Podcasts about information security officer

How Privacy-Enhancing Technologies (PETs) can safeguard data in an AI-driven world. As organizations increasingly rely on AI, concerns around data privacy, security, and compliance grow. PETs provide a technical safeguard to ensure sensitive information remains protected, even in the most advanced AI applications. With new regulations like the EU AI Act, organizations must adopt privacy-first strategies. PETs are a critical tool to ensure AI transparency, fairness, and trust while maintaining regulatory compliance.Our guest, Jetro Wils, cybersecurity expert and researcher, breaks down how PETs help organizations de-risk AI adoption while ensuring privacy, compliance, and security.Watch now to discover how PETs can help you build digital trust and secure AI-powered innovations!KEY CONVERSION POINT 00:01:33 How would you define digital trust?00:02:32 What is Privacy Enhancing Technology?00:04:21 Why do we need PET when we have laws and principles?00:10:19 Kind of AI risk that can also be mitigated by these PETS00:15:12 How would a PET de-risk that in an AI adoption situation ABOUT GUEST Jetro Wils is a Cloud & Information Security Officer and Cybersecurity Advisor, dedicated to helping organizations operate securely in the cloud era. With a strong focus on information security and compliance, he enables businesses to reduce risk, strengthen cybersecurity frameworks, and achieve peace of mind.With 18 years of experience in Belgium's tech industry, Jetro has held roles spanning software development, business analysis, product management, and cloud specialization. Since 2016, he has witnessed the rapid evolution of cloud technology and the growing challenge organizations face in securely adopting it. Jetro is a 3x Microsoft Certified Azure Expert and a 2x Microsoft Certified Trainer (2022-2024), conducting 10-20 certified training sessions annually on cloud, AI, and security. He has trained over 100 professionals, including enterprise architects, project managers, and engineers. As a technical reviewer for Packt Publishing, he ensures the accuracy of books on cloud and cybersecurity. Additionally, he hosts the BlueDragon Podcast, where he discusses cloud, AI, and security trends with European decision-makers.Jetro holds a professional Bachelor's Degree in Applied Computer Science (2006) and is currently pursuing a Master's in IT Risk and Cybersecurity Management at Antwerp Management School (2023-2025). His research focuses on derisking AI adoption by enhancing AI security through Privacy Enhancing Technologies (PETs). He is also a certified NIS 2 Lead Implementer working toward a DORA certification.  ABOUT HOST Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentor and coach professionals.  Punit is the author of books “Be Ready for GDPR'' which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts.As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one's value to have joy in life. He has developed the philosophy named ‘ABC for joy of life' which passionately shares. Punit is based out of Belgium, the heart of Europe.  RESOURCES Websites www.fit4privacy.com, www.punitbhatia.com,  https://www.linkedin.com/in/jetrow/  Podcast https://www.fit4privacy.com/podcast Blog https://www.fit4privacy.com/blog YouTube http://youtube.com/fit4privacy   

In this conversation, the host Chris Glanden engages withguests Charlie Northrup and Keenan Hale to discuss advancements in AI, particularly focusing on large language models and their limitations. They explore the concept of Delta K, which refers to the transformation of knowledge, and how it relates to the predictive capabilities of AI. Thediscussion also delves into thin calculus and the category theory of things, emphasizing the need for an external truth to build sound mathematical systems. In this conversation, the speakers delve into the concepts of agentic calculusand Delta K, exploring their implications for artificial general intelligence (AGI) and the future of the economy. They discuss the observer-dependent nature of reality and how different perspectives can lead to varied interpretations ofthe same phenomena. The conversation also touches on the potential of the agentic economy to revolutionize ownership and economic dynamics, as well as the philosophical implications of waveform collapse in quantum mechanics.Overall, the discussion highlights the need for a new understanding of cognitive processing and the role of agents in shaping future interactions and economies. TIMESTAMPS:00:00 - Introduction to the Guests and Their Expertise02:16 - Recent Developments in AI and Technology04:50 - Understanding Large Language Models10:53 - Delta K and Its Limitations16:24 - Thin Calculus and the Category Theory of Things19:19 - Understanding Agentic Calculus22:27 - Delta K and Its Implications for AGI28:59 - Cognitive Processing and States of Being36:09 - The Agentic Economy: A New Paradigm40:25 - Waveform Collapse and Delta K43:20 The Future of Agentic Interactions SYMLINKS:[LinkedIn - Charlie Northrup] - https://www.linkedin.com/in/charlie-northrup-1b73b051Charlie Northrup is a technology innovator at Neewer Sciences, contributing pioneering research in agentic AI systems, thing calculus, and distributed digital ecosystems. He shares updates and insights about his work on LinkedIn.[LinkedIn - Keenan Hale] - https://www.linkedin.com/in/keenandewayne/Keenan Hale is recognized for his interdisciplinary contributions bridging theoretical mathematics and cryptographic systems. He connects with others inthe AI and cryptography communities through LinkedIn and shares research updates and discussions.[LinkedIn - Mike Elkins] - https://www.linkedin.com/in/elkinsmike/Mike Elkins is the Chief Human and Information Security Officer at Banffist, actively involved in discussions about cybersecurity, digital transformation, and AI-driven enterprise operations. He also speaks at major conferences like BlackHat, RSA, and SecureWorld.

Host Chris Hackett speaks with Sarbjit Singh, Chief Information and Security Officer, Henrik Parkkinen, Information Security Officer at WirelessCar, and Anders Spalding, Founder & Human Risk Management at Spalding Security Solutions, to explore how organizations are fostering positive engagement around cybersecurity. Together, they dive into human risk management, CISO leadership strategies, and the Nordic region's evolving digital security culture. Whether you're focused on building secure teams or enhancing company-wide cyber awareness, this conversation delivers practical insights and real-world experience for today's security professionals.

In this episode, Michael Archuleta, Chief Information Officer and HIPAA Information Security Officer at Mt. San Rafael Hospital, shares how his team is revolutionizing rural healthcare through cutting-edge AI, advanced cybersecurity, and digital transformation. He discusses the hospital's nationally recognized IT achievements, the power of AI-driven radiology, and the critical role of cybersecurity in modern healthcare.

In this episode, Michael Archuleta, Chief Information Officer and HIPAA Information Security Officer at Mt. San Rafael Hospital, shares how his team is revolutionizing rural healthcare through cutting-edge AI, advanced cybersecurity, and digital transformation. He discusses the hospital's nationally recognized IT achievements, the power of AI-driven radiology, and the critical role of cybersecurity in modern healthcare.

In this conversation, Benny Carreon and Dennis discuss the critical importance of cybersecurity for small to mid-sized businesses, highlighting the increasing risks they face from cyber threats. Joined by Bob Quandt from Bullseye Compliance, they explore various aspects of cybersecurity, including the evolution of cybercrime, the necessity of multi-factor authentication, password management best practices, and the human element in security.Bob Quandt is an experienced security leader with over 20 years' experience. Prior to starting Bullseye Compliance in 2017, Bob was the Vice President of Information Security and Information Security Officer at Sharecare (formerly Healthways) where he led the information security function and helped build a solid security program. Prior to this role, Bob led an IT audit function and worked in security, application development, and internal audit at a Fortune 100 healthcare provider. Bob is a Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), and a member of the Middle Tennessee ISACA and ISSA organizations. Bob received his bachelors' degree from Middle Tennessee State University and served in the United States Marine Corps.Hosted by Benny Carreon and Dennis JacksonBob Quandt - https://www.bullseyecompliance.comDennis Jackson-WorX Solution- dennisj@worxsolution.com ; www.worxsolution.comBenny Carreon- Velocity Technology Group- benny@velocitytechnology.group;https://velocitytechnology.group/

In this conversation, Benny Carreon and Dennis discuss the critical importance of cybersecurity for small to mid-sized businesses, highlighting the increasing risks they face from cyber threats. Joined by Bob Quandt from Bullseye Compliance, they explore various aspects of cybersecurity, including the evolution of cybercrime, the necessity of multi-factor authentication, password management best practices, and the human element in security.Bob Quandt is an experienced security leader with over 20 years' experience. Prior to starting Bullseye Compliance in 2017, Bob was the Vice President of Information Security and Information Security Officer at Sharecare (formerly Healthways) where he led the information security function and helped build a solid security program. Prior to this role, Bob led an IT audit function and worked in security, application development, and internal audit at a Fortune 100 healthcare provider. Bob is a Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), and a member of the Middle Tennessee ISACA and ISSA organizations. Bob received his bachelors' degree from Middle Tennessee State University and served in the United States Marine Corps.Hosted by Benny Carreon and Dennis JacksonBob Quandt - https://www.bullseyecompliance.comDennis Jackson-WorX Solution- dennisj@worxsolution.com ; www.worxsolution.comBenny Carreon- Velocity Technology Group- benny@velocitytechnology.group;https://velocitytechnology.group/

Erweitere dein Wissen über Cybersecurity mit "Cybersecurity ist Chefsache"!In der neuesten Episode begrüßt Nico Werner Doris Schott-Neuse, Information Security Officer bei Sopra Financial Technology. Ihr Karriereweg zeigt, dass IT-Sicherheit nicht nur für Informatiker:innen gedacht ist. Vom Finanzsektor über das Personalwesen bis hin zur Informationssicherheit – Doris gibt spannende Einblicke in ihren Quereinstieg und spricht über die Herausforderungen und Chancen im Bereich Cybersecurity.

Erweitere dein Wissen über Cybersecurity mit "Cybersecurity ist Chefsache"!In der neuesten Episode begrüßt Nico Werner Doris Schott-Neuse, Information Security Officer bei Sopra Financial Technology. Ihr Karriereweg zeigt, dass IT-Sicherheit nicht nur für Informatiker:innen gedacht ist. Vom Finanzsektor über das Personalwesen bis hin zur Informationssicherheit – Doris gibt spannende Einblicke in ihren Quereinstieg und spricht über die Herausforderungen und Chancen im Bereich Cybersecurity.

Erweitere dein Wissen über Cybersecurity mit "Cybersecurity ist Chefsache"!In der neuesten Episode begrüßt Nico Werner Doris Schott-Neuse, Information Security Officer bei Sopra Financial Technology. Ihr Karriereweg zeigt, dass IT-Sicherheit nicht nur für Informatiker:innen gedacht ist. Vom Finanzsektor über das Personalwesen bis hin zur Informationssicherheit – Doris gibt spannende Einblicke in ihren Quereinstieg und spricht über die Herausforderungen und Chancen im Bereich Cybersecurity.

In episode #183, I sit down with Errika Celsy, Aaron Jones, and Sandeep Desai to uncover Arizona's untold story of creating a cybersecurity leadership pipeline—a playbook for shaping the workforce of tomorrow. Featuring: - Errika Celsy, Director of Educational Technology at Cave Creek Unified School District - Aaron Jones, Analyst at Chandler Police Department - Sandeep Desai, Information Security Officer at Arizona Department of Education In this episode, you'll learn: - How Cave Creek School District reduced phishing rates from 15% to 5% through security awareness training and creative incentives. - Why cybersecurity risk should be viewed through a business lens rather than just a technical perspective. - How law enforcement can leverage open-source intelligence (OSINT) to assist investigations. - The importance of the “60/40 Rule” when hiring cybersecurity talent. - Strategies for empowering women in technology through programs like “Cyber Squad” and “Girls Get IT.” This isn't just a conversation—it's a playbook for building tomorrow's cybersecurity workforce. Don't miss these actionable insights from Arizona's top minds. *** Read the full transcript on https://www.techtables.com/podcast/183/errika-celsy-aaron-jones-sandeep-desai *** Whenever you're ready, there are 4 ways you can connect with TechTables: 1.

Featuring:* Errika Celsy, Director of Educational Technology at Cave Creek Unified School District* Aaron Jones, Analyst at Chandler Police Department* Sandeep Desai, Information Security Officer at Arizona Department of EducationIn this episode, you'll learn:* How Cave Creek School District reduced phishing rates from 15% to 5% through security awareness training and creative incentives* Why cybersecurity risk should be viewed through a business lens rather than just a technical perspective* How law enforcement can leverage open-source intelligence (OSINT) to assist investigations* The importance of the "60/40 Rule" when hiring cybersecurity talent* Strategies for empowering women in technology through programs like "Cyber Squad" and "Girls Get IT"This isn't just a conversation—it's a playbook for building tomorrow's cybersecurity workforce. Don't miss these actionable insights from Arizona's top minds.Timestamps* (00:54) Guest Introductions & Personal Backgrounds* (04:00) TechTales Newsletter: Gamifying Security Awareness* (07:00) Last Bell's Security Corner & Business Risk Alignment* (11:30) Digital Safety Best Practices* (12:00) Digital Citizenship Education at Cave Creek* (14:45) Building the Cybersecurity Talent Pipeline* (18:00) OSINT & Modern Law Enforcement* (23:00) Power of Mentorship in Career Development* (28:45) Girls in Cyber & Women in Technology* (31:45) Final Advice: The 60/40 Rule & Career GrowthLinks Mentioned* Manda's Macs catered at the 2024 Phoenix Live Podcast Tour. Go support a small business in Phoenix, AZ* Nearpod* Shodan* ISACA Phoenix Chapter* Arizona Cyber Command Center* Girls in Cyber Initiative* Glendale Community CollegeWhenever you're ready, there are 4 ways you can connect with TechTables:1. The TechTables Newsletter: Join our thriving community of senior technology leaders by subscribing to the TechTables Newsletter. Gain early access to the latest episodes, industry insights, and exclusive event updates.2.

Part 1 My special guest on episode 62 (in two parts) is a long-time Information Security Executive, entrepreneur, and investor. Todd Beebe cut his teeth in the industry attempting to find his way into other people's systems and networks but turned those skills into a long and successful career bolstering and protecting systems and networks. It was a fascinating discussion with great insights from Todd. 

Part 2 My special guest on episode 62 (in two parts) is a long-time Information Security Executive, entrepreneur, and investor. Todd Beebe cut his teeth in the industry attempting to find his way into other people's systems and networks but turned those skills into a long and successful career bolstering and protecting systems and networks. It was a fascinating discussion with great insights from Todd. 

In this episode, Chris Hackett hosts an insightful conversation with Michael Dufva, CISO at Siemens, Zeeshan Khan, Information Security Officer at SEB, Arsalan Khan, GRC Lead at Logikon, and Vikram Jeet, Manager IT Risk & Compliance at Alleima. They delve into the importance of inclusivity in the field of cybersecurity and discuss how fostering diverse teams can strengthen security practices. The conversation covers key topics such as gender diversity, the evolving role of CISOs, and the impact of inclusive culture on cybersecurity strategies.

⏰ How much time would you spend on executing the perfect hack? ⏰   The user going by the name of ‘JIAT75' spent almost three years infiltrating and contributing to a GitHub repo for one singular reason – access to release manager rights for the next XZ Utils update. In this episode of Threat Talks, host Lieuwe Jan Koning is joined by Thomas Manolis, Information Security Officer at AMS-IX, and Jeroen Scheerder, Security Specialist at ON2IT, to discuss this meticulously executed breach in the open-source community.   Using clever social engineering tactics, Jia Tan (JIAT75) built a credible reputation within said community, gaining trust and access to introduce malicious code undetected. The breach was only discovered by chance when Andres Freund, an engineer at Microsoft, traced unusual system latency back to XZ Utils and uncovered the backdoor.   What exactly happened? How lucky did we get with Freund discovering the backdoor? And how do we know that something like this hasn't happened before?

Datenverlust, Rufschädigung und Kosten in immenser Höhe. All diesen Herausforderungen stehen Unternehmen gegenüber, wenn sie zur digitalen Zielscheibe von Cyber-Angriffen werden. Die kriminellen Attacken passieren im Sekundentakt und kaum ein Unternehmen kann sich davor noch schützen. In Deutschland haben im letzten Jahr beispielsweise 81 Prozent der Unternehmen angegeben, dass sie von Cyber-Angriffen, im Rahmen von Datendiebstahl oder auch digitaler Sabotage, betroffen waren. Eine erschreckend hohe Zahl! Auch die aktuelle Medienberichterstattung zeigt, dass Cyber-Kriminalität eine ernstzunehmende Bedrohung darstellt. Ein Beispiel: Nach eigenen Aussagen der Schwarz-Gruppe, seien die Cyber-Angriffe auf ihre Systeme von etwa 3.500 vor Beginn des Ukraine Krieges im Jahr 2022 auf nun etwa 350.000 pro Tag angestiegen. Aber wie funktioniert Cyber-Kriminalität eigentlich? Warum gilt es heutzutage als lukratives Geschäftsmodell für Hacker? Und vor allem: Was können Unternehmen gegen die Angriffe tun? In der aktuellen Folge des O-TON geht es genau darum. Gemeinsam mit Ralf Kleinfeld, Information Security Officer bei OTTO, diskutiert Moderator Christopher Herden darüber, wie Cyber-Kriminalität zur ständigen Bedrohung für Unternehmen wird und wie Künstliche Intelligenz uns dabei hilft, die Risiken für OTTO möglichst gering zu halten.

There have been a reported 9,478 publicly disclosed data incidents in 2024 alone, with that amounting to over 35 million known records breached. It has become clear in recent years that information security isn't just a ‘nice to have', it's a necessity to ensure you and your client's data are protected. Which is especially the case for those processing personal and financial data, such as today's guest, Mintago. In this episode, Tom Catnach, Head of Product and Information Security Officer for Mintago, explains their journey towards ISO 27001, the challenges faced and benefits felt from certification to the leading Information Security Standard. You'll learn ·      Who are Mintago? ·      Who is Tom Catnach? ·      What was the main driver behind achieving ISO 27001? ·      What was the biggest ‘gap' identified in the Gap Analysis? ·      What have they learned from the experience? ·      What are the benefits of certification to ISO 27001? ·      What does the threat horizon for information security look like?   Resources ·      Mintago ·      Isologyhub     In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:15] Episode summary: Today we welcome guest Tom Catnach from Mintago to discuss their journey towards ISO 27001 certification. [02:20] Who are Mintago? – Mintago are an employee benefits company, who work with companies to help their employees be financially better off. They do this in a number of ways, including: ·      Finding lost pension pots ·      Help to save money through finding discounts ·      Retirement planning ·      Offering various salary sacrifice products ·      Helping companies to be more financially efficient with pension salary sacrifice or other national insurance savings ·      Helping people to be more financially literate [05:10] Who is Tom Catnach?: Tom has a split role at Mintago, his primary role being Head of Product and secondary being Information Security Officer. Through both roles he looks after all the products and offerings as well as the information security across the business, he was also the driving force behind achieving ISO 27001. Outside of work, Tom likes to travel via motorbike, preferring to stay away from the screens and enjoying the sights. [06:30] What was Mintago's main driver to Implement ISO 27001?: Mintago, and most other businesses by their nature, are required to hold a lot of sensitive data and so have a responsibility to their clients and employees to ensure it's security. Mintago were looking for a robust framework to base their Information Security around, and what better option that the leading Information Security Standard, ISO 27001. ISO 27001 also offers the assessment of general business practice, and allows for growth and scaling. As a start-up, they wanted to have a solid base for policies, training ect to roll out to new hires as they expand. [08:30] Aligning Standards with core values: Trust is one of Mintago's core values and they want to give their clients the assurance that they can be trusted to protect their data. ISO 27001 can be compared to the likes of Bcorp as it's an on-going process. It doesn't just stop at getting the certificate, you have annual surveillance to ensure you are still compliant year on year. [10:15] What was the scope of Mintago's certification?: For the initial implementation, Mintago opted to just scope in Product and Customer Service. This was because all of the sensitive data is handled in those departments and they don't allow access to any other teams, so it made sense to start there with a view to expand the scope after certification. That being said, they still rolled out Information Security training to all staff, and everything has been set-up to allow for an easy business wide roll-out when they're ready. [11:50] How long was Mintago's certification journey?: They started their journey in September 2023, in fact it was Tom's first project with Mintago! Mintago enlisted Blackmores help to implement ISO 27001, and after nine months they have been successfully certified. Tom attributes their ease of implementation to the fact that they are currently a small business, citing that it's an advantage to implement ISO Standards early while your agile so that your management system grows with you.   [14:25] What was the biggest ‘gap' identified at the Gap Analysis?  Mintago are lucky in the fact that they are a new business so are using modern tech, and don't have the burden a larger site or other physical elements such as rack mounted servers. However, policy, procedure and evidence to ensure they were doing the right thing were lacking at the start of their journey. They did have a good 70% in place and that last 30% was mostly down to having the ability to evidence their compliance. There was also some additional work to do to improve existing policies and procedures. One example of this was having a solid Business Continuity Plan in place. [16:35] Did Mintago experience any significant barriers in addressing identified gaps?  Being a smaller business, they were able to adapt a lot quicker than a larger organisation may have been able to. One of the biggest struggles for Tom was getting the necessary technology to aid with Information Security. They needed to show that they had a competent Mobile Device Management Solution (MDM), antivirus and anti-phishing in place. When trying to buy some software solutions, Tom encountered a lot of companies simply not replying to his requests due to Mintago's size. Many organisations sadly prioritize bigger potential clients, and so it took a while to finally get all the required software. [18:45] Engagement is key -  Getting everyone involved with the management system is critically important. Especially with information security as the people most often targeted are frontline workers, so they need to be actively engaged in security. Mintago also has the advantage of being a smaller business, so getting communication out isn't a hardship and resulted in high engagement. This was benefitted from a top-down initiative via their ‘C-Suite'. Tom also states that you can make any necessary training more lighthearted, team based or interactive, as that's something that people would want to engage in.   It's also important to stress that any information security training can be beneficial for personal use too to avoid being a victim of fraud or a scam. It can be something people take away to their family members to ensure they stay safe online. [23:10] Did the adoption of ISO 27001 highlight any issues not already considered by Mintago? -  The biggest thing was how their internal process could be improved. For example, looking at the scenario of ‘what if our back-ups don't work?', ISO 27001 drilled down to ask specifics such as: ·      How do we recover from that scenario? ·      Are we 100% confident in our back-ups? ·      Will they work near instantaneously? ·      What's Mintago's availability like in that scenario? ·      How do we prevent disruption to our clients during that scenario? So, while they did have back-ups they weren't necessarily considering the whole scenario, especially if those back-ups were to fail. ISO 27001 ultimately helped to flesh out existing plans to make a much more robust system. In regards to threat horizons, Mintago do practice OWASP and keep the team informed via e-mail, newsletters and GitHub repositories. [25:00] Internal Auditing – A beneficial tool -  Tom found the internal auditing process to be very beneficial for Mintago, currently they do a few monthly on average. Blackmores assisted with the audits during implementation to ensure they were in the right place for assessment. Of course, the Certification Body audits were a bit more nerve wracking for Stage 1 and 2 as they would determine if they would be certified. Mintago passed their Stage 1 (documentary review) with flying colours, their Stage 2 (evidence checking) highlighted a few non-conformities that were quickly addressed. Following the Stage 2, they were recommended for ISO 27001 certification. [27:20] Minor Non-conformities aren't the end of the line – There's a common misconception that getting a certain number of minor non-conformities during a Stage 2 assessment means you can't be certified, but that's simply not true! If an Assessor is comfortable that you are in a good position for certification, they will recommend you. ISO Standards are all about continual Improvement, which is something Mintago are embracing as they continue to address issues raised at audits. [29:00] Benefits of ISO 27001 certification – Benefits Mintago are already experiencing include: Internal Stakeholders – The Team worked hard to achieve the Standard and have embraced it's core qualities to the benefit of their own Information Security practices. Positive Market Response – Much larger clients who are also ISO 27001 certified now have a mutual understanding of each other's commitment to information security. Gaining certification early – As a start-up, Mintago are agile and will be able to develop and mature their ISMS (Information Security Management System) as they grow. [31:10] Any concerns on the threat horizon?:  As the Information Security Officer, Tom is concerned about new emerging trends in AI led scams. They're going to be a lot more sophisticated and harder to spot and deal with. Thankfully, even if they are impacted, it will be rather isolated. Tom raises concerns for vital services such as Air Traffic Control which could have dire consequences if they were to be affected by a data incident. However, with ISO 27001 Mintago are in a good place to keep on-top of their threat horizon and have the processes in place to mitigate potential incidents and continually improve their own security. [34:30] In Summary: Mintago are a shining example of gaining certification for the right reasons. It's not just about getting a badge, they have truly embraced a culture of continual improvement and are utilising ISO 27001 to ensure they have a robust information security management system in place. If you would like to learn more about Mintago and their financial services, check out their website.   We'd love to hear your views and comments about the ISO Show, here's how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

Join host Abi Stokes in a riveting discussion on the evolving role of a CISO with insights from Fred Lamartin, CISO at PWC Sweden, Victor Pettersson, Information Security Officer at Sokigo, and Mikael Lingskog, Senior Information Security Management Consultant at XLENT. They delve into cybersecurity strategies, risk management, and the challenges faced in maintaining corporate security governance. Gain valuable knowledge on how top professionals protect organizations against cyber threats and ensure data protection and compliance.

Recorded at the 2024 Phoenix Live Podcast Tour at GMI on April 1st to 3rd.Ralph Johnson, the State CISO, Washington State brings a wealth of experience to his role as having previously served as CISO for Los Angeles County and Chief Information Security and Privacy Officer for King County. His appointment was strongly endorsed by Bill Kehoe, who praised Johnson's skills, experience, and information security knowledge as assets that will enhance the state's enterprise security program and data protection efforts.Allen Ohanian, the Information Security Officer for the Department of Children and Family Services in Los Angeles County brings 20 years of experience in cybersecurity, risk management, and IT across both private and public sectors. His impressive career includes establishing innovative security programs, leading countywide cybersecurity initiatives, and earning multiple Information Security Officer of the Year awards, all while pursuing advanced degrees in cybersecurity, business administration, and psychology.Martha Goodwin, Senior Sales Engineer Director for SLED at SentinelOne is a seasoned SE Leader with over two decades of experience spanning pre-sales, customer training, post-sales support, and professional services in cybersecurity. Her expertise covers SIEM, deception, network, email, and endpoint security, coupled with a talent for translating complex technical concepts for audiences ranging from IT analysts to CISOs, making her a valuable asset in building strong customer relationships.Dr. Muriel Reid, CIO for the City of Jackson, Mississippi is an accomplished leader and educator with over 20 years of diverse experience spanning information technology, talent acquisition, education, and customer service. Her expertise in administration, coaching, and staff supervision is complemented by her strong communication skills, making her a versatile professional adept at bridging technology and business needs.In this episode you'll learn:The critical components of a human-centric cybersecurity strategy for government agenciesHow to design engaging cybersecurity training that resonates with public sector employeesStrategies for balancing AI and human judgment in threat detection and responseBest practices for building effective public-private partnerships in cybersecurityHow to cultivate a culture of security awareness across your organization and more!Full transcript and show notesRalph's LinkedIn Allen's LinkedIn Martha's LinkedInDr. Muriel's LinkedIn***RECOMMENDED NEXT EPISODES→ #173: Doug Ducey, 23rd Governor of Arizona→ Morgan Wright episodes (#120 & #168) ***WHEN YOU'RE READY

In this episode, Splunk Field CTO, Craig Hyde, sits down with Todd Beebe, Chief Security Officer at Freeport LNG to discuss the intricacies of contemporary cybersecurity tactics and offering a unique perspective on offensive-first mindset to navigating a constantly shifting threat environment. 

Episode 35 A Double-Edged Sword? The DOJ Confronts AI Like all new technologies, AI isn't naturally good or bad. But it can be used by people motivated to do terrible – and possibly criminal – things. That's the view of Mark McCreary, our Chief Artificial Intelligence & Information Security Officer. He joins series host Matt Adams to discuss AI in light of DOJ Deputy Attorney General Lisa Monaco's public statements this year surrounding the emerging technology. Mark offers his perspective on the future of machine cognition, including whether it's possible to recognize potential criminal activities aided by AI. The pair also explores legal and ethical perspectives of using generative AI in the workplace. You'll hear valuable recommendations on how to incorporate this new technology into your business while establishing guardrails and policies to keep proprietary and personal data secure. If you're using or considering using Gen AI in your workplace, this episode is for you.

Meet Jesse Fasolo, PhD - Director, Head of Technology Infrastructure & Cyber Security, Information Security Officer at St. Joseph's Health, Paterson, NJ and welcome back Gerry Blass, President & CEO of ComplyAssistant. Listen in as your host Mike Fortino, NJHIMSS Board Member and GalaxE Solutions Account Executive discuss the challenges of managing AI in healthcare operations from a security, acquisition, education and policy perspective.  This a must listen for our members to gain practical insight into the initial first steps of including and managing AI technology in their operations. 

Because technology changes, cybersecurity threats change, which means cybersecurity practitioners must keep moving to stay on top of their game. To find out about what one expert thinks are the top 10 skills chief information security officers will need in 2024, going beyond the technology, Federal Drive Host Tom Temin spoke with the Director of the CERT division of the Software Engineering Institute, Greg Touhill. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Because technology changes, cybersecurity threats change, which means cybersecurity practitioners must keep moving to stay on top of their game. To find out about what one expert thinks are the top 10 skills chief information security officers will need in 2024, going beyond the technology, Federal Drive Host Tom Temin spoke with the Director of the CERT division of the Software Engineering Institute, Greg Touhill. Learn more about your ad choices. Visit megaphone.fm/adchoices

This is the audio-only version of our weekly cyber security talk show, teissTalk.  Join us  for free by visiting www.teiss.co.uk/teisstalkThe panel discussion is titled:teissTalk: Can internal audit boost your cyber security readiness?Getting an internal second opinion to help identify your cyber-security weaknessesAuditing your controls, policies and procedures to address those cyber-security weaknessesUsing language everyone can understand to communicate cyber riskThis episode is hosted by Thom Langfordhttps://www.linkedin.com/in/thomlangford/Veselin Monev, Information Security Officer, Pilatus Aircraft Ltdhttps://www.linkedin.com/in/vmonev/Daniel G. Dresner, Professor of Cybersecurity, University of Manchesterhttps://www.linkedin.com/in/danny-dresner-fciis-6382381/Deborah Haworth, Director of Information Security, Penguin Random Househttps://www.linkedin.com/in/deborah-haworth/

The next BriefingsDirect IT security best practices discussion examines how a leading German home builder has adjusted to a major economic market disruption. Germany's home building demand has recently reversed, putting pressure on builders to reduce IT costs while remaining secure. Subscribe to the podcast on iTunes. Read a full transcript or download a copy.  Stay tuned here to learn how a large, distributed workforce can be best supported by IT -- even as business conditions change and budget requirements lead to broad consolidation. Here to share how an efficient security team helps the shift from managing surging growth to optimizing around necessary contraction is Johannes Hammen, Information Security Officer at DFH Gruppe in Simmern, Rheinland-Pfalz, Germany. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions. Subscribe to the podcast on iTunes. Read a full transcript or download a copy. Sponsor: Bitdefender.

Join host Japhet De Oliveira as he sits down with Patrick Wilson, the Information Security Officer at Adventist Health, to talk about his experiences and insights as a cybersecurity expert, his passion for learning, and the importance of reducing fear in an anxious world.  

Guest: Chris Marks, Information Security Officer at First Databank, IncOn LinkedIn | https://www.linkedin.com/in/christopher-marks-7357441b/Host: Josh MasonOn ITSPmagazine  

The key to being a successful cybersecurity leader is to understand the business and mission, said Jeffrey Vinson, Chief Cyber & Information Security Officer at Harris Health System. “You have to understand what the core outcomes are supposed to be, and make sure you're moving toward them.” Source: Q&A with Harris Health Chief Cyber & Info Security Officer Jeffrey Vinson: “The only safe day was yesterday.” on healthsystemcio.com - healthsystemCIO.com is the sole online-only publication dedicated to exclusively and comprehensively serving the information needs of healthcare CIOs.

Organizations can build a pipeline of resources and talent to address the labor shortage. In this episode, Damian Chung, Business Information Security Officer at Netskope, delves into the labor shortage in healthcare offering innovative solutions. Tune in to gain valuable insights and explore the possibilities of leveraging technology to enhance healthcare. Click this link to the show notes, transcript, and resources: outcomesrocket.health

Organizations can build a pipeline of resources and talent to address the labor shortage. In this episode, Damian Chung, Business Information Security Officer at Netskope, delves into the labor shortage in healthcare offering innovative solutions. Tune in to gain valuable insights and explore the possibilities of leveraging technology to enhance healthcare. Click this link to the show notes, transcript, and resources: outcomesrocket.health

Leland Miller, CEO of China Beige Book International, shares his thoughts on the latest economic data out of China. Dana Simberkoff, Chief Risk, Privacy and Information Security Officer at AvePoint, explains why cybersecurity is not ready for the boom in AI. Edelman CEO Richard Edelman provides the details of the communication firm's Trust at Work report. And we Drive to the Close with Abhay Deshpande, CIO at Centerstone Investors. Hosts: Tim Stenovec and Jess Menton. Producer: Paul Brennan. See omnystudio.com/listener for privacy information.

In this episode of The New CISO, Steve is joined by guest Brad Sexton, Chief Information Officer, and Information Security Officer at Terrible's.After having issues with a Dot Matrix printer, Brad was inspired to transition from a career in education to IT. Through conflict, change, and self-reflection, Brad has become the effective leader he is today. Tune into today's episode to learn more about Brad's career journey, the consequences of “ego,” and how to leave a job gracefully.Listen to Steve and Brad discuss how leaders can walk the fine line between confidence and arrogance and the right motives for becoming a leader:Meet Brad (1:44)Host Steve Moore introduces our guest today, Brad Sexton, who started working at Terrible's in Las Vegas last April.Brad shares that before becoming a CISO, he worked at a boys and girls type club where they all shared one printer. Wanting to be able to print from different areas of the office, Brad took on the task of updating the printer to fit his office's needs. Brad has been in IT ever since.Next Steps (5:09)Brad reveals the next steps of his career transition. His boss at the education center asked Brad for IT-related help. Brad was then moved into the IT department and used this moment to finish his education.During this time, Brad could see tech from a bigger picture and eventually was designing a forklift upgrade for the theater. He started working with routers and did more and more. By the time Brad settled in Vegas, he could use his experience to manage teams successfully.Checking The Ego (11:13)Steve presses Brad on the lessons he learned from his first IT job. Brad believes that his ego got in the way of his ability to do his job. After many years, Brad finally understood what he could have done differently. Thankfully, his boss knew he had potential and was willing to have a difficult conversation that resonated with him later.The Clues (16:30)Brad explores the clues of a person with an ego problem. In addition, Brad explains that leaders should always create a safe space for their employees to communicate with them.Everyone has strengths and weaknesses, and it's helpful when leaders can help their employees identify theirs. Ultimately, there is a “fine line between confidence and arrogance,” and leaders must have the confidence to articulate challenging feedback.The Right Motives (25:54)Steve presses Brad on what his motives were for becoming a leader. Brad reflects that he wanted a sphere of influence and recognized that he could make more of a difference in a higher position.Brad suggests always knowing your “why” before approaching leadership roles.The Wrong Fit (29:53)Brad worked in government and realized two things. He was in the wrong place, and they didn't want them there either. Knowing there was tension from the beginning made Brad's time in this role very challenging.Brad learned later that this company did not want anyone in that position, but he was the most qualified. Now, Brad understands the importance of finding the right fit for a role and considers that when interviewing future colleagues.Mutual Contact (34:58)Brad and Steve discuss a mutual connection named David, who is an individual who helped Brad move into the casino gaming space. Brad appreciates that David took a chance on him and is still in touch.Relationships are critical as you advance in your career because no one knows everything.Leaving Gracefully (40:04)Brad shares his tips on leaving a job gracefully. He suggests managing the emotion that you let someone down. Having an open communication line with your boss and feeling comfortable articulating your...

This episode features Jeffrey M. Vinson, Sr - SVP, Chief Cyber & Information Security Officer at Harris Health System. Here, he discusses his background, his focus on preventing ransomware attacks, a risk or investment worth making this year, and more.Want to network with peers and hear more conversations like this? Apply to be one of our complimentary guest reviewers at our upcoming HIT + Digital Health + RCM Meeting Oct, 3-6 2023 here.

This episode features Jeffrey M. Vinson, Sr - SVP, Chief Cyber & Information Security Officer at Harris Health System. Here, he discusses his background, his focus on preventing ransomware attacks, a risk or investment worth making this year, and more.Want to network with peers and hear more conversations like this? Apply to be one of our complimentary guest reviewers at our upcoming HIT + Digital Health + RCM Meeting Oct, 3-6 2023 here.

On this episode, the Chief Security Officer of Cloud at Palo Alto Networks, Bob West, joins Matt to discuss Palo Alto Network's latest State of Cloud Native Security Report. Bob joined Palo Alto Networks after more than 20 years in leadership roles with banks, product companies, and professional services organizations. Before joining Palo Alto Networks, Bob served as managing partner at West Strategy Group, managing director in Deloitte's cyber risk services practice, managing director for CISO for York Risk Services, Chief Trust Officer at CipherCloud, CEO at Echelon One, Chief Information Security Officer (CISO) at Fifth Third Bank, and Information Security Officer at Bank One.Today, Bob talks about the latest installment of the State of Cloud Native Security Report, the severe shortcomings in Cloud Security, and the elevated cost of Cloud Security. Why is it essential to think about security upfront? Hear about the daily mindset shift required to deploy quality code, minimizing complexity to maximize efficiency, and the significant delay in threat management.Timestamp Segments·       [01:46] Bob's career-changing experiences.·       [04:17] Bob's advice.·       [11:10] The 10,000-ft view.·       [16:23] The elevated costs of Cloud security.·       [22:36] Increased deployment frequency.·       [24:54] How do security teams keep up?·       [30:44] Security tooling in the Cloud.·       [35:46] Holistic Cloud security.·       [41:18] There will always be issues. Notable Quotes·       “Be nice to your vendors.” - Bob·       “You never know who's going to be able to help you out at any point.” - Bob·       “You've got to build bridges before you need them.” - Matt·       “Common sense isn't necessarily common practice.” - BobRelevant LinksWebsite:   www.paloaltonetworks.comLinkedIn:  Bob WestResources:Out of the CrisisSecure applications from code to cloud. Prisma Cloud secures applications from code to cloud enabling security and DevOps teams.

Cyberthreats are something all organizations are facing. But Pharmaceutical and Healthcare Providers have some unique challenges and vulnerabilities and come in for more than their fair share of attention from threat actors. What can your SOC team learn from some of the best practices these organizations are implementing? Are you architecting your environment to separate IOT devices from other critical assets and are you managing them with the same level of scrutiny?In this episode I talk with David Monahan, a 30-year expert in cybersecurity and network management and former researcher at Enterprise Management Associates. David draws on his research background as well as his current experience working as the Business Information Security Officer at a large global pharmaceutical company.He talks about some of the similarities and differences the Healthcare and Pharmaceutical industries have with other industries. He shares his insights into why the Healthcare and Pharmaceutical industries are so strongly targeted by threat actors and things consumers or patients can do to help protect themselves and their information.David also discusses some of the unique challenges Healthcare organizations have around IOT devices and suggests ways to help manage these risks.  He shares some best practices your security organization can be leveraging and points out tools and solutions that are critical for any security stack.Finally, David talks about what training and skills are important to ensure your SOC analysts are as prepared as possible to defend against cyberthreats.

St. Joseph Health Director of Technology Infrastructure & Cyber Security (Information Security Officer) Jesse Fasolo talks with healthsystemCIO Founder and Editor-in-Chief Anthony Guerra at the Vive Conference about the benefits of having clinical engineering report up to IT security; some key points for proper cyber-hygiene; and the importance of developing a process for vetting and […] Source: Q&A with St. Joseph Health's Information Security Officer Jesse Fasolo: Moving Clinical Engineering Under IT Security Has Made a World of Difference on healthsystemcio.com - healthsystemCIO.com is the sole online-only publication dedicated to exclusively and comprehensively serving the information needs of healthcare CIOs.

Lassaad Fridhi has broad experience in cybersecurity, privacy, compliance, risk, and data protection, and is a speaker, motivator, and mentor. He is also VP & CISO at Frontline Education and is responsible for all security matters, including corporate and product security. Before joining Frontline Education in early 2020, and after several years of experience in the not-for-profit sector, he joined the private sector at C Space as the Chief Compliance and Information Security Officer and Data Protection Officer. In his previous role, Fridhi headed C Space's efforts for nearly four years. He helped C Space navigate the complex global regulatory landscape and meet its global compliance and security needs. As an Adjunct Professor at Boston University and North Shore Community College, Fridhi taught information security, privacy, and compliance to informatics students. He currently serves on the Graduate Professional Studies Advisory Board at Brandeis University.   Scott Schober is a #cybersecurity​ and wireless technology expert, author of Hacked Again and Cybersecurity is Everybody's Business, host of 2 Minute CyberSecurity Briefing video podcast and CEO of Berkeley Varitronics Systems who appears regularly on Bloomberg TV, Fox Business & Fox News, CGTN America, Canadian TV News, as well as CNN, CBS Morning Show, MSNBC, CNBC, The Blaze, WPIX as well as local and syndicated Radio including Sirius/XM & Bloomberg Radio and NPR. Subscribe and follow: Apple Podcasts: https://podcasts.apple.com/us/podcast... Google Podcasts: https://podcasts.google.com/feed/aHR0... iHeart Podcasts: https://www.iheart.com/podcast/70626340/ Amazon Music Podcasts: https://scottschober.com/wp-content/u... YouTube: https://www.youtube.com/channel/UCxqx... Twitter: @ScottBVS Instagram: https://www.instagram.com/scott_schober/ LinkedIn: https://www.linkedin.com/in/snschober​ Website: www.ScottSchober.com

Lassaad Fridhi has broad experience in cybersecurity, privacy, compliance, risk, and data protection, and is a speaker, motivator, and mentor. He is also VP & CISO at Frontline Education and is responsible for all security matters, including corporate and product security. Before joining Frontline Education in early 2020, and after several years of experience in the not-for-profit sector, he joined the private sector at C Space as the Chief Compliance and Information Security Officer and Data Protection Officer. In his previous role, Fridhi headed C Space's efforts for nearly four years. He helped C Space navigate the complex global regulatory landscape and meet its global compliance and security needs. As an Adjunct Professor at Boston University and North Shore Community College, Fridhi taught information security, privacy, and compliance to informatics students. He currently serves on the Graduate Professional Studies Advisory Board at Brandeis University.   Scott Schober is a #cybersecurity​ and wireless technology expert, author of Hacked Again and Cybersecurity is Everybody's Business, host of 2 Minute CyberSecurity Briefing video podcast and CEO of Berkeley Varitronics Systems who appears regularly on Bloomberg TV, Fox Business & Fox News, CGTN America, Canadian TV News, as well as CNN, CBS Morning Show, MSNBC, CNBC, The Blaze, WPIX as well as local and syndicated Radio including Sirius/XM & Bloomberg Radio and NPR. Subscribe and follow: Apple Podcasts: https://podcasts.apple.com/us/podcast... Google Podcasts: https://podcasts.google.com/feed/aHR0... iHeart Podcasts: https://www.iheart.com/podcast/70626340/ Amazon Music Podcasts: https://scottschober.com/wp-content/u... YouTube: https://www.youtube.com/channel/UCxqx... Twitter: @ScottBVS Instagram: https://www.instagram.com/scott_schober/ LinkedIn: https://www.linkedin.com/in/snschober​ Website: www.ScottSchober.com

Every time you go to the doctor's office you have to fill out a HIPPA form. What is that? Is it taking away my rights? Is it protecting my rights? We'll learn with University of Mississippi Medical Center attorney, Benson Hill, Privacy and Information Security Officer: what is HIPPA?To learn more about Heath Information Privacy, go straight to the source: the US Department of Health and Human Services Office for Civil Rights. https://www.hhs.gov/hipaa/index.html has multiple webpages explaining your rights.You can read publications and resources about HIPPA from the Centers for Disease Control and Prevention. https://www.cdc.gov/phlp/publications/topic/hipaa.htmlIf you would like to know what UMMC's HIPPA policies are: https://www.umc.edu/Compliance/HIPAA-Policies.html Hosted on Acast. See acast.com/privacy for more information.

“The medical field is rife for threat actors trying to take advantage of things, much like when it's tax time and you hear the latest IRS scam. That goes on a lot within the medical field.  There are threat actors that impersonate DEA agents and try to gain access to everything from DEA numbers to prescription pads.  Visiting the FBI website, they have a page dedicated to different scams out there and there's a couple that live persistently in healthcare that we make that we make sure our clinician side is aware of.”In this episode, Rob and Stan talk to Louis Lerman, VP and CISO of Pediatrix Medical Group.  Lewis has an extensive information security background. In addition to healthcare, Louis has supported government, defence, education, software development , financial sectors. In fact, prior to Pediatrix Medical Group, he served as the CISO of the Deloitte Consulting Group and also as Information Security Officer at the International Monetary Fund. 

In this episode of the Global CISO Report, host Steve Morgan speaks with Paul Connelly, Chief Security Officer at HCA Healthcare. Together, they discuss Connelly's role as the CSO for a Fortune 100 healthcare provider and his previous position as the first-ever Information Security Officer at the White House, as well as the global cybersecurity market, the role cybercrime and cybersecurity play in the healthcare industry, and more. The Global CISO Report is sponsored by KnowBe4, the world's first and largest New-school security awareness training and simulated phishing provider that helps you manage the ongoing problem of social engineering. To learn more about our sponsor, KnowBe4, visit https://knowbe4.com

This year has seen several significant shifts within the security space. World events have left tensions high. This has been a stress-test for many security systems as bad actors take advantage of any cracks that have formed.   In this episode, Dave Trader, Field CISO at Presidio, and Dan Lohrmann, Field Chi ef Information Security Officer, share their insights into how the recent conflicts abroad have shaped global security. He also shares his predictions of how ransomware and cyber attacks may evolve in the last quarter of this year.   Join us as we discuss - Zero-trust authentication systems - An uptick in malicious DDoS events - Possible effects of an incoming recession   To hear more interviews like this one, subscribe to The Digital Decode Podcast on Apple Podcasts,Spotify, or your preferred podcast platform.  To look back on the 2022 predictions for cybersecurity, read The Top 22 Security Predictions for 2022.

In this episode of the HR Leaders podcast, I'm joined by Terrance Cooley, Chief People and Information Security Officer at the United States Air Force, to discuss the human resources model in the U.S. Air Force, Terrance's background as a cybersecurity expert, and his journey as a foster parent.

Major shifts in the delivery of healthcare are introducing new and unforeseen cybersecurity and privacy risks. Cybersecurity and risk leaders in healthcare must rapidly adapt their programs and protection mechanisms to avoid adverse impacts from evolving cyber threats.  Any one of these emerging risk areas can cut deep and have material impacts to patient safety, financials, reputation, and more. In this session, we provide an overview of new cyber threats and solutions through the lens of Ron Belfont, Information Security Officer and Director of Security & Support Services for Bayhealth Medical Center, and his years of experience safeguarding patient information and systems.  Topics covered in this session include:   Internet of Things (IoT) & Internet of Medical Things (IoMT) challenges and solutions  Securing health apps and wearables Emerging regulatory changings including HIPAA  Cybersecurity approaches for the remote workforce Fourth-party vendor risks and securing the healthcare supply chain Cyberwar and changes to the threat landscape

Ep. 46 of the Cyber Law Revolution is live!  Pleased to have Felicia King, Security Architect and Information Security Officer, from QPC Security on the show!  Felicia turns the tables on me and puts me on the spot to talk about the importance and role of a breach coach, how we all work as a team, and preparation preparation preparation!  Keeps the questions, calls, comments, etc. coming. Call me at 410-917-5189 or email me spollock@wtplaw.com  Enjoy!

Welcome Back! In our podcast episode today, we will discuss the new SEC proposed cybersecurity rules for registered advisers and funds, potential issues with the proposed rules and anticipated benefits. Our guest will be Frank Jones from Ariel Investments. Frank Jones is Vice President, Infrastructure and Information Security Officer for Ariel Investments. He leverages his experience in establishing cybersecurity programs and meeting financial industry compliance requirements in discussing the proposed SEC cybersecurity rules.

Many organizations are ill-prepared when it comes to making sure their hospital is protected from risk, both from an organizational and IT standpoint. It's increasingly important to have a concrete risk assessment strategy, one that explicitly includes utilizing third-party (vendor) risk management. When our guest, Jesse Fosolo, joined St. Joseph's Health in August of 2014, he's completely flipped the risk assessment and IT protocols at the hospital on its head, partnering with the legal team—more specifically, General Counsel/Chief Operating Officer, Ebony Riley. This connection between the CISO and legal counsel has proven to be a huge win for risk management throughout the organization, mapping risks through various security frameworks, including HIPAA, NIST CSF, HITRUST, and others.Listen in to get some third-party risk management insights from this New Jersey-based, 1000+ provider, 150+ location network healthcare organization created a Vendor Risk Management strategy as this dream team discuss their journey down risk management lane.____________________________GuestsEbony RileyAssociate Council, St. Joseph's Health (@sjh_nj)On LinkedIn | https://www.linkedin.com/in/ebonyriley/Jesse FasoloDirector, Technology Infrastructure & Cyber Security, Information Security Officer, St. Joseph's Health (@sjh_nj)On LinkedIn | https://www.linkedin.com/in/jessefasolo/____________________________This Episode's SponsorsArcher: https://itspm.ag/rsaarchwebHITRUST: https://itspm.ag/itsphitweb____________________________Resources____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-securityAre you interested in sponsoring an ITSPmagazine Channel?