Thorning-Schmidt. Previously, he advised Fortune 500 companies at Gartner and played a key role in IPOs and M&As at Ernst & Young. A top influencer in cybersecurity leadership, Steve also lectures at Henley Business School on board-level cyber strategy. His expertise spans threat landscapes, regulation, and the evolving role of cybersecurity in business. Connect with Steve: