ISF Podcast

Joining the podcast today is Dr. Shonna Waters, a leading researcher on the workplace of today and the future, and the Co-Founder and CEO of Fractional Insights, an organizational psychology research firm. Steve and Dr. Waters discuss the rapid transformation of the workplace, brought on by new technologies, geopolitical uncertainty, and shifting organizational priorities. They also speak about how to stay grounded when the ground around us is shaking, how security professionals can manage stress and negativity brought upon by constantly searching for threats, and how a growth mindset can help build resilience. Key Takeaways: The professional environment is changing faster than we are.  How bridging the language gap between security and sales is challenging, but key for business success. A growth mindset can build resilience.  Tune in to hear more about: What people look for in the workplace (1:56) How to manage stress at work (18:22) How a growth mindset can help us become more resilient (21:42) Standout Quotes: “There's a lot going on out there, and I think that there's this general sentiment that the ground is moving under our feet. We all are feeling overstimulated and ungrounded, I think, generally speaking, and it's a really hard place to navigate as an employee. It's also a really hard place to lead from.” - Dr. Shonna Waters “No matter what you're selling or producing, there is a human at the beginning of it and at the end of it, at a minimum, right? It's the concept, the leadership of it, the orchestration, no matter how much you minimize humans in the process. There's human ingenuity at the top of that chain. And then at the bottom of it, you have your customers.” - Dr. Shonna Waters “There are conscious choices that you can make to lean more into that idea that you can grow and practice. And I think for any of us, one way to really encourage ourselves around that is to think back to other things that you've done that got easier over time or you were able to improve your skills.” - Dr. Shonna Waters Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter  From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Steve Durbin engages in a compelling conversation with Faisal Hoque, a world-renowned technologist and best-selling author including his recently released ‘Transcend: Unlocking Humanity in the Age of AI’. Faisal shares his thoughts on how business leaders can preserve human values in the in the era of AI, how AI and humans can function together, and the threats posed by ceding control of our humanity to AI. Find out why he feels the government needs to provide legislative structures to protect citizens. Key Takeaways: 1. The challenge for business leaders in preserving human values amidst the rise of AI 2. How AI is gradually diminishing human emotion in daily life 3. The risks involved in relinquishing human control to AI Tune in to hear more about: 1. Preserving human values (1:14) 2. How government policies can influence society and the development of AI (6:15) 3. Harnessing the potential of AI whilst mitigating the risk (18:11) Standout quotes: 1. "The government needs to provide the legislative structures where citizens are protected. Things like intellectual property, privacy, and free market support." - Faisal Hoque 2. "The digital divide concerns me greatly. Not just with regard to AI, but with everything that we are doing from a technology standpoint." - Faisal Hoque 3. "Leaders' job is to create that psychological safety so that we can be productive and feel that we can actually contribute and fulfill our purpose, whatever that purpose is." - Faisal Hoque 4. "AI is going to be like electricity or internet. It is going to be part and parcel of everything and anything we do." - Faisal Hoque Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter  From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today's episode, Steve speaks with Christopher Sestito (also known as Tito), chairman of the board, CEO, and co-founder of HiddenLayer, a cyber security startup dedicated to preventing adversarial machine learning attacks. Tito shares his perspective on where the business world is currently when it comes to AI and cybersecurity. He also gives his thoughts on the state of AI regulation and what business leaders should do to protect their organizations in the age of AI.  Key Takeaways: AI is changing the cybersecurity game Tech regulation is becoming more fragmented  Securing AI is really no different from securing other parts of the business Tune in to hear more about: Why Christopher Sestito started HiddenLayer (1:28) Why AI will play an increasingly important role in organizational cyber defense (5:47)  What business leaders should think about as they approach cyber in the age of AI (20:18) Standout Quotes: “I think the challenge at the AI level is how fast we've moved. There's been so many advancements that if you don't have a dedicated organization looking at this, it's really just moving too quickly to ultimately have things at a sort of hardening level at the model layer itself.” - Christopher Sestito “I think I'm a bit of a realist when it comes to artificial intelligence coming in. I think we are viewing a very fundamental shift in ultimately what's gonna affect workforces and skill sets required. I think that if I was entering the workforce right now, I'd be focusing heavily on the effects of artificial intelligence, how I can leverage artificial intelligence.” - Christopher Sestito “Every organization really needs to pay attention to their agentic strategy right now. I think if you're engaged with other enterprise organizations, as all are, everyone's building agents right now, and those agents have a lot of autonomy in order to be able to conduct transactions, in order to be able to deal with data, to be able to interact, organization or organization. And I think every CISO is gonna need to be able to really articulate what they want to be allowed here and not because we're removing humans in the loop with these agents, we're allowing them to have quite a bit of agency in order to conduct these transactions at an incredible rate.” - Christopher Sestito Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter  From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve talks about ISF's flagship foresight report "Threat Horizon 2027: Grasping for Control." In a world defined by disruption and acceleration, this report offers not just a forecast of cyber threats, but a blueprint for resilience, and Steve walks listeners through the key themes. Key Takeaways: 1 Flexibility will be key in an increasingly volatile world. 2 Cyber must be considered in every aspect of an organization’s operations. 3 Control is possible, even if it sometimes doesn’t feel like it. Tune in to hear more about: 1 Why identity is becoming more and more important for businesses (2:24) 2 How senior leaders can prepare for the future (17:06) 3 Why control is still possible (21:42) Standout Quotes: 1 “Identity is really the cornerstone of everything that we do in the digital world, and it's fast becoming one of the most critical areas for business leaders to understand and take seriously.” - Steve Durbin 2 “Leaders need to understand the economic impact of cyber risk. What are the potential costs of disruption? How would a breach affect reputation, revenue, operations? It's the reputational bit, for instance, in my case, that worries me the most. And once you start thinking in those terms. You can make many more business-aligned, informed decisions about what you are going to do because you stop looking at the cost of doing something and instead you flip it and look at the implications and associated costs of not doing it.” - Steve Durbin 3 “I think that business leaders as a group, tend to be pretty resilient individuals. I've worked a lot with entrepreneurs, and they are probably some of the most resilient that I've ever come across because they have to be. And one of the things that they always believe in, I've found, is that irrespective of what's going on around you, control is still possible. But in order to have that level of control, it takes foresight, it takes focus, and I think above all it takes flexibility and, I would say, courage.” - Steve Durbin Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today’s episode, Steve speaks with Tavia about how AI and other emerging technology are reshaping society, and how we as humans should react to it.  Key Takeaways: AI and other emerging tech can help society, but guardrails are needed.  The world is becoming more fragmented when it comes to how it views AI and tech.  With AI and new technology, we have to be increasingly cautious in our interactions in cyberspace.  Tune in to hear more about: Why it’s unlikely there will be international rules around AI (4:32) How technology is changing how we interact – and what that means (7:12) What people 50 years from now might say about how we’re currently handling emerging tech (22:28) Standout Quotes: “We need to be putting in place guardrails, particularly when it comes to AI, around how it's going to be used, because we are playing with a technology, the power of which we don't fully understand yet.” - Steve Durbin “I think it is about how we get the balance right. I think that it isn't about shutting down some of the technological advances that we're seeing, it is about just being a little bit more realistic about their fallibility and trying to get equilibrium back between people and tools.” - Steve Durbin “I suspect that what they will do is take a look back and go, why on earth did they do that? Why on earth didn't somebody see that there was a better way? Because that's with the benefit of hindsight, isn't it? And we've got 20-20 vision when it comes to hindsight. And so I think that we are in the here and now and we need to find a way of muddling through. And I think that everybody has a responsibility to do that.” - Steve Durbin Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In this bonus episode, Steve speaks with Dr. Ellie Pavlick, a professor of computer science at Brown University. Dr. Pavlick’s research focuses on computational models of semantics and pragmatics which emulate human inferences in artificial intelligence. Steve and Ellie discuss generative AI, developing a pipeline of talent to work with it, and perspectives on its developing uses for organisations. Related Resources from ISF: ISF Podcast: The AI-Quantum Revolution: Today, tomorrow and the future ISF Podcast: Steve Durbin & Nicholas Witchell - The Case for Social Responsibility in AI ISF Podcast: Boosting Business Success: Unleashing the potential of human and AI collaboration Navigating Boardroom Concerns: Top 9 Cybersecurity Risks and Challenges Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter

Tune in to this bonus episode where Steve is speaking with Prof. Federico Varese, a professor of criminology and head of the sociology department at Nuffield College at Oxford University. Prof. Varese talks with Steve about the history of organised crime in Russia and around the world, the mafia’s movement into cybercrime, and what the future may hold for these criminal organisations. Related Resources from ISF: ISF Podcast, Alexander Seger — How Global Law Enforcement Fight Cybercrime ISF Podcast, Inside the Mind of Today’s Cybercriminals, Brett Johnson Part 1 ISF Podcast, The Life of a Cybercriminal, Brett Johnson Part 2 ISF Podcast - The Democratisation of Cybercrime Misha Glenny: The Evolution of Cybercrime with Misha Glenny, author of McMafia Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management

An interview with Steve Durbin, Chief Executive, ISF,  hosted by CEO and Founder of The Drop In CEO Podcast, Deborah A. Coviello. Originally published by The Drop in CEO Podcast.  In this episode, Steve shares his unique journey from literature to cybersecurity, emphasising the importance of curiosity, learning, and fresh perspectives in leadership. The discussion delves into the evolving landscape of cybersecurity, the necessity for business leaders to adopt a resilient and informed approach to technology and risk management, and the value of continuous education and networking. Steve offers practical advice for business leaders on safeguarding against cyber threats and highlights the dynamic interplay between technology, business strategy, and security. Episode Highlights: 01:57 Steve's Journey: From Literature to Cybersecurity 05:12 The Importance of Reading and Continuous Learning 08:02 Transitioning Careers: Embracing Technology 16:58 Information Security Forum: Mission and Impact 29:12 Practical Advice for Leaders on Cybersecurity   Discover more about the Information Security Forum (ISF), and tune in to our engaging podcasts.

Today, Steve sits down with supply chain expert Neil Coole, who currently serves as Enterprise Partnership Director at BSI. He emphasizes the need to know your organization’s supply chain story in order to stay secure and protect your brand. He and Steve talk about how regulation can go beyond a checklist and add value for companies. Key Takeaways:  1 The covid-19 pandemic and recent conflicts have highlighted the vulnerability of today’s supply chains.  2 Standards exist as frameworks to help companies live up to responsibilities set upon them by law or consumers.  3 A harmonized assessment framework can help industries secure their supply chains and save organizations time and money. Tune in to hear more about:  1 How standards are created and what their purpose is (8:57)  2 Protecting critical infrastructure in the US (14:09)  3 The Supplier Compliance Audit Network, a community of US-based retailers and brand owners who’s created a harmonized assessment framework for its industry (23:23) Standout Quotes:  1 “The expectation now is on more trust, transparency and also traceability, especially things like tech-enabled traceability. What kind of tech-enabled traceability solutions is that client using to determine where the goods are coming from? What route are they taking? Who's opening up the cargo containers and possibly adulterating goods, stealing in transit, all those other things – that's a real concern today for these organizations who are moving hundreds of thousands of freight containers on an annual basis. It's a real risk that they have to live with. The solutions are there. It's just helping those organizations understand the role that standards, shall we say – a standard is a best-practice framework – can play in helping to reduce, or, in some cases, even mitigate some of those risks.” - Neil Coole  2 “There's opportunities for improvement everywhere, but from a maturity standpoint, we do view parts of the critical infrastructure sectors like energy and finance to be on the more mature end. And then there's a few in the middle that are learning some important lessons. And then there's those who are actively being targeted we read about all the time. They are the ones that I feel would benefit more from some of the guidance and support and information that's available for them to be less of an attractive target.” Neil Coole  3 “So, if you're a single supplier working for the top 10 biggest brands, the top 10 are sending out some form of assessment of you. You're getting that 300-page assessment document, not just from one supplier, you're getting it from all the suppliers. But if those suppliers become part of the same community and they agree to accept a single assessment outcome, no matter who has instigated it, everyone benefits. The supplier benefits – minimizes their disruption, they get to work with more brands in an open and trusted environment – and it just saves that complete disruption and unnecessary costs of delivering an assessment by multiple brands.” - Neil Coole Mentioned in this episode:  • Dear Infosec Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve speaks with Kailyn Johnson, cyber intelligence and geopolitical risk lead at UK consulting firm Sibylline. Kailyn and Steve discuss the current threat landscape, focusing on areas where cyber and geopolitics overlap, and she offers some practical advice on how to contextualize security for your organization’s C-suite. Key Takeaways: 1 The dark web is becoming more democratized, opening up the door for low-skilled threat actors to cause harm. 2 Open and frequent communication between security teams and other branches of the organization, in particular those in charge of the budget, is crucial for cyber resilience operations to receive sufficient support. 3 Staying up to date on patching, knowing your supply chains, and understanding how threats to critical infrastructure can affect you, will be key for organizations in 2025. Tune in to hear more about: 1 How the dark web is becoming more democratized, and what means for businesses 2 Why showing the worth of the cyber team is tricky but critical for long-term success 3 What organizations can do better in 2025 Standout Quotes:  1 “So we're seeing just ransomware continuing to be a consistent risk to business operations, financial risk, reputational risk, security risks, operational risks. But alongside that, we're also then seeing the influx of a lot more low-skilled threat actors having now the capabilities to conduct sophisticated operations with the democratization of the dark web.” - Kailyn Johnson  2 “Showing off the value that these teams have to the people with budget, sometimes might help unlock a bit of that budget. If you're seeing the benefit of those teams, you're more likely to give them the budget that they might need for it, and whether that's internally or sometimes externally, if you've produced really good work, or if you've created all these detections that have helped improve the network security for your organization, how could we maybe publish that, whether it's internally to the stakeholders, or if it's for everyone, so people are seeing, actually, they're doing a really good job.” - Kailyn Johnson  3 “But sometimes you're so focused on the impact of the regulations that you sometimes then forget, actually the processes that we're doing are working. Then should we just maybe let things play out and see how they're going? I think there's always a bit of a worry of, are we always in compliance? And it's good that we have that worry, but it's also sometimes the case of, just keep doing what you're doing, and you've got your compliance teams to tell you when you're not.” - Kailyn Johnson Mentioned in this episode: • ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.