In this episode, Steve speaks with best-selling author and hypnotist Paul McKenna about something that affects all of us — stress at work. Paul talks about the impact stress can have on workers and gives practical tips to care for yourself and the employees you lead, even in the fast-paced, “always-on” security industry. Key Takeaways: 1 It’s important to be mindful of signs of stress before it gets to burnout. 2 Mindfulness, hypnosis, and other types of self-care can significantly reduce stress. 3 For long-term success, employers should look to balance output and productivity with their employees’ mental and physical well-being. Tune in to hear more about: 1 Why we’re more stressed than ever (1:10) 2 How to identify signs that may lead to burnout (3:26) 3 How companies and leaders can support their employees well-being (12:32) Standout Quotes: 1 “It's right now a massive issue, anxiety, stress, fear, worry, because if you think about it, you turn on the TV, or you open a newspaper, you're under attack. It's the war, it's the virus, it's the economy, it's something or other. And so understandably, post the pandemic, we were out of the biological pandemic, but we're sort of in a psychological pandemic.” - Paul McKenna 2 “ Now the thing is, addiction is about changing your state of mind and body, so drinking, drug taking, gambling, sex, shopping, television and food, particularly sugar food, are the world's drugs of choice. And everybody in the world at some point feels too much stress. They feel overwhelmed, and so they resort to something to change how they feel, some of the things I just mentioned. And in a sense, some people, they form an addiction to their work because they can, you know, forget about everything else that's going on in their life. They might not have to think about their relationship or, you know, some other stress, from their family or something. So they immerse themselves in work.” - Paul McKenna 3 “Years ago, when I started corporate training, one of my colleagues, I asked him, ‘Why is it corporations pay so much money to have their staff trained?’ He said, ‘Well, I can show you,’ because look, they see that ‘days sick' goes down, the productivity goes up. So basically, by staying in the zone of balance – you've got enough output getting things done, versus balance, which is recovery time, in my mind. You get that mix right, then you're going to be more productive in the end.” - Paul McKenna  Mentioned in this episode: • Dear Infosec Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter 
From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve sits down with Duncan Wardle, the former head of innovation and creativity at Disney. Duncan talks to Steve about his current work teaching leaders to embrace creativity and inspire innovation in their teams. He suggests practical ways that leaders can create a more collaborative and fun work culture that will lead to more successful outcomes and enhance their teams’ job fulfillment. Key Takeaways: We’re all born with creativity, and a great leader can unlock it within people who may have lost it along the way.   Creativity is the ability to have an idea; innovation is the ability to get that idea done.  With AI, we have the opportunity to hand off mundane tasks and give ourselves time to think, be creative, and innovate.  Tune in to hear more about: Why it matters to say “yes, and…” instead of “no, because…”  The impact of AI on creativity and innovation Actions leaders can take to spark more creativity within their organizations Standout Quotes: “I define creativity as the ability to have an idea, and I think we can all do that every day. I define innovation as the ability to get that done. That's the hard part.” - Duncan Wardle  “As leaders, we have responsibilities, we've got quarterly results, we've got bosses, we've got – but if the first two words out of our mouth are ‘no, because,’ they're the first two words when somebody comes at us with a new idea, they're not coming back in the door again, and they may have genius next week or next-. Just remind ourselves as leaders, we're not green lighting this idea for execution today. We're merely green housing it together, using ‘Yes, and.’ As leaders, if we can use ‘Yes, and’ before ‘No, because’ you can completely and utterly change your culture.” - Duncan Wardle “Algorithms, and everything that AI will bring to the table, will merge with the human race, creativity, intuition, empathy, imagination, etc, we will merge to become a superhuman race.” - Duncan Wardle Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In this episode, Steve sits down with author and leadership expert Sylvie di Giusto. Sylvie delineates five areas for everyone to consider in order to enhance their emotional intelligence. She and Steve also discuss how self-awareness and authenticity relate to situational awareness, and how improving in these areas can support career mobility. Key Takeaways: The subconscious takes up 95% of the brain – use that to your advantage to gain the trust of the people you interact with. Situational awareness is more important than one-size-fits-all ideas of “always smiling” or “maintaining eye contact. Your appearance, behavior, communication, digital footprint, and environment all matter for how people see you.  Tune in to hear more about: How the meaning of emotional intelligence in business has changed over the years (01:48) Sylvie di Giusto’s A.B.C.D.E. (Appearance, Behavior, Communication, Digital footprint, Environment) framework (07:50) The four levels of visibility (20:05) Standout Quotes: “The subconscious mind of a human takes up 95% of your brain. And 95% of your brain is where emotions live, where feelings live, where your gut feelings live. And only 5% of our brain actually transmits data, facts, figures, information. That is where your contracts are, where your proposals are, where all the facts and figures are that you deliver to your clients. [...] So, I always say, why don't you use this to your advantage, that behavior, and actually use the 95% of the brain and instantly imprint that feeling of trust in them and use it to your advantage. And before they buy into your solution, into your technical solution, let them buy into you.” - Sylvie di Giusto “You have to learn to read the moment, [...] and then adjust your behavior and make more intentional choices. I think one of the biggest challenges that we have nowadays, also driven by technology because we are constantly distracted by technology, is that we run on autopilot most of the day. Most of the day, we are so in our habits, in our patterns, that we do things, say things, that we are not even aware of, and they have a macro impact on our relationships. And we have to step back and sometimes turn that autopilot off, read the room, and be more intentional with the tools that we already have.” - Sylvie di Giusto “I think that authenticity means that we all play a role, but different roles, and in those roles, we are true to ourselves. [...] And in all those roles, I promise you, I'm truly authentic. But if I would try to talk with my husband the way I talk with my clients, we wouldn't have made it to 23 years, I promise you. Or if I would treat my clients like I treat my children, or if I look at home like I would on stage, and vice versa. So, yes, we are all authentic in those roles, but I think we have to accept that you just do you, no matter the circumstances – which brings us back to situational awareness – I think it's a lie that this is possible.” - Sylvie di Giusto Mentioned in this episode: Dear InfoSec Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve is speaking with Rear Admiral Brian Luther. After more than 30 years in the US Navy and at the Pentagon, Brian is now president and CEO of the insurance firm Navy Mutual. Brian talks about what he learned about leadership in his time commanding an aircraft carrier in the Navy and how he has translated his skills into working in the private sector. He and Steve also discuss how leaders can move from a tactical mindset into a logistical one, and prepare your team for worst case scenarios. Key Takeaways: There might be differences between generations or people of different cultures, but fundamentally most people want the same things, and basic respect goes a long way. As a leader, don’t get bogged down in tactics. Remember to think about the logistics, so there is a plan B if something goes awry.  Technology can be an immensely useful tool, but don’t get overly dependent on it.  Tune in to hear more about: The three stages of leadership (7:46) Conducting business in volatile regions (12:28) How a tabletop drill can reveal important weaknesses in your organization’s crisis response (18:48) Standout Quotes: “You have to very clearly articulate to the people what you want done. And if it's very specific, you say, ‘I want this done,’ and if it's generic, you say, ‘I want this outcome,’ right? You can't say I want a general outcome when you have something specific in mind, because they're going to go off and do it whatever way you want. But if you're very clear, ‘I want this done this way,’ or ‘I just want this outcome,’ and you decide, delegate, disappear, you'd be amazed at what people can do.” - Brian Luther “If you go there and give them an opportunity to see you as just who you are, and learn them just as they are, you find that there's more in common than people would give credit for. So I would always say, before you go internationally, take some time to learn where you're going and respect the culture that you're going to be operating in.” - Brian Luther “There are tremendous benefits associated with technology, but any strength pushed too far is a weakness [...]. Don't be overreliant on something, and you put all your eggs in that one basket and you lose it, and then you don't have a second or a third option. You should be asking yourself, ‘What if I lose this, what if they figure out a way to foil that?’ Because, remember, we put something out there, and in a strategic competition, there's move-countermove all the time. […] So use it as a tool, but don't be totally dependent on it that if someone takes that tool away from you, your whole organization collapses.” - Brian Luther Mentioned in this episode: Dear InfoSec Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today’s episode, Steve sits down with Paul Bartel, a senior intelligence analyst with PeakMetrics. Paul was previously with the Defense Intelligence Agency, and he speaks with Steve about his experience working in the government sector, how the public and private sectors can cooperate more effectively, and what businesses can do to protect themselves from misinformation campaigns. Key Takeaways: Generative AI is rapidly changing the nature of misinformation. Social media companies must take more responsibility for moderating the content on their platforms. To protect your organization from damage from misinformation, being aware of the current information environment and what information is out there about you, is key. Tune in to hear more about: Paul Bartel’s background with the Defense Intelligence Agency (1:30) The three primary sources of misinformation in the US (4:40) How businesses can adapt to the changing information environment (17:56) Standout Quotes: “I think one of the biggest things that we have going now, and this is obviously in every sort of sector, is the use of generative AI. So what we're seeing a lot in social media now is instead of just random accounts that might be controlled by a person or two, what you're seeing is hundreds and hundreds of bot accounts that are able to push forward a large amount of information very quickly.” - Paul Bartel “The biggest thing I think that needs to start happening is the social media companies really especially need to take accountability for their own clientele base that might be spreading the misinformation.” - Paul Bartel “Getting an early handle on what's being said about them, and the information environment at large, can help them [organizations] navigate a lot of the challenges that we see in an information environment that's pushing out more and more information and can change on a minute to minute, hour to hour basis.” - Paul Bartel Mentioned in this episode: Dear InfoSec Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter  From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today we’re listening to the second half of Steve’s recent Emerging Threats webinar for security leaders. In this episode, Steve responds to audience questions, covering everything from government regulation to supply chain to raising awareness within your organization. Steve Durbin’s Contact Information: steve.durbin@securityforum.org Steve Durbin on LinkedIn Key Takeaways: 1. Knowing what your crown jewels are and how to protect them is paramount in a volatile world. 2. The government should do what the government does well, and it should let businesses do what businesses do well. The government should provide clear guidelines, but then there should be little interference. 3. Everything begins and ends with cyber resilience. How do we deal with the aftermath of the cyber incident that inevitably will occur? Tune in to hear more about: 1. How to get the board to care about cybersecurity and cyber risk (2:48) 2. How to avoid making regulatory compliance a tick box exercise (9:13) 3. How ISF can help make your organization more resilient (26:06) Standout Quotes: 1. “I like bringing people into the cyber space that are not technical. That doesn't mean to say you don't need technical people in cyber – you do, your security team needs to have a combination of the two – but I do very much like bringing them in from the business because their perspective is very much more about how they're going to make use of the technologies and therefore the use and the role that cybersecurity can play in securing the critical assets. Now, because we obviously are in an industry where there's a shortage of skills, what it does do is open up the markets to attracting – if you get it right – a whole variety of people that perhaps you wouldn't normally be able to bring into cybersecurity. So not only does it give you fresh perspective, not only does it align you more closely with the business, but it also opens up a pool of talent that otherwise might not be there.” - Steve Durbin  2. “I don't actually differentiate very much anymore between cyber risk and enterprise risk. [...] The reason I don't is that for me, I've become very much more convinced that cyber is so integral in everything that we do, that actually you create something of a problem for yourself if you begin to differentiate between enterprise and cyber.” Steve Durbin  3. “We need to make it simple for our users to be able to contact somebody in security if they are at all concerned about something that they've seen either through their email, on a system. And all too often we're not doing that. I can't tell you the number of times I've spoken to organizations and they simply aren't doing some of those basics. We don't need to complicate it all the time.” Steve Durbin Mentioned in this episode: Dear InfoSec Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

We’re starting 2025 with a preview of the episodes ahead, featuring Steve in conversation with thought leaders and security experts from around the world. We look forward to sharing the full episodes with you this winter. Stay tuned! Featured: • Rear Admiral Brian Luther, president and CEO of the insurance firm Navy Mutual • Duncan Wardle, former head of Innovation and Creativity at Disney • Dr. Kate Darling, research scientist at the MIT Media Lab, research lead at the Boston Dynamics AI Institute • Best-selling author and hypnotist Dr. Paul McKenna  • Author and leadership expert Sylvie di Giusto • Paul Bartel, senior intelligence analyst with PeakMetrics Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today’s episode is our annual lookahead to next year, as we present Steve’s recent Emerging Threats webinar for security leaders. You’ll get to hear Steve share some of his thoughts on the threats cybersecurity professionals should be prepared to see in 2025. And of course, he also offers suggestions on how to handle these threats. Steve Durbin’s Contact Information: steve.durbin@securityforum.org Steve Durbin on Linkedin Key Takeaways: Cybersecurity is becoming more of a business issue, which presents both opportunities and challenges. Supply chain, cloud storage, data integrity, and AI will be key information security issues in 2025. Information security professionals must learn how to align cybersecurity objectives with business objectives. Tune in to hear more about: Key information security challenges for 2025 (4:20) How to manage supply chain risks and AI-related security challenges (9:34) How to align cybersecurity objectives with business objectives (20:16) Standout Quotes: “The piece that worries me the most, and I've said this for a very long time, is the data integrity. AI data sets are vulnerable to deliberate poisoning or accidental pollution. Now, if I talk to AI providers, they will tell me that their AI is sufficiently intelligent, that it can really spot these things. I don't buy it. If I'm using AI, I want to make sure that the data it's actually telling me to make decisions about has a huge amount of the traditional information security guidance around it.” - Steve Durbin “The challenge for us is to align cyber risk management with the needs of the business by identifying how risk management and resilience are aligned and help to meet business objectives. That way, I can guarantee you will get the ear of the business. And if you can crack that one, then some of the other issues that we're dealing with, such as resourcing, such as alignment, such as commitment, tend to go away.” - Steve Durbin “The ones that I think are really going to succeed and flourish in 2025 are going to have aligned security with the business, and are going to have put in place mechanisms for all elements to change in sync with each other. Keeping on track is going to require a huge amount of collective collaboration across the enterprise.” - Steve Durbin Mentioned in this episode: ISF Analyst Insight Podcast   Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter  From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today’s episode, journalist Nick Witchell speaks with Steve for the second of a two-part conversation about the coming Trump administration. Nick and Steve consider how Trump’s famously unpredictable behavior may impact business confidence and the steps business leaders can take to insulate their business from possible market changes. Key Takeaways: For business leaders, there is reason to be optimistic about the incoming Trump administration. Businesses in the US can take a “sit back, wait, and see” approach and await what new policies Donald Trump introduces in the beginning of his presidency.  It’s always wise to invest in cyber resilience. Tune in to hear more about: How the incoming Trump Administration can benefit businesses (1:44) How to “trump-proof” your business (5:02) The constant need for cyber resilience, no matter who’s leading the country (8:07) Standout Quotes: “So what do you expect from any incoming elected leader? Well, you hope for clarity. You hope for a very clear set of guidelines within which you can operate. You hope for removal of ambiguity. You hope for a reduction, I would say, in unnecessary regulation. The opposite of that, that what slows business down is an increase in regulation that is perhaps unnecessary and a lack of clarity. So I think that businesses will be hoping for that clarity.” - Steve Durbin “I think that certainly focusing more on the need for cyber resilience is something that business leaders need to do. I don't know that I particularly want my government to be telling me what to do. So I very much like being able to run my business in the way that I think is best suited to my needs. I'm not a fan of nanny government. What I am a fan of is clarity in government, understanding from government, and allowing me to get on and do what I'm good at.” - Steve Durbin “People are desperately looking for some form of guidance, something to trust. And I think that business leaders have a relatively unique opportunity, because we do have huge responsibility to the people that work within our businesses and also to our customers. And there's a significant opportunity, I think, in that, to carve out a path that allows us to be viewed in a way that, yes, suits the needs of the business, but also fills this gap in society for something that you can actually trust, something that people know you really do stand for and can get behind.” - Steve Durbin Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today’s episode, journalist Nick Witchell speaks with Steve about the coming Trump administration will mean for businesses. In the first part of their two-part discussion, Steve and Nick consider potential changes to the US approach to tech regulation and foreign policy. Key Takeaways: The fact that cyber security wasn’t part of Donald Trump’s campaign, doesn’t necessarily mean it won’t be a focus of his presidency. Election interference is about misinformation as much (if not more)  as it is about hackers getting into voting systems. Government must collaborate with private sector to create meaningful policies around digital security.  Tune in to hear more about: Expectations and hopes for the Trump administration’s approach to cyber security (2:35) Regulation of social media (6:51) The importance of cooperation between government and private sector (11:43) Standout Quotes: “If we look at some of the initiatives that he [Donald Trump] has in place around, for instance, immigration, then cybersecurity is fairly core and central to some of these programs and plans, because anything that involves technology, of course, also involves cybersecurity. So I think that that's the way we're going to start seeing cyber coming into his perspective on the world. Where it touches some of his other frontline policies, then we're going to see it playing a role.” - Steve Durbin “As soon as you implement technology without security, you're creating a huge problem for yourself further down the road; one which, unless you have invested ahead of time, is going to cost you a horrible amount of money to try to fix later.” - Steve Durbin “You need to have people in government who've actually been there and done it, because if you haven't, then where do you begin? And so I'd like to see a lot more collaboration between government and private sector in terms of getting a lot more knowledge, frontline knowledge, into some of the things that you absolutely must do to secure this technology, rather than simply deciding that that's the way we're going to go and then leaving it up to the different departments to figure things out.” - Steve Durbin Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.