Reimagining Cyber - real world perspectives on cybersecurity

In this episode Stan and Rob delve into the critical issue of protecting seniors from cyber threats. Guest Michael Echols, author of "The Shield: Protecting Seniors From Hackers," sheds light on the alarming vulnerability of seniors in the digital age. Drawing from personal experiences, Stan highlights how elderly family members are frequently besieged by scams, including fraudulent calls and phishing attempts. Michael unpacks the various tactics employed by cybercriminals, from romance scams to Medicare fraud, emphasizing the emotional manipulation used to exploit seniors' trust. Michael also stresses the importance of proactive measures, such as credit freezes, to bolster cybersecurity defenses. He advocates for open dialogue and collaborative efforts within families and communities to combat cyber threats effectively. Furthermore, the role of AI in both perpetrating and mitigating cyber risks is explored. While AI-driven attacks pose new challenges, innovative solutions like AI-powered call screening offer promising avenues for safeguarding seniors. The episode concludes with a call to action: to recognize the gravity of the cybersecurity threat facing seniors and to take proactive steps to mitigate risks. By fostering awareness, implementing security measures, and fostering open communication, we can collectively shield seniors from the perils of cybercrime. Follow or subscribe to the show on your preferred podcast platform. Share the show with others in the cybersecurity world. Get in touch via reimaginingcyber@gmail.com

What is an insider threat? How do you mitigate the impact of an insider theat? From malicious insiders driven by profit or spite to negligent insiders prone to carelessness, and compromised insiders unwittingly manipulated by external forces, Rob Aragao and Stan Wisseman try to unravel the layers of this critical cybersecurity concern. Drawing from recent incidents like the Sisense breach and the XZ exploit, light is shed on the evolving tactics employed by malicious actors, highlighting the pressing need for robust detection and response mechanisms. Links to points raised in this episode: What is an insider threat?Insider Threats in 2024: 30 Eye-Opening StatisticsInsider Threat Statistics for 2024: Reports, Facts, Actors, and Costs2023 Cost of Insider Risks studyMITRE ATT&CK frameworkMITRE’s Insider Threat TTP Knowledge Base projectXZ exploitYakima Valley Memorial Hospital breachSisense breachYahoo IP theftTesla insider threat incidentBlog by Stan - Insider Threats Demystified: Enhancing Security with ITDR and MITRE ATT&CK Frameworks Follow or subscribe to the show on your preferred podcast platform. Share the show with others in the cybersecurity world. Get in touch via reimaginingcyber@gmail.com

"For nation states today their biggest bang for the buck is going to be to attack the perception of voting system security much more than the reality of voting system security." Stan Wisseman and Rob Aragao delve into the critical realm of election security with Dr. Ben Adida, the co-founder and executive director of VotingWorks, renowned for his expertise in safeguarding our voting processes. Dr. Adida shares insights from his two-decade journey at the forefront of election security, offering a deep dive into the complexities of ensuring the integrity of our democratic process. From the challenges of balancing ballot secrecy with verifiability to the evolving landscape of election security concerns, the conversation navigates through the intricate web of issues surrounding voting systems. Dr. Adida sheds light on the pivotal role of voter-verifiable paper ballots and post-election audits in bolstering trust and transparency, emphasizing the need for modernizing voting technology to align with current security standards. As the discussion unfolds, topics ranging from external influences on elections to the role of federal guidelines versus state autonomy are explored, providing a comprehensive overview of the multifaceted efforts to fortify election integrity. Dr. Adida's vision for the perfect voting system, grounded in openness, transparency, and layered defense mechanisms, offers a compelling roadmap for safeguarding democracy in the digital age. https://www.eac.gov/voting-equipment/voluntary-voting-system-guidelines Follow or subscribe to the show on your preferred podcast platform. Share the show with others in the cybersecurity world. Get in touch via reimaginingcyber@gmail.com

In this episode Stan Wisseman and Rob Aragao delve into the critical yet often overlooked realm of API security. APIs, the linchpin of today's digital landscape, facilitate seamless communication between diverse software components, but they also present enticing targets for cyber threats. Through real-world examples and insightful analysis, Stan and Rob explore the escalating risks associated with APIs and offer strategies for fortifying your organization's defenses. From understanding your API inventory to implementing robust security measures, this episode equips listeners with essential knowledge to navigate the complex terrain of API security and safeguard their digital assets effectively. Helpful links relevant to this episode: Growing Concern Over API SecurityAPI Security 2024OWASP Top 10 API Security Risks—2023Developer Guide to the 2023 OWASP Top 10 for API SecurityFortify API SecurityNetIQ Secure API Manager Follow or subscribe to the show on your preferred podcast platform. Share the show with others in the cybersecurity world. Get in touch via reimaginingcyber@gmail.com

“It’s only going to get worse if we don't pump the brakes and go, nope, we need to make sure we're doing this the right way.” In this episode, Tim Fowler, an accomplished offensive security analyst and penetration tester from Black Hills Information Security, joins the podcast to discuss the intersection of cybersecurity and space systems. Tim sheds light on: Drawing from real-world examples like the ViaSat hack, Tim underscores the need for proactive cybersecurity measures, especially in the face of evolving threats and the increasing democratization of space technology. The conversation also touches upon international collaboration and regulatory efforts in space cybersecurity, with Tim mentioning standards set by bodies like the Consultative Committee for Space Data Systems (CCSDS). However, challenges persist, including the cultural shift required to prioritize cybersecurity early in the space system lifecycle and address emerging threats effectively. For details on Tim's Introduction to Cybersecurity and Space Systems class go to: https://www.antisyphontraining.com/ Follow or subscribe to the show on your preferred podcast platform. Share the show with others in the cybersecurity world. Get in touch via reimaginingcyber@gmail.com

Join hosts Stan Wisseman and Rob Aragao as they explore the evolution of payment card security standards. With insights on PCI DSS 4.0, they dive into key changes and technology considerations. From data protection to application security, this episode offers crucial insights for organizations navigating compliance in an ever-evolving landscape. Follow or subscribe to the show on your preferred podcast platform. Share the show with others in the cybersecurity world. Get in touch via reimaginingcyber@gmail.com

In this episode, the Rob and Stan delve into a recent cyber attack targeting Change Healthcare, a key player in the healthcare sector. They highlight the unprecedented nature of the breach, its implications, and the collaborative efforts undertaken to mitigate its impact. Change Healthcare, based in Nashville, Tennessee, disclosed the cyber attack on February 21st, causing significant disruptions across the healthcare ecosystem. The breach impacted various services, including claims processing and clinical decision support, affecting hospitals, pharmacies, and patients alike. The attackers, identified as the ransomware group BlackCat, operated on a ransomware-as-a-service model. The hosts discuss the complex web of ransomware operations and affiliate relationships, shedding light on the intricate nature of cyber threats facing the healthcare industry. The breach triggered a swift response from government agencies, with the Medical Group Management Association requesting assistance from the Department of Health and Human Services (HHS). HHS issued statements and provided alternative electronic data interchange options to minimize disruptions in patient care. Rob and Stan look at the critical need for cybersecurity resiliency in the healthcare sector. They discuss proposed measures, including the adoption of HHS cybersecurity performance goals and the streamlining of funding opportunities to bolster cybersecurity defenses. Follow or subscribe to the show on your preferred podcast platform. Share the show with others in the cybersecurity world. Get in touch via reimaginingcyber@gmail.com

What is the impact of open-source software (OSS) on modern software development? This episode delves into the findings of a recent study commissioned by Open Text and conducted by Forrester called "Unlock Resources With Automated Open-Source Discovery And Intake". Stan and Rob unpack the evolving role of OSS, shedding light on both its opportunities and challenges. With 70% of organizations reporting that over half of their coding efforts involve OSS, it's evident that OSS plays a pivotal role in accelerating innovation and reducing costs in software development. However, as the hosts discuss, this rapid adoption isn't without its hurdles. From ensuring security and compliance to navigating through the complexities of OSS licensing, organizations face a myriad of challenges. Stan and Rob examine the ramifications of overlooking security vulnerabilities, compliance standards, and licensing terms, drawing from real-world examples to underscore the importance of diligent management practices. But amidst the challenges lies a beacon of hope: automation. The hosts explore how automation is revolutionizing the discovery and integration of OSS components, paving the way for more secure and compliant software development processes. From streamlining discovery to prioritizing security early in the development cycle, automation holds the key to enhancing productivity and mitigating risks. Looking ahead, Stan and Rob speculate on future directions in OSS management, emphasizing the need for collaboration, early detection of security issues, and continued innovation in the space. Whether you're a developer, a legal expert, or a cybersecurity enthusiast, this episode offers valuable insights into the ever-evolving landscape of open source software. Tune in to gain a deeper understanding of the opportunities and challenges presented by open source software, and discover how organizations can navigate the open source seas with confidence and agility. Report: https://www.microfocus.com/en-us/assets/cyberres/automating-open-source-compliance Debricked Open Source Select - a search engine where you can find, filter for and evaluate open source packages and repositories. Follow or subscribe to the show on your preferred podcast platform. Share the show with others in the cybersecurity world. Get in touch via reimaginingcyber@gmail.com

In this episode of Reimagining Cyber, hosts Rob Aragao and Stan Wisseman are joined by Dorota Wrobel, Chief R&D Officer for G2A, the world's largest digital marketplace for video games and software. Dorata discusses G2A's evolution from a regular online store to a two-sided marketplace for digital products, emphasizing the need for robust cybersecurity measures in the digital environment. Dorota highlights the vulnerability of digital products to outside attacks and explains G2A's partnerships with top security companies to enhance security. She discusses G2A's strict seller verification processes and proof of purchase requirements to ensure trustworthiness and prevent fraud. The conversation delves into G2A's regulatory compliance efforts, including adherence to security standards required by Payment Service Providers and membership in organizations like the Merchant Risk Council. Dorata explains how AI technology is utilized for fraud detection and response, augmented by human interaction and step-up authentication processes. Looking to the future, Dorota discusses G2A's plans for further investment in monitoring systems and tokenizing payment options Follow or subscribe to the show on your preferred podcast platform. Share the show with others in the cybersecurity world. Get in touch via reimaginingcyber@gmail.com

In this conversation about threat hunting, Stan and Rob dive into why it's become such a crucial part of cybersecurity. They talk about how threat hunting isn't just about reacting to problems anymore, but it's become this proactive, creative way of spotting and tackling security issues before they become big headaches. They reflect on how the role of a threat hunter has changed over the years. It used to be all about reacting to alerts, but now it's more about actively seeking out threats and analyzing them. And with the threat landscape changing so quickly, threat hunters have had to evolve their methods to keep up. Stan and Rob also discuss the day-to-day workflow of a threat hunter. It's not just about sitting in front of a computer all day. It involves reviewing alerts, prioritizing threats, and collaborating with the team to share insights and strategies. But it's not all smooth sailing. They talk about the challenges threat hunters face, like dealing with huge amounts of data and making sure their tools all work together seamlessly. Plus, there's the added pressure of compliance and legal considerations. On the bright side, there's a whole arsenal of tools available to threat hunters, from fancy analysis platforms to simple note-taking apps. And with emerging tech like blockchain and quantum computing on the horizon, there's a lot of excitement about the future of threat hunting. They also touch on the importance of team dynamics and management in threat hunting. It's not just about having the right tools—it's about having the right mindset and culture within the team. And diversity and inclusion play a big role in that, bringing different perspectives to the table and making the team stronger. Overall, it's clear that threat hunting is more than just a job—it's a passion. And as long as there are cyber threats out there, there will always be a need for skilled threat hunters to track them down and neutralize them. Follow or subscribe to the show on your preferred podcast platform. Share the show with others in the cybersecurity world. Get in touch via reimaginingcyber@gmail.com

In this episode, Stan and Rob sit down with Felix Asare, a seasoned cybersecurity leader with extensive experience in the financial sector, including roles at Allianz and Putnam Investments. They delve into the cybersecurity landscape within the financial industry, exploring why it's a prime target for cybercriminals. Felix breaks down the appeal of targeting the financial sector, emphasizing the shift from physical to digital methods of theft due to the lucrative nature of financial data. He highlights the importance of regulations in setting security standards and explains how compliance, while necessary, isn't sufficient for robust cybersecurity. The conversation extends to the risks posed by the software supply chain, particularly third-party vendors, and the challenges of maintaining oversight in a complex ecosystem. Felix shares insights into mitigating risks associated with open-source software and the need for rigorous approval processes. They also discuss the emergence of smart contracts and the security implications of blockchain technology. Felix underscores the importance of auditing smart contracts and maintaining vigilance in the face of evolving threats like deepfake technology. Lastly, the discussion turns to the role of AI in cybersecurity defense, with Felix emphasizing its potential to enhance response times and analyze data. However, he also cautions against overreliance on AI and the need for human validation to combat emerging threats effectively. Overall, the episode provides valuable insights into the evolving cybersecurity landscape within the financial sector and the strategies employed to mitigate risks and enhance security posture. Follow or subscribe to the show on your preferred podcast platform. Share the show with others in the cybersecurity world. Get in touch via reimaginingcyber@gmail.com

In this episode, hosts Rob and Stan explore the EU's Digital Operational Resiliency Act (DORA) with Dominic Brown, a cybersecurity expert. DORA addresses cyber threats to EU financial systems, emphasizing risk management, incident response, and third-party oversight. Dominic compares DORA to US regulations and advises organizations to build risk management teams and enhance cyber resilience before the 2025 deadline. Follow or subscribe to the show on your preferred podcast platform. Share the show with others in the cybersecurity world. Get in touch via reimaginingcyber@gmail.com

In this episode of "Reimagining Cyber," Rob Aragao and Stan Wisseman welcome Adeel Saeed, discussing the importance of data protection in the evolving cybersecurity landscape. Adeel emphasizes the need to understand data sovereignty, navigate regulatory challenges like DORA, and implement a comprehensive data lifecycle strategy. The conversation delves into the nuances of technical debt related to data, the significance of cyber resilience, and the imperative for organizations to embrace a proactive approach in safeguarding their data assets. Follow or subscribe to the show on your preferred podcast platform. Share the show with others in the cybersecurity world. Get in touch via reimaginingcyber@gmail.com

Mother of All Breaches. The Midnight Blizzard attack. Nation state cyber conflicts. January 2024 has seen a blitz in cyber attacks. In this week's episode, hosts Stan Wisseman and Rob Aragao delve into the alarming start to the new year. 1. Mother of All Breaches (MOAB): · Unprecedented Scale: Over 26 billion records compromised, impacting major platforms like Twitter, LinkedIn, Adobe, and Dropbox, along with government agencies worldwide. · Data Complexity: The breach includes not only credentials but also sensitive data, creating substantial value for malicious actors. · Organization: The breach was meticulously organized, posing a significant threat to data security and privacy. 2. Midnight Blizzard Attack: · Notorious Group: Midnight Blizzard, also known as Cozy Bear and APT29, resurfaces · Targeted Organizations: Microsoft and HPE were among the targets, with a focus on compromising Office 365 exchange environments. · Attack Strategy: Utilizing password spraying and brute force, the attackers gained access to a legacy test nonproduction account, subsequently creating malicious OAuth applications. · Specific Targeting: The attackers selectively targeted executives, cybersecurity teams, and legal teams, aiming to gather intelligence on Microsoft's activities. 3. State-Sponsored Cyber Warfare (Russia vs. Ukraine): · Escalating Tensions: Ongoing cyber warfare activities between Russia and Ukraine intensify, with a warning of disruptive and destructive attacks. · Advanced Tactics: Russian cyber forces, particularly Midnight Blizzard, demonstrate advanced capabilities, impacting Ukrainian e-services, utility companies, and online banking. · AI Integration: Ukraine effectively employs AI in its defense, utilizing facial recognition and cyber capabilities to counter cyber threats. The hosts emphasize the importance of proactive measures, including password changes, multi-factor authentication adoption, and vigilant identity governance. The discussion underscores the evolving landscape of cyber warfare, encompassing both kinetic and cyber threats. Follow or subscribe to the show on your preferred podcast platform. Share the show with others in the cybersecurity world. Get in touch via reimaginingcyber@gmail.com

In this episode, hosts Rob and Stan explore the World Economic Forum's Global Cybersecurity Outlook 2024, a favorite annual report providing valuable insights into the cybersecurity landscape. Released early in the new year, the episode looks at the key themes, findings, and implications outlined in the report. Main Themes: 1. Geopolitical and Technological Environment: · Report highlights dynamic changes and advancements in geopolitics and technology. · Emphasis on impacts of geopolitical tensions, economic uncertainties, and technological advancements, especially in AI. 2. Cyber Skill Shortage: · Discussion on persistent challenges related to the shortage of cybersecurity skills. · Acknowledgment of the critical role of cybersecurity in business, operations, and executive decision-making. 3. Cyber Resilience: · Exploration of the growing importance of cyber resilience. · Positive indicators of increased confidence among leaders in the resilience of cybersecurity programs. 4. Cyber Inequity: · Examination of the disparity in cyber capabilities between larger and smaller organizations. · Insights into challenges faced by smaller organizations, including resource constraints, skill shortages, and technology requirements. 5. Cyber Ecosystem: · Discussion on the interconnected nature of cyber ecosystems. · Emphasis on collaboration, threat intelligence sharing, and third-party assessments. · Highlighting the significant impact of cyber attacks originating from third-party relationships. Key Findings and Insights: 1. Generative AI Concerns: · Grave concerns among executives about advances in adversarial capabilities due to generative AI. · Less than 10% believe generative AI will give an advantage to defenders over attackers. 2. Cyber Insurance and Risk Mitigation: · Observations on the changing landscape of cyber insurance, with a 24% drop in organizations obtaining cyber insurance. · Recognition of cyber and privacy regulations as effective for risk reduction, though harmonization is needed. 3. CEO Involvement and Alignment: · Increased involvement of CEOs and business leaders in prioritizing cybersecurity. · 93% trust CEOs to speak externally about cyber risk, indicating growing alignment between cybersecurity and business strategy. 4. Impact on the Business: · Insights into executive concerns about operational disruption, financial impact, and brand reputation from cyber attacks. · Balanced consideration of regulatory scrutiny, focusing on operational aspects and financial loss. Conclusion: Rob and Stan encourage listeners to explore the detailed report for a deeper understanding of the evolving cybersecurity landscape. They emphasize the need for collaboration, proactive cybersecurity measures, and efforts to bridge the gap between larger and smaller organizations in building cyber resilience. Follow or subscribe to the show on your preferred podcast platform. Share the show with others in the cybersecurity world. Get in touch via reimaginingcyber@gmail.com

Welcome to another episode of "Reimagining Cyber." In this session, Rob and Stan dive into the critical role of IT auditors, a perspective rarely explored on the show. Their guest, Veronica Rose, brings extensive experience in shaping risk-based information security audit programs. She emphasizes the evolving nature of the IT audit environment and urges IT auditors to prioritize upskilling as technology and controls advance. Veronica highlights the significance of professional communities, recommending affiliation with bodies like NACD and ISACA. Engaging in these communities not only provides access to valuable resources but also fosters global connections with like-minded professionals. The discussion shifts to well-being, a crucial aspect often overlooked in the demanding field of IT audit. Veronica stresses the importance of mental health, exercise, and unplugging to maintain a clear mindset. The conversation wraps up by addressing the career paths of IT auditors. Veronica encourages a mindset shift for those considering a transition, emphasizing the value of certifications and continuous upskilling. Tune in to gain insights into the evolving world of IT audit, professional development, and holistic well-being. Follow or subscribe to the show on your preferred podcast platform. Share the show with others in the cybersecurity world. Get in touch via reimaginingcyber@gmail.com

In this episode, Rob Aragao and Stan Wisseman unravel the dynamic world of cybersecurity regulations, providing a sneak peek into the changes expected in 2024. From the upcoming PCI DSS 4.0 release strengthening cybersecurity postures to the FTC's push for timely breach notifications, and the SEC's implementation of breach disclosure rules, they navigate through the intricacies of compliance. They shed light on the NIS2 directive, emphasizing the continuous evolution of cybersecurity practices, and delve into the EU Cyber Resiliency Act, encouraging security by design principles for products and services sold within the EU. The duo also examines the state-level privacy laws emerging across the United States, emphasizing the complexities organizations face in navigating this patchwork of regulations. Tune in for insights on how these regulations impact businesses, the penalties associated with non-compliance, and the importance of a proactive, risk-based approach. Stay informed and ready for the evolving cybersecurity landscape in 2024! Follow or subscribe to the show on your preferred podcast platform. Share the show with others in the cybersecurity world. Get in touch via reimaginingcyber@gmail.com

In this episode, hosts Stan Wisseman and Rob Aragao reflect on the cybersecurity landscape of 2023 and discuss its potential impacts on the upcoming year, 2024. They delve into the alarming increase in incidents and breaches, noting a 30% rise. The conversation covers major breaches, such as the MOVEit and Okta incidents, emphasizing the growing threat of ransomware across various sectors. The hosts highlight the interconnectedness of organizations, raising concerns about dependency on common platforms and the resulting ripple effect during security breaches. They stress the importance of reevaluating security controls and adopting a layered approach to mitigate vulnerabilities. The episode also explores the escalating cyber warfare between nation-states, citing the ongoing conflict between Ukraine and Russia. Stan and Rob anticipate an increase in nation-state cyber threats, emphasizing the need for enhanced threat intelligence and proactive cyber defense measures. Regulations, including the SEC cyber rule and the EU Act, are discussed as significant factors shaping the cybersecurity landscape. The hosts predict a continued evolution of regulations, emphasizing the need for organizations to adapt to changing compliance requirements. The conversation touches on the emergence of generative AI and its impact on various industries, especially in cybersecurity. Stan and Rob acknowledge the dual nature of AI as both a tool for efficiency and a potential threat in the hands of malicious actors. They predict ongoing discussions about the regulation of AI and its implications. Other topics include cyber insurance, where the hosts anticipate increased scrutiny and tighter requirements, and the importance of leveraging insurance requirements to drive cybersecurity improvements within organizations. As the hosts look ahead to 2024, they emphasize the race between cybersecurity defenders and threat actors, acknowledging the potential for increased efficiency on the defenders' side but recognizing the challenges posed by the evolving threat landscape. Other episodes mentioned in this edition: Time to Take Them More Seriously - What's Iran Doing in Cyber? - EP 11 https://www.buzzsprout.com/2004238/episodes/10791018 Progress Over Perfection - Implementing the Executive Order - EP18 https://www.buzzsprout.com/2004238/episodes/10791011 SEC Cyber Rules Just Got Real - EP 69 https://www.buzzsprout.com/2004238/episodes/13875180 SEC Cyber Rules Forcing Boards to Pivot - EP 57 https://www.buzzsprout.com/2004238/episodes/12344694 US National Cybersecurity Strategy and EU Cyber Resilience Act - EP 61 https://www.buzzsprout.com/2004238/episodes/12532348 NIS2 Directive: Cyber Insights - EP 76 https://www.buzzsprout.com/2004238/14173706 AI and ChatGPT - Security, Privacy and Ethical Ramifications - EP 62 Follow or subscribe to the show on your preferred podcast platform. Share the show with others in the cybersecurity world. Get in touch via reimaginingcyber@gmail.com

In this episode, join hosts Rob Aragao and Stan Wisseman as they delve into the world of cybersecurity and data privacy with their esteemed guest, Shawn Tuma. Shawn, a seasoned cybersecurity and data privacy attorney, and partner at Spencer Fane, brings over two decades of experience to the table. As the co-chair of the firm's Cybersecurity and Data Privacy Practice Group, Shawn discusses his journey in the field, from the Y2K era to the present day. The conversation covers key elements of cybersecurity, emphasizing the importance of a continuous, strategic approach to evaluating and managing risks. Shawn shares insights into prevalent issues such as RDP access, backup strategies, and the critical role of multifactor authentication, especially for users of Microsoft Office 365 and Google web-based email. Reflecting on the evolution of cybersecurity, Shawn highlights the pivotal moment in 2013 with major data breaches at Target, Home Depot, and Neiman Marcus. He emphasizes the need for a proactive risk management framework and the significance of cybersecurity insurance in today's landscape. The hosts and Shawn discuss the changing role of Chief Information Security Officers (CISOs) and the growing recognition of their strategic importance within organizations. Sean stresses the value of building relationships with law enforcement, particularly federal agencies like the FBI and Secret Service, to enhance incident response capabilities. Throughout the episode, Shawn Tuma's passion for cybersecurity and practical, actionable advice shines through, making this conversation a must-listen for anyone navigating the complexities of cybersecurity in the modern business landscape. Follow or subscribe to the show on your preferred podcast platform. Share the show with others in the cybersecurity world. Get in touch via reimaginingcyber@gmail.com

Welcome to another episode of "Reimagining Cyber," where Stan and Rob explore the transformative landscape of cybersecurity regulations. In this insightful episode, they delve into the intricacies of the upcoming NIS2 directive from the EU, set to take effect in October 2024. Joining them is Bjørn Watne, Senior Vice President and Chief Security Officer at Telenor Group and an advisor to Europol, offering over 20 years of expertise in information security and cyber risk management. The discussion revolves around the key changes introduced by NIS2, emphasizing a baseline cybersecurity approach across essential entities in diverse sectors. Bjorn sheds light on the directive's requirements for systematic security risk management, crisis management, and heightened resilience. The episode also navigates through the complexities of supply chain control, collaboration, and reporting vulnerabilities. Drawing from Telenor Group's experience as a telecom operator, the hosts and guest unravel the distinct threat landscape faced by telecom companies, especially in dealing with advanced persistent threats and the significance of call detail records. Beyond traditional sectors, the conversation touches upon the implications of NIS2 on organizations, highlighting Telenor Group's compliance efforts. Exploring the penalties associated with NIS2 noncompliance, the episode draws parallels with GDPR, underscoring the importance of these regulations in fortifying a secure digital infrastructure. As organizations prepare for NIS2, Bjorn shares practical advice, urging a proactive approach with asset inventory, business impact analysis, and comprehensive risk assessments. Don't miss this episode packed with valuable insights into the NIS2 directive and actionable steps for organizations to elevate their cybersecurity readiness. Stay tuned and reimagine cybersecurity with Stan, Rob, and Bjorn on this informative podcast. Follow or subscribe to the show on your preferred podcast platform. Share the show with others in the cybersecurity world. Get in touch via reimaginingcyber@gmail.com