A journey inside the mind of Cape Breton born Justin Finney who discusses pretty much whatever was on his mind the week before and his comedic take on life and current events. Each Episode wraps up in typical east coast fashion with "Story Time", a real story from Justin's life!
…
continue reading
Humans are the key to solving our cybersecurity challenges…but first we need them to be Well Aware. The Well Aware Security Show is hosted by George Finney, CISO for SMU and author of the award winning book, Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future. Security is in your DNA…so be Well Aware!
…
continue reading
SC Media is proud to present this month's CISO Stories program. Each month, the CISO Stories Program explores a cybersecurity topic selected by CyberRisk Alliance’s CISO Community and provides content that examines that topic from a variety of perspectives. Hosted by Todd Fitzgerald, best-selling author of CISO COMPASS, the CISO Stories weekly podcast features content powered by the 1,100+ members of CyberRisk Alliance’s CISO Community. Listen to previous CISO Stories podcast episodes at cis ...
…
continue reading
SC Media is proud to present this month's CISO Stories program. Each month, the CISO Stories Program explores a cybersecurity topic selected by CyberRisk Alliance’s CISO Community and provides content that examines that topic from a variety of perspectives. Hosted by Todd Fitzgerald, best-selling author of CISO COMPASS, the CISO Stories weekly podcast features content powered by the 1,100+ members of CyberRisk Alliance’s CISO Community. Listen to previous CISO Stories podcast episodes at cis ...
…
continue reading
1
Focus, Breadth, or Depth: Reduce Vulnerabilities with Less $ - Julian Mihai - CSP #187
26:02
26:02
Play later
Play later
Lists
Like
Liked
26:02
Managing vulnerabilities is a large, complex problem that can't be completely fixed. And still, many cybersecurity organizations continue with a traditional approach that attempts to address all vulnerabilities, spreading staff too thin and increasing exploitation windows. With a small set of vulnerabilities being the cause of most of the breaching…
…
continue reading
1
Focus, Breadth, or Depth: Reduce Vulnerabilities with Less $ - Julian Mihai - CSP #187
26:00
26:00
Play later
Play later
Lists
Like
Liked
26:00
Managing vulnerabilities is a large, complex problem that can't be completely fixed. And still, many cybersecurity organizations continue with a traditional approach that attempts to address all vulnerabilities, spreading staff too thin and increasing exploitation windows. With a small set of vulnerabilities being the cause of most of the breaching…
…
continue reading
1
No One Succeeds Alone! Why You Must Have an Informal Network - Gene Scriven - CSP #186
26:56
26:56
Play later
Play later
Lists
Like
Liked
26:56
Join us as we discuss how critically important it is for a CISO to establish, maintain, and frequently leverage in informal network. With almost daily changes in the threat landscape across all industries, it's critical to have informal but trusted resources to rely on for advice, information, and just overall "sounding board" opportunities. Visit …
…
continue reading
1
No One Succeeds Alone! Why You Must Have an Informal Network - Gene Scriven - CSP #186
26:58
26:58
Play later
Play later
Lists
Like
Liked
26:58
Join us as we discuss how critically important it is for a CISO to establish, maintain, and frequently leverage in informal network. With almost daily changes in the threat landscape across all industries, it's critical to have informal but trusted resources to rely on for advice, information, and just overall "sounding board" opportunities. Show N…
…
continue reading
1
Driving the Business of Infosec Through the GRC Program - Greg Bee - CSP #185
28:20
28:20
Play later
Play later
Lists
Like
Liked
28:20
Join us as we discuss the organization’s GRC program and how GRC helps drive the business of information security from internal and external perspectives to integrate security into the culture, while maintaining compliance with regulations imposed for insurance and public companies. Segment Resources: Webcast: https://www.scmagazine.com/cybercast/t…
…
continue reading
1
Driving the Business of Infosec Through the GRC Program - Greg Bee - CSP #185
28:20
28:20
Play later
Play later
Lists
Like
Liked
28:20
Join us as we discuss the organization’s GRC program and how GRC helps drive the business of information security from internal and external perspectives to integrate security into the culture, while maintaining compliance with regulations imposed for insurance and public companies. Segment Resources: Webcast: https://www.scmagazine.com/cybercast/t…
…
continue reading
1
Evolving from Security to Trust, more than Just Compliance - Mike Towers - CSP #184
30:45
30:45
Play later
Play later
Lists
Like
Liked
30:45
CISOs need to enhance their strategic influence and operational impact within their organizations. This calls for a departure from traditional, insular security approaches towards a partnership model that aligns security initiatives with business growth and value. By adopting an attitude of listening, humility, and interdisciplinary collaboration, …
…
continue reading
1
Evolving from Security to Trust, more than Just Compliance - Mike Towers - CSP #184
30:45
30:45
Play later
Play later
Lists
Like
Liked
30:45
CISOs need to enhance their strategic influence and operational impact within their organizations. This calls for a departure from traditional, insular security approaches towards a partnership model that aligns security initiatives with business growth and value. By adopting an attitude of listening, humility, and interdisciplinary collaboration, …
…
continue reading
1
CISO Risk Reduction: Adopting Emerging Technologies - Timothy McKnight - CSP #183
33:03
33:03
Play later
Play later
Lists
Like
Liked
33:03
With the vast number of cybersecurity solutions in the marketplace, how do you identify what fits with your company’s strategic goals, then deploy and scale in a reasonable timeframe? Hear a CISO who has built a methodology for assessing and implementing new security technologies and successfully used it at several large global enterprises. Segment…
…
continue reading
1
CISO Risk Reduction: Adopting Emerging Technologies - Timothy McKnight - CSP #183
33:03
33:03
Play later
Play later
Lists
Like
Liked
33:03
With the vast number of cybersecurity solutions in the marketplace, how do you identify what fits with your company’s strategic goals, then deploy and scale in a reasonable timeframe? Hear a CISO who has built a methodology for assessing and implementing new security technologies and successfully used it at several large global enterprises. Segment…
…
continue reading
1
Deep Dive in GRC: Know Your Sources - Jonathan Ruf - CSP #182
30:46
30:46
Play later
Play later
Lists
Like
Liked
30:46
As organizations grow, there comes a time when managing by excel spreadsheets is not longer feasible and accurate data sources, regulations, and risk need to be accurately reflected within Governance, Risk and Compliance (GRC) tools. Reporting to the board must be based upon accurate information. Join us as we discuss the important aspects of formi…
…
continue reading
1
Deep Dive in GRC: Know Your Sources - Jonathan Ruf - CSP #182
30:46
30:46
Play later
Play later
Lists
Like
Liked
30:46
As organizations grow, there comes a time when managing by excel spreadsheets is not longer feasible and accurate data sources, regulations, and risk need to be accurately reflected within Governance, Risk and Compliance (GRC) tools. Reporting to the board must be based upon accurate information. Join us as we discuss the important aspects of formi…
…
continue reading
1
Governing Cyber Humanely: Leveraging Wellness Techniques - Jothi Dugar - CSP #181
31:24
31:24
Play later
Play later
Lists
Like
Liked
31:24
We discuss the topic of Human Centric Cybersecurity and the importance of empowering the 'people' aspect of the People, Process, Tech framework. In this conversation we raise the importance of well-being amongst Tech and Cyber leaders and how to keep calm through the chaos to lead our teams well. Also important is diversity in this field and the Ho…
…
continue reading
1
Governing Cyber Humanely: Leveraging Wellness Techniques - Jothi Dugar - CSP #181
31:24
31:24
Play later
Play later
Lists
Like
Liked
31:24
We discuss the topic of Human Centric Cybersecurity and the importance of empowering the 'people' aspect of the People, Process, Tech framework. In this conversation we raise the importance of well-being amongst Tech and Cyber leaders and how to keep calm through the chaos to lead our teams well. Also important is diversity in this field and the Ho…
…
continue reading
1
CISOs Advising Cybersecurity Companies, Get on Board! - Bob West - CSP #180
28:16
28:16
Play later
Play later
Lists
Like
Liked
28:16
Advisory Boards - helping cybersecurity companies grow is foundational to helping enterprises select best in class tools to protect their environments. If done properly, scaling cybersecurity companies can have a positive global impact on how information is protected and minimizing business disruption. Show Notes: https://cisostoriespodcast.com/csp…
…
continue reading
1
CISOs Advising Cybersecurity Companies, Get on Board! - Bob West - CSP #180
28:16
28:16
Play later
Play later
Lists
Like
Liked
28:16
Advisory Boards - helping cybersecurity companies grow is foundational to helping enterprises select best in class tools to protect their environments. If done properly, scaling cybersecurity companies can have a positive global impact on how information is protected and minimizing business disruption. Visit https://cisostoriespodcast.com for all t…
…
continue reading
1
As We Implement Zero Trust, Let's Not Forget About Metrics - George Finney - CSP #179
29:10
29:10
Play later
Play later
Lists
Like
Liked
29:10
Many organizations are starting today down the Zero Trust path. Zero Trust is a strategy (vs an architecture) and to prove the value of this investment, we need to start thinking about metrics to demonstrate value. Join us as we discuss some of the metric directions to consider when moving our organizations towards Zero Trust. Show Notes: https://c…
…
continue reading
1
As We Implement Zero Trust, Let's Not Forget About Metrics - George Finney - CSP #179
29:10
29:10
Play later
Play later
Lists
Like
Liked
29:10
Many organizations are starting today down the Zero Trust path. Zero Trust is a strategy (vs an architecture) and to prove the value of this investment, we need to start thinking about metrics to demonstrate value. Join us as we discuss some of the metric directions to consider when moving our organizations towards Zero Trust. Visit https://cisosto…
…
continue reading
1
CISO and the Board: Demonstrating value and relevant metrics - Max Shier - CSP #178
30:34
30:34
Play later
Play later
Lists
Like
Liked
30:34
The importance of CISO skills/metrics for the board, demonstrating the business value and necessity of good cybersecurity posture, as capabilities the CISO must master to be effective in securing the appropriate investment level. Join us as we discuss interactions with the board and leveraging metrics to show business value. Show Notes: https://cis…
…
continue reading
1
CISO and the Board: Demonstrating value and relevant metrics - Max Shier - CSP #178
30:34
30:34
Play later
Play later
Lists
Like
Liked
30:34
The importance of CISO skills/metrics for the board, demonstrating the business value and necessity of good cybersecurity posture, as capabilities the CISO must master to be effective in securing the appropriate investment level. Join us as we discuss interactions with the board and leveraging metrics to show business value. Visit https://cisostori…
…
continue reading
1
Point Vs. Platform: Improving TCO Cost/Benefit - Patrick Benoit - CSP #177
28:41
28:41
Play later
Play later
Lists
Like
Liked
28:41
CISOs must prioritize the intelligent selection of cybersecurity products by considering the total cost of ownership (TCO) and whether point products or platforms are best suited. This includes the costs of deployment and operations for people, processes, and technology, as well as the ongoing maintenance and support of a product. By considering th…
…
continue reading
1
Point Vs. Platform: Improving TCO Cost/Benefit - Patrick Benoit - CSP #177
28:38
28:38
Play later
Play later
Lists
Like
Liked
28:38
CISOs must prioritize the intelligent selection of cybersecurity products by considering the total cost of ownership (TCO) and whether point products or platforms are best suited. This includes the costs of deployment and operations for people, processes, and technology, as well as the ongoing maintenance and support of a product. By considering th…
…
continue reading
1
Data Governance is Critical to Info Security and Privacy - Michael Redmond - CSP #176
28:44
28:44
Play later
Play later
Lists
Like
Liked
28:44
Data Governance is a key component in protecting the data from different points of view including information security confidentiality, integrity, and availability. There are several standards that have control requirements for Data Governance relating to PCI, HIPAA, and PII, data security and more. Two of the Internal Standards having Data Governa…
…
continue reading
1
Data Governance is Critical to Info Security and Privacy - Michael Redmond - CSP #176
28:44
28:44
Play later
Play later
Lists
Like
Liked
28:44
Data Governance is a key component in protecting the data from different points of view including information security confidentiality, integrity, and availability. There are several standards that have control requirements for Data Governance relating to PCI, HIPAA, and PII, data security and more. Two of the Internal Standards having Data Governa…
…
continue reading
1
The Riddle of Data Governance - Steven Fox - CSP #175
30:17
30:17
Play later
Play later
Lists
Like
Liked
30:17
Data is the fuel of modern organizations. Data governance ensures the quality of that fuel, as well as ensure its optimal utilization. It ensures that people use and access data appropriately. This value is timely in the face of artificial intelligence offerings whose utility relies on quality data. This segment is sponsored by Spirion. Visit https…
…
continue reading
1
The Riddle of Data Governance - Steven Fox - CSP #175
30:17
30:17
Play later
Play later
Lists
Like
Liked
30:17
Data is the fuel of modern organizations. Data governance ensures the quality of that fuel, as well as ensure its optimal utilization. It ensures that people use and access data appropriately. This value is timely in the face of artificial intelligence offerings whose utility relies on quality data. This segment is sponsored by Spirion. Visit https…
…
continue reading
1
That Data Sprawl is Here! What Should We Do About it? - Nick Ritter - CSP #174
29:49
29:49
Play later
Play later
Lists
Like
Liked
29:49
As technology has enabled high speed access and massive amounts of inexpensive storage, data is being created at a logarithmic hockey-stick pace. Not all this data is important for the organization, however the organization must understand what data is important to run the business. Join us as we discuss this dilemma, with an eye to protecting esse…
…
continue reading
1
That Data Sprawl is Here! What Should We Do About it? - Nick Ritter - CSP #174
29:50
29:50
Play later
Play later
Lists
Like
Liked
29:50
As technology has enabled high speed access and massive amounts of inexpensive storage, data is being created at a logarithmic hockey-stick pace. Not all this data is important for the organization, however the organization must understand what data is important to run the business. Join us as we discuss this dilemma, with an eye to protecting esse…
…
continue reading
1
Why CISO’s Fail: Some Practical Lessons for the Future - Barak Engel - CSP #173
25:33
25:33
Play later
Play later
Lists
Like
Liked
25:33
Security is both overcooked and underdeveloped at the same time, and we keep doubling down on insanity. Our own community is at great fault for pushing fear and ignoring service, leading to consistent, negative experiences for all other stakeholders in the organization - and ultimately the CISOs themselves. "Do more cyber" never had, does not, and …
…
continue reading
1
Why CISO’s Fail: Some Practical Lessons for the Future - Barak Engel - CSP #173
25:32
25:32
Play later
Play later
Lists
Like
Liked
25:32
Security is both overcooked and underdeveloped at the same time, and we keep doubling down on insanity. Our own community is at great fault for pushing fear and ignoring service, leading to consistent, negative experiences for all other stakeholders in the organization - and ultimately the CISOs themselves. "Do more cyber" never had, does not, and …
…
continue reading
1
Air Gapped! The Myth of Securing OT - Thomas Johnson - CSP #172
28:50
28:50
Play later
Play later
Lists
Like
Liked
28:50
The terminology of ICS has morphed into OT (Operational Technology) security; however many organizations are lacking in addressing the OT security controls. As some companies talk about air gapping as the primary method of securing OT, the reality is many times true air gapping does not exist. Join us as we discuss why these gaps occur and what nee…
…
continue reading
1
Air Gapped! The Myth of Securing OT - Thomas Johnson - CSP #172
28:50
28:50
Play later
Play later
Lists
Like
Liked
28:50
The terminology of ICS has morphed into OT (Operational Technology) security; however many organizations are lacking in addressing the OT security controls. As some companies talk about air gapping as the primary method of securing OT, the reality is many times true air gapping does not exist. Join us as we discuss why these gaps occur and what nee…
…
continue reading
1
The Challenges of Managing Security in an IT/OT Environment - John Germain - CSP #171
28:05
28:05
Play later
Play later
Lists
Like
Liked
28:05
For manufacturing companies, technology has taken over a good deal of the day-to-day operations occurring on the manufacturing floor. Things like robotics, CNC machines and automated inventory management. There are even systems that track what tools are used, by whom and for how long. This technology often works outside of or flies under the radar …
…
continue reading
1
The Challenges of Managing Security in an IT/OT Environment - John Germain - CSP #171
28:05
28:05
Play later
Play later
Lists
Like
Liked
28:05
For manufacturing companies, technology has taken over a good deal of the day-to-day operations occurring on the manufacturing floor. Things like robotics, CNC machines and automated inventory management. There are even systems that track what tools are used, by whom and for how long. This technology often works outside of or flies under the radar …
…
continue reading
1
The Importance of OT Security: The Evolving Threat Landscape - Ken Townsend - CSP #170
30:00
30:00
Play later
Play later
Lists
Like
Liked
30:00
Manufacturing environments rely heavily on Operational Technology (OT) systems – such as industrial control systems, supervisory control, PLCs etc. to manage production processes. Compromises of these networks and systems can have devastating consequences, including: • Production disruptions and downtime • Safety hazards: • Data breaches and intell…
…
continue reading
1
The Importance of OT Security: The Evolving Threat Landscape - Ken Townsend - CSP #170
30:00
30:00
Play later
Play later
Lists
Like
Liked
30:00
Manufacturing environments rely heavily on Operational Technology (OT) systems – such as industrial control systems, supervisory control, PLCs etc. to manage production processes. Compromises of these networks and systems can have devastating consequences, including: • Production disruptions and downtime • Safety hazards: • Data breaches and intell…
…
continue reading
1
Tips for a Successful Cyber Resilience Program - Olusegun Opeyemi-Ajayi - CSP #169
31:15
31:15
Play later
Play later
Lists
Like
Liked
31:15
The cybersecurity threat landscape is constantly evolving, and experience has shown that everyone and every organization is prone to being breached. How do you prepare for what seems inevitable? You assume breach and plan accordingly. Cyber resilience has become a top priority as organizations figure out how to build a network that can either conti…
…
continue reading
1
Tips for a Successful Cyber Resilience Program - Olusegun Opeyemi-Ajayi - CSP #169
31:18
31:18
Play later
Play later
Lists
Like
Liked
31:18
The cybersecurity threat landscape is constantly evolving, and experience has shown that everyone and every organization is prone to being breached. How do you prepare for what seems inevitable? You assume breach and plan accordingly. Cyber resilience has become a top priority as organizations figure out how to build a network that can either conti…
…
continue reading
1
Operational Technology (OT) and the Art of War - Glenn Kapetansky - CSP #168
32:39
32:39
Play later
Play later
Lists
Like
Liked
32:39
Operational Technology (OT) security is concerned with protecting embedded, purpose-built technologies enabling our industrial processes. You also may have heard “adjacent” buzzwords like Internet of Things (IOT) and Fog (like “cloud” but close to the ground). OT security has significant challenges in terms of cost/size/weight, capability, ability …
…
continue reading
1
Operational Technology (OT) and the Art of War - Glenn Kapetansky - CSP #168
32:30
32:30
Play later
Play later
Lists
Like
Liked
32:30
Operational Technology (OT) security is concerned with protecting embedded, purpose-built technologies enabling our industrial processes. You also may have heard “adjacent” buzzwords like Internet of Things (IOT) and Fog (like “cloud” but close to the ground). OT security has significant challenges in terms of cost/size/weight, capability, ability …
…
continue reading
1
Third-Party Risk Management - BEC Compromises and the Cloud - Michael Swinarski - CSP #167
23:00
23:00
Play later
Play later
Lists
Like
Liked
23:00
Third-Party Risk Management is essential for safeguarding an organization's assets, reputation, and operations. By identifying, assessing, and managing risks associated with external partners, organizations can enhance their resilience, protect sensitive information, and maintain the trust of stakeholders in an increasingly interconnected business …
…
continue reading
1
Third-Party Risk Management - BEC Compromises and the Cloud - Michael Swinarski - CSP #167
23:00
23:00
Play later
Play later
Lists
Like
Liked
23:00
Third-Party Risk Management is essential for safeguarding an organization's assets, reputation, and operations. By identifying, assessing, and managing risks associated with external partners, organizations can enhance their resilience, protect sensitive information, and maintain the trust of stakeholders in an increasingly interconnected business …
…
continue reading
1
52,000 Suppliers:Third-Party Supply Chain CyberRisk Approach - Cassie Crossley - CSP #166
30:13
30:13
Play later
Play later
Lists
Like
Liked
30:13
Schneider Electric has over 52,000 suppliers and sells hundreds of thousands of products of which 15,000 would be classified as intelligent products. To address risks stemming from third-party suppliers, and in recognition of the risks posed to customers, we have a holistic approach to value chain security, by implementing security controls at ever…
…
continue reading
1
52,000 Suppliers:Third-Party Supply Chain CyberRisk Approach - Cassie Crossley - CSP #166
30:13
30:13
Play later
Play later
Lists
Like
Liked
30:13
Schneider Electric has over 52,000 suppliers and sells hundreds of thousands of products of which 15,000 would be classified as intelligent products. To address risks stemming from third-party suppliers, and in recognition of the risks posed to customers, we have a holistic approach to value chain security, by implementing security controls at ever…
…
continue reading
1
Securing Connections: 3rd Party Risk Mgmt Expert Insights - Charles Spence - CSP #165
30:49
30:49
Play later
Play later
Lists
Like
Liked
30:49
Breaches at software vendors used by many organizations have highlighted the external software supplier risk, requiring organizations to be even more diligent. Join us as we discuss the supply chain issues and their relationship to software supply chain issues and how organizations should approach environment with supplier software risk, geo-politi…
…
continue reading
1
Securing Connections: 3rd Party Risk Mgmt Expert Insights - Charles Spence - CSP #165
30:49
30:49
Play later
Play later
Lists
Like
Liked
30:49
Breaches at software vendors used by many organizations have highlighted the external software supplier risk, requiring organizations to be even more diligent. Join us as we discuss the supply chain issues and their relationship to software supply chain issues and how organizations should approach environment with supplier software risk, geo-politi…
…
continue reading
1
A Printout on Secure by Design When Utilizing 3rd Parties - Bryan Willett - CSP #164
24:14
24:14
Play later
Play later
Lists
Like
Liked
24:14
With CISA just putting out new “secure by design” guidance, Lexmark CISO Bryan Willett pulls the curtain back on the curtain back on how Lexmark is approaching secure-by-design in its products Lexmark is at the forefront of secure by design as their products constantly touch highly confidential information in regulated industries, along with an est…
…
continue reading
1
A Printout on Secure by Design When Utilizing 3rd Parties - Bryan Willett - CSP #164
24:14
24:14
Play later
Play later
Lists
Like
Liked
24:14
With CISA just putting out new “secure by design” guidance, Lexmark CISO Bryan Willett pulls the curtain back on the curtain back on how Lexmark is approaching secure-by-design in its products Lexmark is at the forefront of secure by design as their products constantly touch highly confidential information in regulated industries, along with an est…
…
continue reading
1
Intelligent Generative AI Handling - Aaron Weismann - CSP #163
26:01
26:01
Play later
Play later
Lists
Like
Liked
26:01
Generative AI security and integrity. This is important to me because it's a cool new commercially available technology that promises efficiency and time savings--and therefore everyone wants to use it without a thorough understanding of how to secure data used with it or correcting model bias introduced through improper governance. The implication…
…
continue reading
1
Intelligent Generative AI Handling - Aaron Weismann - CSP #163
26:01
26:01
Play later
Play later
Lists
Like
Liked
26:01
Generative AI security and integrity. This is important to me because it's a cool new commercially available technology that promises efficiency and time savings--and therefore everyone wants to use it without a thorough understanding of how to secure data used with it or correcting model bias introduced through improper governance. The implication…
…
continue reading