Jacqui Kernot, the Security Director at Accenture for Australia and New Zealand, boasts over two decades of extensive experience in cybersecurity, spanning multiple industries. Recognized for her authoritative voice on diversity and inclusion alongside cybersecurity risk management, Jacqui is a well-regarded speaker who frequently addresses these pressing issues. She is committed to pushing the boundaries of cybersecurity and focused on integrating cutting-edge AI and technological advancements into the security domain.

In her recent appearance on the Kitecast episode, Jacqui illuminated the transformative impact of AI on cybersecurity. She pointed out that although AI technology is still emerging, the foundational steps taken today by organizations to build robust infrastructures will be pivotal. Jacqui stressed that companies poised to anticipate future technological needs and begin laying the groundwork for AI integration will likely lead the industry. This strategic foresight is crucial for fully realizing AI’s potential and maintaining a competitive edge in cybersecurity.

A significant portion of Jacqui's discussion centered on the imperative of data sovereignty and stringent management practices. In an era increasingly dominated by large language models and cloud-based technologies, securing and responsibly managing data is paramount. Jacqui advocated for strict data governance frameworks that ensure data is accessible only by authorized personnel, emphasizing that responsible AI deployment is fundamental to future security architectures.

Jacqui also delved deeply into the role of Zero Trust architecture in today’s cybersecurity landscape. She explained that as organizations increasingly migrate to cloud services and face more complex cyber threats, adopting a Zero Trust approach is crucial. This methodology is not only essential for blocking unauthorized access but also vital for building resilient security protocols that can robustly counteract potential breaches.

Looking forward, Jacqui shared insights on the evolving challenges and opportunities within cybersecurity. She highlighted the necessity for security strategies to remain adaptive and vigilant against new threats while also leveraging emerging technologies. The discussion touched on the need for more sophisticated security measures that can effectively safeguard against the evolving landscape of cyber threats, ensuring that organizations can protect their critical assets in an increasingly digital world.

LinkedIn Profile
www.linkedin.com/in/jkernot/

Accenture
www.accenture.com/us-en

Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.

The Kiteworks Sensitive Content Communications Privacy and Compliance Report is an annual survey designed to delve into the pressing issues of data privacy, compliance, and cybersecurity. This comprehensive report gathers insights from IT, cybersecurity, risk, and compliance leaders around the globe, with the latest survey capturing responses from 572 leaders across 10 different countries. The report is meticulously divided into five sections: cyberattacks and data breaches, data types and classification, compliance and risk, cybersecurity and risk management, and operational procedures. These insights provide organizations with actionable intelligence to navigate the complex landscape of data security and compliance.

This Kitecast episode features a panel discussion, with Kitecast Co-host Patrick Spencer addressing key findings in the report and soliciting feedback from Co-host Tim Freestone and two guest panelists, Alexandre Blanc and Ranbir Bhutani. Alexandre pointed out that while the frequency of cyber incidents has decreased, the scale of each incident has grown significantly. Threat actors have become more organized, targeting larger organizations with higher impact, particularly in specific verticals like healthcare and finance. This shift is likely influenced by geopolitical tensions, using cyberattacks to disrupt trust in systems and organizations. Ranbir echoed these observations, adding that the sophistication of phishing attacks has increased, often leveraging unethical AI to create highly convincing fraudulent communications.

The conversation also explored the persistent challenge of human error in cybersecurity. Despite numerous training initiatives and advanced technologies, the human element remains a significant vulnerability. Tim, Alexandre, and Ranbir emphasized that until organizations can effectively abstract human errors from business processes, this will continue to be a weak link. Ranbir shared an anecdote about a near-miss phishing attempt, underscoring the difficulty even seasoned professionals face in recognizing sophisticated attacks.

Another critical insight from the discussion involved the disparity in cybersecurity maturity across industries. The podcast revealed that higher education and state government sectors are particularly vulnerable, with a high number of reported breaches. This is attributed to underfunding and a lack of stringent cybersecurity measures. In contrast, the federal government has shown better compliance due to regulatory pressures like CMMC 2.0. The panelists agreed that while regulations are a step in the right direction, the enforcement and practical implementation of these regulations remain a challenge, particularly for smaller organizations.

Finally, the podcast touched on the issue of litigation costs associated with data breaches. The long-term financial impact of breaches extends beyond immediate operational disruptions and ransom payments. Ongoing litigation can drain resources and affect an organization’s reputation and client trust.

Kiteworks 2024 Sensitive Content Communications Privacy and Compliance Report: https://www.kiteworks.com/sensitive-content-communications-report/

Alexandre Blanc: https://www.linkedin.com/in/alexandre-blanc-cyber-security-88569022/

Ranbir Bhutani: https://www.linkedin.com/in/ranbir-b-725286175/

Tim Freestone: https://www.linkedin.com/in/freestone/

Patrick Spencer: https://www.linkedin.com/in/patrickespencer

Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.

Betania Allo is a distinguished expert in cybersecurity law and public policy and frequently presents at international forums and events. She boasts an impressive academic background with advanced degrees from Harvard University and Syracuse University. Currently, she is pursuing a doctorate in engineering with a focus on analytics at George Washington University. Her extensive experience includes serving as a Program Management Specialist and Senior Officer at the United Nations, where she addressed complex issues related to counterterrorism and technology.

This Kitecast episode delves into Betania Allo’s multifaceted career journey, highlighting her transition from law and public policy to the specialized field of cybersecurity. Her decision to move from Argentina to the U.S. for graduate studies, combined with her background in international relations and law, set the stage for her focus on cybersecurity. Betania’s efforts to bridge the gap between legal experts and technologists are emphasized, underscoring the importance of understanding both domains to effectively tackle global cyber threats.

The podcast discussion covers Betania’s tenure at the United Nations, where she worked on counterterrorism and technology. Insights are provided on how terrorist groups exploit digital platforms for recruitment, communication, and fundraising. The challenges of safeguarding these platforms and the importance of a multi-stakeholder approach involving private sector companies, NGOs, and academia are examined. Betania’s experiences during the pandemic revealed the increased vulnerability and exploitation of digital spaces by terrorist organizations.

Betania also discusses the rehabilitation and reintegration of terrorists through technology. The significance of using technology in the initial screening of individuals for accurate assessments and tailored rehabilitation programs is outlined. Despite the challenges, Betania advocates for incorporating artificial intelligence (AI) and other technologies to enhance rehabilitation efforts. Her innovative approach aims to create unified systems for better data synchronization and resource allocation, particularly in regions with limited infrastructure.

Finally, Betania argues that political decision-making needs to be tapped in prioritizing technological advancements and cybersecurity investments. Continuous collaboration between governments, tech companies, and security experts is deemed essential to stay ahead of emerging threats. As such, she points out the need for engaging training programs to build a robust cyber culture within organizations and beyond.

LinkedIn: https://www.linkedin.com/in/betaniaallo/

Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.

Edna Conway, an innovative executive and thought leader with over 30 years of experience leading cybersecurity, risk management, and value chain transformation at Fortune 10 technology companies, highlights how collaboration in cybersecurity is critical for the development of and adherence to policy and practice in this Kitecast episode. Edna is currently a Senior Fellow at the Carnegie Endowment for International Peace and CEO and Founder of EMC Advisors. She currently is an advisor or board member for a long list of technology and professional services startups and nonprofit organizations.

One theme from the discussion with Edna centered on the cybersecurity workforce shortage. She emphasized the need to look beyond traditional sources and backgrounds to find talent. This requires partnerships between companies, academia, and nonprofits focused on training and upskilling people from diverse backgrounds for cybersecurity roles. Apprenticeship and mentorship models were discussed as potential solutions.

The conversation then delved into cybersecurity policy and regulation. Edna provided her perspectives on the balance between driving security practices versus overregulation that hinders business. She noted that legislation often lags behind technology advancements, making public-private collaboration critical. Edna stressed the importance of the private sector proactively stepping up security rather than just reacting to new regulations.

Another key topic from the podcast touched on the crowded landscape of cybersecurity startups and the challenges they face. Beyond just having an innovative product, Edna emphasized the importance of serving a real customer need, providing a complete solution, and demonstrating value to multiple stakeholders in an organization beyond just the security team. Making customers’ lives easier is key to standing out.

Edna also touched on the need to embed security into business processes and objectives from the start, rather than bolting it on afterwards. She discussed the concept of “secure by design” and how leading organizations are building security into everything from their products to their supplier relationships. This proactive, holistic approach is critical to managing cyber risk in an increasingly interconnected business environment.

LinkedIn: https://www.linkedin.com/in/ednaconway

EMC Advisors: https://www.linkedin.com/company/emcadvisors

Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.

Debra Farber, a globally recognized privacy, security, and ethical tech advisor with nearly two decades of experience, discusses data privacy, privacy by design, and the growing field of privacy engineering in this Kitecast episode. As the host of the Shifting Privacy Left podcast, Farber is dedicated to building a community of privacy engineers and bridging the silos between various industries and research areas.

In this Kitecast episode, Farber emphasized the importance of embedding privacy into product development from the outset. She highlighted the role of privacy engineers in assessing risks, minimizing data collection, and ensuring compliance with regulations such as GDPR. Farber also discussed the challenges organizations face in hiring privacy engineers due to the high demand and limited supply of qualified professionals in this relatively new field.

Farber explained the distinction between privacy by design and privacy-enhancing technologies (PETs). Privacy by design is a set of high-level principles focused on integrating privacy into systems from the beginning, while PETs are specific tools and techniques that help achieve compliance with data protection principles. Some examples of PETs include anonymization, homomorphic encryption, secure multi-party computing, and differential privacy.

The conversation also touched on the potential return on investment for organizations that prioritize privacy. By minimizing data collection and addressing privacy concerns early in the development process, companies can reduce downstream compliance costs, legal expenses, and the risk of fines associated with data breaches or privacy violations.

In addition to the above, Farber shared her thoughts on artificial intelligence and its impact on personal privacy. While acknowledging the potential risks, she emphasized that the real threat lies in the unchecked powers of those bringing AI to market without appropriate safety measures and testing. Farber advocates for the ethical development and deployment of AI technologies, ensuring that privacy standards are applied correctly to mitigate risks and protect individuals’ rights.

LinkedIn: https://www.linkedin.com/in/privacyguru

Shifting Privacy Left Media: https://shiftingprivacyleft.com

Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.

In the latest Kitecast episode, Lisa Plaggemier, the Executive Director of the National Cybersecurity Alliance, discusses what it takes to empower digital safety for all peoples and organizations. With an extensive background in marketing, operations, and cybersecurity, including a decade at Ford Motor Company and senior roles at CDK Global and InfoSec, Lisa brings a wealth of experience and lessons learned to the topic. Her focus is on helping businesses and individuals protect themselves in the digital world, which enables organizations to develop better cybersecurity risk management strategies.

Lisa emphasizes the importance of consistent and clear communications when it comes to cybersecurity awareness. She highlights the success of Cybersecurity Awareness Month, an initiative founded by the National Cybersecurity Alliance, attributing its effectiveness to the consistency of the message over time. Lisa also stresses the need to demystify cybersecurity for the average person, making it more attractive and less intimidating to adopt safe online practices.

One of the key challenges Lisa identifies is the knowledge gap between IT professionals and business owners, particularly in small businesses. To address this gap, the National Cybersecurity Alliance launched a training class tailored to educate business leaders on managing cybersecurity as a function of their business. The organization also recognizes the importance of early cybersecurity education, with plans to develop age-appropriate content for children in collaboration with PBS Kids.

Lisa shares insights from the National Cybersecurity Alliance’s annual survey, revealing alarming trends such as the persistence of insecure password practices and the overconfidence of younger generations in their ability to navigate cybersecurity risks. She also discusses the need for widespread adoption of multi-factor authentication (MFA) and the role of social media companies in mandating more stringent security measures.

In addition to the above, Lisa emphasizes the National Cybersecurity Alliance’s commitment to promoting cybersecurity awareness through various initiatives, including the creation of a comedic series called Kubikle Series to engage a broader audience. With her expertise and dedication to the cause, Lisa—and the National Cybersecurity Alliance—continue to play a crucial role in empowering individuals and organizations to stay safe in the ever-evolving digital landscape.

LinkedIn: https://www.linkedin.com/in/lisaplaggemier/

National Cybersecurity Alliance: https://staysafeonline.org/

Kubikle Series: https://kubikleseries.com/

Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.

Alan Shimel, a prominent figure in the cybersecurity industry, is the CEO and founder of Techstrong Group, a global platform that powers tech innovation and transformation across various media, research, and consulting brands. With over 25 years of experience in security, Shimel has been at the forefront of the industry, witnessing its evolution and the emergence of new technologies such as AI. In this Kitecast episode, he shares his insights on the impact of AI on cybersecurity, discussing its potential benefits and limitations while addressing the challenges faced by organizations in today’s rapidly changing landscape.

One of the key areas explored in the podcast is the influence of AI on application security (AppSec). Shimel notes that AI is making AppSec easier and faster, lowering the entry point for organizations to secure their applications. However, he also raises the question of whether AI is genuinely improving security or simply making it more accessible. Shimel suggests that while AI can help identify vulnerabilities in code more efficiently, it is essential to ensure that the quality of the generated code is high and that organizations do not become overly reliant on AI-driven solutions.

The conversation also delves into the role of cyber insurance companies in enforcing cybersecurity policies. Shimel explains that these companies are becoming the architects and auditors of security, establishing the lowest common denominator for organizations seeking coverage. While this can be beneficial in ensuring a baseline level of security, Shimel cautions that it may not always align with an organization’s specific needs or risk tolerance. He also highlights the importance of understanding the implications of cyber insurance, as insurers often have the power to make decisions on behalf of the insured organization in the event of a breach or ransomware attack.

Another critical topic addressed in the podcast is the cybersecurity skills gap. Shimel points out that despite the growing demand for cybersecurity professionals, many skilled individuals struggle to land their first job due to the industry’s preference for candidates with three to five years of experience. He emphasizes the need for organizations to provide opportunities for newcomers to gain practical experience and suggests that the skills gap will persist until the industry becomes more receptive to nurturing new talent.

Looking to the future, Shimel discusses the potential impact of quantum computing on cybersecurity. While he acknowledges that the development of stable quantum computers is still years away, he stresses the importance of preparing for the potential disruption they could bring. Shimel mentions that government agencies and regulatory bodies have already begun working on quantum-proof algorithms and certificates to ensure the continued security of encrypted data. However, he also notes that the adoption of these measures will largely depend on market demand and the willingness of organizations to invest in quantum-resistant technologies.

LinkedIn: https://www.linkedin.com/in/alanshimel/

Techstrong Group: https://techstronggroup.com/

Techstrong Podcasts: https://techstrongpodcasts.com

Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.

runZero provides comprehensive visibility into an organization’s cyber assets and attack surface to empower risk and exposure management. By combining external scanning, internal asset discovery, cloud inventory, and API integrations, runZero maps all devices, software, vulnerabilities, owners, and other security attributes. This integrated view across IT, IoT, OT, mobile, and cloud contextualizes risk and priorities based on asset criticality and location inside or outside the network perimeter.

Barbee predicts major new vulnerabilities in 2024 that will catch security teams off guard as they remain overburdened dealing with patching and securing fundamental gaps. Additionally, more supply chain attacks will emerge from malware inserted through dependencies and software development pipelines over the last few years. He advises CISOs to focus on security fundamentals first, like comprehensive asset management, vulnerability management, and patching rather than getting distracted by the latest headlines on advanced persistent threats.

While compliance regulations provide helpful guardrails and budget for security programs, most organizations still struggle with basics like consistent vulnerability scanning, device monitoring, and patching. The smaller the company, the more they remain focused on backup, recovery, and threat detection rather than proactive security. Barbee highlights an energy company that resisted patching anything due to downtime risks, demonstrating the difficult trade-offs security teams face.

When submitting conference presentation proposals, clearly explain what you plan to discuss and why it matters to peers. Spend time refining the title and abstract from the selection committee’s perspective, rather than taking shortcuts. Ask colleagues or mentors to review and provide feedback to improve clarity and relevance before submitting.

For new security professionals, Barbee advises developing networking and communication skills instead of only focusing on individual skills development. He also encourages cementing core IT and networking fundamentals instead of only specializing in security too early in their career. He suggests considering complementary areas like risk management to broaden perspective beyond just vulnerabilities and controls.

LinkedIn Profile: https://www.linkedin.com/in/jhbarbee/

runZero: https://www.runzero.com

Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.