The Security Collective Podcast

Today we are recapping some of the great episodes from season 11 'In Case You Missed' them! We have put together a snippet of the best parts from each guest for you, and if you like what you hear, click below to listen to the full episode, or head to wherever you enjoy our podcast, and check out the full back catalogue. Links: Marc Bown Stephen Kennedy Craig Ford Naveen Chilamkurti Paul McCarty Yvette Lejins Jamie Newman Paul Wenham Samm MacLeod For the full episode, transcript please visit our website

It’s our last episode for the season, and we are joined by a very good friend of Claire’s and of the podcast, Samm MacLeod. Samm and Claire discuss what's been happening since we caught up with her 12 months ago in season eight, when Samm generously shared her CISO journey through burnout and recent sabbatical. She's now back CISO-ing, and this time they covered digital transformations and security transformations. Samm MacLeod is an experienced Information Security Executive with experience across multiple industry verticals including tech, financial services, and critical infrastructure. Having led several cybersecurity transformation programs, Samm helps organisations imbed effective security practices through cyber security strategy, security operating models, and risk management frameworks. Samm’s experience with boards, audit & risk committees, and executives allows her to bring a unique set of experiences and perspective to the management of technology and cyber risk and the delivery of security best practice. She is currently an appointed Netskope Security Board Advisor and has previously held non-executive positions on a critical infrastructure board (AEMO Cybersecurity Board), securitisation & financial services board (MEPM) and Information Security education and research board (Deakin Executive Board). Based on the Bellarine Peninsula, Samm is an industry speaker and writer, and an advocate for diversity in cyber. Links: Samm LinkedIn For the full episode transcript, please visit our website. The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

Jamie Newman has a refreshing take on security and joins Claire as they chat about understanding the security posture in diverse organisations, they discuss about third party contracts, how much money you should be spending on compliance and what meaningful metrics might look like. Jamie is an experienced IT Leader with more than 20 years experience in applications and infrastructure transformation in varying national and regional roles. His career started in HR, but then quickly moved into a technology path in the late 90's and has worked predominantly in Manufacturing, Retail and B2B environments, working in Singapore, Japan and the Middle East. Jamie moved into senior management in 2008, and has been in C level roles for the last 10 years. Links: Jamie LinkedIn Jamie Twitter Episode 68 For the full episode transcript please visit our website The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

Paul Wenham joined Claire to talk about the what, how, and why he started Assurance Lab. They also cover the value of auditing, how compliance can be the foundation stone for startups and his new book, which he is making open source for others to contribute to; and talked about the fact that Assurance Lab is a B Corp, and why that is so important to Paul and his team. Paul has worked in cybersecurity audits and compliance for over 11 years. His past roles have spanned professional services at PwC, leading the cybersecurity and compliance program for a global software company Qstream, and governance over third-party cyber standards at Westpac and Mercer. Paul founded Assurance Lab in 2018, a Regtech software and audit services firm now working with over 150 cloud software companies across 12 countries. AssuranceLab supports their security and compliance programs to meet global standards (SOC 1, SOC 2, ISO 27001, HIPAA, Consumer Data Right, CSA STAR, GDPR, CCPA, and ESG reporting). Assurance Lab has a broad network of partners in the cybersecurity industry, leveraging the natural synergies of AssuranceLab's independence as an audit firm. Links: Website Assurance Lab Linkedin Paul LinkedIn Episode 102. Cyber in Local Government with Paul Barrett For the full episode transcript, please visit our website. The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

Paul McCarty is a DevSecOps evangelist, and his recent chat with Claire was so great, we had to split it into 2 parts. In part 2 they discuss minimum viable security product, the Software Bill Of Materials (SBOMs) and making governance material consumable for senior audiences, no matter how unsexy policies might be. Paul is the founder of SecureStack, the world's first DevSecOps Maturity Platform. Paul has been helping organisations build more secure applications for almost 30 years. He’s worked for large organisations like NASA, Boeing, Blue Cross/Blue Shield, John Deere, the US military, but he’s also worked with several startups going back to the mid nineties. Paul is a frequent contributor to open source and Linux projects and is a co-organiser of several community group meetups here in Australia. Links: Website LinkedIn Twitter GitHub For the full episode transcript, please visit our website The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

Paul McCarty is a DevSecOps evangelist, and his recent chat with Claire was so great, we had to split it into 2-parts. In part 1 they talk about his DevSecOps Playbook, the challenges of security and engineering teams working together harmoniously, and how to apply the Essential 8 to the software development lifecycle. You can hear Claire really enjoyed chatting to Paul about some of the more technical aspects of security and hearing his views on application security best practice. Paul is the founder of SecureStack, the world's first DevSecOps Maturity Platform. Paul has been helping organisations build more secure applications for almost 30 years. He’s worked for large organisations like NASA, Boeing, Blue Cross/Blue Shield, John Deere, the US military, but he’s also worked with several startups going back to the mid nineties. Paul is a frequent contributor to open source and Linux projects and is a co-organiser of several community group meetups here in Australia. Links: Website LinkedIn Twitter GitHub For the full episode transcript, please visit our website. The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

Claire is joined by Yvette Lejins as they discuss what people centric security means to her, what boards need from their CISO communications and the very real risk of insider threat. Claire was also curious to ask a bit about Yvette’s transition from CISO at Jetstar in house to being residency CISO for a security vendor. Yvette joined Proofpoint from Qantas Airline Group in 2021, where she was the CISO for the Jetstar Group of Airline companies (Jetstar Aus/NZ, Jetstar Asia, Jetstar Japan and Jetstar Vietnam). Prior to Qantas she was the CISO at Australia's largest freight and logistic company Asciano, as well as having built up the security function at Atlassian before they went to IPO. She is a Fellow of the Australian Information Security Association. In her role as Resident CISO, APJ, Yvette focusses on driving Proofpoint’s people-centric security vision, strategy, and initiatives amongst its customer base. Her hands on experience, knowledge, and perspective in managing risk and improving cyber security posture across complex enterprises is extensive. She provides trusted cyber advice and insight advisory services for Proofpoint customers. Links: Yvette LinkedIn For the full episode transcript, please visit our website. The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

Claire is joined by La Trobe scholar Naveen Chilamkurti as they cover some of the amazing work La Trobe is doing to welcome people into the cyber industry through great micro credentialing programmes. They discuss what micro credentials are, the value of this way of study, and how employers are valuing University qualifications such as micro credentials. He also shared what academia are currently working on, including crypto and 6G. Naveen is currently the Associate Dean (International Partnerships), SCEMS Professor and Head of the Cybersecurity discipline, previously the Director of International Programs since 2017. He serves as the Technical Editor of the highly ranked IEEE Wireless Communications Magazine and IEEE Transactions on Vehicular Technology. Naveen has published more than 330 journal and conference papers, including IEEE and ACM Transactions and is active in editing and authoring 9 books with Elsevier, Springer, IGI-Global and NOVA publishers. Naveen has successfully attracted 20 research grants since 2000 to support PhD Scholarships, fellowships, and travel grants for research collaboration and in 2012 and 2018, he was awarded a research fellowship to work with IIT Kanpur and IIT Hyderabad. Links: Website For the full episode transcript, please visit our website The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

We welcome back author Craig Ford as he and Claire dive a little deeper into his latest book 'Foresight' which has been nominated for an Aurelis Award in the young reader category. There is cybercrime, romance, spies and hacking and a few matrix references in there for the fans. Aside from the book, Craig and Claire discuss the ongoing challenges of the cyber skill shortage and the state of cyber in Australia over the past 12 months. Craig is the CTO for Baidam Solutions where he leads the technical services division of the organisation. Craig is also the Queensland Chair for the Australian Information Security Association (AISA). He is an experienced cybersecurity professional with various qualifications including two master’s degrees and a history in both pen-testing and security engineering. Craig is a published author with the books “A Hacker, I Am” and “A Hacker, I Am – Vol 2” in his first cyber awareness series and “Foresight” a new cyberpunk/hacker fantasy series published in June 2022. He is a freelance cybersecurity journalist who is best known for his work on CSO Australia (IDG Communications) in which he contributed almost 100 cybersecurity articles between 2018-2020. He is now a regular columnist with the Women in Security Magazine as well as a freelance contributor for Careers with STEM, Top Cyber News, Cyber Today and Cyber Australia Magazines. Links: Episode 67 -Getting the Basics Right with Craig Ford Website LinkedIn Facebook Twitter For the full episode transcript, please visit our website The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

Claire is joined by Stephen Kennedy as they cover the balance of engineers between security and functionality. They talk about secure coding expectations, and also the role compliance plays in software development. Stephen shares his experience moving from being an engineer into C-level leadership and the security lens of which he then had to look through. Stephen's background is as a software engineer, but he's since transitioned into CTO and a CIO roles. He's worked across Australia, New Zealand, and the United Kingdom for organisations ranging from start-ups to large scale enterprises. His most recent role has involved increased security scrutiny in working with large multi-billion-dollar partners (e.g. shipping lines) with compliance mandates, and as such he's had to evolve his career to take on more of a security, privacy, and compliance focus. Links: Stephen LinkedIn Stephen Twitter The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager. For the full episode transcript, please visit our website.

The first episode for this season we welcome Marc Bown the CISO and Enterprise Technology lead at Immutable, a web3 gaming scale up. Claire and Marc discuss the culture versus tech debate, exactly what web3 gaming is, and Marc shared his thoughts on what we as a security industry are still trying to get right. Prior to Immutable, Marc helped found the security teams at Sportsbet, Fitbit and Afterpay. Passionate about building empowered, high-performing teams, he believes that good security is as much about culture as it is technology. Links: Marc LinkedIn The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager. For the full episode transcript please visit our website.

Listen as Claire provides a quick overview of what to expect this upcoming season on The Security Collective podcast - kicking off next Thursday 27 October. The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager. You can read the full transcript on our website

We've taken some clips of wisdom from five of our guests this season and brought them together in a neat package for you. This season in partnership with LastPass, we focused heavily on third party risk and supply chain security. For the full episode transcript, please visit our website. The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

Following the success of our recent webinar, Claire is again joined by Alla Valente, this time they discuss the role of procurement, talk about supply chain risk as an enterprise wide risk and discuss who might own this risk. They covered how businesses are struggling to give third parties limited access to data and systems, and the flow on effects of managing the right level of access to get the job done. Alla Valente is a senior analyst at Forrester serving security and risk professionals. She covers GRC, third-party risk (TPRM), supply chain risk (SCRM), and contract lifecycle management (CLM) strategy, best practices, and technology. Her research includes coverage of key regulatory compliance issues; risk management, ethics, and trust in digital transformation; and operational resilience. In this role, she helps Forrester clients build and mature a comprehensive programs that maximises business opportunity and performance while minimising risk and protecting the organisation’s brand. Links: Alla LinkedIn For the full episode transcript, please visit our website The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

Claire is joined by Paul Barrett as they talk about cyber culture in local government, how the governance model for cyber is changing for the better, and Paul shares why he sees audits as a gift. It is great hearing Paul's view on cyber and getting a glimpse into being a CIO and local government. Paul Barrett is an experienced an IT professional with nearly 15 years industry experience and 7 years local Government experience. His technical background is in network and security with a transition into people leadership, governance and information management over the last 6 years. Paul has a passion for implementing tangible change within organisations and place business process improvement at the core of technology solutions, and enjoys building high performing teams, hiring character ahead of technical ability. Links: Paul LinkedIn For the full episode transcript, please visit our website The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

Claire is joined by Grant Chisnall a crisis trainer, advisor and podcaster, who has a passion for leadership communication and decision making. In this episode they covered a lot of ground including the escalation from incident response to crisis management, and talk about business collaboration before an incident, and how to plan for resilience while mopping up a cyber incident. Grant has supported some of the world's leading organisations through crisis events ranging from cyber attacks to coronavirus; activism to air crashes; and from Natural disasters to workplace fatalities. His podcast ‘Crisis Talks’ tells the extraordinary stories of people who have led through crises and their stories of leadership and resilience in the face of adversity. Grant’s aim is to help leaders prepare for the worst-case scenarios and respond proactively and with confidence to any incidents that threaten their people, operations or reputation. Links: Grant LinkedIn Left of Boom website For full episode transcript please visit our website. The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

To celebrate the 100th episode and recently hitting 30,000 downloads, Claire wanted to honour some of the guests that have given their time and thought leadership so generously. So here's a little trip down memory lane, which we hope that you enjoy. For the full episode transcript, please visit our website. The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

In part 2 of Claire’s webinar with Alla Valente and Vijay Krishnan they cover software supply chain, how to navigate fourth party risk and talked about offshore supply chain risks such as privacy and data sovereignty, as well as some great audience questions. they cover software supply chain, how to navigate fourth party risk and talked about offshore supply chain risks such as privacy and data sovereignty. They also covered some great audience questions. Alla Valente is a senior analyst at Forrester serving security and risk professionals. She covers GRC, third-party risk (TPRM), supply chain risk (SCRM), and contract lifecycle management (CLM) strategy, best practices, and technology. Her research includes coverage of key regulatory compliance issues; risk management, ethics, and trust in digital transformation; and operational resilience. In this role, she helps Forrester clients build and mature a comprehensive programs that maximises business opportunity and performance while minimising risk and protecting the organisation’s brand. Vijay Krishnan is the CISO at UniSuper leading Security Operations, Security Governance, Risk & Compliance, Security Strategy, Architecture & Design, Identity & Access Management, and Enterprise Observability. In his role, he leads a multi-year security program to reduce UniSuper security risk thus protecting UniSuper members. Vijay has extensive experience in negotiating clear and concise security and technology outcomes in regulatory, policy and outsourcing agreements delivering value creation opportunities. He has large, diverse national and international experience with extensive executive and Board level exposure. Links: Alla LinkedIn Vijay LinkedIn Episode #48 The value of great boss with Vijay Krishnan+ Questions for Alla's upcoming recording with Claire For the full episode transcript, please visit our website The Security Collective podcast is brought to you in partnership with LastPass, the leading password manager.

Earlier this week Claire hosted a live webinar with Alla Valente and Vijay Krishnan as they shared their insights on supply chain security versus third party risk. In part 1 Vijay covers APRA's CPS234 and the need for effective security controls, not just compliant ones. We also cover the role of legal and procurement in the third party assurance process. There's a tonne of great insights to be gleaned from both Alla and Vijay in this ever present risk. Alla Valente is a senior analyst at Forrester serving security and risk professionals. She covers GRC, third-party risk (TPRM), supply chain risk (SCRM), and contract lifecycle management (CLM) strategy, best practices, and technology. Her research includes coverage of key regulatory compliance issues; risk management, ethics, and trust in digital transformation; and operational resilience. In this role, she helps Forrester clients build and mature a comprehensive programs that maximises business opportunity and performance while minimising risk and protecting the organisation’s brand. Vijay Krishnan is the CISO at UniSuper leading Security Operations, Security Governance, Risk & Compliance, Security Strategy, Architecture & Design, Identity & Access Management, and Enterprise Observability. In his role, he leads a multi-year security program to reduce UniSuper security risk thus protecting UniSuper members. Vijay has extensive experience in negotiating clear and concise security and technology outcomes in regulatory, policy and outsourcing agreements delivering value creation opportunities. He has large, diverse national and international experience with extensive executive and Board level exposure. Links: Alla LinkedIn Vijay LinkedIn Episode #48 The value of great boss with Vijay Krishnan Questions for Alla's upcoming recording with Claire For the full episode transcript, please visit our website The Security Collective podcast is brought to you in partnership with LastPass, the leading password manager.

Join us Tuesday 19 July 2022 at 10:30am (AEST) as we are going live for The Security Collective podcast in partnership with LastPass. We've invited Vijay Krishnan from UniSuper and Alla Valente from Forrester to join Claire in a conversation about supply chain security. You can learn more on our website Register for the event here