Phishy Business

In this episode of Phishy Business, we talk about the improper mindset of not thinking about security until after you have been breached, and some of the major problems this can cause. We do this through the lens of SIEM, ethical hacking, and a focus on the need for leadership in teaching organizations how to be secure. We also discuss how some IT leaders try to keep the results of pen testing quiet. Our special guest is Dez Rock, CEO of SIEMonster. After dropping out of law school, Dez became an entrepreneur and has run businesses for the last 20 years. Dez has spent a good deal of time in ethical hacking, building great experiences and great stories over the years with both physical and virtual security. She also has plenty of great insights about being a female CEO with ADHD in the cybersecurity industry. In ‘Exposing Shortcomings in Cybersecurity Leadership and why we need more Dana Scullys’, we discuss: What made Dez and her team successful as ethical hackers and how this helped make their product better. How there needs to be more transparency about cybercrime, not only between organizations, but within them as well. Why boards need to realize that the fact they haven’t been breached makes them low hanging fruit. What security decision makers think of vendor marketing and what they also should be aware of when it comes to marketing budgets and tactics. The importance of democratizing security. The major limitations of adopting point solutions and not thinking of the whole ecosystem. The importance of a neurodiverse workforce in cybersecurity and any industry. Dez’s experiences as a female CEO. How more women need to be represented in STEM careers to get more diversity in these roles.

In this episode of Phishy Business, we talk about various important discussions around AI, including the concerning issue of built-in bias and stereotypes. Imagine AI thinking that all doctors must be male, and all nurses must be female? Well, according to ChatGPT, they are. Our special guest is Ivana Bartoletti, Global Privacy Officer at Wipro. Ivana has a human rights background and is an internationally recognized thought leader in privacy, data protection, and responsible technology. She’s a fellow at Virginia Tech, a published author, and the founder of the Women Leading in AI Network. Ivana says that she works at the intersection of technology and law and focuses on privacy advocacy. Ivana concentrates her efforts on the collection of data and how that data is used in technology such as AI. In ‘Built-In Bias: Existing Real-World Inequality in AI and Other Technology’, we discuss: How Ivana’s book came about, the themes covered, and how much has changed in this space since it was written. Built-in bias in data and AI technology. The protection of democracy and human rights when it comes to data collection, digital privacy, and AI. Having legislation in place for safe adoption of AI. The hype around the dangers of AI. The European Union’s proposed AI regulation and businesses speaking out against the Act. Cybersecurity considerations when it comes to AI. The Women Leading in AI Network – why it was started and its purpose.  

In this episode of Phishy Business, we talk about how today's cybersecurity strategy needs to focus on risk while still allowing smooth operation of the business. We also discuss how cybersecurity must involve the board so that business goals and cyber strategy align. Our special guest is Theo Botha, Global Information Security Officer at Dr. Martens. Theo is responsible for protecting the Dr. Martens brand, one of the most iconic in the world. Theo began his career in physical security which evolved into a more technology-based approach. That led Theo to information security, and then, to cybersecurity and risk management. Today, Theo ensures Dr. Martens’ cybersecurity strategy protects the business while not hindering its ability to operate successfully. In ‘Protecting Shoes: Balancing Cybersecurity Strategy and Business Success at Dr Martens’, we discuss: The main ways the cybersecurity landscape has changed over the years. How Theo adapted to being in a brand-new role at Dr. Martens as the world went into lockdown. Communicating risks to the board by aligning to business objectives. How he protects the online presence of one most well-known brands in the world. Educating consumers and employees about cyber threats. Managing supply chain attacks. The skills shortage and managing the stress placed on teams.

In this episode of Phishy Business, we feature a roundtable discussion with three members from the Center for Internet Security. Mimecast CMO Norman Guadagno hosts this wide-ranging discussion that covers many topics including cybersecurity trends in the public sector and why information sharing is essential to keeping our connected world safe. Our special guests are Sean Atkinson, CISO, Randy Rose, CIS Sr. Director of Security Operations and Intelligence & Karen Sorady, VP of MS-ISAC Member Engagement (and former NY State CISO). The trio shares the mission and background of CIS. Plus, their experiences and learnings from years working with the public sector.   In ‘CIS Roundtable – Keeping the Public Sector Secure’ we discuss: Are we in better or worse shape in terms of cybersecurity than we were 20 years ago?  What is the Multi State Information Sharing and Analysis Center and how does it work in the context of the US?  What is the reality of election security and threats?  How prioritized is cybersecurity at the local government level?   What’s it like being a CISO of a large US state? How can the tabletop exercise model be optimized?   Why is cybersecurity a great field for recent and upcoming graduates?

In this episode of Phishy Business, we talk about environmental, social, and governance, commonly known throughout the corporate world as ESG, and how cybersecurity fits into corporate sustainability. Our special guest is Garyn Rapson who is a partner and the head of ESG at African law firm Webber Wentzel. Garyn manages a team of nine lawyers that advise clients on how to be more sustainable organizations. While ESG is complicated and always evolving, Garyn helps clients break through the complexity to manage risks and threats, and uncover the opportunities to protect their organization and make them more resilient. Garyn says that ESG is an understanding as a business that there are certain external issues that must be taken seriously. In ‘What has ESG got to do with Cybersecurity?’, we discuss: What ESG is, and how it’s changed the way organizations think about doing business. How the future of work is both digital and sustainable. How cybersecurity fits into ESG. The importance of cybersecurity transparency and the idea of ‘cyberwashing’ as a concept. Why cybersecurity should be a part of reporting in the context of ESG. Using an ESG framework to communicate cyber risk to the board. How cybersecurity fits into the ‘E’ (environmental) and the ‘S’ (social) portion of ESG.