Cyber Leaders

In this episode, Ciaran and James meet Christine Gadsby, Vice President and CISO at BlackBerry, to talk supply chain security; from exploding pagers to software liabilities. Christine reflects on how the industry is maturing around regulation, secure development, and vendor accountability as well as what happens when even hardware becomes a weapon.Contact: Have questions or comments? Email us at ciso-network@sans.org

In this episode, Ciaran and James are joined by Ross McKerchar, CISO at Sophos, to discuss one of the most significant – and to some, controversial – counter cyber operations ever carried out by a private company. Ross shares insights from the frontlines of the Pacific Rim campaign, as well as the shifting dynamics of the cybersecurity industry and what active defence really looks like in practice.Contact: Have questions or comments? Email us at ciso-network@sans.org

Kicking off series two, Ciaran and James sit down with none other than the CIO of NATO, Manfred Boudreaux-Dehmer, to discuss what collective defence means in the cyber domain. Manfred offers a rare inside look at managing security and information risk across NATO’s vast digital landscape and shares insights on emerging threats, evolving technologies, and how the Alliance is adapting to keep its members protected in an increasingly contested cyberspace.Contact: Have questions or comments? Email us at ciso-network@sans.org

In this episode, Lisa Forte, founder of Red Goat, joins Ciaran and James to discuss risk, security and the threat from within. Lisa offers her expertise on insider threat, crisis management, and high risk adventures. Highlights:Insider threat; the breakdownU.S. CERT definitions and mitigationDefining Insider Threats | CISA | Insider Threat Mitigation Guide NPSA guidance and toolsInsider Risk | NPSA | Reducing Insider Risk | NPSA A pervasive problemSANS – Decoding: “Insider Threat” Forget the outside hacker, the bigger threat is inside • The Register Surveillance won’t curb insider threats — but workplace culture can | Security Magazine Red Goat Security research into the barriers preventing reporting.Insider Threat Report 2019 Additional Resources:Red Goat Cyber Security Whistleblowing for employees Contact: Have questions or comments? Email us at ciso-network@sans.org

We're Back for Season 2!Catch up on episodes from Season 1: https://www.sans.org/podcasts/cyber-leaders/Contact: Have questions or comments? Email us at ciso-network@sans.org

In this bonus episode, Ciaran and James ring in the new year with a look back at the standout guests and thought-provoking topics from series one. They also take a sneak peek at what 2025 holds for the ever-evolving world of tech security.And to top it off, there’s a special announcement to chase away those January blues.Highlights:Typhoon VariantsCiaran and James take a look at developing cyber threats from China, including:Volt Typhoon: a persistent botnet with wide-reaching impactsVolt Typhoon back with vengeance | Blowing out the botsSalt Typhoon: a new wave of cyber espionageWall Street Journal article: How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military Weapons | Department of Treasury PressReleaseNew year, new legislationAs the U.S. pulls back on regulation, other nations are strengthening theircybersecurity laws.Australia’s new law mandates ransomware attack reportingMandatory ransomware payment reporting | Cyber SanctionsUK: Cybersecurity and resilience bill focused on ransomware mitigationCyber Security and Resilience Bill | Ransomware Legislative Proposals: Government ConsultationAdditional Resources:Cyber Leaders Series One EpisodesThe myth of the 8-character passwordLazarus Heist: The intercontinental ATM theft that netted $14m in two hoursCyber Threat ConferenceContact: Have questions or comments? Email us at ciso-network@sans.org

Delve into the world of Fear, Uncertainty, and Doubt (FUD) and its impact on cybersecurity. The hosts dissect sensational stories, like AI-operated drones and the famous WannaCry malware attack, highlighting real-world implications. Hear about the infamous Stuxnet worm and its significance in cyber warfare. They also address the balance between raising awareness and fostering unnecessary fear while critiquing the sensationalism in media. This discussion sheds light on the evolving landscape of cybersecurity threats and the importance of responsible risk communication.

In this episode, Ciaran and James sit down with investigative journalist and author, Geoff White, to explore the booming business of cyber crime. Geoff sheds light on this murky criminal underworld, its far-reaching consequences, and how cybersecurity has evolved in the public eye.Highlights:[1:30] Overview of Geoff’s notable work[4:00] Cybersecurity in the Limelight[10:15] Transformative Hacking Stories[20:00] Global Cyber Criminals Overview[30:00] Gripping Stories Covered by Geoff in his latest book, Rinsed[45:00] National Crime Agency EffortsLinks:Crime Dot Com - Crime Dot ComThe Lazarus Heist - Podcast | BookRinsed - RinsedWorld Economic Forum on Misinformation | World Economic Forum Annual  Meeting 2024 AlphaBay ShutdownSnowden Leaks: The Guardian| BBC NewsAnonymous Hacking: Britannica on AnonymousSony Pictures Entertainment Hacking: Vox | CCDCOE Nation State Hackers: Nation State HackersOrganized Cybercrime: Rise of RansomwareHacktivists: HacktivismAxie Infinity Hack: The BlockTornado Cash: US DoJ | FBIMoney Laundering Sisters from Bury: GMP News | Bury TimesNCA on DDoS AttacksContact: Have questions or comments? Email us at ciso-network@sans.org

In this episode, Ciaran and James sit down with Helen Rabe, CISO for the BBC, to discover the challenges of breaking into the industry and her experiences leading security for one of the world’s largest broadcasters. Helen shares her expertise as a certified industry leader, discussing the rising tide of personal liability for CISOs and the intense media scrutiny that comes with managing incident responses in the public eye. Highlights: [8:30] The Evolution of Organizational Security Postures[11:00] CISOs and Personal Liability[18:00] The Challenges of Media Scrutiny in Incident ResponseLinks:Why more transparency around cyber attacks is a good thing for everyoneThe History of the General Data Protection Regulation Impact of the GDPR on Cyber Security Outcomes Backstory Of The World’s First Chief Information Security OfficerFormer Uber security chief convicted for concealing a felony | Sentencing SEC Charges SolarWinds and CISO with Fraud | Case Dismissed MOVEit hack: BBC, BA and Boots among cyber attack victims CL0P Ransomware Gang Exploits MOVEit Vulnerability EDS, an HP Company 'Cat Herders' video Contact: Have questions or comments? Email us at ciso-network@sans.org

Frank Kim, a SANS fellow and former CISO, shares his expertise on uniting cybersecurity with business leadership. He discusses why cybersecurity often gets sidelined in board discussions and offers effective strategies for elevating its importance. The conversation dives into the crucial role of CISOs in aligning security priorities with business objectives, fostering trust among non-technical stakeholders, and managing daily security operations while driving strategic transformation. His insights empower cybersecurity leaders to adapt and thrive in a changing landscape.