ISF Podcast

Explore how CISOs can educate the board, build resilience, and invest effectively in security, with Steve Dubin, ISF CEO, and Margaret Heffernan, a Professor of Practice at the University of Bath School of Management.  Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management

In this episode, Steve speaks with Dragos Tudorache, one of the members of the European Parliament who is responsible for writing the EU’s AI Act. Dragos explains the thought process that went into developing the new law and tells Steve what organisations can expect and how they can prepare for its implementation. Mentioned in and related to this episode: ISF Podcast: Ellie Pavlick - Balancing the Risk and Reward of AI ISF Podcast: The Ethical Dilemma of AI & Innovation ISF Podcast: Beyond Buzzwords: AI, ML, and the Future of Cyber ISF Podcast: Mo Gawdat: Rethinking the Paradigm of Artificial and Human Intelligence ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, ISF CEO Steve Durbin speaks with Seán Doyle, Lead for the Centre for Cybersecurity at the World Economic Forum. They discuss the role of public-private partnerships in the current cyber landscape, the importance of running tabletop exercises to promote resilience, and improving cybersecurity legislation and regulation around the world to promote economic interests. Mentioned in this episode: Cybersecurity Technology Efficacy: Is cybersecurity the new 'market for lemons'? Research Report by Joe Hubback ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management

ISF CEO Steve Durbin sits down with strategic supply chain risk expert Omera Khan. They talk about the current risk landscape vis a vis supply chain, protecting your supply chain by building collaborative systems, and incentivizing your staff appropriately to ensure they vet suppliers with a security-first mindset. Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management

Today, Steve speaks with Jimmie Lee, a leadership expert with decades of experience as a senior leader at companies like Boeing, Meta, and Microsoft. He explains that one of the most important things a business leader can do in times of crisis, is to keep focus on the big picture and the long term goals. Jimmie and Steve also discuss how to manage a team in a post-covid workplace and building supply chain resilience — and why empathy matters more than ever.  Key Takeaways: Empathy for your team members is more important than ever for a thriving business. Relationship-building must begin before the crisis happens. Geopolitical instability is causing a shift from risk management to resilience. Tune in to hear more about: If empathy can be taught (12:50) How to build trust in a business environment that’s more virtual than ever (15:47) Why many businesses are struggling because of today’s volatile geopolitical landscape (21:33) Standout Quotes: “There's a lot of tools that I would typically lean on or go to, but the number one is honestly just empathetic connection. It is really just connecting with the leaders and help them understand that they're not alone. I think a lot of times as a leader, you get too stuck in the problems that you start trying to solve, that you focus more trying to solve them in the business, and you go deeper instead of staying up at the leadership level and start working on the business itself.” - Jimmie Lee “Now you have trust to work off of. If you didn't have that trust and that mistake happened, it's an uphill climb to get to a point of good with that person now. I don't know that we're equipping our employees, that we're actually giving our teams that visibility, that knowledge, that training. […] Are we as companies, are we as leaders investing in our training budget in that kind of way to target those areas?” - Jimmie Lee “I think the geopolitical landscape is potentially gonna shift the visibility and the approach and the strategy from small, medium- sized businesses and middle market to have more attention on that supply chain because. When it comes to geopolitical instability, when it comes to geo-economic macro and the micro instability, resilience is key. Resilience is the lifeblood. Resilience is your ability to last, to withstand the fluctuations, but if you don't have enough visibility and awareness of all the different components that are impacted, you can't navigate those waters.” - Jimmie Lee Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today’s episode will focus on the challenges of the cyber landscape in the United States, as Steve sits down with Yolanda Williams, who is the Cybersecurity and Infrastructure Security Agency’s cyber security coordinator in the state of Florida. Steve and Yolanda dive deep into her work communicating cyber in a region where it for many isn’t top-of-mind and how state sovereignty and lack of standardisation between local stakeholders poses unique challenges. We hope that Yolanda’s many examples of successfully working with Floridians and stakeholders across the state will resonate with listeners across the US—and perhaps across the pond, too. Key Takeaways: Cyber leaders must possess the ability to shape their communication based on what the audience is looking for. Organisations are much more open to cyber advice today than they were five years ago.  Look at the language in your contracts! Mistakes can prove costly from both a financial perspective and a cyber perspective. Tune in to hear more about: How cyber connects to physical security (3:25) The challenges of a lack of standardised guidelines or federal regulation (10:23) The importance of keeping local backups and not only use the cloud (18:24) Standout Quotes: “I hear a lot of people say, ‘dumb it down.’ But you don't want to dumb it down. You just want to make sure that you're tailoring it specifically. You may have technical folks who are looking for, okay, what was the ransomware? Who did it? Who deployed it? How was it deployed? What was the payload? All those types of things. And they want to get into the deep dive of it. A lot of individuals don't. I'll speak to healthcare individuals and they're more looking at ‘I'm not a target. I'm a small doctor's office. I'm not a target.’ And one of the things we try to get across to everyone is: you are definitely a target. If you have a US IP address, you are a target.” - Yolanda Williams “There are federal guidelines for federal agencies. However, we respect our states and their sovereignty, and one of the things I found in Florida definitely was a lack of collaboration. Even from the city to the county, there's nothing structured across the board.” - Yolanda Williams “One of the steps that I recommend across the board for anyone that I'm talking to is looking at the language in your contracts, making sure that language is covering, not just what you're purchasing.[…] So making sure that you're looking at that contract language and have somebody that's looking at it that understands the lexicon, understands what is required. You can't just hire somebody off the street and say, ‘Oh yeah, write this contract,’ and they don't know what should be in the contract.” - Yolanda Williams Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Financial due diligence is common practice when companies merge or one business acquires another. Cyber security due diligence, however, is not quite as common. Yet, in a world where the threat landscape changes by the day and risk is growing increasingly complex, solid cyber security practices are more important than ever.  Today, Steve and Tavia dig into this very topic, and, more specifically, what role cyber security has in a merger or an acquisition. How is a cyber security review done? Why are they important? How do we balance speed with thoroughness? How do we interpret the results? There’s a lot to dig into here.  Key Takeaways: Cyber due diligence is paramount in a corporate acquisition or merger. Risks of not doing cyber due diligence include both financial and reputational. Cyber due diligence is a team game. Tune in to hear more about: Who should be responsible for conducting the cyber review (4:34) How organizations can build cyber into their due diligence process (14:05) Examples of where insufficient cyber due diligence proved costly (19:05) Standout Quotes: “You can't play a team sport without a team. And for me, M&A is a team game. You can't go it alone. I think it would be a mistake for somebody to think that they could do this kind of work solo. Because as we've seen with cyber maturing, it now touches so many different parts of the organization. You do need to be involved.” - Steve Durbin “I think people are getting it. What I'm seeing now is people get it, but they don't know how to do it. That's where the cyber professional really now has to step up.” - Steve Durbin “Pre-deal, I think it is about being focused. It's about identifying, prioritizing the high risk areas that are out there that you want to look into. It's about doing things like making sure that the governance is there. It's about scanning for some of the known vulnerabilities. If you are in one particular market sector and you're buying a company in another because of expansion growth, you're going to need to be covering off a whole range of different things that perhaps might be unusual for you because you haven't been having to look into those areas.” - Steve Durbin Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter  From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In this conversation, Lauren Farina, a psychotherapist and founder of Invited Psychotherapy & Coaching, dives into the importance of workplace wellness and mental health. She discusses how rest can be as productive as work and the risks of chronic stress on performance. Lauren introduces the 'High Performer Archetype' and emphasizes the critical need for psychological safety within teams. Listeners will learn how leaders can enhance team performance and the significance of balancing ambition with self-care for sustainable success.

Today, Steve Durbin and ISF Podcast Producer Tavia Gilbert are in conversation exploring the role of cybersecurity, governance and leadership in an age defined by rapid technological transformation. Artificial intelligence is now woven into daily business operations, risk models, customer engagement, and more. And while its benefits are significant, its risks are expanding just as quickly. Key Takeaways: It’s becoming increasingly apparent for leaders that cyber impacts every part of the business. AI will not replace humans in the workplace, but rather redefine what work humans do. If you as a business leader don't have clarity about what your values and ethics are by now, you better get started. Tune in to hear more about: What happens if businesses don’t implement a robust framework for ethical AI use (8:51) The role of the board when implementing AI into business operations (19:49)    How to lead through change (24:20) Standout Quotes: “When cyber is involved early, it really can become a value enabler. It helps the business make smarter bets, helps it to avoid blind spots and build that sort of trust that we're looking for into everything that it does.” - Steve Durbin “AI, it does introduce huge amounts of potential, but it also introduces a new layer of risk that is more complicated, dynamic and probably difficult to manage than many people actually think or are prepared for. And one of the biggest challenges is that AI doesn't just create new vulnerabilities, it changes the nature of the threat landscape completely.” - Steve Durbin “AI is not some kind of future technology. It's been around for a very long time. Certainly in cyber terms anyway, at least 10 years, if not more. It's a lifetime in cyber, so it's not a future technology, it's here. It's shaping the way that we work, that we think, and indeed that we compete. So the question isn't whether we should engage with it, it's how do we do so responsibly and effectively. And the organizations that retain control are those that lead with clarity.” - Steve Durbin Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Joining the podcast today is Dr. Shonna Waters, a leading researcher on the workplace of today and the future, and the Co-Founder and CEO of Fractional Insights, an organizational psychology research firm. Steve and Dr. Waters discuss the rapid transformation of the workplace, brought on by new technologies, geopolitical uncertainty, and shifting organizational priorities. They also speak about how to stay grounded when the ground around us is shaking, how security professionals can manage stress and negativity brought upon by constantly searching for threats, and how a growth mindset can help build resilience. Key Takeaways: The professional environment is changing faster than we are.  How bridging the language gap between security and sales is challenging, but key for business success. A growth mindset can build resilience.  Tune in to hear more about: What people look for in the workplace (1:56) How to manage stress at work (18:22) How a growth mindset can help us become more resilient (21:42) Standout Quotes: “There's a lot going on out there, and I think that there's this general sentiment that the ground is moving under our feet. We all are feeling overstimulated and ungrounded, I think, generally speaking, and it's a really hard place to navigate as an employee. It's also a really hard place to lead from.” - Dr. Shonna Waters “No matter what you're selling or producing, there is a human at the beginning of it and at the end of it, at a minimum, right? It's the concept, the leadership of it, the orchestration, no matter how much you minimize humans in the process. There's human ingenuity at the top of that chain. And then at the bottom of it, you have your customers.” - Dr. Shonna Waters “There are conscious choices that you can make to lean more into that idea that you can grow and practice. And I think for any of us, one way to really encourage ourselves around that is to think back to other things that you've done that got easier over time or you were able to improve your skills.” - Dr. Shonna Waters Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter  From the Information Security Forum, the leading authority on cyber, information security, and risk management.