ISF Podcast

Financial due diligence is common practice when companies merge or one business acquires another. Cyber security due diligence, however, is not quite as common. Yet, in a world where the threat landscape changes by the day and risk is growing increasingly complex, solid cyber security practices are more important than ever.  Today, Steve and Tavia dig into this very topic, and, more specifically, what role cyber security has in a merger or an acquisition. How is a cyber security review done? Why are they important? How do we balance speed with thoroughness? How do we interpret the results? There’s a lot to dig into here.  Key Takeaways: Cyber due diligence is paramount in a corporate acquisition or merger. Risks of not doing cyber due diligence include both financial and reputational. Cyber due diligence is a team game. Tune in to hear more about: Who should be responsible for conducting the cyber review (4:34) How organizations can build cyber into their due diligence process (14:05) Examples of where insufficient cyber due diligence proved costly (19:05) Standout Quotes: “You can't play a team sport without a team. And for me, M&A is a team game. You can't go it alone. I think it would be a mistake for somebody to think that they could do this kind of work solo. Because as we've seen with cyber maturing, it now touches so many different parts of the organization. You do need to be involved.” - Steve Durbin “I think people are getting it. What I'm seeing now is people get it, but they don't know how to do it. That's where the cyber professional really now has to step up.” - Steve Durbin “Pre-deal, I think it is about being focused. It's about identifying, prioritizing the high risk areas that are out there that you want to look into. It's about doing things like making sure that the governance is there. It's about scanning for some of the known vulnerabilities. If you are in one particular market sector and you're buying a company in another because of expansion growth, you're going to need to be covering off a whole range of different things that perhaps might be unusual for you because you haven't been having to look into those areas.” - Steve Durbin Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter  From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve speaks with Lauren Farina, psychotherapist and founder of Invited Psychotherapy & Coaching. Lauren and Steve discuss how wellness is becoming a bigger part of the workplace and how we can stay mentally healthy during times of stress and pressure. Also an expert on “high-performance individuals,” Lauren shares what it means to be high-performing and why rest can be just as productive as work. Key Takeaways: Being a high-performer isn’t just about work.  Rest is productive Building psychological safety within an organization is the most important contributor to elite performance.  Tune in to hear more about: What the “High Performer Archetype” is (6:15) The risks of not taking time to rest (11:22) How leaders can improve the performance of their teams (19:33) Standout Quotes: “ As many of us know, acute stress is quite good for us. But in the long term, the chronic unrelenting demands that I think remote working arrangements have placed on the workforce, really can erode our performance because our cognitive functioning is not at its peak when we're chronically stressed, our memory, our learning, our judgment, our decision making is compromised.” - Lauren Farina “ There was a five -year study at Google called the Aristotle Project, and the Aristotle project found that psychological safety is the single most important factor when it comes to the elite performance of individuals and groups.“ - Lauren Farina “ It is my hope that there will be an increased focus on intersectionality of performance and wellbeing and increased support of individuals and groups in cultivating wellbeing. Not only for the sake of wellbeing, but also for the sake of peak performance.” - Lauren Farina Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve Durbin and ISF Podcast Producer Tavia Gilbert are in conversation exploring the role of cybersecurity, governance and leadership in an age defined by rapid technological transformation. Artificial intelligence is now woven into daily business operations, risk models, customer engagement, and more. And while its benefits are significant, its risks are expanding just as quickly. Key Takeaways: It’s becoming increasingly apparent for leaders that cyber impacts every part of the business. AI will not replace humans in the workplace, but rather redefine what work humans do. If you as a business leader don't have clarity about what your values and ethics are by now, you better get started. Tune in to hear more about: What happens if businesses don’t implement a robust framework for ethical AI use (8:51) The role of the board when implementing AI into business operations (19:49)    How to lead through change (24:20) Standout Quotes: “When cyber is involved early, it really can become a value enabler. It helps the business make smarter bets, helps it to avoid blind spots and build that sort of trust that we're looking for into everything that it does.” - Steve Durbin “AI, it does introduce huge amounts of potential, but it also introduces a new layer of risk that is more complicated, dynamic and probably difficult to manage than many people actually think or are prepared for. And one of the biggest challenges is that AI doesn't just create new vulnerabilities, it changes the nature of the threat landscape completely.” - Steve Durbin “AI is not some kind of future technology. It's been around for a very long time. Certainly in cyber terms anyway, at least 10 years, if not more. It's a lifetime in cyber, so it's not a future technology, it's here. It's shaping the way that we work, that we think, and indeed that we compete. So the question isn't whether we should engage with it, it's how do we do so responsibly and effectively. And the organizations that retain control are those that lead with clarity.” - Steve Durbin Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Joining the podcast today is Dr. Shonna Waters, a leading researcher on the workplace of today and the future, and the Co-Founder and CEO of Fractional Insights, an organizational psychology research firm. Steve and Dr. Waters discuss the rapid transformation of the workplace, brought on by new technologies, geopolitical uncertainty, and shifting organizational priorities. They also speak about how to stay grounded when the ground around us is shaking, how security professionals can manage stress and negativity brought upon by constantly searching for threats, and how a growth mindset can help build resilience. Key Takeaways: The professional environment is changing faster than we are.  How bridging the language gap between security and sales is challenging, but key for business success. A growth mindset can build resilience.  Tune in to hear more about: What people look for in the workplace (1:56) How to manage stress at work (18:22) How a growth mindset can help us become more resilient (21:42) Standout Quotes: “There's a lot going on out there, and I think that there's this general sentiment that the ground is moving under our feet. We all are feeling overstimulated and ungrounded, I think, generally speaking, and it's a really hard place to navigate as an employee. It's also a really hard place to lead from.” - Dr. Shonna Waters “No matter what you're selling or producing, there is a human at the beginning of it and at the end of it, at a minimum, right? It's the concept, the leadership of it, the orchestration, no matter how much you minimize humans in the process. There's human ingenuity at the top of that chain. And then at the bottom of it, you have your customers.” - Dr. Shonna Waters “There are conscious choices that you can make to lean more into that idea that you can grow and practice. And I think for any of us, one way to really encourage ourselves around that is to think back to other things that you've done that got easier over time or you were able to improve your skills.” - Dr. Shonna Waters Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter  From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Steve Durbin engages in a compelling conversation with Faisal Hoque, a world-renowned technologist and best-selling author including his recently released ‘Transcend: Unlocking Humanity in the Age of AI’. Faisal shares his thoughts on how business leaders can preserve human values in the in the era of AI, how AI and humans can function together, and the threats posed by ceding control of our humanity to AI. Find out why he feels the government needs to provide legislative structures to protect citizens. Key Takeaways: 1. The challenge for business leaders in preserving human values amidst the rise of AI 2. How AI is gradually diminishing human emotion in daily life 3. The risks involved in relinquishing human control to AI Tune in to hear more about: 1. Preserving human values (1:14) 2. How government policies can influence society and the development of AI (6:15) 3. Harnessing the potential of AI whilst mitigating the risk (18:11) Standout quotes: 1. "The government needs to provide the legislative structures where citizens are protected. Things like intellectual property, privacy, and free market support." - Faisal Hoque 2. "The digital divide concerns me greatly. Not just with regard to AI, but with everything that we are doing from a technology standpoint." - Faisal Hoque 3. "Leaders' job is to create that psychological safety so that we can be productive and feel that we can actually contribute and fulfill our purpose, whatever that purpose is." - Faisal Hoque 4. "AI is going to be like electricity or internet. It is going to be part and parcel of everything and anything we do." - Faisal Hoque Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter  From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today's episode, Steve speaks with Christopher Sestito (also known as Tito), chairman of the board, CEO, and co-founder of HiddenLayer, a cyber security startup dedicated to preventing adversarial machine learning attacks. Tito shares his perspective on where the business world is currently when it comes to AI and cybersecurity. He also gives his thoughts on the state of AI regulation and what business leaders should do to protect their organizations in the age of AI.  Key Takeaways: AI is changing the cybersecurity game Tech regulation is becoming more fragmented  Securing AI is really no different from securing other parts of the business Tune in to hear more about: Why Christopher Sestito started HiddenLayer (1:28) Why AI will play an increasingly important role in organizational cyber defense (5:47)  What business leaders should think about as they approach cyber in the age of AI (20:18) Standout Quotes: “I think the challenge at the AI level is how fast we've moved. There's been so many advancements that if you don't have a dedicated organization looking at this, it's really just moving too quickly to ultimately have things at a sort of hardening level at the model layer itself.” - Christopher Sestito “I think I'm a bit of a realist when it comes to artificial intelligence coming in. I think we are viewing a very fundamental shift in ultimately what's gonna affect workforces and skill sets required. I think that if I was entering the workforce right now, I'd be focusing heavily on the effects of artificial intelligence, how I can leverage artificial intelligence.” - Christopher Sestito “Every organization really needs to pay attention to their agentic strategy right now. I think if you're engaged with other enterprise organizations, as all are, everyone's building agents right now, and those agents have a lot of autonomy in order to be able to conduct transactions, in order to be able to deal with data, to be able to interact, organization or organization. And I think every CISO is gonna need to be able to really articulate what they want to be allowed here and not because we're removing humans in the loop with these agents, we're allowing them to have quite a bit of agency in order to conduct these transactions at an incredible rate.” - Christopher Sestito Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter  From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve talks about ISF's flagship foresight report "Threat Horizon 2027: Grasping for Control." In a world defined by disruption and acceleration, this report offers not just a forecast of cyber threats, but a blueprint for resilience, and Steve walks listeners through the key themes. Key Takeaways: 1 Flexibility will be key in an increasingly volatile world. 2 Cyber must be considered in every aspect of an organization’s operations. 3 Control is possible, even if it sometimes doesn’t feel like it. Tune in to hear more about: 1 Why identity is becoming more and more important for businesses (2:24) 2 How senior leaders can prepare for the future (17:06) 3 Why control is still possible (21:42) Standout Quotes: 1 “Identity is really the cornerstone of everything that we do in the digital world, and it's fast becoming one of the most critical areas for business leaders to understand and take seriously.” - Steve Durbin 2 “Leaders need to understand the economic impact of cyber risk. What are the potential costs of disruption? How would a breach affect reputation, revenue, operations? It's the reputational bit, for instance, in my case, that worries me the most. And once you start thinking in those terms. You can make many more business-aligned, informed decisions about what you are going to do because you stop looking at the cost of doing something and instead you flip it and look at the implications and associated costs of not doing it.” - Steve Durbin 3 “I think that business leaders as a group, tend to be pretty resilient individuals. I've worked a lot with entrepreneurs, and they are probably some of the most resilient that I've ever come across because they have to be. And one of the things that they always believe in, I've found, is that irrespective of what's going on around you, control is still possible. But in order to have that level of control, it takes foresight, it takes focus, and I think above all it takes flexibility and, I would say, courage.” - Steve Durbin Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today’s episode, Steve speaks with Tavia about how AI and other emerging technology are reshaping society, and how we as humans should react to it.  Key Takeaways: AI and other emerging tech can help society, but guardrails are needed.  The world is becoming more fragmented when it comes to how it views AI and tech.  With AI and new technology, we have to be increasingly cautious in our interactions in cyberspace.  Tune in to hear more about: Why it’s unlikely there will be international rules around AI (4:32) How technology is changing how we interact – and what that means (7:12) What people 50 years from now might say about how we’re currently handling emerging tech (22:28) Standout Quotes: “We need to be putting in place guardrails, particularly when it comes to AI, around how it's going to be used, because we are playing with a technology, the power of which we don't fully understand yet.” - Steve Durbin “I think it is about how we get the balance right. I think that it isn't about shutting down some of the technological advances that we're seeing, it is about just being a little bit more realistic about their fallibility and trying to get equilibrium back between people and tools.” - Steve Durbin “I suspect that what they will do is take a look back and go, why on earth did they do that? Why on earth didn't somebody see that there was a better way? Because that's with the benefit of hindsight, isn't it? And we've got 20-20 vision when it comes to hindsight. And so I think that we are in the here and now and we need to find a way of muddling through. And I think that everybody has a responsibility to do that.” - Steve Durbin Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In this bonus episode, Steve speaks with Dr. Ellie Pavlick, a professor of computer science at Brown University. Dr. Pavlick’s research focuses on computational models of semantics and pragmatics which emulate human inferences in artificial intelligence. Steve and Ellie discuss generative AI, developing a pipeline of talent to work with it, and perspectives on its developing uses for organisations. Related Resources from ISF: ISF Podcast: The AI-Quantum Revolution: Today, tomorrow and the future ISF Podcast: Steve Durbin & Nicholas Witchell - The Case for Social Responsibility in AI ISF Podcast: Boosting Business Success: Unleashing the potential of human and AI collaboration Navigating Boardroom Concerns: Top 9 Cybersecurity Risks and Challenges Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter

Tune in to this bonus episode where Steve is speaking with Prof. Federico Varese, a professor of criminology and head of the sociology department at Nuffield College at Oxford University. Prof. Varese talks with Steve about the history of organised crime in Russia and around the world, the mafia’s movement into cybercrime, and what the future may hold for these criminal organisations. Related Resources from ISF: ISF Podcast, Alexander Seger — How Global Law Enforcement Fight Cybercrime ISF Podcast, Inside the Mind of Today’s Cybercriminals, Brett Johnson Part 1 ISF Podcast, The Life of a Cybercriminal, Brett Johnson Part 2 ISF Podcast - The Democratisation of Cybercrime Misha Glenny: The Evolution of Cybercrime with Misha Glenny, author of McMafia Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management