Today, author and disability diversity expert Ruth Rathblott offers a fresh perspective on how we understand and approach diversity in the workplace. She and Steve discuss how DEI can benefit both your culture and your business, and they give practical tips for leaders looking to build a more inclusive environment. Key Takeaways: 1. Leaders need to go first in being vulnerable and trustworthy. 2. Hiding is universal and exhausting, and people fear judgement and rejection for keeping secrets. 3. Unhiding can increase staff retention and engagement. 4. Leaders who adopt unhiding can be more innovative and creative, and better connect with millennials and Gen Z employees. 5. Unhiding is the key to connection, and it will make leaders stronger and drive business results in today’s pandemic of loneliness. Tune in to hear more about: 1. Diversity, equity, and inclusion with a focus on disability inclusion (0:00) 2. Hiding and sharing personal aspects of one’s identity in the workplace, with a focus on disability and diversity (5:08) 3. Leadership vulnerability and creating a safe space for teams to thrive (10:26) 4. The benefits of “unhiding” in the workplace, leading to increased trust, retention, and innovation (14:41) 5. Uncovering hidden potential through self-awareness and connection (18:49) Standout Quotes: 1. It's funny, I was talking to a woman recently. And she said, I love this concept of hiding, I love the work that you're doing, Ruth, and as a leader, I will never unhide to my team. And I said, okay, why? And she said, because I don't trust them. And it got me into the space of thinking, Steve, that either she has the wrong team, or she's the wrong leader. Because if we can't trust our teams, why are we in this business? Because that's our job is to build teams that trust us, that work with us, that get us to our next level in terms of a company. And so how do we create those spaces? And it's by leaders going first, and being vulnerable. - Ruth Rathblott 2. “There is a privilege in being able to unhide. I recognize that. In terms of being able, whether you're in the securities industry or in a different industry, because there are still in 2024 reasons that people would be fearful, and for good reason be fearful, of sharing parts of themselves, for retaliation, et cetera. I think where I've seen the benefit and the other side is the retention increases. People feel better about the place that they work, because they don't feel like they have to hide that part of themselves. They feel like this is a company who understands me, I'm going to stay longer. They feel more engaged with their peers, because they're not hiding.” - Ruth Rathblott 3. “I use the methods of therapy. I use the methods of journaling. I use the methods of meditation, to just take a pause in our lives to say, what is holding me back? Where am I hiding part of myself to fit in for fear of judgment and fear of rejection? Take that inventory or that audit on yourself. Acknowledge it.” - Ruth Rathblott Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today is the second in a two-part conversation centered on cultural fluency with global leadership strategist and corporate coach Jane Hyun. Jane is the author of Leadership Toolkit for Asians: The Definitive Resource Guide for Breaking the Bamboo Ceiling and Breaking the Bamboo Ceiling: Career Strategies for Asians, and co-author of Flex: The New Playbook for Managing Across Differences. In this episode, Steve and Jane define cultural fluency and give more tips on fostering cohesion and innovation in global teams. Key Takeaways: 1. To be effective in a global team with diverse languages and continents, leaders must recognize and attend to cultural differences. 2. Mergers and acquisitions can fail due to cultural differences. 3. In the security industry, retention is a significant issue, and creating a fun and thriving work environment can help address it. Tune in to hear more about: 1. Cultural fluency and its importance in leadership, particularly when working with people from different backgrounds and cultures (0:00) 2. Cultural fluency in the workplace (6:17) Standout Quotes: 1. “It's actually about building leadership capacity to work across difference. And it's not just for one cultural group or another; it’s actually for everyone. To build that cultural self awareness and to create an environment where we can ask questions, thoughtfully, that we give some room to each other.” - Jane Hyun 2. “If the leader can be attuned to those little things and show that kind of empathy that engages someone who feels, perhaps, kind of in the margins, or their voice is not always heard, I think that can make a tremendous difference in how they connect to your company, how loyal they are to you, and how much output you will get from their productivity as well.” - Jane Hyun Mentioned in this episode: Flex: The New Playbook for Managing Across Differences Breaking the Bamboo Ceiling: Career Strategies for Asians Leadership Toolkit for Asians: The Definitive Resource Guide for Breaking the Bamboo Ceiling ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Global leadership strategist Jane Hyun explores cultural fluency in remote work environments. Key topics include self-awareness for growth, leveraging diverse perspectives for innovation, and culturally adaptive facilitation. Standout quotes highlight the importance of embracing cultural backgrounds and driving innovation through change.

Amanda Fennell, CISO and CIO of Prove, shares insights on security principles, befriending legal officers, and thriving in change. Topics include teaching emotional intelligence, evolving CISO roles, and managing stress. Key takeaways: least privilege, risk mitigation, vulnerability management.

Investigative tech journalist Geoff White discusses cybercrime trends, AI use by criminals, and law enforcement challenges. Topics include nation-state involvement, money laundering, and evolving cybercrime tactics. Learn about the intersection of traditional and cybercrime, law enforcement hurdles, and future trends in cybercrime and cryptocurrency.

British journalist Juliette Foster interviews Steve on aligning cybersecurity with business goals, involving security in project planning, explaining security implications to leaders, navigating regulatory landscape, and evolving threat landscape with malware, ransomware, and phishing attacks.

Thom Dennis, an executive coach and CEO, discusses trust, delegation, and remote work challenges in leadership. He emphasizes letting go, setting clear objectives, and predicts a shift towards prioritizing society's demands over corporate standards. Key topics include embracing change, avoiding burnout, and fostering trust and community within organizations.

Today, Steve is speaking with Erik Avakian, who served as CISO for the Commonwealth of Pennsylvania in the United States for more than twelve years before moving into the private sector, where he currently works as the technical counselor at Info-Tech Research Group. Erik brings his passion and experience to a lively conversation in which he and Steve discuss coping with change through multiple leadership turnovers, practical examples of how security leaders can demonstrate their department’s value to an organization beyond theoretical breach prevention, and overcoming challenges in the public and private sectors. Key Takeaways: 1. Embracing change in state/local government requires technical architecture and common architecture. 2. Public sector security faces unique challenges, including political considerations. 3. It’s critical for public funds to be used efficiently while also reducing duplication of work and building knowledge sharing across agencies. 4. Security testing and phishing simulations can demonstrate return on security investment, saving time and money in the long run. Tune in to hear more about: 1. Embracing change in security leadership in the public sector (0:00) 2. Building security foundations in public sector organizations (4:45) 3. Funding challenges in security, with tips for effective resource utilization, building strong teams, and collaboration (8:48) 4. Demonstrating security value to business leaders through cost-benefit analysis and service metrics (14:02) 5. Demonstrating security value to non-technical stakeholders through practical examples (18:33) Standout Quotes: 1. One of the reasons I love the industry and I loved the position of CISO is you're constantly trying to just improve, right? You're not trying to rebuild every, all the time. You know that the business might want to rebuild, but you're there to constantly improve that foundation, continuingly building your team, and continually building your capabilities. So regardless of who comes and goes, you have that foundation, and you continue to grow it. - Erik Avakian 2. It's really about enabling the business. How can we say yes, but do things more securely and put a positive spin on it? Whereas, you know, in the past, you know, security is looked at oh, these are the guys that say no. So really, a CISO's a partner to the business, a collaborator building relationships, and really, that's been the change, right? It's gone from less of a technical kind of a thing to being a coach, being a leader, and really working and building those relationships at the business level. - Erik Avakian 3. I look at it as almost like a baseball team. So in the baseball world, you have a catcher, you have a pitcher, you have all these people on the field. And it's identifying what are the strengths of your team, and letting those players — if we look at it from that perspective — letting them thrive, letting them grow in the position that they're passionate about. And then you can just grow in that passion, give them the training, give them extra training, helping them build where they're really good at and what they really like to do. And then the baseball world is that example. We wouldn't necessarily make the pitcher catch — they might not be comfortable with that — or the catcher pitch, and all sorts of other things. Because they do what they do well, that's their position on the field. And what I've found is that if we can do that, we can build our teams and build rock stars out of them in the places where they really are passionate about, then we have retention. I think my retention throughout my tenure was almost 99%, because I looked at people as to what drives them. - Erik Avakian Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve and producer Tavia Gilbert discuss the impact artificial intelligence is having on the threat landscape and how businesses can leverage this new technology and collaborate with it successfully. Key Takeaways: 1.  AI risk is best presented in business-friendly terms when seeking to engage executives at the board level. 2. Steve Durbin takes the position that AI will not replace leadership roles, as human strengths like emotional intelligence and complex decision making are still essential. 3. AI risk management must be aligned with business objectives while ethical considerations are integrated into AI development. 4. Since AI regulation will be patchy, effective mitigation and security strategies must be built in from the start. Tune in to hear more about: 1. AI’s impact on cybersecurity, including industrialized high-impact attacks and manipulation of data (0:00) 2. AI collaboration with humans, focusing on benefits and risks (4:12) 3. AI adoption in organizations, cybersecurity risks, and board involvement (11:09) 4. AI governance, risk management, and ethics (15:42) Standout Quotes: 1. Cyber leaders have to present security issues in terms that board level executives can understand and act on, and that's certainly the case when it comes to AI. So that means reporting AI risk in financial, economic, operational terms, not just in technical terms. If you report in technical terms, you will lose the room exceptionally quickly. It also involves aligning AI risk management with business needs by you know, identifying how AI risk management and resilience are going to help to meet business objectives. And if you can do that, as opposed to losing the room, you will certainly win the room. -Steve Durbin 2. AI, of course, does provide some solution to that, in that if you can provide it with enough examples of what good looks like and what bad looks like in terms of data integrity, then the systems can, to an extent, differentiate between what is correct and what is incorrect. But the fact remains that data manipulation, changing data, whether that be in software code, whether it be in information that we're storing, all of those things remain a major concern. -Steve Durbin 3. We can’t turn the clock back. So at the ISF, you know, our goal is to try to help organizations figure out how to use this technology wisely. So we're going to be talking about ways humans and AI complement each other, such as collaboration, automation, problem solving, monitoring, oversight, all of those sorts of areas. And I think for these to work, and for us to work effectively with AI, we need to start by recognizing the strengths both we as people and also AI models can bring to the table. -Steve Durbin 4. I also think that boards really need to think through the impact of what they're doing with AI on the workforce, and indeed, on other stakeholders. And last, but certainly not least, what the governance implications of the use of AI might look like. And so therefore, what new policies controls need to be implemented. -Steve Durbin 5. We need to be paying specific attention to things like ethical risk assessment, working to detect and mitigate bias, ensure that there is, of course, informed consent when somebody interacts with AI. And we do need, I think, to be particularly mindful about bias, you know? Bias detection, bias mitigation. Those are fundamental, because we could end up making all sorts of decisions or having the machines make decisions that we didn't really want. So there's always going to be in that area, I think, in particular, a role for human oversight of AI activities. -Steve Durbin Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

This is the second of a two-part conversation between Steve and Brian Lord, who is currently the Chief Executive Officer of Protection Group International. Prior to joining PGI, Brian served as the Deputy Director of a UK Government Agency governing the organization's Cyber and Intelligence Operations. Today, Steve and Brian discuss the proliferation of mis- and disinformation online, the potential security threats posed by AI, and the need for educating children in cyber awareness from a young age. Key Takeaways: 1. The private sector serves as a skilled and necessary support to the public sector, working to counter mis- and disinformation campaigns, including those involving AI. 2. AI’s increasing ability to create fabricated  images poses a particular threat to youth and other vulnerable users. Tune in to hear more about: 1. Brian gives his assessment of cybersecurity threats during election years. (16:04) 2. Exploitation of vulnerable users remains a major concern in the digital space, requiring awareness, innovative countermeasures, and regulation. (31:0) Standout Quotes: 1. “I think when we look at AI, we need to recognize it is a potentially long term larger threat to our institutions, our critical mass and infrastructure, and we need to put in countermeasures to be able to do that. But we also need to recognize that the most immediate impact on that is around what we call high harms, if you like. And I think that was one of the reasons the UK — over a torturously long period of time — introduced the The Online Harms Bill to be able to counter some of those issues. So we need to get AI in perspective. It is a threat. Of course it is a threat. But I see then when one looks at AI applied in the cybersecurity test, you know, automatic intelligence developing hacking techniques, bear in mind, AI is available to both sides. It's not just available to the attackers, it's available to the defenders. So what we are simply going to do is see that same kind of thing that we have in the more human-based countering the cybersecurity threat in an AI space.” -Brian Lord 2. “The problem we have now — now, one can counter that by the education of children, keeping them aware, and so on and so forth— the problem you have now is the ability, because of the availability of imagery online and AI's ability to create imagery, one can create an entirely fabricated image of a vulnerable target and say, this is you. Even though it isn’t … when you're looking at the most vulnerable in our society, that's a very, very difficult thing to counter, because it doesn't matter whether it's real to whoever sees it, or the fear from the most vulnerable people, people who see it, they will believe that it is real. And we've seen that.” -Brian Lord Mentioned in this episode: • ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.