Redefining CyberSecurity

Guests: Ryan T. Patrick, Vice President of Adoption, HITRUSTOn LinkedIn | https://www.linkedin.com/in/ryan-patrick-3699117a/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin____________________________Episode NotesIn On Location Podcast episode, Sean Martin had a recap conversation with Ryan T. Patrick, engaging about the pivotal topics surrounding HITRUST and its Collaborate Conference. Ryan Patrick, Director of Corporate Audit and Compliance Operations at HITRUST, provided insightful commentary on HITRUST's mission and its recent initiatives to strengthen cybersecurity and compliance across various sectors. Throughout the episode, Ryan emphasized the significance of HITRUST's annual event, Collaborate. The conference serves as a central hub for customers, assessors, partners, auditors, security, and privacy professionals to share insights and build relationships.One key discussion topic was the evolving concept of continuous assurance. Ryan highlighted how HITRUST is striving to transform annual assessments into a continuous process, enabling organizations to better manage and understand their security posture throughout the year. This shift aims to make security and compliance efforts more proactive and less burdensome.Sean and Ryan also touched on the important role of HITRUST's Results Distribution System (RDS). This innovative system allows organizations to receive structured assessment results, which can be integrated seamlessly into GRC platforms like ServiceNow. By utilizing RDS, companies can more effectively compare vendor assessments and manage risk in a streamlined manner.Another significant highlight from the conference was the announcement of HITRUST's first AI security certification. Set to launch in December, this certification will provide a comprehensive framework for securing AI technologies. Ryan explained that this initiative addresses the rising concerns around AI security by focusing on the controls needed to safeguard AI deployments. In addition, the certification will ensure that the underlying infrastructure supporting AI meets high-security standards.Cyber insurance was another critical topic discussed. HITRUST's partnership with leading insurers has led to the creation of a cyber insurance product tailored for HITRUST-certified organizations. This product offers a 25% premium reduction for those who achieve HITRUST certification, potentially leading to lower premiums and higher coverage limits. Ryan noted that the product is designed to reward organizations that have demonstrated robust cybersecurity practices through their HITRUST certification.The conversation wrapped up with a mention of HITRUST's impressive Trust Report statistics. According to Ryan, less than 1% of HITRUST-certified organizations experienced a security breach in the past two years, compared to over 50% of non-certified entities. This stark difference underscores the effectiveness of HITRUST's rigorous assessment and certification process in enhancing organizational security. Ryan’s insights during this episode illuminate the critical role HITRUST plays in advancing cybersecurity and compliance.The initiatives discussed not only demonstrate HITRUST's commitment to innovation but also highlight practical steps organizations can take to fortify their security posture and achieve greater assurance in an increasingly interconnected world. This collaborative spirit and dedication to continuous improvement continue to set HITRUST apart as a leader in the field.____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitweb____________________________Follow our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texasBe sure to share and subscribe!____________________________ResourcesLearn more about HITRUST Collaborate 2024 and register for the conference: https://itspm.ag/hitrusmxayLearn more about and hear more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrf

The focus is on HITRUST assessments, specifically the e1 certification, which provides an entry-level approach to cybersecurity compliance. The session emphasizes that compliance is an ongoing process and highlights the HITRUST e1 framework's adaptability to evolving threats. It also discusses the value proposition of the e1 certification, its affordability, and its suitability for low-risk organizations, as well as its synergies with existing SOC2 and ISO certifications.A-LIGN was founded in 2009 by CEO Scott Price to help companies like yours navigate the complexities of cybersecurity and compliance by offering customized solutions that align specifically with each organization’s unique goals and objectives. We believe your business can reach its fullest potential by aligning compliance objectives with strategic objectives. Working with small businesses to global enterprises, A‑LIGN’s experts coupled with our proprietary compliance management platform, A‑SCEND, are transforming the compliance experience.A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor.Learn more about A-LIGN: https://itspm.ag/a-lign-uz1wNote: This story contains promotional content. Learn more.Guest: Shreesh Bhattarai, Director of HITRUST, A-LIGN [@aligncompliance]On LinkedIn | https://www.linkedin.com/in/shreesh-bhattarai-cisa-ccsk-hitrust-ccsfp-chqp-5a052837/ResourcesLearn more and catch more stories from A-LIGN: https://www.itspmagazine.com/directory/a-lignLearn more about HITRUST: https://itspm.ag/itsphitwebLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The latest episode of 7 Minutes on ITSPmagazine, recorded during the Black Hat Sector 2024 event in Toronto, Canada, brings insights from the dynamic world of cybersecurity training and education. Hosted by Sean Martin, the discussion features Rushmi Hasham, Director of Strategic Partnerships, and Vasu Daggupaty, Manager of Strategic Partnerships and Investments, both from Rogers Cybersecure Catalyst.Rogers Cybersecure Catalyst, a non-profit organization operated by Toronto Metropolitan University, serves as the university’s national hub for cyber education. The organization’s focus spans three primary areas: training individuals to become cybersecurity professionals, helping organizations to bolster their cyber safety measures, and assisting cybersecurity founders in bringing their innovative solutions to the market.Vasu Daggupaty explains that the Catalyst’s training programs certify individuals with the necessary credentials to be employable in the cybersecurity field. Moreover, organizations receive guidance on enhancing their incident response strategies and other critical safety practices. An essential part of their mission is also supporting innovators in launching new cybersecurity products and services.The episode highlights a compelling story of Gina, a former nurse transitioning into a cybersecurity analyst role. This transformation exemplifies the success of the Catalyst’s Accelerated Rapid Training Program. Rushmi Hasham elaborates on the program’s design, which caters to mid-life career changers, providing a seven-month intensive course in collaboration with the SANS Institute. The program equips participants with hands-on skills, transitioning knowledge, and career development, ensuring they are job-ready upon completion.Additionally, the Catalyst’s corporate training services include non-technical tabletop exercises to prepare executives for real-life cyber threats. They also offer a cyber range where clients can safely engage with live malware to elevate their technical response capabilities. This comprehensive approach is instrumental in addressing Canada’s cybersecurity skills shortage and enhancing the nation’s defensive posture. The episode concludes with an invitation to explore the Catalyst's investment initiatives aimed at fortifying cybersecurity innovations and talent development across Canada.Learn more about Rogers Cybersecure Catalyst: https://itspm.ag/rogershxbpNote: This story contains promotional content. Learn more.Guests: Rushmi Hasham, Director of Strategic Partnerships, Rogers Cybersecure CatalystOn LinkedIn | https://www.linkedin.com/in/rushmi-hasham-9523554/Vasu Daggupaty, Manager, Partnerships & Investment, Rogers Cybersecure CatalystOn LinkedIn | https://www.linkedin.com/in/vdaggupaty/ResourcesLearn more and catch more stories from Rogers Cybersecure Catalyst: https://www.itspmagazine.com/directory/rogers-cybersecure-catalystLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Schellman, founded in 2002 as SAS 70 Solutions, was originally focused on just one audit standard; the SAS 70 (subsequently replaced by SOC 2). As the client base grew so did the request to perform other audits outside of the SAS 70. Schellman grew its offerings over the past 20+ years by identifying client needs and then determining if we have the skillset and expertise to deliver high quality work. We have always stayed true to our core strengths and expertise, which is why Schellman is the only Top 100 CPA firm that specializes in IT Audit and Cybersecurity.Schellman provides full-spectrum cybersecurity third-party audits, assessments, and certifications. In a marketplace with growing cybersecurity compliance needs, organizations are struggling to incorporate additional framework and regulations in an efficient and effective way. At Schellman we harnesses our expertise and deep knowledge across the compliance standards to roadmap audits throughout the year that promotes the highest return on evidence collection and subject matter expert time.By performing specific assessments in a staggered or parallel fashion, Schellman is able to collect once and test many; both in terms of information from subject matters experts and evidence from business stakeholders. The broad range of our compliance offerings, along with our combined audit approach and depth of expertise sets Schellman apart. Schellman's approach was built to provide expertise and quality work while valuing and respecting the time and stress assessments/audits place on an organization.Learn more about Schellman: https://itspm.ag/schellman9a6vNote: This story contains promotional content. Learn more.Guests:Michael Parisi, Head of Client Acquisition, Schellman [@Schellman]On LinkedIn | https://www.linkedin.com/in/michael-parisi-4009b2261/Ryan Meehan, Director, Schellman [@Schellman]On LinkedIn | https://www.linkedin.com/in/ryan-meehan-cisa-cissp-ccsfp-iso-lead-cipp-71a5939ResourcesLearn more and catch more stories from Schellman: https://www.itspmagazine.com/directory/schellmanLearn more about HITRUST: https://itspm.ag/itsphitwebLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this 7 Minutes on ITSPmagazine Short Brand Story recorded during Black Hat SecTor 2024, host Sean Martin sits down with Michael Mychalczuk, Director of Product Management for ArcSight at OpenText, to dissect the complexities of multi-cloud environments. Hosted during Black Hat SecTor 2024 in Toronto, they share invaluable insights into why businesses are increasingly finding themselves managing multiple cloud services.Mychalczuk explains that while many organizations initially hoped to stick with a single cloud provider, factors such as mergers, acquisitions, and specific technological pushes from giants like Microsoft and Google have made multi-cloud unavoidable. This proliferation presents unique challenges, particularly in maintaining security across varied platforms. He highlights the critical need for collaboration between security operations and IT operations teams. “No one person can know all of this,” Mychalczuk notes, emphasizing the importance of teamwork and specialization. He advises focusing on essential areas like identity management and automation to minimize human error and ensure consistent and secure deployments.Sean Martin and Michael Mychalczuk also discuss the importance of leveraging technologies such as Kubernetes and container security to manage and secure multi-cloud environments effectively. Mychalczuk stresses the value of robust monitoring tools like ArcSight to detect and respond to threats across these diverse systems, ultimately enabling businesses to succeed securely in today’s fast-paced world. In closing, the emphasis on understanding one’s maturity as a security operations team and aligning efforts accordingly stands out as a key takeaway.Note: This story contains promotional content. Learn more.Guest: Michael Mychalczuk, Director of Product Management at OpenText [@opentext]On LinkedIn | https://www.linkedin.com/in/michaelmychalczuk/ResourcesLearn more and catch more stories from OpenText: https://www.itspmagazine.com/directory/opentextLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Retailers today continue to grapple with unforeseen issues as supply chain attacks become more common and vulnerabilities from third-party sources emerge as major threats.Of the 1,050 C-suite and senior executives surveyed, 86% of respondents anticipate that dynamic computing will enhance operational performance within the next three years, especially in AI strategy development and leveraging sophisticated supply chains. However, 82% acknowledge the increased exposure to risk.In this age of dynamic computing, retail organizations encounter both significant opportunities and risks. With traditional security boundaries fading and conventional security measures proving inadequate, retail leaders must adopt a comprehensive approach to ensure overall cyber resilience.To better achieve cyber resilience in the retail industry, LevelBlue shares five specific steps that can be applied across industries, directly in response to these findings: identify the barriers to cyber resilience; be secure by design; align cyber investment with business; build a support ecosystem; and transform cybersecurity strategies.To learn more, download the complete findings of the 2024 LevelBlue Futures Report: Cyber Resilience in Retail here:https://itspm.ag/levelbjk57Learn more about LevelBlue: https://itspm.ag/levelblue266f6cNote: This story contains promotional content. Learn more.Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber]On LinkedIn | https://www.linkedin.com/in/theresalanowitz/ResourcesLearn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblueLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The Emergence of Innovative Partnerships: As AI becomes increasingly integral across industries, healthcare is at the forefront of adopting these technologies to improve patient outcomes and streamline services. Sean Martin emphasizes the collaboration between StackAware and Embold Health, setting the stage for a discussion on how they leverage HITRUST to enhance healthcare solutions.A Look into StackAware and Embold Health: Walter Haydock, founder and CEO of StackAware, shares the company's mission to support AI-driven enterprises in measuring and managing cybersecurity compliance and privacy risks. Meanwhile, Steve Dufour, Chief Security and Privacy Officer of Embold Health, describes their initiative to assess physician performance, guiding patients toward top-performing providers.Integrating AI Responsibly: A key theme throughout the conversation is the responsible integration of generative AI into healthcare. Steve Dufour details how Embold Health developed a virtual assistant using Azure OpenAI, ensuring users receive informed healthcare recommendations without long-term storage of sensitive data.Assessment Through Rigorous Standards: Haydock and Dufour also highlight the importance of ensuring data privacy and compliance with security standards, from conducting penetration tests to implementing HITRUST assessments. Their approach underscores the need to prioritize security throughout product development, rather than as an afterthought.Navigating Risk and Compliance: The conversation touches on risk management and compliance, with both speakers emphasizing the importance of aligning AI initiatives with business objectives and risk tolerance. A strong risk assessment framework is essential for maintaining trust and security in AI-enabled applications.Conclusion: This in-depth discussion not only outlines a responsible approach to incorporating AI into healthcare but also showcases the power of collaboration in driving innovation. Sean Martin concludes with a call to embrace secure, impactful technologies that enhance healthcare services and improve outcomes.Learn more about HITRUST: https://itspm.ag/itsphitwebNote: This story contains promotional content. Learn more.Guests: Walter Haydock, Founder and CEO, StackAwareOn LinkedIn | https://www.linkedin.com/in/walter-haydock/Steve Dufour, Chief Security & Privacy Officer, Embold HealthOn LinkedIn | https://www.linkedin.com/in/swdufour/ResourcesLearn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrustView all of our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Guests:Helen Oakley, Director of Secure Software Supply Chains and Secure Development, SAPOn LinkedIn | https://www.linkedin.com/in/helen-oakleyOn Twitter | https://x.com/e2hlnOn Instagram |https://instagram.com/e2hlnLarry Pesce, Product Security Research and Analysis Director, Finite State [@FiniteStateInc]On LinkedIn | https://www.linkedin.com/in/larrypesce/On Twitter | https://x.com/haxorthematrixOn Mastodon | https://infosec.exchange/@haxorthematrix____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesSean Martin and Marco Ciappelli kicked off their discussion by pondering the intricacies and potential pitfalls of the AI supply chain. Martin humorously questioned when Ciappelli last checked the entire supply chain of an AI session, provoking insightful thoughts about how people approach AI today.The conversation then shifted as Oakley and Pesce were introduced, with Oakley explaining her role in leading cybersecurity for the software supply chain at SAP and co-founding the AI Integrity and Safe Use Foundation. Pesce shared his expertise in product security research and pen testing, emphasizing the importance of securing AI integrations.Preventing the AI ApocalypseOne of the session's highlights was the discussion titled "AI Apocalypse Prevention 101." Oakley and Pesce shared insights into the potential risks of AI overtaking human roles and discussed ways to prevent a hypothetical AI apocalypse. Oakley humorously noted her experimentation with deep fakes and emphasized the importance of addressing the root causes to avert catastrophic outcomes.Pesce contributed by highlighting the need for a comprehensive Bill of Materials (BOM) for AI, pointing out how it differs from traditional software due to its unique reliance on multiple layers, including hardware and software components.AI BOM: A Tool for Understanding and ComplianceThe conversation evolved into a discussion about the AI BOM's significance. Oakley explained that the AI BOM serves as an ingredient list, akin to what you would find on packaged goods. It includes details about datasets, models, and energy consumption—critical for preventing decay or malicious behavior over time.Pesce noted the AI BOM's potential in guiding pen testing and compliance. He emphasized the challenges that companies face in keeping up with rapidly evolving AI technology, suggesting that AI BOM could potentially streamline compliance efforts.Engagement at the CISO Executive SummitThe speakers touched on SECTOR 2024's CISO Executive Summit, inviting senior leaders to join the conversation. Oakley highlighted the summit's role in providing a platform for addressing AI challenges and regulations. Martin and Ciappelli emphasized the value of attending such events for exchanging knowledge and ideas in a secure, collaborative environment.Conclusion: A Call to Be PreparedAs the episode wrapped up, Sean Martin extended an invitation to all interested in preventing an AI apocalypse to join the broader discussions at SECTOR 2024. Helen Oakley and Larry Pesce left listeners with a pressing reminder of the importance of understanding AI's potential impact.____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitweb____________________________Follow our SecTor Cybersecurity Conference Toronto 2024 coverage: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canadaOn YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllSCvf6o-K0forAXxj2P190SBe sure to share and subscribe!____________________________ResourcesLearn more about SecTor Cybersecurity Conference Toronto 2024: https://www.blackhat.com/sector/2024/index.html____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More 👉 https://itspm.ag/podadplcWant to tell your Brand Story as part of our event coverage?Learn More 👉 https://itspm.ag/evtcovbrfTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcast

SecTor, Canada’s largest cybersecurity conference, today announced the release of its full schedule of Summits for SecTor 2024. The live, in-person event will take place from October 22 to October 24 at the Metro Toronto Convention Centre in downtown Toronto. Summits will take place on Tuesday, October 22 and include:SecTor Executive Summit – This Summit will offer CISOs and other cybersecurity executives an opportunity to hear from industry experts helping to shape the next generation of information security strategy. Sponsors include: Armis, Sysdig, Cyera, and Trend Micro. To apply, please visit blackhat.com/sector/2024/executive-summit.html.Inaugural AI Summit at SecTor – This Summit will take place as part of The AI Summit Series, a global conference and expo series focusing on practical applications of AI technologies. This Summit will underscore the importance of artificial intelligence (AI) as an organization’s newest and greatest weapon within the ever-evolving cybersecurity landscape. Passes can be purchased here: blackhat.com/sector/2024/ai-summit.html.Cloud Security Summit at SecTor – This Summit is Canada’s leading cloud security event featuring keynote speakers, panel discussions, and networking opportunities, and provides an invaluable opportunity for every security professional to engage with leaders and discuss the future of cloud security. Sponsors include: CrowdStrike, Cyera, Kyndryl, Okta, OpenText, StrongDM, Sysdig, and Lookout. Passes can be purchased here: blackhat.com/sector/2024/cloud-summit.html.Note: This story contains promotional content. Learn more.ResourcesLearn more and catch more stories from SecTor Cybersecurity Conference Toronto 2024: https://www.itspmagazine.com/sector-cybersecurity-conference-2024-cybersecurity-event-coverage-in-toronto-canadaLearn more about 2 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

About the CISO Circuit SeriesSean Martin and Michael Piacente will join forces roughly once per month to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin.____________________________Guests: Michael Piacente, Managing Partner and Cofounder of Hitch PartnersOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacenteMandy Huth, Global CISO - VP of Cybersecurity, Kohler Co.On LinkedIn | https://www.linkedin.com/in/mandyhuth/Whitney Merrill, Head of Global Privacy & Data Protection Officer, Asana [@asana]On LinkedIn | https://www.linkedin.com/in/whitney-merrill-5ab05012/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3___________________________Episode NotesIn this episode of the CISO Circuit series on the Redefining CyberSecurity podcast, co-hosts Sean Martin and Michael Piacente lead an engaging discussion about the current state of cybersecurity leadership, liability, and protection. Their conversation features insights from two distinguished guests: Mandy Huth, an enterprise security leader with over 20 years of experience, and Whitney Merrill, a privacy attorney with a strong background in computer science and legal frameworks around consumer protection.The discussion opens with an exploration of individual liability for cybersecurity leaders and broader business leadership within organizations. Whitney Merrill argues that regulators like the FTC and SEC are increasingly holding individuals accountable for security and privacy lapses. The conversation highlights notable cases where executives have faced scrutiny, emphasizing the growing expectation for tangible processes and proper security postures within organizations.Mandy Huth underscores the importance of shared responsibility and accountability within a business, noting that security decisions are not made in isolation. She advocates for a collaborative approach where security leaders outline risks comprehensively to allow for informed decision-making across the executive team. Huth also expresses concern over the proliferation of CYA (Cover Your Ass) practices that prioritize documentation over meaningful risk mitigation, warning that this can dilute the effectiveness of security programs.Another central theme in the episode centers on the need for standardized frameworks and a common language to articulate risk across an organization. Both guests highlight the need for clear, consistent communication of risks to build a unified understanding among all stakeholders, from the board to individual teams. Piacente and Merrill emphasize that while existing frameworks like NIST and ISO provide a foundation, there is an ongoing need to adapt these frameworks to align with industry-specific contexts and evolving regulatory expectations.A significant takeaway from the conversation is the role of systemic risk and the potential outsized impact of seemingly minor vulnerabilities. Huth and Merrill caution against underestimating these risks and advocate for continuous improvement and adaptation of security measures. They suggest that prioritizing business-friendly security practices can help foster greater adoption and collaboration across the enterprise.The episode concludes with reflections on the future landscape of cybersecurity regulation and practice. Whitney Merrill envisions a shift towards democratizing security, making it more accessible and achievable for small businesses through standardized, affordable solutions. Meanwhile, Huth calls for a balance between regulatory clarity and flexibility to ensure innovative small businesses can thrive without being stifled by onerous security requirements.Overall, the conversation provides valuable insights into the complexities of cybersecurity management, emphasizing the importance of collaboration, clear communication, and adaptability in navigating modern security challenges. These discussions are essential for any business leader or security professional looking to enhance their organization's resilience against cyber threats.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________Resources____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network