Send us a textEveryday organizations are constantly managing risk and as cybersecurity professionals, there's a struggle to get the board to understand that risk. Our guest today shares his insights of his 5 pillars of security framework to increase the effectiveness of the risk conversation to the board and engaging them to reduce risk and secure the organization."I'm very passionate about the topic, and specifically very passionate about building a culture of cybersecurity within enterprises. Anything that has to do with security awareness, making people more cyber aware, is something that's really close to my heart."Mathieu Gorge is the CEO and founder of VigiTrust, a cybersecurity company with clients in 120 countries. Mathieu has over 20 years of IT security and risk management experience and is much-sought after for his expertise. As an authority on cybersecurity solutions, he has been asked to speak at conferences including RSA, ISSA and ISACA. Mathieu is a prominent member of the international cybersecurity community—due to VigiTrust’s continued success as well as its 5 Pillars of Security Framework™— and serves as president and chief security officer of the French Irish Chamber of Commerce. Mathieu has more than 15 years of experience in payment security, and works closely with the PCI Council in the US and EU. He is a renowned expert in  PCI DSS, GDPR, CCPA, HIPAA, VRM, and ISO 27001.Mathieu GorgeLinkedIn: https://www.linkedin.com/in/mgorgeWebsite: https://mathieugorge.comThe Cyber Elephant in the Boardroom (Amazon)In this episode, you will learn the following:The challenges of communicating cyber risk to the boardroom The importance of understanding how cyber security measures fit into the financial side of things The human impact of being a CSO, including the challenges of maintaining a work-life balance.Show LinksNIS2 - https://www.nis-2-directive.com/ENISA - https://www.enisa.europa.eu/Privacy Laws - CCPA - https://oag.ca.gov/privacy/ccpaPrivacy Laws - GDPR - https://gdpr-info.eu/Follow Me Printing Hacking Story - ForbesKnowBe4 ResourcesKnowBe4 Blog: https://blog.knowbe4.comErich Kron - https://www.linkedin.com/in/erichkronJelle Wieringa - https://www.linkedin.com/in/jellewieringaJames McQuiggan - https://www.linkedin.com/in/jmcquigganJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.com

Send us a textEpisode SummaryJenny Radcliffe, a social engineer and known as the People Hacker, was recently inducted into the Infosecurity Europe Hall of Fame. Jenny is also an award winning podcast host and a conference speaker where she provides knowledge, expertise and insights on security, education and awareness to people around the world. In this episode of the Security Masterminds podcast, Jenny discusses her experience in the industry and how social engineering has changed over time. She also shares some tips on how to put together a team for a social engineering job, as well as some of her biggest social engineering failures and what she learned from them..In this episode, you will learn the following:1. The art and science of social engineering, and the importance of continuous learning.2. The evolution of social engineering over time, and the need for diversification.3. The importance of self-discipline in social engineering, and the need for details.Jenny Radcliffe, The People HackerJenny Radcliffe is a world-renowned Social Engineer hired to bypass security systems through a mixture of psychology, con-artistry, cunning, and guile. A "burglar" for hire and entertaining educator, she has spent a lifetime talking her way into secure locations, protecting clients from scammers, and leading simulated criminal attacks on organizations of all sizes to help secure money, data, and information from malicious attacks.Jenny was recognized as one of the top 25 Women in Cyber in 2020 by IT Security Guru and as a Top 50 Women of Influence in Cyber in 2019. She was nominated for the prestigious "Godmother of Security" award in 2020 and won the "Most Educational Security Blog 2020." Most recently, Woman of Influence & a Top 30 Cybersecurity Leader.Jenny is also the host of the award-winning podcast "The Human Factor," interviewing industry leaders, bloggers, experts, fellow social engineers, and con-artists about all elements of security and preventing people from becoming victims of malicious social engineering.LinkedIn: https://www.linkedin.com/in/jenny-radcliffe-the-people-hacker-%F0%9F%8E%A4%F0%9F%8E%A7%F0%9F%A7%A0-85ba1611/Website: https://humanfactorsecurity.co.uk/Twitter: https://twitter.com/Jenny_RadcliffePodcast: https://humanfactorsecurity.co.uk/category/the-human-factor/Show LinksJenny's Darknet Diaries episode: https://darknetdiaries.com/episode/90/Matthieu Ricard (Happy Monk) - https://en.wikipedia.org/wiki/Matthieu_RicardKnowBe4 ResourcesKnowBe4 Blog - https://blog.knowbe4.comErich Kron - https://www.linkedin.com/in/erichkronJelle Wieringa - https://www.linkedin.com/in/jellewieringaJames McQuiggan, Producer - https://www.linkedin.com/in/jmcquigganJavvad Malik, Producer - https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQui

Send us a textEpisode SummaryTechnology is everywhere in society these days from our communication, shopping, and commerce capabilities. Whether email, online purchases, or using the blockchain, it amounts to large amounts of data being collected about people. All of this data, while easy to store, is also harder to manage and protect. As users, people exhibit behaviors when using this data, and the technology is learning those behaviors to effectively identify if it's this person based on geography, time, and frequency. All of this, along with being able to help people properly secure their data, and when they make an error, they receive a small learning mission to complete to help understand the mistake without feeling inadequate or reprimanded. In this month's podcast, David Willis shares his experiences with technology, human behaviors, and micro-learning based on his years of military and technical expertise over the past twenty years.David Willis, Head of Technology Integrations for the Business Development TeamDavid is an experienced business, security, and technology leader with over 20 years experience across telecommunications, financial services, and software industry verticals.David currently serves as Head of Technology Integrations for the Business Development Team, focused on addressing tactical and strategic security and IT solution integration needs at scale for Netskope customers. David also leads the building and expansion of new routes to market for Netskope.LinkedIn: https://www.linkedin.com/in/davidrwillis/Netskope page: https://www.netskope.com/blog/author/davidwillisShow LinksBright Shiny Object Syndrome (BSOS) - https://en.wikipedia.org/wiki/Shiny_object_syndromeGDPR - https://gdpr-info.eu/California Privacy Act - https://oag.ca.gov/privacy/ccpaNew York Protection Act - https://opengovernment.ny.gov/what-you-should-know-nys-personal-privacy-protection-law-ppplBJ Fogg Tweet - https://twitter.com/bjfogg/status/53486588944056321Rorschach Test - ​​https://en.wikipedia.org/wiki/Rorschach_testDeath by many duck bites - https://www.amazon.com/Death-Duck-Bite-Novelty-T-Shirt/dp/B07DMTTLBBKnowBe4 ResourcesKnowBe4 Blog - https://blog.knowbe4.comErich Kron - https://www.linkedin.com/in/erichkronJelle Wieringa - https://www.linkedin.com/in/jellewieringaJames McQuiggan, Producer - https://www.linkedin.com/in/jmcquigganJavvad Malik,  Producer - https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.com

Send us a textWith current events, there is a strong focus on the critical infrastructure sector that provide fuel, water and electricity to our homes and office buildings. In today's episode we hear from Spencer Wilcox, who is a cybersecurity leader at a large power utility working to ensure that power is always available and protected against cybercriminals. He shares with us his insights to the energy industry, the supply chain, cyber resiliency and the threats the industry is facing in the next ten years.Spencer Wilcox has worked in the cybersecurity and physical space of the energy sector for almost twenty years, where previously he was in law enforcement.Don't miss out on The transition from a law enforcement to cyber securityHow important privacy is to securityThe importance of supply chain to availabilityDiscussed Links & Follow-upHex Editor - https://www.pcmag.com/encyclopedia/term/hex-editorTELNET - https://www.pcmag.com/encyclopedia/term/telnetLink for Thom Langford episode - https://www.buzzsprout.com/1892704/10255518The Hymn of the Great A’Tuin - https://discworld.fandom.com/wiki/Great_A%27TuinPurdue Model - https://en.wikipedia.org/wiki/Purdue_Enterprise_Reference_ArchitectureBlind Men & the Elephant - https://americanliterature.com/author/james-baldwin/short-story/the-blind-men-and-the-elephantChristmas Tree Scan - https://nmap.org/book/scan-methods-null-fin-xmas-scan.htmlNERC CIP Standards - https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspxNetflix Chaos Engineering - https://netflixtechblog.com/tagged/chaos-engineeringAbout Spencer WilcoxSpencer Wilcox is Executive Director of Technology and Chief Security Officer at PNM Resources, an investor owned utility headquartered in Albuquerque, NM. Spencer is accountable for the secure operations of enterprise IT and OT Infrastructure, Network and Telecommunications, Technology Innovation and the Cyber and Physical Security of the enterprise and the electric grid. In this role he strategically leads leaders to continuously improve operational effectiveness using a risk based approach to technology and security.Spencer is a nationally recognized speaker, and regular contributor to (ISC)2, ASIS, and SC Congress events. He regularly serves in volunteer capacities to improve cyber security, technology innovation and economic development. He currently serves as Vice Chair of the ICCS committee for the Electric Power Research Institute, and as co-chair of the Security and Technology Policy Executive Advisory Committee for the Edison Electric Institute. He has previously served as a judge in the SC awards, and Maryland Cyber awards and as a volunteer on the boards of directors for the Virginia Crime Prevention Association, the Cybersecurity Association of Maryland, Inc, and the Fort Meade Alliance. LinkedIn: https://www.linkedin.com/in/spencerwilcoxcisspTwitter:

Send us a textStorytelling is a powerful medium to help get messages across and one feature is the ability to deliver humor into the story. In today's episode we interview Jim Shields, an author, actor, director and now cybersecurity expert. Jim is the director of the popular KnowBe4 video series, The Inside Man. He discusses with our hosts the use of comedy and drama in video and storytelling. Mr. Jim Shields eleven years working in comedy increased his storytelling capabilities to become a successful film director and storyteller of cybersecurity lessons. KnowBe4 Blog - https://blog.knowbe4.comInside Man Series - https://www.knowbe4.com/inside-manTwist & Shout: https://www.twistandshout.co.uk/LinkedInJim Shields: https://www.linkedin.com/in/jimshieldstwistandshout/Erich Kron - https://www.linkedin.com/in/erichkron/Jelle Wieringa - https://www.linkedin.com/in/jellewieringa/James McQuiggan - https://www.linkedin.com/in/jmcquiggan/Jim Shields, Author:Once More With Feeling Jim Shields Tedx Talkhttps://www.youtube.com/watch?v=ORSV532LkXMAnnouncer: Sarah McQuiggan (sarahmcquiggan.com)

Send us a textIn this week's episode, we speak with industry veteran and self-described recovering CISO Thom Langford.We discuss how Thom got into cybersecurity and became a CISO. Whether a CISO needs to be technical or not, and what differentiates a conventional CISO from a virtual CISO.  Thom also explained the benefits of storytelling, the use of videos humor, and how to influence security culture.We also hear about Thom's biggest security mistake. Show LinksKnowBe4 website - https://blog.knowbe4.comLinkedInThom Langford - https://www.linkedin.com/in/thomlangford/Erich Kron - https://www.linkedin.com/in/erichkron/Jelle Wieringa - https://www.linkedin.com/in/jellewieringa/James McQuiggan - https://www.linkedin.com/in/jmcquiggan/ZX 81 (pronounced Zed-X) - https://en.wikipedia.org/wiki/ZX81ZX Spectrum (pronounced Zed-X) - https://en.wikipedia.org/wiki/ZX_SpectrumHost Unknown Videos - https://www.youtube.com/user/HostUnknownTVLost all the Money, Accept the RiskTom’s vCISO Blog - https://thomlangford.com/2019/02/25/opening-a-new-door-of-opportunitySeagull Management - https://en.wikipedia.org/wiki/Seagull_managementWheaton’s Law - http://www.wheatonslaw.com

Send us a textThis months guest is KnowBe4's SVP Content Strategy & Evangelist for Africa and founder of Popcorn training, Anna Collard. In this episode, Anna shares what it means to be creative and how creativity can benefit cyber security - especially when it comes to delivering content. Being a female CEO and founder of a company can also be challenging, and Anna sheds some light on what that journey was like for her too. Including what biases exist, and how she even fell for her own biases. 

Send us a textThe Security Masterminds second guest is KnowBe4's Chief Research Officer Kai Roer, who founded CLTRe in 2015 to accurately answer the question, "how do you measure Security Culture?"In this episode, Kai explains what got him interested in Culture and what we can all learn from it. In addition to understanding how we can measure our security culture, what steps can be taken to strengthen it, and grow it. We examine the journey organisations are taking along their ABC's. Awareness, behaviour, and culture. 

Send us a textThe Security Masterminds podcast’s first guest is KnowBe4’s SVP of Emerging Tech Insights Dr. Lydia Kostopoulos, who became interested in the cybersecurity space after experiencing 9/11 as a freshman in college. After that, she decided to pursue her educational studies in cybersecurity. During this podcast, Dr. Kostopoulos explores the state that we are in today, known as the fourth industrial revolution. This consists of AI, DNA editing, nano technologies, mixed media, smart sensors and quantum computing, just to name a few. We are at the dawn of a new infrastructure being built for things like smart cities, autonomous vehicles, etc. This new era is creating a cybersecurity skills gap given the plethora of new technologies and the rapid pace at which things are changing and developing. As long as technology changes, you need to continue to upskill.