Redefining CyberSecurity

In this BlackCLoak Brand Story, hosts Sean Martin and Marco Ciappelli engage in an in-depth conversation with Founder Chris Pierson, Chief Information Security Officer Ryan Black, and Product Manager Matt Covington. The discussion explores the company’s dedication to protecting security and privacy for CISOs, executives, and high-net-worth individuals.The episode kicks off with Martin and Ciappelli extending a warm welcome to Pierson, Black, and Covington while highlighting the mission-driven approach of BlackCloak. Pierson elaborates on BlackCloak’s unique focus on protecting not just organizations but also extending security measures to the personal lives of executives and their families. This connection underscores the significance of safeguarding home environments, which are increasingly becoming targets for cyberattacks.Covington shares his intriguing journey from having a master's degree in literary theory to becoming involved in cybersecurity, emphasizing the importance of empathy in product development. He explains how BlackCloak's technology seeks to scale its services efficiently by automating repetitive tasks, thereby allowing their experts to focus on critical problem-solving for clients.Throughout the conversation, Ryan Black describes the flexible, personalized concierge service that BlackCloak offers, aimed at addressing the unique security needs of individuals outside the corporate framework. He emphasizes that their approach goes beyond traditional enterprise security, focusing on protecting personal devices and networks that executives use at home.The episode also touches on the emotional and psychological aspects of cybersecurity, illustrating how personal experiences with phishing attacks have driven both Black and Covington in their professional paths. The hosts and guests also discuss the personal side of cybersecurity, addressing behavioral vulnerabilities and the integration of user-friendly technology in personal security measures.Finally, the session highlights the collaborative and proactive culture at Black Cloak, where team members are committed to going above and beyond to protect their clients. This episode offers listeners valuable insights into how BlackCloak is pioneering an empathetic and comprehensive approach to cybersecurity.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-storyGuests: Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]On Linkedin | https://www.linkedin.com/in/drchristopherpierson/On Twitter | https://twitter.com/drchrispiersonRyan Black, Chief Information Security Officer, BlackCloak [@BlackCloakCyber]On LinkedIn | https://www.linkedin.com/in/ryancblack/Matt Covington, VP of Product, BlackCloak [@BlackCloakCyber]On LinkedIn | https://www.linkedin.com/in/mecovington/ResourcesLearn more about BlackCloak and their offering: https://itspm.ag/itspbcwebBlackCloak welcomes Ryan Black: https://www.linkedin.com/posts/blackcloak_personalcybersecurity-cybersecurity-executiveprotection-activity-7198293889777098752-Bd5zAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guests: Kim Wuyts, Manager Cyber & Privacy, PwC Belgium [@PwC_Belgium]On LinkedIn | https://www.linkedin.com/in/kwuyts/On Twitter | https://twitter.com/WuytskiOn Mastodon | https://mastodon.social/@kimwAvi Douglen, CEO / Board of Directors, Bounce Security & OWASPOn LinkedIn | https://www.linkedin.com/in/avidouglen/On Twitter | https://twitter.com/sec_tigger____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of On Location with Sean and Marco, host Sean Martin offers a deep dive into the OWASP AppSec Lisbon event, engaging in a meaningful conversation with Kim Wuyts and Avi Douglen. Sean starts by setting the stage for an insightful discussion focused on privacy, security, and the integration of both in modern application development.Kim Wuyts, a Cyber and Privacy Manager at PwC Belgium, shares her journey from a security researcher to a privacy engineering expert, emphasizing the importance of privacy threat modeling and the intricate balance between security and privacy. She explains how privacy not only strengthens security but also involves complex considerations like legal, ethical, and technological aspects. Kim highlights the need for companies to adopt privacy by design, ensuring data is used with care and transparency, rather than merely being collected and stored.Avi Douglen, Lead Consultant at Bounce Security, brings his experience in threat modeling to the conversation, recounting his learning curve in understanding the depths of privacy beyond mere confidentiality. He speaks about the importance of educating security engineers on privacy considerations and using value-driven security to protect stakeholders' interests. Avi stresses that privacy and security should be integrated from the beginning of the application development process to avoid clashes and ensure robust, privacy-respecting systems.Throughout the discussion, the guests delve into various privacy engineering practices, including data minimization, the handling of meta-information, and the potential conflicts between security requirements and privacy needs. They touch on real-world scenarios where privacy can enhance overall security posture and how privacy engineering aligns with compliance requirements such as GDPR.Sean, Kim, and Avi also explore the concept of architectural data mapping and selecting the right components for privacy. They discuss the evolving skill set required for privacy engineering and how integrating privacy with existing security practices can add significant value to any organization.The episode concludes with a look at the upcoming training session at the OWASP AppSec event in Lisbon, emphasizing the need for a diverse audience, including security engineers, privacy professionals, and developers. This session aims to foster a collaborative environment where participants can expand their knowledge and apply practical privacy by design principles in their work.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBVBe sure to share and subscribe!____________________________ResourcesTraining: https://lisbon.globalappsec.org/trainings/#sku_PPBDThreat modeling manifesto: https://www.threatmodelingmanifesto.org/Learn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrf Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Jim Manico, Founder and Secure Coding Educator, Manicode SecurityOn LinkedIn | https://www.linkedin.com/in/jmanico/On Twitter | https://x.com/manicode____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of On Location with Sean and Marco, host Sean Martin engages in a compelling discussion with Jim Manico about the current landscape of application security. Jim, a notable leader in the field, delves into several critical topics surrounding application security and its evolving challenges.The conversation opens by touching on the significant influence of artificial intelligence (AI) on application security, suggesting a future episode dedicated entirely to exploring this complex topic. They then shift focus to the necessity of having a formalized approach when dealing with security vulnerabilities. Jim underscores the importance of planning and preparation before tackling security threats, emphasizing that structured processes lead to more effective management of potential issues.A significant portion of the dialogue explores the challenges associated with identifying and managing vulnerable or outdated libraries within codebases. Jim and Sean discuss how modern development practices often lead to the incorporation of various libraries, each of which can introduce potential security risks if not properly maintained. The intricacies of keeping these libraries updated to prevent vulnerabilities are highlighted, including the frequent necessity of updating or replacing libraries to ensure robust security.Jim also touches upon the noise generated by automated security findings, which can overwhelm development teams with alerts and potential issues. He stresses the value of effectively prioritizing and addressing these findings to ensure that the most critical vulnerabilities are tackled promptly, reducing the risk of exploitation.Throughout the episode, Jim and Sean highlight the balance that must be struck between developing new features and maintaining a secure, resilient application environment. Ensuring that security is integrated into the development lifecycle rather than being an afterthought is a recurring theme in their discussion.This engaging episode provides listeners with a deep dive into the strategic and tactical aspects of application security, offering valuable insights and practical advice on navigating the often complex and ever-evolving security landscape.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBVBe sure to share and subscribe!____________________________ResourcesTraining: https://lisbon.globalappsec.org/trainings/#sku_ASTJMOWASP ASVS: https://github.com/OWASP/ASVS/tree/master/5.0/enOWASP Cheatsheet Series: https://cheatsheetseries.owasp.org/Learn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrf Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guests: Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead, National Institute of Standards and Technology [@NISTcyber]On LinkedIn | https://www.linkedin.com/in/julie-haney-037449119/On Twitter | https://x.com/jmhaney8?s=21&t=f6qJjVoRYdIJhkm3pOngHQDr. Cori Faklaris, Assistant Professor, University of North Carolina at Charlotte [@unccharlotte], Director, Security and Privacy Experiences (SPEX) research group [@SPEX_lab]On LinkedIn | https://www.linkedin.com/in/corifaklaris/On Twitter | https://twitter.com/heycoriOn Mastodon | https://hci.social/@HeycoriOn Facebook | https://www.facebook.com/heycori____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this new episode of the Redefining CyberSecurity Podcast, host Sean Martin and co-host Julie Haney welcomed Dr. Cori Faklaris, an assistant professor at the University of North Carolina, Charlotte, to discuss the intricate relationship between human-centered research and cybersecurity. Dr. Faklaris, who leads the Security and Privacy Experience Research Group at the university, shared valuable insights on the intersection of human behavior and security practices.The episode delved into Dr. Faklaris' extensive research on security attitudes and behaviors. She introduced the Security Attitudes (SA) scales, particularly the SA-6 and SA-13, which are tools designed to measure people's security attitudes. These scales provide a reliable and valid means to gauge individuals' perspectives on cybersecurity, which can be critical for organizations looking to enhance their security training programs. By regularly measuring security attitudes before and after training, organizations can assess the effectiveness of their initiatives and identify areas for improvement. Dr. Faklaris emphasized the importance of considering not just attitudes but also social norms and perceived behavioral control when examining security behaviors.A significant portion of the discussion centered around the challenges posed by smishing—phishing attacks conducted via SMS. Dr. Faklaris highlighted that younger people and college students are particularly vulnerable to such attacks. Her research indicates that demographic factors can influence susceptibility to smishing, underscoring the need for targeted awareness campaigns and tailored security measures.The episode also touched on the broader implications of trust and usability in communication systems, with Dr. Faklaris stressing the importance of clear and trustworthy communication channels to prevent user fatigue and mistrust. In addition to her academic endeavors, Dr. Faklaris is spearheading a new cybersecurity clinic at UNC Charlotte. This initiative aims to support local organizations, particularly small businesses and non-profits, by providing them with valuable cybersecurity guidance and services free of charge. The clinic, which will involve student teams working on real-world problems, seeks to bridge the gap between academic research and practical application while fostering community engagement and providing hands-on experience to students.The episode serves as a treasure trove of insights for security leaders and practitioners, offering practical advice on enhancing security training and awareness programs. By leveraging research-backed methods and fostering community partnerships, organizations can better navigate the complex human factors that influence cybersecurity practices. Dr. Faklaris' work serves as a powerful reminder of the critical role human-centered approaches play in building robust and effective security frameworks.Top Questions AddressedHow can you measure security attitudes?What is smishing and why are younger people more vulnerable to it?How can organizations utilize human-centered research to enhance their security training programs?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________Resources___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring this show with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplc Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guest: Robin Smith, CISO of Aston Martin [@astonmartin]On LinkedIn | https://www.linkedin.com/in/robin-s-78148a133/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesThe latest episode of "On Location With Marco and Sean" features an in-depth discussion with Robin Smith, the Chief Information Security Officer (CISO) at Aston Martin. Recorded live in the media room at Infosecurity Europe 2024 in London, this episode explores the essential role of culture in cybersecurity. Sean Martin and Marco Ciappelli guide the conversation, touching on everything related to the complexities of organizational security culture.The IcebreakerThe conversation kicks off with some light-hearted banter about yogurt and its cultural significance, setting a relaxed tone before diving into the serious business of cybersecurity. Sean and Marco's playful exchange effectively breaks the ice, before Sean introduces Robin Smith, emphasizing how this conversation is the final one in their Infosecurity Europe coverage. Robin reciprocates with a warm thank you, before sharing insights on Aston Martin’s cybersecurity culture.Life at Aston MartinRobin elaborates on his role at Aston Martin, revealing that he considers himself the "luckiest man in cyber." He explains how a commitment to high-quality IT initially existed at Aston Martin but not a fully developed cybersecurity culture. Over the past three years, his mission has been to build that culture, aligning it with Aston Martin’s values and brand prestige.Building a Cybersecurity CultureRobin describes how he introduced a comprehensive security program that aligns with Aston Martin’s renowned design and engineering standards. He discusses the importance of integrating cybersecurity as a full-spectrum approach to business improvement, not just a technological add-on.Lessons LearnedThe conversation shifts to some of the challenges and failures encountered along the way. Robin recounts an ambitious but ultimately unsuccessful attempt to engage the board with an open-source intelligence report on their personal information. Though the exercise did not go as planned, it provided invaluable lessons on cultural sensitivity and resource allocation.The Vision for the FutureRobin and Sean discuss the forward-thinking mindset necessary to navigate both immediate and long-term cybersecurity challenges. Robin emphasizes the need for a balanced approach that combines visionary planning with effective tactical response. He highlights Aston Martin's ambition for full automation and AI-driven security measures.Impact on Customers and CommunityMarco Ciappelli raises the question of how this robust security culture affects Aston Martin's customers. Robin assures that high-value customers expect the best, including top-notch security. He underscores the importance of securing the entire value chain, from suppliers to dealership networks.Community and CollaborationSean explores the role of community among CISOs. Robin shares his positive experiences with the automotive CISO community, emphasizing the value of honest and sometimes brutal feedback. This collaborative environment helps him and his peers continually improve their security programs.Wrapping UpAs the conversation winds down, both hosts thank Robin for his insights. They reflect on the passion and dedication evident in the cybersecurity community throughout the event. Sean invites Robin for another discussion on cyber futurism, hinting at more intriguing conversations to come.Marco and Sean close the episode by thanking their audience and expressing their excitement for future events. They hope to see everyone again at next year's Infosecurity Europe, promising more engaging content and enlightening discussions.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverageOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4QkrBe sure to share and subscribe!____________________________ResourcesLearn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrf Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guests:  Marcin Gajkowski, Head of Liability Underwriting Team, Generali PolandOn LinkedIn | https://www.linkedin.com/in/marcin-gajkowski-4a6685134/ Michal Balwinski, Senior Underwriter and Cyber Practice Leader, Generali PolandOn LinkedIn | https://www.linkedin.com/in/micha%C5%82-balwi%C5%84ski-136105197/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesExploring Cyber Insurance Nuances Across Europe with Generali Poland at InfoSecurity Europe 2024Picture this: bustling conversations, gleaming booths, and thought-provoking sessions at InfoSecurity Europe 2024, held in the vibrant city of London. Amidst this atmosphere, Sean Martin and Marco Ciappelli of "On Location With Marco and Sean" invite listeners into a fascinating discussion focusing on the intricacies of cyber insurance within Europe. Joined by two brilliant minds from Generali Poland, Marcin Gajkowsky and Michal Balwinski, this episode immerses us into understanding cyber insurance and its varied landscape across the continent.Setting the Scene: InfoSecurity Europe 2024The episode kicks off with Marco and Sean's characteristically witty banter. They joked about their numerous travels and questioned their whereabouts, reflecting the lively and spontaneous spirit of live recording. They also introduce their esteemed guests, Marcin Gajkowsky and Michal Balwinski, from Generali Poland. The discussion's setting is none other than the renowned InfoSecurity Europe event, where cybersecurity professionals gather to forge connections and share innovative security solutions.Understanding Cyber Insurance: Perspectives from Generali PolandMarcin Gajkowsky, leading Generali Poland's Liability Team, opens up about his journey into cyber insurance. Despite his initial background in casualty and professional indemnity underwriting, Gajkowsky has grown passionate about the potential and challenges of cyber insurance, especially within Poland. With the deployment of their local cyber insurance policy in 2021, Generali Poland has committed to navigating and shaping this emerging market.Michal Balwinski, a senior underwriter and cyber insurance practice leader at Generali Poland, delves further into the policies and market dynamics. He highlights the significant knowledge gap in Central and Eastern Europe, a relic of historical and geopolitical contexts. This awareness gap necessitates steps for thorough market education and awareness building, ensuring businesses understand and value the importance of cyber insurance.Market Dynamics: Diversity Across EuropeBalwinski emphasizes the differing levels of cyber risk awareness across Europe. The UK, Western Europe, and the Mediterranean regions each present unique insurance needs and challenges based on their levels of digital sophistication and historical development. Poland's market reveals a stark contrast with larger enterprises adopting sophisticated vendor technologies akin to global banks, while smaller and mid-sized companies lag behind, often unaware of the essential benefits and protections cyber insurance provides.Adapting to the Market: Educational and Technological PartnershipsReflecting on the unique role of cyber insurance, the Generali Poland team outlines their approach to nurturing client relationships. They provide comprehensive risk assessments, engaging conversations, and tailored recommendations. True to their philosophy, Generali Poland extends beyond the role of mere policy provider, establishing themselves as committed partners in their clients' cybersecurity journeys.One pivotal shift in insurance strategy involved offering additional prevention tools alongside policies, such as an anti-phishing package equipped with cutting-edge security kits. The goal is to bridge the evident gap in cyber preparedness among smaller enterprises, ensuring they have robust mitigation measures in place before a policy comes into effect.Resilience and Ransomware: To Pay or Not to Pay?A highlight of the discussion revolves around ransomware and the ethical and practical dilemmas associated with ransom payments. Marcin and Michal elucidate Generali Poland's firm stance against paying ransoms, except in extraordinary circumstances where lives are at stake. They stress that paying ransoms perpetuates the cycle of cybercrime funding and escalation. Instead, their approach focuses on bolstering clients' overall cyber resilience through comprehensive support, including 24/7 incident response services, business interruption coverage, and holistic risk management.Conclusion: Building a Borderless Cyber-Aware FutureAs the insightful conversation wraps up, Marco and Sean underscore the importance of cross-cultural exchange and the collective effort required to bolster cybersecurity awareness. They highlight the universal nature of cyber threats, transcending borders and demanding collaborative action.This captivating episode serves as a testament to the power of open dialogue and education in fostering a more secure digital landscape. As we move forward, the lessons from Generali Poland's proactive approach to cyber insurance will undoubtedly resonate across the industry, setting a precedent for future advancements in the field.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverageOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4QkrBe sure to share and subscribe!____________________________Resources Reducing Risk and Costs in a Rapidly Changing Cyber Insurance Landscape with Phishing-Resistant MFA: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.3783.218914.reducing-risk-and-costs-in-a-rapidly-changing-cyber-insurance-landscape-with-phishing_resistant-mfa.htmlLearn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrf Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guests: Madelein van der Hout, Senior Analyst Security & Risk at Forrester [@forrester]On LinkedIn | https://www.linkedin.com/in/madelein-van-der-hout-65452025/On Twitter | https://x.com/HoutMadeleinPaul McKay, Vice President, Research Director at Forrester [@forrester]On LinkedIn | https://www.linkedin.com/in/paul-mckay-5304a115/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesThe Human Side of CybersecurityInfosecurity Europe 2024 in London brought together some of the industry's most knowledgeable professionals. Marco Ciappelli and Sean Martin, your hosts, were joined by Madeline Van Der Hout, Paul McKay, both from Forrester, and various other experts to discuss the latest trends, challenges, and solutions within the cybersecurity landscape. This exciting episode of "On Location With Marco and Sean" dives deep into essential topics such as the significant role of the human element in cybersecurity, skill shortages, industry fragmentation, and future trends.Reimagining Cybersecurity: Back to the FutureThe episode begins with a nostalgic touch as Sean Martin and Marco Ciappelli discuss the iconic movie "Back to the Future". Drawing a parallel between the film's theme of time travel and the evolving cybersecurity landscape, they emphasize how the industry might benefit from lessons of the past while anticipating the future.The Reality of Cybersecurity InnovationMadeline Van Der Hout and Paul McKay shed light on the changing dynamics of cybersecurity events. Paul mentions that events like Infosecurity Europe must now compete with other regional events like CyberSec Europe in Brussels. This healthy competition fosters localized insights and innovations.Madeline adds that cybersecurity innovation often stems from startups. She believes these events stimulate larger vendors to communicate with smaller startups, thus supporting the entire ecosystem.API Security: A Case for ConsolidationBoth Paul and Madeline reflect on the notable presence of API security vendors at the conference. Madeline points out the consolidation in the market driven by various approaches to API security. CISOs today expect API security to be an integral part of their infrastructure, driving the conversation towards prioritization and efficient resource management.The Human Element and Mental HealthOne of the crucial points discussed was the significant skill shortage in the cybersecurity industry. Madeline stresses the need for more conversations around mental health and burnout prevention among cybersecurity professionals. Paul supports this by highlighting common hiring challenges where organizations are often looking for the "purple squirrel" or the "five-legged sheep."Training and Educating Future TalentThe conversation moves towards the barriers to entry for new talent in the industry. Both experts agree that focusing on certifications alone can create a class divide. Paul argues that this practice restricts access to the industry for those unable to afford costly certifications.Madeline emphasizes the need to work closely with HR departments to create better job profiles and hiring practices. This could alleviate some of the industry's talent shortages.Cybersecurity's Future: More Than Just a Business ProblemMadeline takes a broader view by asserting that cybersecurity is not just a business problem. It's a civilian issue as well, affecting everyone with a digital footprint. She encourages leveraging the power of informed voting and education to address cybersecurity at a societal level.Data-Driven Decision Making: The Key to Security's EvolutionSean Martin concludes by discussing the immense data available in the cybersecurity sector. He emphasizes the potential for the industry to drive businesses by making better, data-driven decisions. Paul agrees, pointing out the need for cybersecurity to evolve similarly to how the CIO function has over the years.Conclusion: A Call for Innovation and HumanityThe episode wraps up by reinforcing the focus on the human element. Marco highlights the need to utilize existing resources effectively rather than being distracted by the latest technological gadgets. Madeline's call to talk more about humans in every cybersecurity breach serves as a profound takeaway.As the conversation echoes through the media room at Infosecurity Europe 2024, it's clear that the journey forward in cybersecurity involves a blend of technology, human touch, and innovative thinking.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverageOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4QkrBe sure to share and subscribe!____________________________ResourcesLearn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrf Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Guests:Brian Honan, Founder, BH ConsultingOn LinkedIn: https://www.linkedin.com/in/brianhonan/On X: https://x.com/BrianHonanSuk Paul, Director - EMEA Services GTM, Kudelski SecurityOn LinkedIn: https://www.linkedin.com/in/suk-paul-mba-99757412/Heather Lowrie, Chief Information Security Officer (CISO), The University of ManchesterOn LinkedIn: https://www.linkedin.com/in/heather-lowrie/On X: https://x.com/HeatherELowrieTim Grieveson, Senior Vice President - Global Cyber Risk Advisor, BitsightOn LinkedIn: https://www.linkedin.com/in/timgrieveson/On X: https://x.com/timgrievesonDaniel Lattimer, Area Vice President - EMEA West, SemperisOn LinkedIn: https://www.linkedin.com/in/daniel-lattimer-37533016/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesWATCH THE VIDEO: https://youtu.be/3VQ5VsD-DKQIn recent news, the NHS has been severely impacted by a ransomware cyber attack. This once again highlights the vulnerability of critical infrastructure to cyber threats. In this episode of ITSPmagazine, Marco Ciappelli and Sean Martin dive into this alarming incident while at the InfoSecurity Europe event in London, engaging with a panel of esteemed professionals in the field of information security.One of the significant themes that emerged from the conversation is that cybercrime is no longer the domain of rogue teenage hackers working from their basements. As Brian Honan emphasized, cybercriminals today are often part of organized crime syndicates involved in drug trafficking, arms dealing, and human trafficking. They are driven by financial gain and are willing to go to great lengths to achieve their goals.This particular incident affected NHS pathology services, causing surgeries and blood transfusions to be canceled or postponed, directly impacting patient care. Suk Paul pointed out that this kind of attack is not isolated. Since the conflict in 2022, the UK has witnessed a rise in cyber-attacks on public infrastructure, including hospitals and universities. He stated that the human intelligence element is crucial in identifying the techniques and methods used in such attacks.The conversation also shed light on the complexity of managing third-party supply chain risk. Heather Lowrie suggested considering cybersecurity as a business enabler and not just a technical issue. She stressed the need for robust communication and collaboration between internal teams, external partners, and even at the board level to create a resilient cybersecurity posture.To this end, Tim Grieveson echoed the importance of having a security leader with excellent communication skills who can align security strategies with business outcomes. This alignment is particularly essential in critical sectors like healthcare, where the focus is on maintaining patient-centric care.Furthermore, Daniel Lattimer highlighted the challenges faced by the NHS in funding cybersecurity measures. He mentioned that while the NHS has made strides in improving its cybersecurity capabilities, there is still a dilemma of prioritizing between lifesaving patient care and investing in cybersecurity. More specific guidance and a legislative approach similar to US standards could help in achieving minimum security standards.Brian Honan described the importance of legislative measures like the EU's Digital Operations Resilience Act (DORA) and the Network and Information Security Directive (NIS2), which focus on resilience in critical infrastructure. The key is not just to prevent cyber-attacks but to ensure continuity of services during and after an attack.During the discussion, a repeated point was the inevitability of cyber incidents and the need for preparation and response. Tim Grieveson stressed the necessity of identifying critical assets and vulnerabilities, communicating risks to the board, and developing a clear response plan. He pointed out that it is not just about the technical aspects but also about storytelling and helping the organization understand the real-world implications of cyber risks.The significance of cross-sector collaboration was also highlighted. Heather Lowrie noted that cyber threats are a societal challenge, not limited to individual organizations or sectors. Therefore, collective preparation and response are crucial for building resilience against cyber threats. She called for more exercises within and across sectors to prepare teams for real-world events.Lastly, the episode discussed the ethical dilemma of paying ransoms. Brian Honan strongly advocated against paying the ransom, citing the lack of guarantee that systems would be restored securely and the need to rebuild trust in affected devices. Instead, the focus should be on robust preparation and managing supply chain security. In conclusion, this episode underscored the pervasive threat of cyber-attacks on critical infrastructure and the multifaceted approach needed to tackle these challenges.From enhancing third-party risk management to legislative support, cross-sector collaboration, and ethical considerations, the conversation provides a comprehensive overview of the current state of cybersecurity in the healthcare sector. It highlights the urgent need for continuous improvement and resilience to protect not only systems but ultimately, patients' lives.Top Questions AddressedHow can the impact of the ransomware attack on the NHS best be described?How can organizations better manage third-party supply chain risk in cybersecurity?What are the ethical considerations and implications of paying ransom in cyberattacks?Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverageOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4QkrBe sure to share and subscribe!____________________________ResourcesLearn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrf Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Here we are, once again from the bustling show floor at Infosecurity Europe 2024 in London, situated at the Excel Centre. Sean Martin of ITSP Magazine is your host, and he's joined by Dror Liwer, co-founder of CORO Security. Both are excited to dive deep into how CORO is expanding its focus into the European market.Day Three: Nonstop Conversations and PresentationsFrom the get-go, Dror shares his enthusiasm about being part of this prestigious event for the first time. With a primary presence in the U.S., CORO is now aggressively moving into EMEA, starting right here in London. This move is in response to increasing demand from small to medium-sized enterprises (SMEs) in Europe who need robust cybersecurity solutions.Addressing the Security Needs of SMEsSean recalls the comprehensive capabilities of CORO discussed in previous episodes. CORO provides multiple layers of security tailored to an organization’s specific needs, such as regulatory requirements, budget, and staffing capabilities. Sean encourages everyone to revisit those insightful seven-minute chats from RSA Conference to get an in-depth view.Dror emphasizes that CORO is unique in targeting the mid-market from the ground up, unlike other companies that retrofit enterprise solutions to fit smaller businesses. With a focus on simplicity and powerful protection, CORO ensures that its solutions are manageable even for lean IT teams.Navigating the Complexities of EuropeOne of the significant discussions revolves around the differences between the U.S. and European markets. While Sean and Dror acknowledge the similar types of cyber threats faced globally, operational nuances like data residency and privacy regulations differ widely across Europe. CORO has established a data center in Germany to comply with local data residency requirements, ensuring that email and file inspections stay within the EU boundaries.Real-World Applications and ChallengesSean drives the conversation into the specific challenges CORO has faced and the different attack scenarios in Europe compared to the U.S. Dror mentions that while SME awareness of being targets has been prevalent in the U.S. for a while, European SMEs are just beginning to realize the same. As a result, CORO is educating this market about the imminent threats and how to efficiently protect against them without becoming overwhelmed.The Importance of AffordabilityDror and Sean discuss the financial challenges faced by SMEs, such as difficult decisions on whether to invest in cybersecurity or other critical needs like educational resources. Dror emphasizes that CORO has priced its suite of security solutions to remove this barrier, making comprehensive coverage affordable for even the smallest enterprises.Team and Technology: The Backbone of COROThe conversation takes a moment to appreciate CORO’s dedicated team. Sean praises the high energy and mutual support visible at CORO’s booth. Dror points out that customer reviews often highlight how easy it is to work with CORO—a testimony to the company’s dedication to protecting overlooked small and mid-sized businesses.The Future of SME CybersecurityCORO aims to remove the guesswork ("threat roulette”) for SMEs by providing an all-encompassing platform that is accessible and easy to manage. This approach ensures that small businesses can protect themselves comprehensively without the need to prioritize between different threat vectors due to budget constraints.CORO’s MissionAs the conversation winds down, Dror reiterates CORO's mission to protect SMEs globally and make cybersecurity as effortless as possible. Sean encourages attendees of Infosecurity Europe to visit CORO's dynamic and innovative booth, and for those who cannot make it, to check out CORO online. For more information, visit CORO's website at Coro.netThanks to everyone for joining us. Expect more exciting updates from CORO, possibly next time from Las Vegas!Learn more about CORO: https://itspm.ag/coronet-30deNote: This story contains promotional content. Learn more.Guest: Dror Liwer, Co-Founder at Coro [@coro_cyber]On LinkedIn | https://www.linkedin.com/in/drorliwer/ResourcesLearn more and catch more stories from CORO: https://www.itspmagazine.com/directory/coroView all of our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In the dynamic and ever-changing world of cybersecurity, it is crucial to remain at the forefront of addressing vulnerabilities, implementing innovative solutions, and getting to know companies that are making a differences in this industry. At Infosecurity Europe 2024 in London, Sean Martin sits down with Francesco Cipollone, co-founder of Phoenix Security, to discuss the company’s journey, achievements, and unique value propositions, highlighting their significant impact within the cybersecurity community.Setting the StageThe bustling environment of Infosecurity Europe 2024 serves as the backdrop for an engaging conversation about the latest cybersecurity trends. Martin and Cipollone delve into Phoenix Security’s origins as an internal project at HSBC, aimed at addressing engineer burnout by improving communication and prioritization in vulnerability management.Phoenix Security’s Journey and VisionCipollone explains how Phoenix Security was created to help engineers avoid burnout, originally focusing on solving communication and prioritization challenges in vulnerability management. This initiative quickly evolved into a comprehensive solution that bridges the gap between security and engineering teams by providing actionable risk assessments and automating decision-making processes.Innovative Solutions for Modern Cybersecurity ChallengesPhoenix Security stands out by offering powerful tools that streamline vulnerability management across enterprise systems. Their platform allows for better scheduling of workloads and prioritization of tasks, significantly reducing the time it takes to address vulnerabilities from hours to just minutes. This efficiency not only prevents engineer burnout but also ensures that security measures are implemented effectively.Success Stories and Client FeedbackCipollone shares success stories from clients like ClearBank, who have benefited from real-time, up-to-date asset inventory and operational insights. By using Phoenix Security, these organizations can engage in informed risk-based decision-making, enabling security teams to focus on high-impact vulnerabilities and maximize risk reduction.Expanding Reach Through Strategic PartnershipsHighlighting the importance of collaboration, Cipollone mentions Phoenix Security’s recent partnership with Booncheck. This partnership integrates advanced threat intelligence into the Phoenix platform, offering clients access to a wealth of vulnerability data and enabling more effective risk management strategies.ConclusionThe conversation concludes with insights into future security trends and Phoenix Security’s commitment to innovation and community-driven solutions. Cipollone emphasizes that Phoenix Security aims to simplify decision-making processes, giving engineers and security professionals more time to focus on what truly matters.We encourage all ITSPmagazine viewers and listeners to connect with the Phoenix team, download their new book, and stay tuned for more updates from Infosecurity Europe 2024.Learn more about Phoenix Security: https://itspm.ag/phoenix-security-sx8vNote: This story contains promotional content. Learn more.Guest: Francesco Cipollone, CEO & Founder at Phoenix Security [@sec_phoenix]On LinkedIn | https://www.linkedin.com/in/fracipo/On Twitter | https://twitter.com/FrankSEC42ResourcesLearn more and catch more stories from Phoenix Security: https://www.itspmagazine.com/directory/phoenix-securityView all of our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.