ISF Podcast

In today’s episode, Steve speaks with Karena Man, whose expertise is connecting organizations with experts in technology as a Senior Client Partner at Korn Ferry. Karena highlights the growing awareness of cyber by boards of directors — an awareness brought on by the increase in cyber intrusions. She also emphasizes the importance of storytelling and collaboration, and she and Steve discuss AI and the preparedness of the board. Key Takeaways: Boards are increasingly knowledgeable of cyber and AI.  CISOs must be good storytellers and cultivate relationships with other departments to be able to succeed in their role.  Involve board members in the processes, not just the results. Tune in to hear more about: Cyber and the board (01:27) AI and the board (19:30) How cyber and AI will impact the board in the coming years (24:53) Standout Quotes: “If we go back to what boards are really charged with, they're charged with oversight and governance. They are there to really provide guardrails in many ways, allow the organization to go fast by asking the right questions.” - Karena Man “When I am also assessing and helping my clients hire their next CISO, one of the things I'm looking for is not just someone who's technically deep, but someone who has the empathy, someone who really understands what is it that the business is trying to do.” - Karena Man “Anyone who's used one of the large language models, don't name any of them, I think there isn't a single person I've talked to who hasn't had a model hallucinate. Or give them a questionable answer to a query or to a task. And so there is this understanding that the technology is promising and that we should experiment with it and innovate with it within our enterprise. But there is this worry that it could be used for not so good purposes.” - Karena Man Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In this week’s episode, Steve sits down with Debra Andrews, president and owner of Marketri. Marketri, a strategic marketing firm. Steve and Debra talk about what goes into creating a marketing plan that the C-suite can get on board with, and Deb shares how she and her team work to balance human knowledge with the speed of artificial intelligence. Debra also explains the role of Marketri’s AI council… Key Takeaways: Using key performance measures to show growth toward a goal is integral to getting the C-suite on board with a marketing plan.  To gain trust for AI both inside and outside the organization, transparency is paramount.  AI will shrink marketing teams and marketers will need broader skillsets. Tune in to hear more about: How Marketri went about incorporating AI into its operations (6:23) Deb’s thoughts on the ethics of AI (10:55) How AI will impact the future of marketing (13:43) Standout Quotes: “When we use AI to do the copywriting, we ask it not to supplement with any extra information, only use the information you're given and through that, AI is a wonderful copywriter. It can learn your voice and tone. You can train it on your particular voice and tone, so we can train it on our client's voice and tone. So it can be very customized to that person and how they like to speak, and words they like to use and how they like to sound. But ethically means we're not using trained data in the large language models to produce our content pieces. We're using human brains, their experience, and we're leveraging the tools as copywriters.” - Deb Andrews “We're not trying to hide that we're using AI and shortcutting the process or delivering something like an AI-produced post. What we share is that we're using it to help them gain competitive advantage, to have the best access to human thinking, our thinking, their thinking as far as their area of subject matter expertise, and then the best of what this technology can do, and it's extremely powerful.” - Deb Andrews “I think the smaller organizations, they're just struggling to keep afloat of their workload right now. I feel like AI's had this paralyzing effect on a lot of mid-size organizations where they know AI's out there and they know it's supposed to have an impact and they're reading about companies reducing head count and not hiring.” - Deb Andrews Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve sits down with Baroness Beeban Kidron, a member of the House of Lords in the UK and a global authority on online privacy and tech regulation. They discuss the critical importance of privacy on the internet in the age of surveillance capitalism, why we need to reframe how we talk about AI and new technology, and the problems with the UK government’s current AI policy.  Key Takeaways: The internet has changed, making privacy online essential.  Regulating the internet and technology is still possible. The current path the world is on when it comes to AI is highly problematic and should be taken more seriously.  Tune in to hear more about: Why privacy online matters more than ever (1:22) How technology is impacting early childhood development (12:08) Baroness Kidron’s take on the UK’s AI strategy (28:17) Standout Quotes: “[The internet] is deliberately designed to keep your attention. Deliberately designed to make you come back, deliberately designed to know the most, to reveal the most. And in that context, actually, privacy becomes an incredible tool of protection for the user, particularly for children who may not understand the negotiation that they're in.” - Baroness Beeban Kidron “ We have to think about what kind of world we want, what kind of world is good for us, what kind of world benefits most people, and then we build ourselves a pathway to do the most we can in that direction.” - Baroness Beeban Kidron “ it is hugely important to protect the idea of copyright. It is a moral right because it is an expression of your humanity. What you write, what you draw, what you sing is yours. It is you. It is a manifestation of you. So it comes with, and in fact, in human rights law, it is specifically stated that it is your moral right to determine how that is used.” - Baroness Beeban Kidron Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Explore how CISOs can educate the board, build resilience, and invest effectively in security, with Steve Dubin, ISF CEO, and Margaret Heffernan, a Professor of Practice at the University of Bath School of Management.  Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management

In this episode, Steve speaks with Dragos Tudorache, one of the members of the European Parliament who is responsible for writing the EU’s AI Act. Dragos explains the thought process that went into developing the new law and tells Steve what organisations can expect and how they can prepare for its implementation. Mentioned in and related to this episode: ISF Podcast: Ellie Pavlick - Balancing the Risk and Reward of AI ISF Podcast: The Ethical Dilemma of AI & Innovation ISF Podcast: Beyond Buzzwords: AI, ML, and the Future of Cyber ISF Podcast: Mo Gawdat: Rethinking the Paradigm of Artificial and Human Intelligence ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, ISF CEO Steve Durbin speaks with Seán Doyle, Lead for the Centre for Cybersecurity at the World Economic Forum. They discuss the role of public-private partnerships in the current cyber landscape, the importance of running tabletop exercises to promote resilience, and improving cybersecurity legislation and regulation around the world to promote economic interests. Mentioned in this episode: Cybersecurity Technology Efficacy: Is cybersecurity the new 'market for lemons'? Research Report by Joe Hubback ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management

ISF CEO Steve Durbin sits down with strategic supply chain risk expert Omera Khan. They talk about the current risk landscape vis a vis supply chain, protecting your supply chain by building collaborative systems, and incentivizing your staff appropriately to ensure they vet suppliers with a security-first mindset. Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management

Today, Steve speaks with Jimmie Lee, a leadership expert with decades of experience as a senior leader at companies like Boeing, Meta, and Microsoft. He explains that one of the most important things a business leader can do in times of crisis, is to keep focus on the big picture and the long term goals. Jimmie and Steve also discuss how to manage a team in a post-covid workplace and building supply chain resilience — and why empathy matters more than ever.  Key Takeaways: Empathy for your team members is more important than ever for a thriving business. Relationship-building must begin before the crisis happens. Geopolitical instability is causing a shift from risk management to resilience. Tune in to hear more about: If empathy can be taught (12:50) How to build trust in a business environment that’s more virtual than ever (15:47) Why many businesses are struggling because of today’s volatile geopolitical landscape (21:33) Standout Quotes: “There's a lot of tools that I would typically lean on or go to, but the number one is honestly just empathetic connection. It is really just connecting with the leaders and help them understand that they're not alone. I think a lot of times as a leader, you get too stuck in the problems that you start trying to solve, that you focus more trying to solve them in the business, and you go deeper instead of staying up at the leadership level and start working on the business itself.” - Jimmie Lee “Now you have trust to work off of. If you didn't have that trust and that mistake happened, it's an uphill climb to get to a point of good with that person now. I don't know that we're equipping our employees, that we're actually giving our teams that visibility, that knowledge, that training. […] Are we as companies, are we as leaders investing in our training budget in that kind of way to target those areas?” - Jimmie Lee “I think the geopolitical landscape is potentially gonna shift the visibility and the approach and the strategy from small, medium- sized businesses and middle market to have more attention on that supply chain because. When it comes to geopolitical instability, when it comes to geo-economic macro and the micro instability, resilience is key. Resilience is the lifeblood. Resilience is your ability to last, to withstand the fluctuations, but if you don't have enough visibility and awareness of all the different components that are impacted, you can't navigate those waters.” - Jimmie Lee Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today’s episode will focus on the challenges of the cyber landscape in the United States, as Steve sits down with Yolanda Williams, who is the Cybersecurity and Infrastructure Security Agency’s cyber security coordinator in the state of Florida. Steve and Yolanda dive deep into her work communicating cyber in a region where it for many isn’t top-of-mind and how state sovereignty and lack of standardisation between local stakeholders poses unique challenges. We hope that Yolanda’s many examples of successfully working with Floridians and stakeholders across the state will resonate with listeners across the US—and perhaps across the pond, too. Key Takeaways: Cyber leaders must possess the ability to shape their communication based on what the audience is looking for. Organisations are much more open to cyber advice today than they were five years ago.  Look at the language in your contracts! Mistakes can prove costly from both a financial perspective and a cyber perspective. Tune in to hear more about: How cyber connects to physical security (3:25) The challenges of a lack of standardised guidelines or federal regulation (10:23) The importance of keeping local backups and not only use the cloud (18:24) Standout Quotes: “I hear a lot of people say, ‘dumb it down.’ But you don't want to dumb it down. You just want to make sure that you're tailoring it specifically. You may have technical folks who are looking for, okay, what was the ransomware? Who did it? Who deployed it? How was it deployed? What was the payload? All those types of things. And they want to get into the deep dive of it. A lot of individuals don't. I'll speak to healthcare individuals and they're more looking at ‘I'm not a target. I'm a small doctor's office. I'm not a target.’ And one of the things we try to get across to everyone is: you are definitely a target. If you have a US IP address, you are a target.” - Yolanda Williams “There are federal guidelines for federal agencies. However, we respect our states and their sovereignty, and one of the things I found in Florida definitely was a lack of collaboration. Even from the city to the county, there's nothing structured across the board.” - Yolanda Williams “One of the steps that I recommend across the board for anyone that I'm talking to is looking at the language in your contracts, making sure that language is covering, not just what you're purchasing.[…] So making sure that you're looking at that contract language and have somebody that's looking at it that understands the lexicon, understands what is required. You can't just hire somebody off the street and say, ‘Oh yeah, write this contract,’ and they don't know what should be in the contract.” - Yolanda Williams Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Financial due diligence is common practice when companies merge or one business acquires another. Cyber security due diligence, however, is not quite as common. Yet, in a world where the threat landscape changes by the day and risk is growing increasingly complex, solid cyber security practices are more important than ever.  Today, Steve and Tavia dig into this very topic, and, more specifically, what role cyber security has in a merger or an acquisition. How is a cyber security review done? Why are they important? How do we balance speed with thoroughness? How do we interpret the results? There’s a lot to dig into here.  Key Takeaways: Cyber due diligence is paramount in a corporate acquisition or merger. Risks of not doing cyber due diligence include both financial and reputational. Cyber due diligence is a team game. Tune in to hear more about: Who should be responsible for conducting the cyber review (4:34) How organizations can build cyber into their due diligence process (14:05) Examples of where insufficient cyber due diligence proved costly (19:05) Standout Quotes: “You can't play a team sport without a team. And for me, M&A is a team game. You can't go it alone. I think it would be a mistake for somebody to think that they could do this kind of work solo. Because as we've seen with cyber maturing, it now touches so many different parts of the organization. You do need to be involved.” - Steve Durbin “I think people are getting it. What I'm seeing now is people get it, but they don't know how to do it. That's where the cyber professional really now has to step up.” - Steve Durbin “Pre-deal, I think it is about being focused. It's about identifying, prioritizing the high risk areas that are out there that you want to look into. It's about doing things like making sure that the governance is there. It's about scanning for some of the known vulnerabilities. If you are in one particular market sector and you're buying a company in another because of expansion growth, you're going to need to be covering off a whole range of different things that perhaps might be unusual for you because you haven't been having to look into those areas.” - Steve Durbin Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter  From the Information Security Forum, the leading authority on cyber, information security, and risk management.