Episodios

  • S27 Ep4: Steve Durbin & Julie MacDonald - Risky Business: Aligning enterprise strategy with human-centred security

    S27 Ep4: Steve Durbin & Julie MacDonald - Risky Business: Aligning enterprise strategy with human-centred security
    Jul 16 2024
    Steve recently sat for an interview with veteran journalist Julie MacDonald for a feature with The European. For the next two weeks, we’ll be presenting that conversation in two parts. In the first part, Julie and Steve discuss the regulatory landscape, improving communication across the business, and how enterprises can successfully marry technology with the human element of work.

    Key Takeaways:
    1. Durbin emphasizes the importance of alignment in creating a culture that supports risk management and growth.
    2. MacDonald emphasizes the need for transparency beyond organizational borders, including collaboration with competitors and regulators.
    3. Large organizations have resources to keep up with supply chain risks, while midsize and small enterprises struggle.
    4. Durbin stresses the need for basic security practices and security awareness training, providing feedback in real-time to help individuals remember what they should have done.

    Tune in to hear more about:
    1. Cybersecurity risks and how businesses can manage them effectively (0:00)
    2. Cybersecurity transparency, regulation, and communication (5:13)

    Standout Quotes:
    1. “I think for security people, what they have to be better at is understanding the role that security plays in achieving the business objectives, the business strategy, because if they can do that, then suddenly they have the ear of the business. On the other side, from the business perspective, they need to understand the role that technology plays in achieving what they're trying to do. Because technology equals security equals risk.“ - Steve Durbin

    2. “If you look at the way in which now, technology is all pervasive, we use different elements of technology to do our jobs. So we may be doing something on our own mobile phone, for instance, which we wouldn't have been doing before. So the importance of security awareness has actually increased significantly. “ - Steve Durbin


    Mentioned in this episode:

    • ISF Analyst Insight Podcast

    Read the transcript of this episode
    Subscribe to the ISF Podcast wherever you listen to podcasts
    Connect with us on LinkedIn and Twitter

    From the Information Security Forum, the leading authority on cyber, information security, and risk management.
    Más Menos
    14 m
  • S27 Ep3: Ruth Rathblott - Unseen and Unheard: Creating an inclusive culture through storytelling

    S27 Ep3: Ruth Rathblott - Unseen and Unheard: Creating an inclusive culture through storytelling
    Jul 9 2024
    Today, author and disability diversity expert Ruth Rathblott offers a fresh perspective on how we understand and approach diversity in the workplace. She and Steve discuss how DEI can benefit both your culture and your business, and they give practical tips for leaders looking to build a more inclusive environment.

    Key Takeaways:
    1. Leaders need to go first in being vulnerable and trustworthy.
    2. Hiding is universal and exhausting, and people fear judgement and rejection for keeping secrets.
    3. Unhiding can increase staff retention and engagement.
    4. Leaders who adopt unhiding can be more innovative and creative, and better connect with millennials and Gen Z employees.
    5. Unhiding is the key to connection, and it will make leaders stronger and drive business results in today’s pandemic of loneliness.

    Tune in to hear more about:
    1. Diversity, equity, and inclusion with a focus on disability inclusion (0:00)
    2. Hiding and sharing personal aspects of one’s identity in the workplace, with a focus on disability and diversity (5:08)
    3. Leadership vulnerability and creating a safe space for teams to thrive (10:26)
    4. The benefits of “unhiding” in the workplace, leading to increased trust, retention, and innovation (14:41)
    5. Uncovering hidden potential through self-awareness and connection (18:49)

    Standout Quotes:
    1. It's funny, I was talking to a woman recently. And she said, I love this concept of hiding, I love the work that you're doing, Ruth, and as a leader, I will never unhide to my team. And I said, okay, why? And she said, because I don't trust them. And it got me into the space of thinking, Steve, that either she has the wrong team, or she's the wrong leader. Because if we can't trust our teams, why are we in this business? Because that's our job is to build teams that trust us, that work with us, that get us to our next level in terms of a company. And so how do we create those spaces? And it's by leaders going first, and being vulnerable. - Ruth Rathblott

    2. “There is a privilege in being able to unhide. I recognize that. In terms of being able, whether you're in the securities industry or in a different industry, because there are still in 2024 reasons that people would be fearful, and for good reason be fearful, of sharing parts of themselves, for retaliation, et cetera. I think where I've seen the benefit and the other side is the retention increases. People feel better about the place that they work, because they don't feel like they have to hide that part of themselves. They feel like this is a company who understands me, I'm going to stay longer. They feel more engaged with their peers, because they're not hiding.” - Ruth Rathblott

    3. “I use the methods of therapy. I use the methods of journaling. I use the methods of meditation, to just take a pause in our lives to say, what is holding me back? Where am I hiding part of myself to fit in for fear of judgment and fear of rejection? Take that inventory or that audit on yourself. Acknowledge it.” - Ruth Rathblott


    Mentioned in this episode:

    • ISF Analyst Insight Podcast

    Read the transcript of this episode
    Subscribe to the ISF Podcast wherever you listen to podcasts
    Connect with us on LinkedIn and Twitter

    From the Information Security Forum, the leading authority on cyber, information security, and risk management.
    Más Menos
    26 m
  • S27 Ep2: Jane Hyun - The Art of Cultural Fluency in the Workplace

    S27 Ep2: Jane Hyun - The Art of Cultural Fluency in the Workplace
    Jul 2 2024
    Today is the second in a two-part conversation centered on cultural fluency with global leadership strategist and corporate coach Jane Hyun. Jane is the author of Leadership Toolkit for Asians: The Definitive Resource Guide for Breaking the Bamboo Ceiling and Breaking the Bamboo Ceiling: Career Strategies for Asians, and co-author of Flex: The New Playbook for Managing Across Differences. In this episode, Steve and Jane define cultural fluency and give more tips on fostering cohesion and innovation in global teams.

    Key Takeaways:
    1. To be effective in a global team with diverse languages and continents, leaders must recognize and attend to cultural differences.
    2. Mergers and acquisitions can fail due to cultural differences.
    3. In the security industry, retention is a significant issue, and creating a fun and thriving work environment can help address it.


    Tune in to hear more about:
    1. Cultural fluency and its importance in leadership, particularly when working with people from different backgrounds and cultures (0:00)
    2. Cultural fluency in the workplace (6:17)


    Standout Quotes:
    1. “It's actually about building leadership capacity to work across difference. And it's not just for one cultural group or another; it’s actually for everyone. To build that cultural self awareness and to create an environment where we can ask questions, thoughtfully, that we give some room to each other.” - Jane Hyun

    2. “If the leader can be attuned to those little things and show that kind of empathy that engages someone who feels, perhaps, kind of in the margins, or their voice is not always heard, I think that can make a tremendous difference in how they connect to your company, how loyal they are to you, and how much output you will get from their productivity as well.” - Jane Hyun


    Mentioned in this episode:
    • Flex: The New Playbook for Managing Across Differences
    • Breaking the Bamboo Ceiling: Career Strategies for Asians
    • Leadership Toolkit for Asians: The Definitive Resource Guide for Breaking the Bamboo Ceiling
    • ISF Analyst Insight Podcast

    Read the transcript of this episode
    Subscribe to the ISF Podcast wherever you listen to podcasts
    Connect with us on LinkedIn and Twitter

    From the Information Security Forum, the leading authority on cyber, information security, and risk management.
    Más Menos
    13 m
  • S27 Ep1: Jane Hyun - Leading From Afar: Getting the best out of our remote workforce

    S27 Ep1: Jane Hyun - Leading From Afar: Getting the best out of our remote workforce
    Jun 25 2024
    Today is the first in a two-part conversation centered on cultural fluency with global leadership strategist and corporate coach Jane Hyun. Jane is the author of Leadership Toolkit for Asians: The Definitive Resource Guide for Breaking the Bamboo Ceiling and Breaking the Bamboo Ceiling: Career Strategies for Asians, and the co-author of Flex: The New Playbook for Managing Across Differences. In this episode, Steve and Jane discuss how leaders can get the best out of their workers in a remote work environment and discuss practical ways leaders can facilitate productive meetings with teams spread out all over the world.

    Key Takeaways:
    1. Leaders must cultivate self-awareness and recognition of areas for improvement in personal and professional growth.
    2. Innovation can be driven by bringing different cultural norms and views together virtually.
    3. Culturally adaptive facilitation can lead to more innovative ideas in remote settings.


    Tune in to hear more about:
    1. Navigating cultural differences in business leadership (0:00)
    2. Self-awareness and cultural understanding in business leadership (3:18)
    3. Remote work, cultural perspectives, and effective meeting strategies (6:51)


    Standout Quotes:
    1. “There's no way we can keep doing things the same way. Because if we do, we're gonna get nothing different, right? We’re not going to get the innovation that we want.” - Jane Hyun

    2. “I just wanted to be accepted. I just wanted to be like everybody else. But then I realized, as I matured, there's nothing wrong with my cultural background, and really, I had to lean into who I was. The values that my parents and the things that I learned from my Korean community are really interesting and good and helpful, and could be a driver for innovation for the work that we do. And until I got to that point, I don't think my work was able to truly flourish in the way I could.” - Jane Hyun

    Mentioned in this episode:

    • Flex: The New Playbook for Managing Across Differences
    • Breaking the Bamboo Ceiling: Career Strategies for Asians
    • Leadership Toolkit for Asians: The Definitive Resource Guide for Breaking the Bamboo Ceiling
    • ISF Analyst Insight Podcast

    Read the transcript of this episode
    Subscribe to the ISF Podcast wherever you listen to podcasts
    Connect with us on LinkedIn and Twitter
    From the Information Security Forum, the leading authority on cyber, information security, and risk management.
    Más Menos
    15 m
  • S26 Ep5: Amanda Fennell - The Unicorn Leader's Self-help Guide to Confidence and Competence

    S26 Ep5: Amanda Fennell - The Unicorn Leader's Self-help Guide to Confidence and Competence
    Jun 11 2024
    In this episode, Steve speaks with Amanda Fennell, a security professional with over two decades in the industry who currently serves as CISO and CIO of Prove and adjunct professor of cybersecurity at Tulane University. She talks to Steve about why a CISO must be an educator at heart, how to embrace feedback in order to grow, and how young professionals can shape their careers in security as the role of the CISO evolves.


    Key Takeaways:
    1. Important foundational principles in security include least privilege, risk mitigation, and vulnerability management.
    2. Amanda Fennell suggests that new CISOs befriend their legal officers, in order to better understand security and risk.
    3. Handing change can be a key indicator of high performance in security, with those who thrive in change being more likely to be high performers.


    Tune in to hear more about:
    1. Teaching technical skills and emotional intelligence in a technical field (2:25)
    2. Security leaders’ communication and education strategies (4:35)
    3. Security fundamentals and vulnerability management (10:37)
    4. Evolving role of CISOs, career progression, and coping with stress in security leadership positions (13:21)
    5. Managing stress and mental health in leadership roles (18:57)


    Standout Quotes:
    1. “It was a long, long time ago. My boss sat me down for a performance review and said, you have a reputation for not taking feedback well, because you're really sure that you're right. And I took that to heart. And for a long time, I did have to fake that feedback coming to me, like, ‘Thank you for the feedback. I'll think about this. That’s so …’ You know, whatever, and just freeze your face into a smile. Now, I love it. I invite it.” -Amanda Fennel.

    2. I think that probably, my other big advice for people who are first-time CISOs who are new in their role: become good friends with your legal officer.That’s going to be your best friend on the team. They understand, especially if they have compliance and audit — those people, and I say this as someone who worked at a legal tech company, software for five years — but your legal officers understand security and risk really well. And they're going to help you to interpret and translate things often. And that has been one of my biggest helps in my career. -Amanda Fennell


    Mentioned in this episode:

    • ISF Analyst Insight Podcast

    Read the transcript of this episode
    Subscribe to the ISF Podcast wherever you listen to podcasts
    Connect with us on LinkedIn and Twitter

    From the Information Security Forum, the leading authority on cyber, information security, and risk management.
    Más Menos
    29 m
  • S26 Ep4: Geoff White - From Cartels to Crypto: The digitalisation of money laundering

    S26 Ep4: Geoff White - From Cartels to Crypto: The digitalisation of money laundering
    Jun 4 2024
    Today, Steve is speaking with investigative tech journalist Geoff White, who has been covering tech and financial crime for more than 20 years. Listeners may be familiar with his popular podcast The Lazarus Heist for the BBC World Service, and now his new book, Rinsed: From Cartels to Crypto: How the Tech Industry Washes Money for the World's Deadliest Crooks, will be available from Penguin Random House next week. Steve and Geoff discuss current trends in organized cybercrime, how these criminals are—or maybe aren’t—adopting AI, and the difficulties law enforcement still faces in helping the victims of these crimes.

    Key Takeaways:
    1. Nation states and government agencies have been known to adopt tactics from organized crime gangs and activists – a sort of trickle-up effect.
    2. As technological advancements are presenting criminals with new avenues for money laundering, law enforcement is not always able to keep up and instead is having to prioritize high level crimes.
    3. The law enforcement landscape is a fast changing world, as agencies adapt and gain more awareness of cybercrime tactics relating to AI and cryptocurrencies.

    Tune in to hear more about:
    1. Cybercrime evolution, nation-state involvement, and tactics (3:31)
    2. AI use in cybercrime, potential for innovation and defense (8:29)
    3. Cybercrime and money laundering, with a focus on the role of technology and law enforcement (11:45)
    4. Cybercrime, crypto, and organized crime evolution (15:59)

    Standout Quotes:
    1. “Sometimes the tools of organized cybercrime, gangs, nation states have also learned from hacktivists. From leaks from people like WikiLeaks or from Anonymous, they've learned the damage that a leak can do a leak of information can do. And that's fed into that disinformation piece nation states now extremely astute at getting in stealing information and then weaponizing that information to change elections, to change people's attitudes, to influence world events, the nation states have got both feet in to this cybercrime game.” -Geoff White

    2. “I think maybe it's worth thinking like a criminal and understanding how thinking like a criminal is different to thinking like a different type of enterprise. The reason I enjoy thinking about organized crime and covering organized crime is because it's organized. These are networks, as you say, of professional, organized people. But they're not out to win customers. They're not like Microsoft and Google who wants to come out with innovation and innovative new products to win customers in their competition. No. They want to make money from victims. And frankly, as long as you're making enough money from your victims month in month out, you don't change. There's no reason to innovate. Crime gangs innovate when law enforcement and the force of authority stop them from making the money they usually make. That's when you innovate.” -Geoff White

    3. “I think there was a time when, frankly, explaining Bitcoin to sort of rank and file police officers was a struggle. I think those days are gone … There's been this realization that things like cryptocurrency is something that law enforcement needs to be on top of.” -Geoff White

    4. “As cryptocurrency gets larger, as more financial institutions get behind it, as governments get behind it, yes, it can make it more legitimate, it can expand the legitimacy of it. But it also creates more noise, if you like, for the criminals to hide.” -Geoff White


    Mentioned in this episode:

    • ISF Analyst Insight Podcast

    Read the transcript of this episode
    Subscribe to the ISF Podcast wherever you listen to podcasts
    Connect with us on LinkedIn and Twitter

    From the Information Security Forum, the leading authority on cyber, information security, and risk management.
    Más Menos
    23 m
  • S26 Ep3: Steve Durbin & Juliette Foster - Good Cyber Strategy Begins and Ends with Alignment to Business Priorities

    S26 Ep3: Steve Durbin & Juliette Foster - Good Cyber Strategy Begins and Ends with Alignment to Business Priorities
    May 28 2024
    Recently, British journalist Juliette Foster interviewed Steve for a feature in The European, and today we’re listening to that conversation. Steve and Juliette explore a range of topics, including how to get buy-in to your security strategy at all levels of the organization, how much security should cost, navigating the regulatory landscape, and which industries and enterprises Steve believes could be templates for security.

    Key Takeaways:
    1. Good cyber strategy aligns with business strategy, is quantifiable, and involves all employees.
    2. Durbin suggests involving security in project planning to avoid retrofitting security measures.
    3. Durbin suggests that security teams need to spend more time explaining security implications to business leaders in a way they can understand.
    4. Durbin suggests that leaders must create a personal investment in security by providing feedback and justifying costs in a way that resonates with each individual’s role and responsibilities.
    5. Durbin highlights the evolving regulatory landscape, with a shift from standardization to protectionism and complexity for organizations.
    6. Durbin highlights the evolving threat landscape, including malware, ransomware, and phishing attacks.

    Tune in to hear more about:
    1. Aligning cybersecurity strategy with business goals and outcomes (1:36)
    2. Cybersecurity strategies, testing, and budgeting (10:42)
    3. Regulation complexity and its impact on businesses (18:00)
    4. Cybersecurity investment, risk management, and emerging threats (22:44)
    5. Evolving cyber threats and the importance of resilience (26:58)

    Standout Quotes:
    1. “What is important for organizations is not to become over fixated on the threats — that’s necessary, obviously, to have a good defense — but also to figure out this whole notion of resilience. How quickly could we get our systems back up and running? How quickly could we get our organization functioning again? How are we going to recover our data? Where are we storing it? Those sorts of things.” - Steve Durbin

    2. “... the crux of good cyber strategy is having an alignment with a business strategy happening in alignment with what it is that the organization is looking to do on a daily basis, which in the majority of cases is: increase revenue, increase shareholder value, deliver back to employees, customers, and to further the ideals of the organization.” - Steve Durbin

    3. “So the role of the security leader in any budget cycle is to try to align whatever spend she or he wishes to have with the future direction of travel of that organization. And if you can start to do that, then the whole conversation becomes very much easier. But I'm not a huge fan of setting fairly random percentages, because I think it sends entirely the wrong message. You run the risk of overspend or underspend. And what you actually want to be doing is spending appropriately to deliver the right level of protection for your critical assets, for your company, for your employees, for your shareholders, so that you can continue to provide a thriving environment.” - Steve Durbin


    Mentioned in this episode:

    • ISF Analyst Insight Podcast

    Read the transcript of this episode
    Subscribe to the ISF Podcast wherever you listen to podcasts
    Connect with us on LinkedIn and Twitter

    From the Information Security Forum, the leading authority on cyber, information security, and risk management.
    Más Menos
    33 m
  • S26 Ep2: Thom Dennis - Becoming a Leader of the Future: Learning to let go and trust your gut

    S26 Ep2: Thom Dennis - Becoming a Leader of the Future: Learning to let go and trust your gut
    May 21 2024
    Today, Steve is speaking about security leadership with executive coach and CEO and Founder of Serenity in Leadership Thom Dennis. Thom brings his expertise in psychology to bear in their discussion of the role of leaders in culture change, how to let go and trust your workforce, and practical tips for embracing the challenges leaders face day to day.

    Key Takeaways:
    1. Fast-paced change and unease about people being away from work for extended periods of time are impacting leadership development.
    2. Trust and clarity are key to successful remote work, letting go of control and setting clear objectives.
    3. Incorporating breaks into work schedules serves to avoid burnout and increase productivity.
    4. Thom Dennis predicts a shift in leadership thinking, where society’s demands will be prioritized over corporate standards.


    Tune in to hear more about:
    1. Trust, fear, and delegation in leadership (3:56)
    2. Creating space for focus, trust, and organizational leadership evolution (11:29)
    3. Leadership evolution, prioritizing people over analysis, and fostering trust and community in organizations (17:22)


    Standout Quotes:

    1. Let people go. Tell them what you want them to achieve, tell them what the objectives are, and then let them get on with it. There's this sort of sense of fear that one isn't going to be in control. So I think people have got to learn to trust, and to be very clear about what it is that they're looking for. And then letting go. And I think often, you will get a far better result from that. Above anything else, I think, in forcing the briefer to be absolutely clear about what they want to achieve, that can save an awful lot of time and money in and of itself. -Thom Dennis

    2. Some people who write and have incredibly busy jobs, they're up at five o'clock, or even four o'clock, and they’re writing for an hour, and then they go to the gym, and then they … and so on. Whatever your routine is. But if they're doing that, they're probably in bed at eight o'clock in the evening. So look, a part of this is self discipline, isn't it? It’s deciding on your routine, and then doing whatever it is that you can do to keep yourself to it. -Thom Dennis

    3. I think we need to create quiet spaces for ourselves so that we can actually hear our inner knowing. They say that there's more signals that go from the heart to the brain than the other way around. And they've identified that there are brain type cells in the heart, and also in the gut. So all these things people have been talking about oh, well, I just go by my gut feelings, well, that's not as silly as it sounds. And I think that leaders of the future have got to become just a little bit less — not totally, but a little bit less cerebral, and more in touch with their inner knowing. — Thom Dennis

    Mentioned in this episode:

    • ISF Analyst Insight Podcast

    Read the transcript of this episode
    Subscribe to the ISF Podcast wherever you listen to podcasts
    Connect with us on LinkedIn and Twitter

    From the Information Security Forum, the leading authority on cyber, information security, and risk management.
    Más Menos
    25 m