ISF Podcast

Steve recently sat for an interview with veteran journalist Julie MacDonald for a feature with The European. Last week, we listened to the first part of that conversation, and today, we’re hearing the second. Julie and Steve talk about scenario planning, transparency within industries, and what good leadership looks like in this complex moment in history. Key Takeaways: 1. Durbin emphasizes AI’s dependence on data integrity and the importance of starting with good data. 2. Durbin discusses the challenges of geopolitical threats and market flux, and how  organizations must prepare for an uncertain future. 3. Durbin notes increased use of ISF’s supplier assessment tools to mitigate risks due to geopolitical tensions and COVID-19. Tune in to hear more about: 1. Cyber security, AI, and data integrity (0:00) 2. Cyber security threats, vulnerabilities, and supply chain risks (3:40) 3. Risk management, leadership priorities, and the importance of collaboration (9:28) Standout Quotes: 1. “Bear in mind that when it all comes crashing down, there isn't a piece of technology in the world that will get your systems back up and running. And so don't forget the role that people have to play. So look after the people, make sure that they understand the important role that they have, because I think all too often, we talk about them being the weakest link. Actually, they're the strongest link.“ - Steve Durbin 2. “You have to focus on the crown jewels. That's your starting point. Very often, people will say to me, well, how much should we be spending? And my answer to that is, it depends. It depends on your risk profile, depends how nervous you are, it depends if you're going to enter new markets, it depends if you're coming out of markets. So you have to, as the leader of an organization, I think, juggle all of those things. And you have to do it in a very sort of swanlike way.“ - Steve Durbin 3. “You will make mistakes. And the mistake itself isn't important. What is important is how you recover from that, and how you learn from it going forward. And how you share that with other people in your organization. And how you become very much more agile to take advantage of some of the opportunities that that might open up.“ - Steve Durbin Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Steve recently sat for an interview with veteran journalist Julie MacDonald for a feature with The European. For the next two weeks, we’ll be presenting that conversation in two parts. In the first part, Julie and Steve discuss the regulatory landscape, improving communication across the business, and how enterprises can successfully marry technology with the human element of work. Key Takeaways: 1. Durbin emphasizes the importance of alignment in creating a culture that supports risk management and growth. 2. MacDonald emphasizes the need for transparency beyond organizational borders, including collaboration with competitors and regulators. 3. Large organizations have resources to keep up with supply chain risks, while midsize and small enterprises struggle. 4. Durbin stresses the need for basic security practices and security awareness training, providing feedback in real-time to help individuals remember what they should have done. Tune in to hear more about: 1. Cybersecurity risks and how businesses can manage them effectively (0:00) 2. Cybersecurity transparency, regulation, and communication (5:13) Standout Quotes: 1. “I think for security people, what they have to be better at is understanding the role that security plays in achieving the business objectives, the business strategy, because if they can do that, then suddenly they have the ear of the business. On the other side, from the business perspective, they need to understand the role that technology plays in achieving what they're trying to do. Because technology equals security equals risk.“ - Steve Durbin 2. “If you look at the way in which now, technology is all pervasive, we use different elements of technology to do our jobs. So we may be doing something on our own mobile phone, for instance, which we wouldn't have been doing before. So the importance of security awareness has actually increased significantly. “ - Steve Durbin Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, author and disability diversity expert Ruth Rathblott offers a fresh perspective on how we understand and approach diversity in the workplace. She and Steve discuss how DEI can benefit both your culture and your business, and they give practical tips for leaders looking to build a more inclusive environment. Key Takeaways: 1. Leaders need to go first in being vulnerable and trustworthy. 2. Hiding is universal and exhausting, and people fear judgement and rejection for keeping secrets. 3. Unhiding can increase staff retention and engagement. 4. Leaders who adopt unhiding can be more innovative and creative, and better connect with millennials and Gen Z employees. 5. Unhiding is the key to connection, and it will make leaders stronger and drive business results in today’s pandemic of loneliness. Tune in to hear more about: 1. Diversity, equity, and inclusion with a focus on disability inclusion (0:00) 2. Hiding and sharing personal aspects of one’s identity in the workplace, with a focus on disability and diversity (5:08) 3. Leadership vulnerability and creating a safe space for teams to thrive (10:26) 4. The benefits of “unhiding” in the workplace, leading to increased trust, retention, and innovation (14:41) 5. Uncovering hidden potential through self-awareness and connection (18:49) Standout Quotes: 1. It's funny, I was talking to a woman recently. And she said, I love this concept of hiding, I love the work that you're doing, Ruth, and as a leader, I will never unhide to my team. And I said, okay, why? And she said, because I don't trust them. And it got me into the space of thinking, Steve, that either she has the wrong team, or she's the wrong leader. Because if we can't trust our teams, why are we in this business? Because that's our job is to build teams that trust us, that work with us, that get us to our next level in terms of a company. And so how do we create those spaces? And it's by leaders going first, and being vulnerable. - Ruth Rathblott 2. “There is a privilege in being able to unhide. I recognize that. In terms of being able, whether you're in the securities industry or in a different industry, because there are still in 2024 reasons that people would be fearful, and for good reason be fearful, of sharing parts of themselves, for retaliation, et cetera. I think where I've seen the benefit and the other side is the retention increases. People feel better about the place that they work, because they don't feel like they have to hide that part of themselves. They feel like this is a company who understands me, I'm going to stay longer. They feel more engaged with their peers, because they're not hiding.” - Ruth Rathblott 3. “I use the methods of therapy. I use the methods of journaling. I use the methods of meditation, to just take a pause in our lives to say, what is holding me back? Where am I hiding part of myself to fit in for fear of judgment and fear of rejection? Take that inventory or that audit on yourself. Acknowledge it.” - Ruth Rathblott Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today is the second in a two-part conversation centered on cultural fluency with global leadership strategist and corporate coach Jane Hyun. Jane is the author of Leadership Toolkit for Asians: The Definitive Resource Guide for Breaking the Bamboo Ceiling and Breaking the Bamboo Ceiling: Career Strategies for Asians, and co-author of Flex: The New Playbook for Managing Across Differences. In this episode, Steve and Jane define cultural fluency and give more tips on fostering cohesion and innovation in global teams. Key Takeaways: 1. To be effective in a global team with diverse languages and continents, leaders must recognize and attend to cultural differences. 2. Mergers and acquisitions can fail due to cultural differences. 3. In the security industry, retention is a significant issue, and creating a fun and thriving work environment can help address it. Tune in to hear more about: 1. Cultural fluency and its importance in leadership, particularly when working with people from different backgrounds and cultures (0:00) 2. Cultural fluency in the workplace (6:17) Standout Quotes: 1. “It's actually about building leadership capacity to work across difference. And it's not just for one cultural group or another; it’s actually for everyone. To build that cultural self awareness and to create an environment where we can ask questions, thoughtfully, that we give some room to each other.” - Jane Hyun 2. “If the leader can be attuned to those little things and show that kind of empathy that engages someone who feels, perhaps, kind of in the margins, or their voice is not always heard, I think that can make a tremendous difference in how they connect to your company, how loyal they are to you, and how much output you will get from their productivity as well.” - Jane Hyun Mentioned in this episode: Flex: The New Playbook for Managing Across Differences Breaking the Bamboo Ceiling: Career Strategies for Asians Leadership Toolkit for Asians: The Definitive Resource Guide for Breaking the Bamboo Ceiling ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Global leadership strategist Jane Hyun explores cultural fluency in remote work environments. Key topics include self-awareness for growth, leveraging diverse perspectives for innovation, and culturally adaptive facilitation. Standout quotes highlight the importance of embracing cultural backgrounds and driving innovation through change.

Amanda Fennell, CISO and CIO of Prove, shares insights on security principles, befriending legal officers, and thriving in change. Topics include teaching emotional intelligence, evolving CISO roles, and managing stress. Key takeaways: least privilege, risk mitigation, vulnerability management.

Investigative tech journalist Geoff White discusses cybercrime trends, AI use by criminals, and law enforcement challenges. Topics include nation-state involvement, money laundering, and evolving cybercrime tactics. Learn about the intersection of traditional and cybercrime, law enforcement hurdles, and future trends in cybercrime and cryptocurrency.

British journalist Juliette Foster interviews Steve on aligning cybersecurity with business goals, involving security in project planning, explaining security implications to leaders, navigating regulatory landscape, and evolving threat landscape with malware, ransomware, and phishing attacks.

Thom Dennis, an executive coach and CEO, discusses trust, delegation, and remote work challenges in leadership. He emphasizes letting go, setting clear objectives, and predicts a shift towards prioritizing society's demands over corporate standards. Key topics include embracing change, avoiding burnout, and fostering trust and community within organizations.

Today, Steve is speaking with Erik Avakian, who served as CISO for the Commonwealth of Pennsylvania in the United States for more than twelve years before moving into the private sector, where he currently works as the technical counselor at Info-Tech Research Group. Erik brings his passion and experience to a lively conversation in which he and Steve discuss coping with change through multiple leadership turnovers, practical examples of how security leaders can demonstrate their department’s value to an organization beyond theoretical breach prevention, and overcoming challenges in the public and private sectors. Key Takeaways: 1. Embracing change in state/local government requires technical architecture and common architecture. 2. Public sector security faces unique challenges, including political considerations. 3. It’s critical for public funds to be used efficiently while also reducing duplication of work and building knowledge sharing across agencies. 4. Security testing and phishing simulations can demonstrate return on security investment, saving time and money in the long run. Tune in to hear more about: 1. Embracing change in security leadership in the public sector (0:00) 2. Building security foundations in public sector organizations (4:45) 3. Funding challenges in security, with tips for effective resource utilization, building strong teams, and collaboration (8:48) 4. Demonstrating security value to business leaders through cost-benefit analysis and service metrics (14:02) 5. Demonstrating security value to non-technical stakeholders through practical examples (18:33) Standout Quotes: 1. One of the reasons I love the industry and I loved the position of CISO is you're constantly trying to just improve, right? You're not trying to rebuild every, all the time. You know that the business might want to rebuild, but you're there to constantly improve that foundation, continuingly building your team, and continually building your capabilities. So regardless of who comes and goes, you have that foundation, and you continue to grow it. - Erik Avakian 2. It's really about enabling the business. How can we say yes, but do things more securely and put a positive spin on it? Whereas, you know, in the past, you know, security is looked at oh, these are the guys that say no. So really, a CISO's a partner to the business, a collaborator building relationships, and really, that's been the change, right? It's gone from less of a technical kind of a thing to being a coach, being a leader, and really working and building those relationships at the business level. - Erik Avakian 3. I look at it as almost like a baseball team. So in the baseball world, you have a catcher, you have a pitcher, you have all these people on the field. And it's identifying what are the strengths of your team, and letting those players — if we look at it from that perspective — letting them thrive, letting them grow in the position that they're passionate about. And then you can just grow in that passion, give them the training, give them extra training, helping them build where they're really good at and what they really like to do. And then the baseball world is that example. We wouldn't necessarily make the pitcher catch — they might not be comfortable with that — or the catcher pitch, and all sorts of other things. Because they do what they do well, that's their position on the field. And what I've found is that if we can do that, we can build our teams and build rock stars out of them in the places where they really are passionate about, then we have retention. I think my retention throughout my tenure was almost 99%, because I looked at people as to what drives them. - Erik Avakian Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.