Redefining CyberSecurity

Guests: Kim Wuyts, Manager Cyber & Privacy, PwC Belgium [@PwC_Belgium] On LinkedIn | https://www.linkedin.com/in/kwuyts/ On Twitter | https://twitter.com/Wuytski On Mastodon | https://mastodon.social/@kimw Avi Douglen, CEO / Board of Directors, Bounce Security & OWASP On LinkedIn | https://www.linkedin.com/in/avidouglen/ On Twitter | https://twitter.com/sec_tigger ____________________________ Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes In this episode of On Location with Sean and Marco, host Sean Martin offers a deep dive into the OWASP AppSec Lisbon event, engaging in a meaningful conversation with Kim Wuyts and Avi Douglen. Sean starts by setting the stage for an insightful discussion focused on privacy, security, and the integration of both in modern application development. Kim Wuyts, a Cyber and Privacy Manager at PwC Belgium, shares her journey from a security researcher to a privacy engineering expert, emphasizing the importance of privacy threat modeling and the intricate balance between security and privacy. She explains how privacy not only strengthens security but also involves complex considerations like legal, ethical, and technological aspects. Kim highlights the need for companies to adopt privacy by design, ensuring data is used with care and transparency, rather than merely being collected and stored. Avi Douglen, Lead Consultant at Bounce Security, brings his experience in threat modeling to the conversation, recounting his learning curve in understanding the depths of privacy beyond mere confidentiality. He speaks about the importance of educating security engineers on privacy considerations and using value-driven security to protect stakeholders' interests. Avi stresses that privacy and security should be integrated from the beginning of the application development process to avoid clashes and ensure robust, privacy-respecting systems. Throughout the discussion, the guests delve into various privacy engineering practices, including data minimization, the handling of meta-information, and the potential conflicts between security requirements and privacy needs. They touch on real-world scenarios where privacy can enhance overall security posture and how privacy engineering aligns with compliance requirements such as GDPR. Sean, Kim, and Avi also explore the concept of architectural data mapping and selecting the right components for privacy. They discuss the evolving skill set required for privacy engineering and how integrating privacy with existing security practices can add significant value to any organization. The episode concludes with a look at the upcoming training session at the OWASP AppSec event in Lisbon, emphasizing the need for a diverse audience, including security engineers, privacy professionals, and developers. This session aims to foster a collaborative environment where participants can expand their knowledge and apply practical privacy by design principles in their work. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBV Be sure to share and subscribe! ____________________________ Resources Training: https://lisbon.globalappsec.org/trainings/#sku_PPBD Threat modeling manifesto: https://www.threatmodelingmanifesto.org/ Learn more about OWASP AppSec Global Lisbon 2024:...

Guest: Jim Manico, Founder and Secure Coding Educator, Manicode Security On LinkedIn | https://www.linkedin.com/in/jmanico/ On Twitter | https://x.com/manicode ____________________________ Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes In this episode of On Location with Sean and Marco, host Sean Martin engages in a compelling discussion with Jim Manico about the current landscape of application security. Jim, a notable leader in the field, delves into several critical topics surrounding application security and its evolving challenges. The conversation opens by touching on the significant influence of artificial intelligence (AI) on application security, suggesting a future episode dedicated entirely to exploring this complex topic. They then shift focus to the necessity of having a formalized approach when dealing with security vulnerabilities. Jim underscores the importance of planning and preparation before tackling security threats, emphasizing that structured processes lead to more effective management of potential issues. A significant portion of the dialogue explores the challenges associated with identifying and managing vulnerable or outdated libraries within codebases. Jim and Sean discuss how modern development practices often lead to the incorporation of various libraries, each of which can introduce potential security risks if not properly maintained. The intricacies of keeping these libraries updated to prevent vulnerabilities are highlighted, including the frequent necessity of updating or replacing libraries to ensure robust security. Jim also touches upon the noise generated by automated security findings, which can overwhelm development teams with alerts and potential issues. He stresses the value of effectively prioritizing and addressing these findings to ensure that the most critical vulnerabilities are tackled promptly, reducing the risk of exploitation. Throughout the episode, Jim and Sean highlight the balance that must be struck between developing new features and maintaining a secure, resilient application environment. Ensuring that security is integrated into the development lifecycle rather than being an afterthought is a recurring theme in their discussion. This engaging episode provides listeners with a deep dive into the strategic and tactical aspects of application security, offering valuable insights and practical advice on navigating the often complex and ever-evolving security landscape. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTzdBL4GGWZ_x-B1ifPIIBV Be sure to share and subscribe! ____________________________ Resources Training: https://lisbon.globalappsec.org/trainings/#sku_ASTJM OWASP ASVS: https://github.com/OWASP/ASVS/tree/master/5.0/en OWASP Cheatsheet Series: https://cheatsheetseries.owasp.org/ Learn more about OWASP AppSec Global Lisbon 2024: https://lisbon.globalappsec.org/ ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Are you...

Guests: Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead, National Institute of Standards and Technology [@NISTcyber] On LinkedIn | https://www.linkedin.com/in/julie-haney-037449119/ On Twitter | https://x.com/jmhaney8?s=21&t=f6qJjVoRYdIJhkm3pOngHQ Dr. Cori Faklaris, Assistant Professor, University of North Carolina at Charlotte [@unccharlotte], Director, Security and Privacy Experiences (SPEX) research group [@SPEX_lab] On LinkedIn | https://www.linkedin.com/in/corifaklaris/ On Twitter | https://twitter.com/heycori On Mastodon | https://hci.social/@Heycori On Facebook | https://www.facebook.com/heycori ____________________________ Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin View This Show's Sponsors ___________________________ Episode Notes In this new episode of the Redefining CyberSecurity Podcast, host Sean Martin and co-host Julie Haney welcomed Dr. Cori Faklaris, an assistant professor at the University of North Carolina, Charlotte, to discuss the intricate relationship between human-centered research and cybersecurity. Dr. Faklaris, who leads the Security and Privacy Experience Research Group at the university, shared valuable insights on the intersection of human behavior and security practices. The episode delved into Dr. Faklaris' extensive research on security attitudes and behaviors. She introduced the Security Attitudes (SA) scales, particularly the SA-6 and SA-13, which are tools designed to measure people's security attitudes. These scales provide a reliable and valid means to gauge individuals' perspectives on cybersecurity, which can be critical for organizations looking to enhance their security training programs. By regularly measuring security attitudes before and after training, organizations can assess the effectiveness of their initiatives and identify areas for improvement. Dr. Faklaris emphasized the importance of considering not just attitudes but also social norms and perceived behavioral control when examining security behaviors. A significant portion of the discussion centered around the challenges posed by smishing—phishing attacks conducted via SMS. Dr. Faklaris highlighted that younger people and college students are particularly vulnerable to such attacks. Her research indicates that demographic factors can influence susceptibility to smishing, underscoring the need for targeted awareness campaigns and tailored security measures. The episode also touched on the broader implications of trust and usability in communication systems, with Dr. Faklaris stressing the importance of clear and trustworthy communication channels to prevent user fatigue and mistrust. In addition to her academic endeavors, Dr. Faklaris is spearheading a new cybersecurity clinic at UNC Charlotte. This initiative aims to support local organizations, particularly small businesses and non-profits, by providing them with valuable cybersecurity guidance and services free of charge. The clinic, which will involve student teams working on real-world problems, seeks to bridge the gap between academic research and practical application while fostering community engagement and providing hands-on experience to students. The episode serves as a treasure trove of insights for security leaders and practitioners, offering practical advice on enhancing security training and awareness programs. By leveraging research-backed methods and fostering community partnerships, organizations can better navigate the complex human factors that influence cybersecurity practices. Dr. Faklaris' work serves as a powerful reminder of the critical role human-centered approaches play in building robust and effective security frameworks. Top Questions Addressed ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining...

Guest: Robin Smith, CISO of Aston Martin [@astonmartin] On LinkedIn | https://www.linkedin.com/in/robin-s-78148a133/ ____________________________ Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes The latest episode of "On Location With Marco and Sean" features an in-depth discussion with Robin Smith, the Chief Information Security Officer (CISO) at Aston Martin. Recorded live in the media room at Infosecurity Europe 2024 in London, this episode explores the essential role of culture in cybersecurity. Sean Martin and Marco Ciappelli guide the conversation, touching on everything related to the complexities of organizational security culture. The Icebreaker The conversation kicks off with some light-hearted banter about yogurt and its cultural significance, setting a relaxed tone before diving into the serious business of cybersecurity. Sean and Marco's playful exchange effectively breaks the ice, before Sean introduces Robin Smith, emphasizing how this conversation is the final one in their Infosecurity Europe coverage. Robin reciprocates with a warm thank you, before sharing insights on Aston Martin’s cybersecurity culture. Life at Aston Martin Robin elaborates on his role at Aston Martin, revealing that he considers himself the "luckiest man in cyber." He explains how a commitment to high-quality IT initially existed at Aston Martin but not a fully developed cybersecurity culture. Over the past three years, his mission has been to build that culture, aligning it with Aston Martin’s values and brand prestige. Building a Cybersecurity Culture Robin describes how he introduced a comprehensive security program that aligns with Aston Martin’s renowned design and engineering standards. He discusses the importance of integrating cybersecurity as a full-spectrum approach to business improvement, not just a technological add-on. Lessons Learned The conversation shifts to some of the challenges and failures encountered along the way. Robin recounts an ambitious but ultimately unsuccessful attempt to engage the board with an open-source intelligence report on their personal information. Though the exercise did not go as planned, it provided invaluable lessons on cultural sensitivity and resource allocation. The Vision for the Future Robin and Sean discuss the forward-thinking mindset necessary to navigate both immediate and long-term cybersecurity challenges. Robin emphasizes the need for a balanced approach that combines visionary planning with effective tactical response. He highlights Aston Martin's ambition for full automation and AI-driven security measures. Impact on Customers and Community Marco Ciappelli raises the question of how this robust security culture affects Aston Martin's customers. Robin assures that high-value customers expect the best, including top-notch security. He underscores the importance of securing the entire value chain, from suppliers to dealership networks. Community and Collaboration Sean explores the role of community among CISOs. Robin shares his positive experiences with the automotive CISO community, emphasizing the value of honest and sometimes brutal feedback. This collaborative environment helps him and his peers continually improve their security programs. Wrapping Up As the conversation winds down, both hosts thank Robin for his insights. They reflect on the passion and dedication evident in the cybersecurity community throughout the event. Sean invites Robin for another discussion on cyber futurism, hinting at more intriguing conversations to come. Marco and Sean close the episode by thanking their...

Guests: Marcin Gajkowski, Head of Liability Underwriting Team, Generali Poland On LinkedIn | https://www.linkedin.com/in/marcin-gajkowski-4a6685134/ Michal Balwinski, Senior Underwriter and Cyber Practice Leader, Generali Poland On LinkedIn | https://www.linkedin.com/in/micha%C5%82-balwi%C5%84ski-136105197/ ____________________________ Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes Exploring Cyber Insurance Nuances Across Europe with Generali Poland at InfoSecurity Europe 2024 Picture this: bustling conversations, gleaming booths, and thought-provoking sessions at InfoSecurity Europe 2024, held in the vibrant city of London. Amidst this atmosphere, Sean Martin and Marco Ciappelli of "On Location With Marco and Sean" invite listeners into a fascinating discussion focusing on the intricacies of cyber insurance within Europe. Joined by two brilliant minds from Generali Poland, Marcin Gajkowsky and Michal Balwinski, this episode immerses us into understanding cyber insurance and its varied landscape across the continent. Setting the Scene: InfoSecurity Europe 2024 The episode kicks off with Marco and Sean's characteristically witty banter. They joked about their numerous travels and questioned their whereabouts, reflecting the lively and spontaneous spirit of live recording. They also introduce their esteemed guests, Marcin Gajkowsky and Michal Balwinski, from Generali Poland. The discussion's setting is none other than the renowned InfoSecurity Europe event, where cybersecurity professionals gather to forge connections and share innovative security solutions. Understanding Cyber Insurance: Perspectives from Generali Poland Marcin Gajkowsky, leading Generali Poland's Liability Team, opens up about his journey into cyber insurance. Despite his initial background in casualty and professional indemnity underwriting, Gajkowsky has grown passionate about the potential and challenges of cyber insurance, especially within Poland. With the deployment of their local cyber insurance policy in 2021, Generali Poland has committed to navigating and shaping this emerging market. Michal Balwinski, a senior underwriter and cyber insurance practice leader at Generali Poland, delves further into the policies and market dynamics. He highlights the significant knowledge gap in Central and Eastern Europe, a relic of historical and geopolitical contexts. This awareness gap necessitates steps for thorough market education and awareness building, ensuring businesses understand and value the importance of cyber insurance. Market Dynamics: Diversity Across Europe Balwinski emphasizes the differing levels of cyber risk awareness across Europe. The UK, Western Europe, and the Mediterranean regions each present unique insurance needs and challenges based on their levels of digital sophistication and historical development. Poland's market reveals a stark contrast with larger enterprises adopting sophisticated vendor technologies akin to global banks, while smaller and mid-sized companies lag behind, often unaware of the essential benefits and protections cyber insurance provides. Adapting to the Market: Educational and Technological Partnerships Reflecting on the unique role of cyber insurance, the Generali Poland team outlines their approach to nurturing client relationships. They provide comprehensive risk assessments, engaging conversations, and tailored recommendations. True to their philosophy, Generali Poland extends beyond the role of mere policy provider, establishing themselves as committed partners in their clients' cybersecurity journeys. One pivotal...

Guests: Madelein van der Hout, Senior Analyst Security & Risk at Forrester [@forrester] On LinkedIn | https://www.linkedin.com/in/madelein-van-der-hout-65452025/ On Twitter | https://x.com/HoutMadelein Paul McKay, Vice President, Research Director at Forrester [@forrester] On LinkedIn | https://www.linkedin.com/in/paul-mckay-5304a115/ ____________________________ Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes The Human Side of Cybersecurity Infosecurity Europe 2024 in London brought together some of the industry's most knowledgeable professionals. Marco Ciappelli and Sean Martin, your hosts, were joined by Madeline Van Der Hout, Paul McKay, both from Forrester, and various other experts to discuss the latest trends, challenges, and solutions within the cybersecurity landscape. This exciting episode of "On Location With Marco and Sean" dives deep into essential topics such as the significant role of the human element in cybersecurity, skill shortages, industry fragmentation, and future trends. Reimagining Cybersecurity: Back to the Future The episode begins with a nostalgic touch as Sean Martin and Marco Ciappelli discuss the iconic movie "Back to the Future". Drawing a parallel between the film's theme of time travel and the evolving cybersecurity landscape, they emphasize how the industry might benefit from lessons of the past while anticipating the future. The Reality of Cybersecurity Innovation Madeline Van Der Hout and Paul McKay shed light on the changing dynamics of cybersecurity events. Paul mentions that events like Infosecurity Europe must now compete with other regional events like CyberSec Europe in Brussels. This healthy competition fosters localized insights and innovations. Madeline adds that cybersecurity innovation often stems from startups. She believes these events stimulate larger vendors to communicate with smaller startups, thus supporting the entire ecosystem. API Security: A Case for Consolidation Both Paul and Madeline reflect on the notable presence of API security vendors at the conference. Madeline points out the consolidation in the market driven by various approaches to API security. CISOs today expect API security to be an integral part of their infrastructure, driving the conversation towards prioritization and efficient resource management. The Human Element and Mental Health One of the crucial points discussed was the significant skill shortage in the cybersecurity industry. Madeline stresses the need for more conversations around mental health and burnout prevention among cybersecurity professionals. Paul supports this by highlighting common hiring challenges where organizations are often looking for the "purple squirrel" or the "five-legged sheep." Training and Educating Future Talent The conversation moves towards the barriers to entry for new talent in the industry. Both experts agree that focusing on certifications alone can create a class divide. Paul argues that this practice restricts access to the industry for those unable to afford costly certifications. Madeline emphasizes the need to work closely with HR departments to create better job profiles and hiring practices. This could alleviate some of the industry's talent shortages. Cybersecurity's Future: More Than Just a Business Problem Madeline takes a broader view by asserting that cybersecurity is not just a business problem. It's a civilian issue as well, affecting everyone with a digital footprint. She encourages leveraging the power of informed voting and education to address cybersecurity at a societal level. Data-Driven...

Guests: Brian Honan, Founder, BH Consulting On LinkedIn: https://www.linkedin.com/in/brianhonan/ On X: https://x.com/BrianHonan Suk Paul, Director - EMEA Services GTM, Kudelski Security On LinkedIn: https://www.linkedin.com/in/suk-paul-mba-99757412/ Heather Lowrie, Chief Information Security Officer (CISO), The University of Manchester On LinkedIn: https://www.linkedin.com/in/heather-lowrie/ On X: https://x.com/HeatherELowrie Tim Grieveson, Senior Vice President - Global Cyber Risk Advisor, Bitsight On LinkedIn: https://www.linkedin.com/in/timgrieveson/ On X: https://x.com/timgrieveson Daniel Lattimer, Area Vice President - EMEA West, Semperis On LinkedIn: https://www.linkedin.com/in/daniel-lattimer-37533016/ ____________________________ Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes WATCH THE VIDEO: https://youtu.be/3VQ5VsD-DKQ In recent news, the NHS has been severely impacted by a ransomware cyber attack. This once again highlights the vulnerability of critical infrastructure to cyber threats. In this episode of ITSPmagazine, Marco Ciappelli and Sean Martin dive into this alarming incident while at the InfoSecurity Europe event in London, engaging with a panel of esteemed professionals in the field of information security. One of the significant themes that emerged from the conversation is that cybercrime is no longer the domain of rogue teenage hackers working from their basements. As Brian Honan emphasized, cybercriminals today are often part of organized crime syndicates involved in drug trafficking, arms dealing, and human trafficking. They are driven by financial gain and are willing to go to great lengths to achieve their goals. This particular incident affected NHS pathology services, causing surgeries and blood transfusions to be canceled or postponed, directly impacting patient care. Suk Paul pointed out that this kind of attack is not isolated. Since the conflict in 2022, the UK has witnessed a rise in cyber-attacks on public infrastructure, including hospitals and universities. He stated that the human intelligence element is crucial in identifying the techniques and methods used in such attacks. The conversation also shed light on the complexity of managing third-party supply chain risk. Heather Lowrie suggested considering cybersecurity as a business enabler and not just a technical issue. She stressed the need for robust communication and collaboration between internal teams, external partners, and even at the board level to create a resilient cybersecurity posture. To this end, Tim Grieveson echoed the importance of having a security leader with excellent communication skills who can align security strategies with business outcomes. This alignment is particularly essential in critical sectors like healthcare, where the focus is on maintaining patient-centric care. Furthermore, Daniel Lattimer highlighted the challenges faced by the NHS in funding cybersecurity measures. He mentioned that while the NHS has made strides in improving its cybersecurity capabilities, there is still a dilemma of prioritizing between lifesaving patient care and investing in cybersecurity. More specific guidance and a legislative approach similar to US standards could help in achieving minimum security standards. Brian Honan described the importance of legislative measures like the EU's Digital Operations Resilience Act (DORA) and the Network and Information Security Directive (NIS2), which focus on resilience in critical infrastructure. The key is not just to prevent cyber-attacks but to ensure continuity of services during and after...

Here we are, once again from the bustling show floor at Infosecurity Europe 2024 in London, situated at the Excel Centre. Sean Martin of ITSP Magazine is your host, and he's joined by Dror Liwer, co-founder of CORO Security. Both are excited to dive deep into how CORO is expanding its focus into the European market. Day Three: Nonstop Conversations and Presentations From the get-go, Dror shares his enthusiasm about being part of this prestigious event for the first time. With a primary presence in the U.S., CORO is now aggressively moving into EMEA, starting right here in London. This move is in response to increasing demand from small to medium-sized enterprises (SMEs) in Europe who need robust cybersecurity solutions. Addressing the Security Needs of SMEs Sean recalls the comprehensive capabilities of CORO discussed in previous episodes. CORO provides multiple layers of security tailored to an organization’s specific needs, such as regulatory requirements, budget, and staffing capabilities. Sean encourages everyone to revisit those insightful seven-minute chats from RSA Conference to get an in-depth view. Dror emphasizes that CORO is unique in targeting the mid-market from the ground up, unlike other companies that retrofit enterprise solutions to fit smaller businesses. With a focus on simplicity and powerful protection, CORO ensures that its solutions are manageable even for lean IT teams. Navigating the Complexities of Europe One of the significant discussions revolves around the differences between the U.S. and European markets. While Sean and Dror acknowledge the similar types of cyber threats faced globally, operational nuances like data residency and privacy regulations differ widely across Europe. CORO has established a data center in Germany to comply with local data residency requirements, ensuring that email and file inspections stay within the EU boundaries. Real-World Applications and Challenges Sean drives the conversation into the specific challenges CORO has faced and the different attack scenarios in Europe compared to the U.S. Dror mentions that while SME awareness of being targets has been prevalent in the U.S. for a while, European SMEs are just beginning to realize the same. As a result, CORO is educating this market about the imminent threats and how to efficiently protect against them without becoming overwhelmed. The Importance of Affordability Dror and Sean discuss the financial challenges faced by SMEs, such as difficult decisions on whether to invest in cybersecurity or other critical needs like educational resources. Dror emphasizes that CORO has priced its suite of security solutions to remove this barrier, making comprehensive coverage affordable for even the smallest enterprises. Team and Technology: The Backbone of CORO The conversation takes a moment to appreciate CORO’s dedicated team. Sean praises the high energy and mutual support visible at CORO’s booth. Dror points out that customer reviews often highlight how easy it is to work with CORO—a testimony to the company’s dedication to protecting overlooked small and mid-sized businesses. The Future of SME Cybersecurity CORO aims to remove the guesswork ("threat roulette”) for SMEs by providing an all-encompassing platform that is accessible and easy to manage. This approach ensures that small businesses can protect themselves comprehensively without the need to prioritize between different threat vectors due to budget constraints. CORO’s Mission As the conversation winds down, Dror reiterates CORO's mission to protect SMEs globally and make cybersecurity as effortless as possible. Sean encourages attendees of Infosecurity Europe to visit CORO's dynamic and innovative booth, and for those who cannot make it, to check out CORO online. For more information, visit CORO's website at Coro.net Thanks to everyone for joining us. Expect more exciting updates from CORO, possibly next time from Las Vegas! Learn more about CORO:...

In the dynamic and ever-changing world of cybersecurity, it is crucial to remain at the forefront of addressing vulnerabilities, implementing innovative solutions, and getting to know companies that are making a differences in this industry. At Infosecurity Europe 2024 in London, Sean Martin sits down with Francesco Cipollone, co-founder of Phoenix Security, to discuss the company’s journey, achievements, and unique value propositions, highlighting their significant impact within the cybersecurity community. Setting the Stage The bustling environment of Infosecurity Europe 2024 serves as the backdrop for an engaging conversation about the latest cybersecurity trends. Martin and Cipollone delve into Phoenix Security’s origins as an internal project at HSBC, aimed at addressing engineer burnout by improving communication and prioritization in vulnerability management. Phoenix Security’s Journey and Vision Cipollone explains how Phoenix Security was created to help engineers avoid burnout, originally focusing on solving communication and prioritization challenges in vulnerability management. This initiative quickly evolved into a comprehensive solution that bridges the gap between security and engineering teams by providing actionable risk assessments and automating decision-making processes. Innovative Solutions for Modern Cybersecurity Challenges Phoenix Security stands out by offering powerful tools that streamline vulnerability management across enterprise systems. Their platform allows for better scheduling of workloads and prioritization of tasks, significantly reducing the time it takes to address vulnerabilities from hours to just minutes. This efficiency not only prevents engineer burnout but also ensures that security measures are implemented effectively. Success Stories and Client Feedback Cipollone shares success stories from clients like ClearBank, who have benefited from real-time, up-to-date asset inventory and operational insights. By using Phoenix Security, these organizations can engage in informed risk-based decision-making, enabling security teams to focus on high-impact vulnerabilities and maximize risk reduction. Expanding Reach Through Strategic Partnerships Highlighting the importance of collaboration, Cipollone mentions Phoenix Security’s recent partnership with Booncheck. This partnership integrates advanced threat intelligence into the Phoenix platform, offering clients access to a wealth of vulnerability data and enabling more effective risk management strategies. Conclusion The conversation concludes with insights into future security trends and Phoenix Security’s commitment to innovation and community-driven solutions. Cipollone emphasizes that Phoenix Security aims to simplify decision-making processes, giving engineers and security professionals more time to focus on what truly matters. We encourage all ITSPmagazine viewers and listeners to connect with the Phoenix team, download their new book, and stay tuned for more updates from Infosecurity Europe 2024. Learn more about Phoenix Security: https://itspm.ag/phoenix-security-sx8v Note: This story contains promotional content. Learn more. Guest: Francesco Cipollone, CEO & Founder at Phoenix Security [@sec_phoenix] On LinkedIn | https://www.linkedin.com/in/fracipo/ On Twitter | https://twitter.com/FrankSEC42 Resources Learn more and catch more stories from Phoenix Security: https://www.itspmagazine.com/directory/phoenix-security View all of our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story

In this recap episode, Sean Martin and Marco Ciappelli think back on their experience thus far during their time at InfoSecurity in London. The conversation touches on several key areas including physical versus digital security, the allocation of budgets for cybersecurity measures, and broader societal implications of technology. Let's break down the significant points discussed by these industry professionals. Sean Martin, starting the discussion, emphasizes the innovative ways the city of London integrates physical security with digital tools. He observes hidden security features, such as street lamps converted into cameras, showcasing a blend of centuries-old infrastructure with modern technology. This seamless integration represents a significant investment aimed at enhancing urban security while maintaining the city's historical aesthetic. The discussion soon transitions into the critical topic of cybersecurity budgeting. Marco Ciappelli points out the complexities organizations face when deciding where and how much to invest in cybersecurity. John Davies’ keynote panel discussion he had with Sean and Marco on ransomware raised many ethical questions. Should one pay a ransom when lives are at stake? This sparks a nuanced debate among the participants. Sean Martin recaps some sobering conversations about the NHS breach, which highlights the real-world consequences of insufficient cybersecurity investments. He ponders whether current spending is enough and asks how organizations can effectively allocate resources to mitigate risks. Another significant part of the conversation revolves around the societal impact of technology. Brian Honan's insights underscore the dual nature of technology as a tool that can be used for both good and bad purposes. This dichotomy is a recurrent theme that questions the ethical implications of technological advances in our society. While cybersecurity aims to protect, there are those who exploit it for nefarious purposes. Throughout the episode, both hosts reflect on the global perspectives of these issues. They note a cultural contrast in how different countries perceive and react to cybersecurity threats. The conversation also highlights the growing importance of cybersecurity awareness and collaboration on an international scale to effectively address these global challenges. Concluding their dialogue, Martin and Ciappelli muse on the future of the industry. The dialogue serves not just as a recap of the information shared at the conference, but as a call to action for organizations to reassess their cybersecurity strategies. As Sean Martin aptly puts it, the industry must continually evolve to ensure that the investments in cybersecurity bring about the intended protective outcomes, thus safeguarding both data and lives in this interconnected world. WATCH THE VIDEO: https://youtu.be/ccKG5KUdEII ____________________________ Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Be sure to follow our Coverage Journey and subscribe to our podcasts! Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr Be sure to share and subscribe! ____________________________ Resources Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content...

Guests: Don Gibson, CISO, Kinly On LinkedIn | https://www.linkedin.com/in/don-gibson-cyber/ Emma Philpott, CEO, IASME Consortium On LinkedIn | https://www.linkedin.com/in/emphilpott/ ____________________________ Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes In this episode of On Location with Sean and Marco, hosts Sean Martin and Marco Ciappelli explore the intricacies of cybersecurity budget management and expenditure prioritization at the Infosecurity Europe event in London. The conversation kicks off with Sean and Marco discussing the challenges of balancing a minimalist approach with the need for robust security programs. The discussion swiftly transitions into budgeting strategies where the hosts are joined by guests Emma Philpott, CEO of IASME, and Don Gibson, Chief Information Security Officer (CISO) of Kinley. Emma provides insights into her role at IASME, highlighting their work on the Cyber Essentials program aimed at ensuring basic technical security controls. Don shares his experiences at Kinley, dealing with audiovisual technologies and their importance in security. The dialogue explores the difficulties organizations face, particularly around budget constraints, legacy technology, and the need for consistent investment in security measures. A significant portion of the episode is dedicated to the challenges faced by various-sized companies, from micro-businesses to large corporations, in implementing effective cybersecurity measures. Emma stresses the importance of making security accessible to smaller entities and the efforts IASME is making to provide free guidance and support. Don emphasizes the importance of clear communication and leadership at the board level to properly budget for cybersecurity, balance between technology, and staff investment, and avoid the pitfalls of over-reliance on either. The conversation also touches on the role of community and support networks within the cybersecurity realm. Both Don and Emma highlight the value of having trusted groups where professionals can share experiences, seek advice, and offer mental health support. They underscore how such communities foster a culture of openness and mutual assistance, which is crucial in an industry often grappling with high-pressure incidents and rapid technological changes. The episode wraps up with a discussion on the dynamics of cybersecurity as a competitive advantage and the evolving nature of security leadership. Emma and Don explain how achieving certifications like Cyber Essentials can provide business benefits beyond compliance, such as improved insurance outcomes and differentiation in the marketplace. Don challenges CISOs to think creatively about how cybersecurity can become a revenue-generating aspect of the business, reinforcing the need for innovative and dynamic leadership in the field. Tune in to learn more about budgeting, community support, and forward-thinking leadership in cybersecurity from the vibrant InfoSecurity Europe event. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr Be sure to share and subscribe! ____________________________ Resources Maximising Your Budget Effectively in Turbulent Times – An SME Focus:...

Guest: Ian Hill, Director of Information and Cyber Security at Upp Corporation [@getonupp] On LinkedIn | https://www.linkedin.com/in/ian-hill-95123897/ ____________________________ Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes At Infosecurity Europe 2024, conversations were electric, diving deep into the intersection of AI and cybersecurity and its profound impact on society. Industry experts Marco Ciappelli, Sean Martin, and Ian Hill explored these pivotal changes, offering sharp insights into the digital revolution. A Casual Start The event kicked off light-heartedly with Marco Ciappelli and Sean Martin, setting a relaxed, talk-show-like atmosphere. Despite minor technical hiccups, this informal start paved the way for an engaging discussion. “We’re messing with physical technology and digital technology,” remarked Sean Martin, perfectly capturing the complex interplay between human users and their increasingly advanced tools. From Keynotes to Key Concerns Ian Hill shared his journey from Director of Information and Cybersecurity at UP Corporation, now part of Virgin Media O2, to his current advisory role. He emphasized the freedom and reduced stress of stepping back from frontline cybersecurity. Hill’s keynote at the event centered on AI’s implications for the future of work and society, countering the exaggerated narratives often associated with AI. The Mislabeling Issue: AI vs. Automation Marco Ciappelli voiced a common frustration: the overuse of “AI” to describe mere automation. Hill stressed the need to differentiate true AI from sophisticated automation systems that lack adaptive learning capabilities. “We need to distinguish between what is automation and what is AI. There’s a lot of automation going on at the moment,” Hill noted. Western Society’s Dependency Hill warned of AI’s subtle yet significant impact on Western societies, likening it to the industrial and agricultural revolutions but with a more profound effect due to AI’s ability to replace cognitive tasks. “AI is different because AI is actually replacing our thinking, our creativity,” Hill cautioned, highlighting the potential for job displacement and challenges to human creativity and learning. The Drive for Profit A recurring theme was the economic drivers behind AI advancements. Hill critiqued the relentless pursuit of profit and efficiency, which risks lowering the quality of services and products in favor of mass production. “The nature with all these technological developments, the primary driver is profit and money,” Hill asserted, reflecting on the commercialization of AI. The AI Arms Race in Cybersecurity Hill and Martin discussed the escalating AI-driven war between cybersecurity defenses and attacks. They emphasized the need for rapid, machine-learning-based responses to evolving cyber threats, as traditional human-led security operations struggle to keep up. “You need machine learning, lightning-fast machine learning, to predict and react to events before the human even knows about it,” Hill stated, hinting at a future where automated systems dominate the cyber battlefield. The Trust Dilemma The conversation turned philosophical as the speakers pondered the reliability of AI-generated content and the impact of deep fakes and misinformation. Hill addressed the issue of AI “hallucinations”—erroneous outputs—and the dangers of blindly trusting AI. “We’re losing a sort of grip on reality… because it’s becoming harder to distinguish between what’s real and what isn’t real,” Hill commented, expressing concerns about a future rife with...

Welcome to a brand-new episode of On Location with Sean Martin and Marco Ciappelli at Infosecurity Europe 2024 in London. Today, Sean hosts a very special guest, Richard Meeus, Director of Security Technology and Strategy, EMEA at Akamai, who will provide us with valuable insights into cybersecurity resilience and the evolving landscape of distributed denial of service (DDoS) attacks. The High Energy at Infosecurity Europe 2024 Sean Martin kicks off the conversation by highlighting the vibrant atmosphere at Infosecurity Europe. With a bustling crowd and high energy, it's the perfect setting to look and discuss pressing cybersecurity topics. Richard Meeus appreciates the opportunity to be part of this lively event and shares his excitement for the discussions ahead. The Importance of Resilience In recent months, Sean has noticed a growing emphasis on the concept of resilience in cybersecurity conversations. Notably, both Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) are prioritizing resilience to safeguard their organizations. Richard shares his perspective, emphasizing the critical importance of resilience, especially in Europe. He points out that new legislations like NIST 2 and DORA are driving organizations to focus on maintaining the availability of their systems. The Rise in DDoS Attacks Transitioning to the main topic, Sean and Richard discuss the alarming increase in DDoS attacks observed in EMEA (Europe, the Middle East, and Africa). Over the past few years, there has been a significant surge in such attacks, with notable activity driven by hacktivists rather than traditional criminal actors. Richard explains that hacktivists use DDoS attacks to make a statement, often targeting high-profile organizations to maximize their impact. The Role of Akamai in Protecting Against DDoS Richard explains Akamai's pivotal role in defending against DDoS attacks. He highlights Akamai's extensive cloud protection service, boasting a global network with 2,400 points of presence (PoPs). This vast infrastructure allows Akamai to protect some of the world's largest and most prominent brands. Richard explains the importance of shifting the burden of DDoS defense to the cloud to handle the massive attack traffic. Akamai's scrubbing centers, strategically located worldwide, meticulously clean the incoming traffic, ensuring only legitimate requests reach the client's systems. Evolution of DDoS Attacks Sean invites Richard to provide an overview of how DDoS attacks have evolved over the years. While some traditional tactics like sin floods remain prevalent, there has been a resurgence of older techniques like water torture attacks targeting DNS. Richard emphasizes that organizations must protect their entire infrastructure, including APIs, which are increasingly becoming the target of such attacks. The Financial Sector: A Prime Target The financial sector is frequently targeted by DDoS attacks, according to Richard. He stresses that the trust customers place in financial institutions is heavily reliant on the availability of their digital services. Any disruption can erode this trust and have a significant material impact on the organization's reputation and customer confidence. Comprehensive Protection Strategy Richard underscores the importance of a comprehensive protection strategy for organizations facing the threat of DDoS attacks. By leveraging Akamai's global network and sophisticated scrubbing techniques, organizations can effectively mitigate the impact of these attacks. The combination of automated defenses and skilled SOC teams ensures real-time protection and rapid response to evolving threats. In this conversation, Sean and Richard reiterate the significance of maintaining trust and resilience in the face of growing cyber threats. With the right strategies, partnerships, and technologies, organizations can safeguard their digital presence and continue to deliver reliable...

SMBs and Mid Market companies make up 63% of the GDP, and over 70% of employment - making them the backbone of the economy. The entire cybersecurity industry is focused on the enterprise market, paying lip service to the SMB SME segments, leaving them vulnerable to cyber attacks. Coro decided to change the status quo and built a platform that was designed from day one for the overlooked SMB and SME segments - because we believe they deserve the best protection there is so they can focus on growing their businesses, and not cyber threats. There were three barriers to SMBs getting adequate protection: The need for multiple tools to get end to end protection, the extreme labor intensiveness of managing these platforms, and the overall cost. What Coro did was create a platform that removes all three barriers. 1) It's a single platform with one dashboard and one endpoint agent that covered all of the cybersecurity needs. 2) The platform uses smart automation to offload workloads from people to machines, dramatically reducing the need to chase and remediate security events manually, and 3) Provide all of that for a price point that any SMB could easily afford. Visit the Coro website and schedule a call with our Cyber Experts to see how we can help. Learn more about CORO: https://itspm.ag/coronet-30de Note: This story contains promotional content. Learn more. Guest: Dror Liwer, Co-Founder at Coro [@coro_cyber] On LinkedIn | https://www.linkedin.com/in/drorliwer/ Resources Learn more and catch more stories from CORO: https://www.itspmagazine.com/directory/coro 2024 SME Security Workload Impact Report -- https://www.coro.net/sme-security-workload-impact-report Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/ Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up Are you interested in telling your story? https://www.itspmagazine.com/telling-your-story

Guests: Mandy Turner, Senior Manager - Heading up Cybersecurity Operations On LinkedIn | https://www.linkedin.com/in/amandajane1/ Nyalok Gatwech, Data and Engagement Assistant, The University of Queensland On LinkedIn | https://www.linkedin.com/in/nyalok/ ____________________________ Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin View This Show's Sponsors ___________________________ Episode Notes In this episode of the Redefining CyberSecurity Podcast, the conversation explored the intersection of criminology and cybersecurity with insights from Mandy Turner and Nyalok Gatwech. The discussion emphasized the significance of incorporating criminological principles into cybersecurity practices to better understand and combat cyber threats. Mandy Turner elaborated on the practical applications of criminology within cybersecurity. She provided examples of how profiling cybercriminals based on criminological research can aid in predicting and preventing cyberattacks. Turner's insights underscored the value of empirical data in shaping cybersecurity strategies and policies. Nyalok Gatwech shared her perspective on the evolving nature of cyber threats. Gatwech emphasized that as cyber threats become more sophisticated, the integration of criminology into cybersecurity becomes increasingly crucial. She pointed out that understanding the socio-economic factors that drive individuals to engage in cybercrime can help develop more targeted and effective interventions. Together, the guests painted a comprehensive picture of how criminology can enrich the field of cybersecurity. They argued that by studying the patterns and underlying causes of cybercriminal behavior, professionals can develop more robust defensive mechanisms. There is a consensus amongst the group on the need for ongoing research and collaboration between criminologists and cybersecurity professionals to stay ahead of emerging threats. It is evident that a multifaceted approach, integrating both criminological and cybersecurity expertise, is essential for addressing the dynamic landscape of cyber threats effectively. Top Questions Addressed ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources empressbat Magazine: https://www.empressbat.com/magazine ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc

Guest: Mun Valiji, CISO, Trainline On LinkedIn | https://www.linkedin.com/in/munawar-v-b636802/ ____________________________ Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes In this engaging episode of the "On Location with Sean and Marco Podcast," Sean Martin flies solo to dive into the upcoming Infosecurity London event, focusing on a series of critical topics in the cybersecurity landscape. While Marco is notably absent, Sean hosts an insightful conversation with Mun Valiji, the outgoing CISO at Trainline. The episode opens with Sean introducing the main topics of the discussion, which include the evolution of the Chief Information Security Officer (CISO) role, as well as the current state and future of Managed Security Service Providers (MSSPs). Mun contributes a detailed overview of his role at Trainline, highlighting his extensive experience spanning over 20 years and emphasizing the importance of blending human and technical elements in cybersecurity. Sean and Mun discuss the main objective of Mun’s keynote session, "The Evolution of the CISO and the Digital Enterprise," scheduled for Thursday, June 6th. Mun passionately describes the challenges CISOs face today, including regulatory requirements, commercial agility, and the necessity of embedding security by design. He underscores the evolving responsibilities CISOs hold, particularly in fostering a security-conscious culture within fast-paced, high-growth organizations. The conversation then transitions to the MSSP landscape, where Mun highlights the hybrid model's role in modern security strategies. Scheduled for Tuesday, June 4th, Mun’s panel session on MSSP competitiveness explores how organizations can effectively leverage MSSPs to handle routine security tasks, allowing internal teams to focus on strategic aspects such as secure-by-design principles. Mun stresses the importance of community and collaboration, shedding light on how peer-to-peer and cross-industry interactions enhance security practices. He also touches on the impact of advanced technologies like AI and natural language processing in shaping future security frameworks. Listeners are encouraged to join Mun and other industry leaders at InfoSecurity London, where they will share deeper insights and practical strategies. The episode wraps up with Sean expressing enthusiasm for the event and looking forward to further discussions and engagements. This episode compellingly explores strategic innovations and practical challenges in cybersecurity, making it a must-listen for professionals eager to stay ahead in the ever-evolving digital security landscape. Top Questions Addressed Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr Be sure to share and subscribe! ____________________________ Resources The Evolution of the CISO in Digital Enterprise: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.3783.219371.the-evolution-of-the-ciso-in-digital-enterprise.html Staying Competitive as an MSSPs In an Evolving Cybersecurity Landscape: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.3783.219851.staying-competitive-as-an-mssps-in-an-evolving-cybersecurity-landscape.html Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg ____________________________ Catch all of our...

Guest: Jon Davies, Senior Director - Cyber Defence, News Corp On LinkedIn | https://www.linkedin.com/in/drjondavies/ ____________________________ Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes In this engaging episode of the On Location with Sean and Marco Podcast, hosts Sean Martin and Marco Ciappelli dive into the imminent Infosecurity Europe event with special guest Jon Davies, a Senior Director at NewsCorp. The conversation opens with Sean and Marco expressing their excitement about the event, especially focusing on Jon Davies' upcoming panel discussion on the controversial topic of ransomware payments. Jon highlights the diverse perspectives that will be represented on his panel, including law enforcement, insurance sectors, and end consumers. This diversity aims to illuminate the complex landscape of ransomware and the regulations surrounding it. Jon explains how recent guidance from UK government bodies is prompting debate about whether ransomware payments should be made illegal, and the implications this could have on businesses and society at large. The dialogue shifts towards the impact of ransomware on different sectors, particularly critical infrastructure and healthcare. Sean raises the ethical dilemma of whether companies responsible for essential services should pay ransoms to ensure continuity and safety, also touching on the broader societal implications and fiduciary responsibilities of publicly traded companies. Jon shares an interesting anecdote about a unique ransomware tabletop activity where he collaborated with hostage negotiators to better understand how to navigate ransomware demands. This leads to an intriguing discussion about the human element in cyber negotiations and the potential benefits of leveraging negotiation tactics traditionally used in hostage situations. Marco and Sean further explore the necessity of having a strategic response plan in place for ransomware attacks, emphasizing the stark contrast between the resources available to large corporations versus small businesses. Jon underscores the importance of having a playbook and a coordinated effort to report and manage cyber incidents effectively. The conversation also touches on the role of insurance policies in cyber warfare, potential regulatory changes, and the need for a collective effort to combat ransomware. Jon argues for a balanced approach that includes technological investment, regulatory measures, and smart strategic planning. As the episode wraps up, Sean and Marco express their eagerness to attend the panel and encourage listeners to stay tuned for further coverage of Infosecurity Europe. This episode offers a comprehensive look at the multifaceted issue of ransomware, providing valuable insights for businesses of all sizes. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr Be sure to share and subscribe! ____________________________ Resources Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society...

Guest: Phil Beyer, Owner, Getting Security Done, Inc. On LinkedIn | https://www.linkedin.com/in/pjbeyer/ ____________________________ Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin View This Show's Sponsors ___________________________ Episode Notes In this episode of the Redefining CyberSecurity Podcast, host Sean Martin is joined by Phil Beyer, former Head of Security at Etsy, to dive into the nuanced dynamics of interviewing for Chief Information Security Officer (CISO) roles. The discussion provides a multifaceted exploration of the CISO job market from both the employer and candidate perspectives, highlighting the evolving expectations and realities facing security leaders today. Sean and Phil engage in a candid conversation about the state of the cybersecurity job market, emphasizing the shift towards an employer's market for CISO positions. This shift has intensified the challenges faced by candidates, including navigating interviews that may reveal deeper insights into an organization's cybersecurity program and its alignment (or lack thereof) with the candidate's vision and expertise. Phil shares his experience and observations from his recent job searches, noting the complexities inherent in the process and the importance of aligning personal values and professional goals with potential roles. The episode touches on the importance of assessing the culture of potential employers and the critical role of the interviewing process in gauging fit on both sides. A significant theme of the discussion is the need for transparency and clear communication between candidates and employers, particularly regarding the current state and desired direction of the cybersecurity program. Sean and Phil highlight how the expectations set during the interview process can significantly impact the ultimate success of the chosen CISO in driving the cybersecurity strategy forward. Additionally, the episode addresses the broader implications of these hiring dynamics on the cybersecurity industry and the importance of fostering a community where shared experiences and strategies can lead to more effective leadership and program development. Listeners will gain insights into the strategic considerations necessary for both CISO candidates and hiring organizations in today's complex cybersecurity landscape, as well as the leadership and relationship-building skills crucial for success in these influential roles. Top Questions Addressed ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources Rites of Passage by John Lucht (Book): https://a.co/d/3CmMMHa 2024 CISO Survey by Hitch Partners (Report): https://www.hitchpartners.com/ciso-security-leadership-survey-results-24 State of the CISO 2024 Report by IANS Research and Artico Search (Report): https://www.iansresearch.com/resources/infosec-content-downloads/research-reports/2023-2024-state-of-the-ciso-benchmark-report ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc

Guest: Sarah Young, Senior Cloud Security Advocate, Microsoft [@Microsoft] On LinkedIn | https://www.linkedin.com/in/sarahyo16/ On Twitter | https://twitter.com/_sarahyo ____________________________ Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin View This Show's Sponsors ___________________________ Episode Notes In this episode of the Redefining CyberSecurity Podcast hosted by Sean Martin, the focus was on "Security 101 training with Sarah Young." The discussion explored the foundational aspects of security training led by Sarah Young, an esteemed security educator with years of experience in the field. Throughout the episode, Sarah Young shared her insights on the importance of establishing a strong security training program within organizations. As a seasoned professional in the realm of cybersecurity education, Sarah emphasized the critical role of continuous learning and development in building a resilient security posture. Listeners are treated to a thought-provoking dialogue that highlighted the significance of equipping employees with the necessary knowledge and skills to combat evolving cyber threats effectively. Sarah's expertise in crafting comprehensive training modules tailored to various organizational needs was evident, showcasing her dedication to empowering individuals with the tools to safeguard sensitive information. Moreover, the episode shed light on the practical strategies and approaches that Sarah employs to make security training engaging and impactful. From interactive workshops to scenario-based simulations, Sarah's innovative methods ensure that participants not only grasp fundamental security concepts but also cultivate a security-conscious mindset in their day-to-day operations. This episode encapsulated the essence of effective security training and serves as a reminder of the pivotal role that dedicated professionals like Sarah Young play in shaping a resilient cybersecurity culture. ___________________________ Watch this and other videos on ITSPmagazine's YouTube Channel Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq ITSPmagazine YouTube Channel: 📺 https://www.youtube.com/@itspmagazine Be sure to share and subscribe! ___________________________ Resources ___________________________ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast Are you interested in sponsoring this show with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc

Guest: Stuart Seymour, Group CISO and Chief Security Officer, Virgin Media O2 On LinkedIn | https://www.linkedin.com/in/stuart-seymour-a4b7522/ ____________________________ Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] On ITSPmagazine | https://www.itspmagazine.com/sean-martin Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli ____________________________ Episode Notes In this episode of the On Location with Sean and Marco, Sean Martin hosts a captivating discussion with Stuart Seymour, the Director of Security at Virgin Media 02. The episode dives into the realm of crisis management, unpacking the complexities and challenges faced by organizations in responding to unforeseen events. Stuart Seymour shares insights into the significance of crisis management, emphasizing the need for robust planning and coordination across different functions within an organization. He dives into the essence of crises as events that significantly impact business operations and require unified strategies for effective management. The conversation touches on the concept of resilience, highlighting the broader spectrum that encompasses business resilience, operational resilience, IT resilience, and cyber resilience. Stuart stresses the importance of viewing cybersecurity within the context of overall business resilience and the interplay between various facets of an organization. The episode also explores the dynamics of crisis escalation, detailing the role of crisis committees in navigating challenging situations. Stuart emphasizes the principle of "prudent overreaction" in crisis management, advocating for proactive measures and coordinated responses to mitigate risks effectively. Furthermore, the episode touches on the diversity of perspectives in crisis management, as showcased by the upcoming panel discussion featuring stakeholders from varied industries. The panel aims to provide a comprehensive understanding of crisis scenarios and valuable insights for the audience. Overall, this episode offers a deep dive into the intricacies of crisis management, emphasizing the necessity of proactive planning, collaboration, and adaptability in navigating unforeseen challenges. The engaging dialogue between Sean Martin and Stuart Seymour sheds light on the critical role of resilience in building and sustaining organizational preparedness in the face of crises. Be sure to follow our Coverage Journey and subscribe to our podcasts! ____________________________ Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcLEF2H9r2svIRrI1P4Qkr Be sure to share and subscribe! ____________________________ Resources Learn more about InfoSecurity Europe 2024: https://itspm.ag/iseu24reg ____________________________ Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast To see and hear more Redefining Society stories on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-society-podcast Are you interested in sponsoring our event coverage with an ad placement in the podcast? Learn More 👉 https://itspm.ag/podadplc Want to tell your Brand Story as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf