
ISF Podcast
The ISF Podcast brings you cutting-edge conversation, tailored to CISOs, CTOs, CROs, and other global security pros. In every episode of the ISF Podcast, Chief Executive, Steve Durbin speaks with rule-breakers, collaborators, culture builders, and business creatives who manage their enterprise with vision, transparency, authenticity, and integrity. From the Information Security Forum, the leading authority on cyber, information security, and risk management.
Latest episodes

Jun 24, 2018 • 22min
Steve Durbin in Conversation with Richard Guida - Part 1
In the first of this 3 part Business Leaders podcast, Steve Durbin, Managing Director at the ISF talks with Richard Guida, Managing Director at Guida Technology Associates about his experience as a former CISO implementing data security within a large organisation, the role technology plays and the implications this has on security and the people who work within it.
https://www.securityforum.org/videos-podcasts/isf-podcast-richard-guida-episode-1/

Jun 24, 2018 • 18min
Mobile Apps: My kingdom for an app!
Increasingly organisations are incorporating mobile apps into their customer service offerings, however struggle to overcome the challenge of adequately securing apps, while ensuring ease of access is not compromised. With the added consideration of data privacy, businesses need to start focusing on security rather than just performance, but whose responsibility is it?
In this podcast Steve Durbin, Managing Director at the Information Security Forum discusses the challenges associated with acquiring, using and operating mobile apps, and provides actions to manage those challenges, while maintaining the business benefits.
https://www.securityforum.org/videos-podcasts/isf-podcast-mobingdom-for-an-app/

May 17, 2018 • 24min
GDPR SOS: Are we too late to meet compliance?
In this podcast, Steve Durbin, Managing Director at the Information Security Forum, shares the 5 key actions organisations can take today to demonstrate compliance, and how they can continue to build compliance into the organisations DNA beyond the deadline date. Steve also discusses the key issue of third party suppliers and their access to personal information, sharing an approach to help rationalise the number of suppliers and protect the data shared with them to support your compliance programme.
https://www.securityforum.org/videos-podcasts/isf-podcast-gdpr-too-late/

Apr 24, 2018 • 12min
Building a Workforce for the Future: All roads lead to the CISO
Recognising the need to build a sustainable security workforce is of real concern to organisations across all sectors, as any shortfalls in skills and capabilities could leave an organisation vulnerable to an attack on its most critical assets, impacting an organisations performance and brand reputation. But as demand outstrips supply, a sustainable security workforce is becoming more and more difficult to achieve, increasing pressure on the CISO’s role.
In this podcast Steve Durbin, Managing Director at the ISF, discusses the skills and attributes CISOs should be looking for when building a sustainable workforce, how to retain them, and the part technology will play in the future when trying to overcome the workforce shortfall.
https://www.securityforum.org/videos-podcasts/isf-podcast-buile-for-the-future/

Feb 6, 2018 • 13min
Protect your critical information assets before it's too late
When your most critical information assets represent 80% of your organisations total value, it’s important to know exactly what they are, where they are, and how to protect them? Until regulations such as GDPR came into focus, most organisations, while familiar with the term had no real understanding of how to define their ‘critical information assets’ and why they should be protecting them. Organisations now know that protecting these assets is crucial if they want to compete and succeed in a global market.
In this podcast, Steve Durbin, Managing Director at the Information Security Forum discusses what critical information assets mean to different organisations, how you can protect them, and what the consequences could be for an organisation if these assets were to be breached.
https://www.securityforum.org/videos-podcasts/isf-podcast-protect-critical-assets/

Jan 23, 2018 • 14min
Who is the real insider threat to you business?
Insider threats account for 54% off all breaches, and are found at all levels of an organisation, from top to bottom. Numerous factors are increasing organisations’ exposure to the threats posed by insiders, and technical controls are limited. To combat these threats, organisations must invest in a deeper understanding of trust, and work to improve the trustworthiness of all insiders.
The insider threat has only intensified as people have become increasingly mobile and hyper-connected, and with technology continuously advancing, the risks posed by insiders are only set to increase.
In this podcast, Steve Durbin, Managing Director, ISF discusses the most common types of insider threats, as well as how organisations need to take a holistic approach to tackle insider threats that include both technology and people when embedding security into their organisation’s DNA.
https://www.securityforum.org/videos-podcasts/isf-podcast-who-to-your-business/

Jan 10, 2018 • 8min
Ransomware? The currency of cyber criminals...
The frequency of ransomware attacks on businesses has significantly grown over the past two years, with the number of detections increasing by nearly 2000%. As the space becomes more attractive and lucrative to cyber criminals, the threat of ransomware is only set to rise in 2018 as attackers get more creative, sophisticated and persistent, and attacks from named ransomware such as WannaCry and BadRabbit become ever more prevalent.
With so many end points accessible to malware, organisations must be more vigilant than ever to protect themselves against this growing threat.
In this podcast, Steve Durbin, Managing Director, ISF addresses what organisations can do to prepare and protect against ransomware, and how focusing on the basics, as well as embedding security awareness within the organisation can help prevent such attacks.
https://www.securityforum.org/videos-podcasts/isf-podcast-rans-cyber-criminals/

Dec 19, 2017 • 13min
The CISO Reset: Redefining your value to the business
The role of a CISO has evolved over the years’ and now requires someone who combines InfoSec capabilities with business requirements. They must be able to align cyber to business strategy, speaking both languages while developing reporting metrics that satisfies the board and promotes good cyber resilience across the business. All these attributes support the belief that the CISO of the future doesn’t have to come from an IT background.
In this podcast, Steve Durbin, Managing Director ISF, addresses the objectives a CISO should aim to achieve in the first 100 days in the role, and offers insights into how a CISO should work with the board and security teams to achieve these.
https://www.securityforum.org/videos-podcasts/the-ciso-reset/

Dec 6, 2017 • 11min
EU GDPR for India: Are you ready to protect your European customers' data?
With the main industries in India comprising IT Services providers, banks and conglomerates such as Tata Group, Birla Group, Mahindra, and Reliance who all manage EU personal data – Indian organisations are determining how they can comply with the EU GDPR by May 2018. India aims to achieve 25 billion digital transactions in 2017 to 2018, so complying with the GDPR is going to have to be top of the business agenda.
In this podcast, Steve Durbin addresses some of the challenges that India will face and offers insights into best practice solutions to address the requirements of the EU GDPR. Steve also discusses how Indian organisations should not view the EU GDPR as a compliance burden, but as an opportunity for culture change across the business that will lead to tangible business benefits. Find out more at www.securityforum.org.
https://www.securityforum.org/videos-podcasts/isf-podcast-eu-gn-customers-data/

Nov 29, 2017 • 13min
Cyber and the Board: Stop making excuses and start making the decisions that matter
When we talk about the board and cyber security, we have moved away from the board doesn’t get it, to the board gets it, to the board doesn’t feel they are sufficiently briefed when a breach takes place. But is all of this evasive talk to avoid responsibility, or is there still a lack of communication between cybersecurity professionals and the board?
In this podcast, Steve Durbin, Managing Director ISF, offers insights into the specific actions the board needs to take to embed cybersecurity into business strategy. With the May 2018 deadline for the EU GDPR fast approaching, the board should be viewing upcoming legislation as an opportunity for cultural change, rather than a compliance burden.
https://www.securityforum.org/videos-podcasts/isf-podcast-cybeions-that-matter/