The Jen Gottlieb Show

Today, Steve is speaking with Rear Admiral Brian Luther. After more than 30 years in the US Navy and at the Pentagon, Brian is now president and CEO of the insurance firm Navy Mutual. Brian talks about what he learned about leadership in his time commanding an aircraft carrier in the Navy and how he has translated his skills into working in the private sector. He and Steve also discuss how leaders can move from a tactical mindset into a logistical one, and prepare your team for worst case scenarios. Key Takeaways: There might be differences between generations or people of different cultures, but fundamentally most people want the same things, and basic respect goes a long way. As a leader, don’t get bogged down in tactics. Remember to think about the logistics, so there is a plan B if something goes awry.  Technology can be an immensely useful tool, but don’t get overly dependent on it.  Tune in to hear more about: The three stages of leadership (7:46) Conducting business in volatile regions (12:28) How a tabletop drill can reveal important weaknesses in your organization’s crisis response (18:48) Standout Quotes: “You have to very clearly articulate to the people what you want done. And if it's very specific, you say, ‘I want this done,’ and if it's generic, you say, ‘I want this outcome,’ right? You can't say I want a general outcome when you have something specific in mind, because they're going to go off and do it whatever way you want. But if you're very clear, ‘I want this done this way,’ or ‘I just want this outcome,’ and you decide, delegate, disappear, you'd be amazed at what people can do.” - Brian Luther “If you go there and give them an opportunity to see you as just who you are, and learn them just as they are, you find that there's more in common than people would give credit for. So I would always say, before you go internationally, take some time to learn where you're going and respect the culture that you're going to be operating in.” - Brian Luther “There are tremendous benefits associated with technology, but any strength pushed too far is a weakness [...]. Don't be overreliant on something, and you put all your eggs in that one basket and you lose it, and then you don't have a second or a third option. You should be asking yourself, ‘What if I lose this, what if they figure out a way to foil that?’ Because, remember, we put something out there, and in a strategic competition, there's move-countermove all the time. […] So use it as a tool, but don't be totally dependent on it that if someone takes that tool away from you, your whole organization collapses.” - Brian Luther Mentioned in this episode: Dear InfoSec Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today’s episode, Steve sits down with Paul Bartel, a senior intelligence analyst with PeakMetrics. Paul was previously with the Defense Intelligence Agency, and he speaks with Steve about his experience working in the government sector, how the public and private sectors can cooperate more effectively, and what businesses can do to protect themselves from misinformation campaigns. Key Takeaways: Generative AI is rapidly changing the nature of misinformation. Social media companies must take more responsibility for moderating the content on their platforms. To protect your organization from damage from misinformation, being aware of the current information environment and what information is out there about you, is key. Tune in to hear more about: Paul Bartel’s background with the Defense Intelligence Agency (1:30) The three primary sources of misinformation in the US (4:40) How businesses can adapt to the changing information environment (17:56) Standout Quotes: “I think one of the biggest things that we have going now, and this is obviously in every sort of sector, is the use of generative AI. So what we're seeing a lot in social media now is instead of just random accounts that might be controlled by a person or two, what you're seeing is hundreds and hundreds of bot accounts that are able to push forward a large amount of information very quickly.” - Paul Bartel “The biggest thing I think that needs to start happening is the social media companies really especially need to take accountability for their own clientele base that might be spreading the misinformation.” - Paul Bartel “Getting an early handle on what's being said about them, and the information environment at large, can help them [organizations] navigate a lot of the challenges that we see in an information environment that's pushing out more and more information and can change on a minute to minute, hour to hour basis.” - Paul Bartel Mentioned in this episode: Dear InfoSec Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter  From the Information Security Forum, the leading authority on cyber, information security, and risk management.

We’re starting 2025 with a preview of the episodes ahead, featuring Steve in conversation with thought leaders and security experts from around the world. We look forward to sharing the full episodes with you this winter. Stay tuned! Featured: • Rear Admiral Brian Luther, president and CEO of the insurance firm Navy Mutual • Duncan Wardle, former head of Innovation and Creativity at Disney • Dr. Kate Darling, research scientist at the MIT Media Lab, research lead at the Boston Dynamics AI Institute • Best-selling author and hypnotist Dr. Paul McKenna  • Author and leadership expert Sylvie di Giusto • Paul Bartel, senior intelligence analyst with PeakMetrics Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today we’re listening to the second half of Steve’s recent Emerging Threats webinar for security leaders. In this episode, Steve responds to audience questions, covering everything from government regulation to supply chain to raising awareness within your organization. Steve Durbin’s Contact Information: steve.durbin@securityforum.org Steve Durbin on LinkedIn Key Takeaways: 1. Knowing what your crown jewels are and how to protect them is paramount in a volatile world. 2. The government should do what the government does well, and it should let businesses do what businesses do well. The government should provide clear guidelines, but then there should be little interference. 3. Everything begins and ends with cyber resilience. How do we deal with the aftermath of the cyber incident that inevitably will occur? Tune in to hear more about: 1. How to get the board to care about cybersecurity and cyber risk (2:48) 2. How to avoid making regulatory compliance a tick box exercise (9:13) 3. How ISF can help make your organization more resilient (26:06) Standout Quotes: 1. “I like bringing people into the cyber space that are not technical. That doesn't mean to say you don't need technical people in cyber – you do, your security team needs to have a combination of the two – but I do very much like bringing them in from the business because their perspective is very much more about how they're going to make use of the technologies and therefore the use and the role that cybersecurity can play in securing the critical assets. Now, because we obviously are in an industry where there's a shortage of skills, what it does do is open up the markets to attracting – if you get it right – a whole variety of people that perhaps you wouldn't normally be able to bring into cybersecurity. So not only does it give you fresh perspective, not only does it align you more closely with the business, but it also opens up a pool of talent that otherwise might not be there.” - Steve Durbin  2. “I don't actually differentiate very much anymore between cyber risk and enterprise risk. [...] The reason I don't is that for me, I've become very much more convinced that cyber is so integral in everything that we do, that actually you create something of a problem for yourself if you begin to differentiate between enterprise and cyber.” Steve Durbin  3. “We need to make it simple for our users to be able to contact somebody in security if they are at all concerned about something that they've seen either through their email, on a system. And all too often we're not doing that. I can't tell you the number of times I've spoken to organizations and they simply aren't doing some of those basics. We don't need to complicate it all the time.” Steve Durbin Mentioned in this episode: Dear InfoSec Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today’s episode is our annual lookahead to next year, as we present Steve’s recent Emerging Threats webinar for security leaders. You’ll get to hear Steve share some of his thoughts on the threats cybersecurity professionals should be prepared to see in 2025. And of course, he also offers suggestions on how to handle these threats. Steve Durbin’s Contact Information: steve.durbin@securityforum.org Steve Durbin on Linkedin Key Takeaways: Cybersecurity is becoming more of a business issue, which presents both opportunities and challenges. Supply chain, cloud storage, data integrity, and AI will be key information security issues in 2025. Information security professionals must learn how to align cybersecurity objectives with business objectives. Tune in to hear more about: Key information security challenges for 2025 (4:20) How to manage supply chain risks and AI-related security challenges (9:34) How to align cybersecurity objectives with business objectives (20:16) Standout Quotes: “The piece that worries me the most, and I've said this for a very long time, is the data integrity. AI data sets are vulnerable to deliberate poisoning or accidental pollution. Now, if I talk to AI providers, they will tell me that their AI is sufficiently intelligent, that it can really spot these things. I don't buy it. If I'm using AI, I want to make sure that the data it's actually telling me to make decisions about has a huge amount of the traditional information security guidance around it.” - Steve Durbin “The challenge for us is to align cyber risk management with the needs of the business by identifying how risk management and resilience are aligned and help to meet business objectives. That way, I can guarantee you will get the ear of the business. And if you can crack that one, then some of the other issues that we're dealing with, such as resourcing, such as alignment, such as commitment, tend to go away.” - Steve Durbin “The ones that I think are really going to succeed and flourish in 2025 are going to have aligned security with the business, and are going to have put in place mechanisms for all elements to change in sync with each other. Keeping on track is going to require a huge amount of collective collaboration across the enterprise.” - Steve Durbin Mentioned in this episode: ISF Analyst Insight Podcast   Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter  From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today’s episode, journalist Nick Witchell speaks with Steve for the second of a two-part conversation about the coming Trump administration. Nick and Steve consider how Trump’s famously unpredictable behavior may impact business confidence and the steps business leaders can take to insulate their business from possible market changes. Key Takeaways: For business leaders, there is reason to be optimistic about the incoming Trump administration. Businesses in the US can take a “sit back, wait, and see” approach and await what new policies Donald Trump introduces in the beginning of his presidency.  It’s always wise to invest in cyber resilience. Tune in to hear more about: How the incoming Trump Administration can benefit businesses (1:44) How to “trump-proof” your business (5:02) The constant need for cyber resilience, no matter who’s leading the country (8:07) Standout Quotes: “So what do you expect from any incoming elected leader? Well, you hope for clarity. You hope for a very clear set of guidelines within which you can operate. You hope for removal of ambiguity. You hope for a reduction, I would say, in unnecessary regulation. The opposite of that, that what slows business down is an increase in regulation that is perhaps unnecessary and a lack of clarity. So I think that businesses will be hoping for that clarity.” - Steve Durbin “I think that certainly focusing more on the need for cyber resilience is something that business leaders need to do. I don't know that I particularly want my government to be telling me what to do. So I very much like being able to run my business in the way that I think is best suited to my needs. I'm not a fan of nanny government. What I am a fan of is clarity in government, understanding from government, and allowing me to get on and do what I'm good at.” - Steve Durbin “People are desperately looking for some form of guidance, something to trust. And I think that business leaders have a relatively unique opportunity, because we do have huge responsibility to the people that work within our businesses and also to our customers. And there's a significant opportunity, I think, in that, to carve out a path that allows us to be viewed in a way that, yes, suits the needs of the business, but also fills this gap in society for something that you can actually trust, something that people know you really do stand for and can get behind.” - Steve Durbin Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today’s episode, journalist Nick Witchell speaks with Steve about the coming Trump administration will mean for businesses. In the first part of their two-part discussion, Steve and Nick consider potential changes to the US approach to tech regulation and foreign policy. Key Takeaways: The fact that cyber security wasn’t part of Donald Trump’s campaign, doesn’t necessarily mean it won’t be a focus of his presidency. Election interference is about misinformation as much (if not more)  as it is about hackers getting into voting systems. Government must collaborate with private sector to create meaningful policies around digital security.  Tune in to hear more about: Expectations and hopes for the Trump administration’s approach to cyber security (2:35) Regulation of social media (6:51) The importance of cooperation between government and private sector (11:43) Standout Quotes: “If we look at some of the initiatives that he [Donald Trump] has in place around, for instance, immigration, then cybersecurity is fairly core and central to some of these programs and plans, because anything that involves technology, of course, also involves cybersecurity. So I think that that's the way we're going to start seeing cyber coming into his perspective on the world. Where it touches some of his other frontline policies, then we're going to see it playing a role.” - Steve Durbin “As soon as you implement technology without security, you're creating a huge problem for yourself further down the road; one which, unless you have invested ahead of time, is going to cost you a horrible amount of money to try to fix later.” - Steve Durbin “You need to have people in government who've actually been there and done it, because if you haven't, then where do you begin? And so I'd like to see a lot more collaboration between government and private sector in terms of getting a lot more knowledge, frontline knowledge, into some of the things that you absolutely must do to secure this technology, rather than simply deciding that that's the way we're going to go and then leaving it up to the different departments to figure things out.” - Steve Durbin Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

An interview with Steve Durbin, ISF CEO, by Security editor Stephen Pritchard. Originally published by Security Insights Podcast. Cybersecurity and geopolitics are more tightly linked than ever. The growth of online espionage, attacks by state actors, and governments turning a blind eye to cybercrime, are all increasing risk. And the “attack surface” is growing too. More and more of what we do every day is online, and this presents more opportunities to bad actors. In a connected world, it does not take much to cause huge disruption, whether by accident or design. The rise in ransomware over the decade shows just how vulnerable we are to cyber attack. And some of the most prolific ransomware groups have at least informal ties to nation states. But behind the scenes, the threats from state-based, not just state sanctioned, cyber attacks are growing. This, in turn, needs a different response from organisations, and their security teams. Geopolitics is driving cybersecurity threats, in ways that could hardly be imagined in the early days of the information security business. Our guest this week is Steve Durbin, CEO of the Information Security Forum. As he points out, a lot has changed over the last few decades, and especially in the last few years. We are now in a very risky place. And, in an increasingly connected world, cyber has the potential to be the “Achilles Heel” of our defences, he argues. Could we see the current level of cyber threats spill over into more overt conflict? And do organisations have the resources to operate in a more dangerous world?

In this episode, ISF CEO Steve Durbin is in conversation with Raffael Marty, Executive Vice President and General Manager of Cybersecurity Management at ConnectWise. Raffael is also the author of Applied Security Visualization and the Security Data Lake. He and Steve discuss how to prevent data from being compromised, what government and private enterprise can learn from each other vis a vis cybersecurity, the pros and cons of cyberinsurance, and more. Related ISF Resources: Protecting the Crown Jewels: How To Secure Mission-Critical Assets Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management

This episode is the first part of a two-part conversation between Steve and Dr. Christopher Hand. Chris is a senior lecturer in psychology at the University of Glasgow in Scotland. He and Steve talk about trust and authenticity online, cyber-bullying in the context of work, and what we know so far about the decision to return to the office post-pandemic. Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management