Cyber Leaders – Détails, épisodes et analyse

In this episode, Ciaran and James are joined by Paul Chichester CMG, MBE, Director of Operations at the UK’s National Cyber Security Centre, to explore how cyber threats have evolved over the decades. Drawing on more than 30 years experience at GCHQ, Paul reflects on the progression, from early digital espionage to major nation-state attacks and the rise of ransomware, and explains why collaboration and partnership remain essential to building a safer online world.

Contact:

Have questions or comments? Email us at cyberleadersnetwork@sans.org

In this episode, Ciaran and James are joined by SANS Chief of Research and Head of Faculty, Rob Lee, to tackle the one big issue on everyone’s mind, AI. Rob shares his expert insight on the rapid rise of AI, from mainstream adoption to cognitive impact, and examines the threats, opportunities, and where human judgment still matters.

Contact:

Have questions or comments? Email us at cyberleadersnetwork@sans.org

In this episode, Lisa Forte, founder of Red Goat, joins Ciaran and James to discuss risk, security and the threat from within. Lisa offers her expertise on insider threat, crisis management, and high risk adventures. 

Highlights:

Insider threat; the breakdown

U.S. CERT definitions and mitigation

• Defining Insider Threats | CISA | Insider Threat Mitigation Guide 

NPSA guidance and tools

• Insider Risk | NPSA | Reducing Insider Risk | NPSA 

A pervasive problem

• SANS – Decoding: “Insider Threat” 
• Forget the outside hacker, the bigger threat is inside • The Register Surveillance won’t curb insider threats — but workplace culture can | Security Magazine 

Red Goat Security research into the barriers preventing reporting.

• Insider Threat Report 2019 

Additional Resources:

Red Goat Cyber Security
Whistleblowing for employees 

Contact:

Have questions or comments? Email us at cyberleadersnetwork@sans.org

Kicking off series two, Ciaran and James sit down with none other than the CIO of NATO, Manfred Boudreaux-Dehmer, to discuss what collective defence means in the cyber domain. Manfred offers a rare inside look at managing security and information risk across NATO’s vast digital landscape and shares insights on emerging threats, evolving technologies, and how the Alliance is adapting to keep its members protected in an increasingly contested cyberspace.

Contact:

Have questions or comments? Email us at cyberleadersnetwork@sans.org

We're Back for Season 2!

Catch up on episodes from Season 1: https://www.sans.org/podcasts/cyber-leaders/

Contact:

Have questions or comments? Email us at cyberleadersnetwork@sans.org

In this bonus episode, Ciaran and James ring in the new year with a look back at the standout guests and thought-provoking topics from series one. They also take a sneak peek at what 2025 holds for the ever-evolving world of tech security.

And to top it off, there’s a special announcement to chase away those January blues.

Highlights:
Typhoon Variants
Ciaran and James take a look at developing cyber threats from China, including:

• Volt Typhoon: a persistent botnet with wide-reaching impacts
• Volt Typhoon back with vengeance | Blowing out the bots
• Salt Typhoon: a new wave of cyber espionage
• Wall Street Journal article: How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military Weapons | Department of Treasury Press
  Release

New year, new legislation
As the U.S. pulls back on regulation, other nations are strengthening their
cybersecurity laws.

• Australia’s new law mandates ransomware attack reporting
• Mandatory ransomware payment reporting | Cyber Sanctions
• UK: Cybersecurity and resilience bill focused on ransomware mitigation
• Cyber Security and Resilience Bill | Ransomware Legislative Proposals: Government Consultation

Additional Resources:

Cyber Leaders Series One Episodes
The myth of the 8-character password
Lazarus Heist: The intercontinental ATM theft that netted $14m in two hours
Cyber Threat Conference

Contact:

Have questions or comments? Email us at cyberleadersnetwork@sans.org

In this special bonus episode, Ciaran and James tackle one of their favorite cybersecurity acronyms: FUD – Fear, Uncertainty, and Doubt. Here our hosts break down what exactly FUD means for cybersecurity, why it matters, and the real-world risks it presents. 

Highlights:

Notable Example of FUD

- The Killer Drones story; FUD in action and then retraction

- Highlights from the RAeS Future Combat Air & Space Capabilities Summit

- BBC article on viral report 

Malware attacks 

- WannaCry Guidance for Users | NHS Case Study on WannaCry

- Lessons from the Colonial Pipeline Attack

- CFR Analysis of the Shamoon Attack | BBC Coverage of Shamoon Attack

Accidental IT failures

- UK Air Traffic Control Technical Failure: confusion over two DVLs. 

- BBC Report on ATC Failure | Regulator Review Following ATC Technical Failure

 The Ultimate FUD phrase

- Leon Panetta's Cyber Pearl Harbor Warning; fostering a climate of fear about the catastrophic consequences of cyber warfare.

- Panetta’s Speech on Cyber Threats | BBC Coverage of Panetta's Warning

Dousing the FUD Flames

- Ian Levy's Magic Amulet Speech to cyber security vendors in which he accused them of selling medieval witchcraft to the public. 

- The Register on Ian Levy's Speech

‘The World’s First Cyber Weapon’

- Stuxnet Computer Virus; the infamous worm aimed at Iran's nuclear facilities

- BBC Overview of Stuxnet | Kaspersky Resource on Stuxnet

Additional Resources:

- BBC Full Dossier on Iraq | Transcript of Andrew Gilligan's original report

- BBC Report on Iraq Dossier Controversy

Contact:

Have questions or comments? Email us at cyberleadersnetwork@sans.org

In this episode, Ciaran and James sit down with investigative journalist and author, Geoff White, to explore the booming business of cyber crime. Geoff sheds light on this murky criminal underworld, its far-reaching consequences, and how cybersecurity has evolved in the public eye.

Highlights:

[1:30] Overview of Geoff’s notable work
[4:00] Cybersecurity in the Limelight
[10:15] Transformative Hacking Stories
[20:00] Global Cyber Criminals Overview
[30:00] Gripping Stories Covered by Geoff in his latest book, Rinsed
[45:00] National Crime Agency Efforts

Links:

Crime Dot Com - Crime Dot Com
The Lazarus Heist - Podcast | Book
Rinsed - Rinsed
World Economic Forum on Misinformation | World Economic Forum Annual  Meeting 2024
AlphaBay Shutdown
Snowden Leaks: The Guardian| BBC News
Anonymous Hacking: Britannica on Anonymous
Sony Pictures Entertainment Hacking: Vox | CCDCOE
Nation State Hackers: Nation State Hackers
Organized Cybercrime: Rise of Ransomware
Hacktivists: Hacktivism
Axie Infinity Hack: The Block
Tornado Cash: US DoJ | FBI
Money Laundering Sisters from Bury: GMP News | Bury Times
NCA on DDoS Attacks

Contact:

Have questions or comments? Email us at cyberleadersnetwork@sans.org

In this episode, Ciaran and James sit down with Helen Rabe, CISO for the BBC, to discover the challenges of breaking into the industry and her experiences leading security for one of the world’s largest broadcasters. Helen shares her expertise as a certified industry leader, discussing the rising tide of personal liability for CISOs and the intense media scrutiny that comes with managing incident responses in the public eye. 

Highlights: 

[8:30] The Evolution of Organizational Security Postures
[11:00] CISOs and Personal Liability
[18:00] The Challenges of Media Scrutiny in Incident Response

Links:

Why more transparency around cyber attacks is a good thing for everyone
The History of the General Data Protection Regulation
Impact of the GDPR on Cyber Security Outcomes
Backstory Of The World’s First Chief Information Security Officer
Former Uber security chief convicted for concealing a felony | Sentencing
SEC Charges SolarWinds and CISO with Fraud | Case Dismissed
MOVEit hack: BBC, BA and Boots among cyber attack victims
CL0P Ransomware Gang Exploits MOVEit Vulnerability
EDS, an HP Company 'Cat Herders' video 

Contact:

Have questions or comments? Email us at cyberleadersnetwork@sans.org

In this episode, Ciaran and James welcome their first guest from the SANS Institute, Frank Kim, to share insights on bridging the gap between cybersecurity and business leadership. Frank unpacks why cybersecurity is often overlooked by business leaders and discusses effective strategies to elevate its importance in boardrooms and beyond.

Highlights:

[4:30] Cyber on the World Stage
[12:00] Dispelling FUD and Finding What Resonates

Links:

Crowdstrike Outages
Fear, Uncertainty, and Doubt (FUD)

Contact:

Have questions or comments? Email us at cyberleadersnetwork@sans.org