Tune in to this bonus episode where Steve is speaking with Prof. Federico Varese, a professor of criminology and head of the sociology department at Nuffield College at Oxford University. Prof. Varese talks with Steve about the history of organised crime in Russia and around the world, the mafia’s movement into cybercrime, and what the future may hold for these criminal organisations. Related Resources from ISF: ISF Podcast, Alexander Seger — How Global Law Enforcement Fight Cybercrime ISF Podcast, Inside the Mind of Today’s Cybercriminals, Brett Johnson Part 1 ISF Podcast, The Life of a Cybercriminal, Brett Johnson Part 2 ISF Podcast - The Democratisation of Cybercrime Misha Glenny: The Evolution of Cybercrime with Misha Glenny, author of McMafia Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management

An interview with Steve Durbin, Chief Executive, ISF,  hosted by CEO and Founder of The Drop In CEO Podcast, Deborah A. Coviello. Originally published by The Drop in CEO Podcast.  In this episode, Steve shares his unique journey from literature to cybersecurity, emphasising the importance of curiosity, learning, and fresh perspectives in leadership. The discussion delves into the evolving landscape of cybersecurity, the necessity for business leaders to adopt a resilient and informed approach to technology and risk management, and the value of continuous education and networking. Steve offers practical advice for business leaders on safeguarding against cyber threats and highlights the dynamic interplay between technology, business strategy, and security. Episode Highlights: 01:57 Steve's Journey: From Literature to Cybersecurity 05:12 The Importance of Reading and Continuous Learning 08:02 Transitioning Careers: Embracing Technology 16:58 Information Security Forum: Mission and Impact 29:12 Practical Advice for Leaders on Cybersecurity   Discover more about the Information Security Forum (ISF), and tune in to our engaging podcasts.

Today, Steve sits down with supply chain expert Neil Coole, who currently serves as Enterprise Partnership Director at BSI. He emphasizes the need to know your organization’s supply chain story in order to stay secure and protect your brand. He and Steve talk about how regulation can go beyond a checklist and add value for companies. Key Takeaways:  1 The covid-19 pandemic and recent conflicts have highlighted the vulnerability of today’s supply chains.  2 Standards exist as frameworks to help companies live up to responsibilities set upon them by law or consumers.  3 A harmonized assessment framework can help industries secure their supply chains and save organizations time and money. Tune in to hear more about:  1 How standards are created and what their purpose is (8:57)  2 Protecting critical infrastructure in the US (14:09)  3 The Supplier Compliance Audit Network, a community of US-based retailers and brand owners who’s created a harmonized assessment framework for its industry (23:23) Standout Quotes:  1 “The expectation now is on more trust, transparency and also traceability, especially things like tech-enabled traceability. What kind of tech-enabled traceability solutions is that client using to determine where the goods are coming from? What route are they taking? Who's opening up the cargo containers and possibly adulterating goods, stealing in transit, all those other things – that's a real concern today for these organizations who are moving hundreds of thousands of freight containers on an annual basis. It's a real risk that they have to live with. The solutions are there. It's just helping those organizations understand the role that standards, shall we say – a standard is a best-practice framework – can play in helping to reduce, or, in some cases, even mitigate some of those risks.” - Neil Coole  2 “There's opportunities for improvement everywhere, but from a maturity standpoint, we do view parts of the critical infrastructure sectors like energy and finance to be on the more mature end. And then there's a few in the middle that are learning some important lessons. And then there's those who are actively being targeted we read about all the time. They are the ones that I feel would benefit more from some of the guidance and support and information that's available for them to be less of an attractive target.” Neil Coole  3 “So, if you're a single supplier working for the top 10 biggest brands, the top 10 are sending out some form of assessment of you. You're getting that 300-page assessment document, not just from one supplier, you're getting it from all the suppliers. But if those suppliers become part of the same community and they agree to accept a single assessment outcome, no matter who has instigated it, everyone benefits. The supplier benefits – minimizes their disruption, they get to work with more brands in an open and trusted environment – and it just saves that complete disruption and unnecessary costs of delivering an assessment by multiple brands.” - Neil Coole Mentioned in this episode:  • Dear Infosec Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve speaks with Kailyn Johnson, cyber intelligence and geopolitical risk lead at UK consulting firm Sibylline. Kailyn and Steve discuss the current threat landscape, focusing on areas where cyber and geopolitics overlap, and she offers some practical advice on how to contextualize security for your organization’s C-suite. Key Takeaways: 1 The dark web is becoming more democratized, opening up the door for low-skilled threat actors to cause harm. 2 Open and frequent communication between security teams and other branches of the organization, in particular those in charge of the budget, is crucial for cyber resilience operations to receive sufficient support. 3 Staying up to date on patching, knowing your supply chains, and understanding how threats to critical infrastructure can affect you, will be key for organizations in 2025. Tune in to hear more about: 1 How the dark web is becoming more democratized, and what means for businesses 2 Why showing the worth of the cyber team is tricky but critical for long-term success 3 What organizations can do better in 2025 Standout Quotes:  1 “So we're seeing just ransomware continuing to be a consistent risk to business operations, financial risk, reputational risk, security risks, operational risks. But alongside that, we're also then seeing the influx of a lot more low-skilled threat actors having now the capabilities to conduct sophisticated operations with the democratization of the dark web.” - Kailyn Johnson  2 “Showing off the value that these teams have to the people with budget, sometimes might help unlock a bit of that budget. If you're seeing the benefit of those teams, you're more likely to give them the budget that they might need for it, and whether that's internally or sometimes externally, if you've produced really good work, or if you've created all these detections that have helped improve the network security for your organization, how could we maybe publish that, whether it's internally to the stakeholders, or if it's for everyone, so people are seeing, actually, they're doing a really good job.” - Kailyn Johnson  3 “But sometimes you're so focused on the impact of the regulations that you sometimes then forget, actually the processes that we're doing are working. Then should we just maybe let things play out and see how they're going? I think there's always a bit of a worry of, are we always in compliance? And it's good that we have that worry, but it's also sometimes the case of, just keep doing what you're doing, and you've got your compliance teams to tell you when you're not.” - Kailyn Johnson Mentioned in this episode: • ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve is in conversation with Dr. Kate Darling, Research Scientist at the MIT Media Lab and Research Lead at the Boston Dynamics AI Institute. Kate has spent years studying human-robot interaction, and she speaks with Steve about the fascinating impact such interactions can have on us as people, and what that means for businesses trying to incorporate robots and AI into their customer experience. Key Takeaways: 1. It is natural for humans to project human behavior onto non-humans. 2. Using robots to help humans do their work better is smarter than replacing them.  3. More technical expertise is needed for policymaking to keep pace with new technologies.  Tune in to hear more about: 1. Why humans form emotional connections with robots 2. How a grocery store robot is scaring customers 3. Pitfalls of commercializing robotics Standout Quotes: 1. “That's part of the reason that we do this, that we create these strong emotional connections, even with non-living things like robots, is because we have this drive, and especially in these emotionally difficult situations, it may even be something that helps people survive. So I don't think it's as black and white as just: we need to prevent this anymore, but it is something that we need to be extremely aware of and acknowledge that it's happening, so that we can address it appropriately where possible.” - Dr. Kate Darling 2. “So I think it's important that we're making the right choices. It's not that technology determines what happens. It really is us as a society choosing to set the right incentives for companies and invest in the right kinds of technology. And I do think that there's much more promise in that path, the path of trying to partner with these technologies and what we're trying to achieve, rather than trying to replace people or recreate something we already have.” - Dr. Kate Darling 3. “We've used most animals like tools and products, and some of them have been our companions, and my prediction for the future is that we're going to do the exact same thing with robots and AI, that most of them will be tools and products and some of them will be companions.” - Dr. Kate Darling Mentioned in this episode: • ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In this episode, Steve speaks with best-selling author and hypnotist Paul McKenna about something that affects all of us — stress at work. Paul talks about the impact stress can have on workers and gives practical tips to care for yourself and the employees you lead, even in the fast-paced, “always-on” security industry. Key Takeaways: 1 It’s important to be mindful of signs of stress before it gets to burnout. 2 Mindfulness, hypnosis, and other types of self-care can significantly reduce stress. 3 For long-term success, employers should look to balance output and productivity with their employees’ mental and physical well-being. Tune in to hear more about: 1 Why we’re more stressed than ever (1:10) 2 How to identify signs that may lead to burnout (3:26) 3 How companies and leaders can support their employees well-being (12:32) Standout Quotes: 1 “It's right now a massive issue, anxiety, stress, fear, worry, because if you think about it, you turn on the TV, or you open a newspaper, you're under attack. It's the war, it's the virus, it's the economy, it's something or other. And so understandably, post the pandemic, we were out of the biological pandemic, but we're sort of in a psychological pandemic.” - Paul McKenna 2 “ Now the thing is, addiction is about changing your state of mind and body, so drinking, drug taking, gambling, sex, shopping, television and food, particularly sugar food, are the world's drugs of choice. And everybody in the world at some point feels too much stress. They feel overwhelmed, and so they resort to something to change how they feel, some of the things I just mentioned. And in a sense, some people, they form an addiction to their work because they can, you know, forget about everything else that's going on in their life. They might not have to think about their relationship or, you know, some other stress, from their family or something. So they immerse themselves in work.” - Paul McKenna 3 “Years ago, when I started corporate training, one of my colleagues, I asked him, ‘Why is it corporations pay so much money to have their staff trained?’ He said, ‘Well, I can show you,’ because look, they see that ‘days sick' goes down, the productivity goes up. So basically, by staying in the zone of balance – you've got enough output getting things done, versus balance, which is recovery time, in my mind. You get that mix right, then you're going to be more productive in the end.” - Paul McKenna  Mentioned in this episode: • Dear Infosec Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter 
From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve sits down with Duncan Wardle, the former head of innovation and creativity at Disney. Duncan talks to Steve about his current work teaching leaders to embrace creativity and inspire innovation in their teams. He suggests practical ways that leaders can create a more collaborative and fun work culture that will lead to more successful outcomes and enhance their teams’ job fulfillment. Key Takeaways: We’re all born with creativity, and a great leader can unlock it within people who may have lost it along the way.   Creativity is the ability to have an idea; innovation is the ability to get that idea done.  With AI, we have the opportunity to hand off mundane tasks and give ourselves time to think, be creative, and innovate.  Tune in to hear more about: Why it matters to say “yes, and…” instead of “no, because…”  The impact of AI on creativity and innovation Actions leaders can take to spark more creativity within their organizations Standout Quotes: “I define creativity as the ability to have an idea, and I think we can all do that every day. I define innovation as the ability to get that done. That's the hard part.” - Duncan Wardle  “As leaders, we have responsibilities, we've got quarterly results, we've got bosses, we've got – but if the first two words out of our mouth are ‘no, because,’ they're the first two words when somebody comes at us with a new idea, they're not coming back in the door again, and they may have genius next week or next-. Just remind ourselves as leaders, we're not green lighting this idea for execution today. We're merely green housing it together, using ‘Yes, and.’ As leaders, if we can use ‘Yes, and’ before ‘No, because’ you can completely and utterly change your culture.” - Duncan Wardle “Algorithms, and everything that AI will bring to the table, will merge with the human race, creativity, intuition, empathy, imagination, etc, we will merge to become a superhuman race.” - Duncan Wardle Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In this episode, Steve sits down with author and leadership expert Sylvie di Giusto. Sylvie delineates five areas for everyone to consider in order to enhance their emotional intelligence. She and Steve also discuss how self-awareness and authenticity relate to situational awareness, and how improving in these areas can support career mobility. Key Takeaways: The subconscious takes up 95% of the brain – use that to your advantage to gain the trust of the people you interact with. Situational awareness is more important than one-size-fits-all ideas of “always smiling” or “maintaining eye contact. Your appearance, behavior, communication, digital footprint, and environment all matter for how people see you.  Tune in to hear more about: How the meaning of emotional intelligence in business has changed over the years (01:48) Sylvie di Giusto’s A.B.C.D.E. (Appearance, Behavior, Communication, Digital footprint, Environment) framework (07:50) The four levels of visibility (20:05) Standout Quotes: “The subconscious mind of a human takes up 95% of your brain. And 95% of your brain is where emotions live, where feelings live, where your gut feelings live. And only 5% of our brain actually transmits data, facts, figures, information. That is where your contracts are, where your proposals are, where all the facts and figures are that you deliver to your clients. [...] So, I always say, why don't you use this to your advantage, that behavior, and actually use the 95% of the brain and instantly imprint that feeling of trust in them and use it to your advantage. And before they buy into your solution, into your technical solution, let them buy into you.” - Sylvie di Giusto “You have to learn to read the moment, [...] and then adjust your behavior and make more intentional choices. I think one of the biggest challenges that we have nowadays, also driven by technology because we are constantly distracted by technology, is that we run on autopilot most of the day. Most of the day, we are so in our habits, in our patterns, that we do things, say things, that we are not even aware of, and they have a macro impact on our relationships. And we have to step back and sometimes turn that autopilot off, read the room, and be more intentional with the tools that we already have.” - Sylvie di Giusto “I think that authenticity means that we all play a role, but different roles, and in those roles, we are true to ourselves. [...] And in all those roles, I promise you, I'm truly authentic. But if I would try to talk with my husband the way I talk with my clients, we wouldn't have made it to 23 years, I promise you. Or if I would treat my clients like I treat my children, or if I look at home like I would on stage, and vice versa. So, yes, we are all authentic in those roles, but I think we have to accept that you just do you, no matter the circumstances – which brings us back to situational awareness – I think it's a lie that this is possible.” - Sylvie di Giusto Mentioned in this episode: Dear InfoSec Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve is speaking with Rear Admiral Brian Luther. After more than 30 years in the US Navy and at the Pentagon, Brian is now president and CEO of the insurance firm Navy Mutual. Brian talks about what he learned about leadership in his time commanding an aircraft carrier in the Navy and how he has translated his skills into working in the private sector. He and Steve also discuss how leaders can move from a tactical mindset into a logistical one, and prepare your team for worst case scenarios. Key Takeaways: There might be differences between generations or people of different cultures, but fundamentally most people want the same things, and basic respect goes a long way. As a leader, don’t get bogged down in tactics. Remember to think about the logistics, so there is a plan B if something goes awry.  Technology can be an immensely useful tool, but don’t get overly dependent on it.  Tune in to hear more about: The three stages of leadership (7:46) Conducting business in volatile regions (12:28) How a tabletop drill can reveal important weaknesses in your organization’s crisis response (18:48) Standout Quotes: “You have to very clearly articulate to the people what you want done. And if it's very specific, you say, ‘I want this done,’ and if it's generic, you say, ‘I want this outcome,’ right? You can't say I want a general outcome when you have something specific in mind, because they're going to go off and do it whatever way you want. But if you're very clear, ‘I want this done this way,’ or ‘I just want this outcome,’ and you decide, delegate, disappear, you'd be amazed at what people can do.” - Brian Luther “If you go there and give them an opportunity to see you as just who you are, and learn them just as they are, you find that there's more in common than people would give credit for. So I would always say, before you go internationally, take some time to learn where you're going and respect the culture that you're going to be operating in.” - Brian Luther “There are tremendous benefits associated with technology, but any strength pushed too far is a weakness [...]. Don't be overreliant on something, and you put all your eggs in that one basket and you lose it, and then you don't have a second or a third option. You should be asking yourself, ‘What if I lose this, what if they figure out a way to foil that?’ Because, remember, we put something out there, and in a strategic competition, there's move-countermove all the time. […] So use it as a tool, but don't be totally dependent on it that if someone takes that tool away from you, your whole organization collapses.” - Brian Luther Mentioned in this episode: Dear InfoSec Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today’s episode, Steve sits down with Paul Bartel, a senior intelligence analyst with PeakMetrics. Paul was previously with the Defense Intelligence Agency, and he speaks with Steve about his experience working in the government sector, how the public and private sectors can cooperate more effectively, and what businesses can do to protect themselves from misinformation campaigns. Key Takeaways: Generative AI is rapidly changing the nature of misinformation. Social media companies must take more responsibility for moderating the content on their platforms. To protect your organization from damage from misinformation, being aware of the current information environment and what information is out there about you, is key. Tune in to hear more about: Paul Bartel’s background with the Defense Intelligence Agency (1:30) The three primary sources of misinformation in the US (4:40) How businesses can adapt to the changing information environment (17:56) Standout Quotes: “I think one of the biggest things that we have going now, and this is obviously in every sort of sector, is the use of generative AI. So what we're seeing a lot in social media now is instead of just random accounts that might be controlled by a person or two, what you're seeing is hundreds and hundreds of bot accounts that are able to push forward a large amount of information very quickly.” - Paul Bartel “The biggest thing I think that needs to start happening is the social media companies really especially need to take accountability for their own clientele base that might be spreading the misinformation.” - Paul Bartel “Getting an early handle on what's being said about them, and the information environment at large, can help them [organizations] navigate a lot of the challenges that we see in an information environment that's pushing out more and more information and can change on a minute to minute, hour to hour basis.” - Paul Bartel Mentioned in this episode: Dear InfoSec Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter  From the Information Security Forum, the leading authority on cyber, information security, and risk management.