In this episode of the Cyber and Risk Leaders podcast, we're joined by James Green, who does a deep dive into his resiliency Think Tank, how to run better tabletop exercises and all things how to build resiliency in organizations.

Follow us on Linkedin:
• Matthew Davies - https://www.linkedin.com/in/matthew-daviespm
• James Green - https://www.linkedin.com/in/thejamesgreen
• SureCloud - https://www.linkedin.com/company/surecloud/

#cybersecurity #resilience #grc

In this episode of the Cyber and Risk Leaders podcast, SureCloud's Matthew Davies welcomes special guest AJ Nash of ZeroFox about the role of intelligence in cybersecurity. We delve into the challenges of misinformation in the digital age, including the spread of disinformation and erosion of trust in institutions.

Join us as we explore the impact of dis/mis/malinformation, the manipulation of social media and what to consider when it comes to news sources.

Follow us on Linkedin:

·       Matthew Davies - https://www.linkedin.com/in/matthew-daviespm

·       AJ Nash - https://www.linkedin.com/in/nashaj

·       SureCloud - https://www.linkedin.com/company/surecloud/

Every month, our experts Nick, Hugh and Arron will highlight the current and emerging cyber threats you need to know about right now, giving you great insights to help protect your organization.

June's Cyber Threat Briefing covers:

💡 The Worldwide Impact of the MOVEit Breach and the Latest Tactics for Future Prevention
💡 CISA Sounds Alarm: iPhone Zero Day & Triangulation Trojans - Urgent Patch Required for Stealthy iMessage Exploit

💻 Register for our next episode here: www.surecloud.com/resources/webinars/surecloud-live-cyber-threat-briefing

👉 Learn more: www.surecloud.com/cyber-security-services/cybersecurity-as-a-service

👂 Questions? Email: 𝗯𝗿𝗶𝗲𝗳𝗶𝗻𝗴@𝘀𝘂𝗿𝗲𝗰𝗹𝗼𝘂𝗱.𝗰𝗼𝗺

👉 Nick Hayes' LinkedIn: www.linkedin.com/in/nickjhayes/
👉 Hugh Raynor's LinkedIn: www.linkedin.com/in/hughraynor/
👉 Arron Dowdeswell's LinkedIn: www.linkedin.com/in/dowdeswell/

In this podcast edition, Karla Reffold, award-winning cyber security professional and Chief Operating Officer (COO) at Orpheus Cyber, joins Matthew Davies, VP of Product at SureCloud, to explore the surge of board advisory roles for CISOs in today's cyber landscape. They also discuss her transition from Human Resources (HR) to a COO role, her current activities as a Board Advisor of two cyber-related organizations and a Non-executive Director at Trident Search, as well as her 'Advisory Boards Guide Book'.

Contact Karla Reffold
👉 Karla Reffold's LinkedIn: https://www.linkedin.com/in/karlareffold/
👉 Karla Reffold's website: https://karlareffold.co.uk/
👉 Orpheus Cyber's website: https://orpheus-cyber.com/
👉 Advisory Boards Guide book: https://karlareffold.co.uk/wp-content/uploads/2023/04/Cybersecurity-advisory-boards-guide-book-2.pdf

Contact Matthew Davies
👉 Matthew Davies' LinkedIn: https://www.linkedin.com/in/matthew-daviesgrc/
👉 SureCloud's Website: https://www.surecloud.com/

Every month, our experts Nick, Hugh and Arron will highlight the current and emerging cyber threats you need to know about right now, giving you great insights to help protect your organization. 

May's Cyber Threat Briefing covers:

💡 What is meant by 'Artificial Intelligence' (AI)?
💡 Where does AI's potential lie in cybersecurity?
💡 What cybersecurity risks does AI present?
💡 How is AI transforming cybersecurity jobs?

Artificial Intelligence (AI) has been transforming various industries, and organizations are increasingly incorporating this technology into their operations. 

In this podcast edition, Sam Bisbee, Senior Director and Distinguished Engineer at F5, joins Matthew Davies, VP of Product at SureCloud, to discuss the dangers of ChatGPT and AI within organizations and how to mitigate those risks. 

In this podcast edition, James (Jim) Dempsey, Lecturer at UC Berkeley Law School and Senior Policy Advisor at Stanford Cyber Policy Center, joins Matthew Davies, VP of Product at SureCloud, to talk about cybersecurity law, in particular about the new approach announced by the US government, which aims to prevent technology providers from using disclaimers to protect themselves from liability. 

Every month, our experts Nick, Hugh and Arron will highlight the current and emerging cyber threats you need to know about right now, giving you great insights to help protect your organization. 

April's Cyber Threat Briefing covers:

💡 C3X app compromised by North Korean hackers in a supply chain attack
💡 Over 1/10 businesses have malware traffic on their network
💡 Does ChatGPT pose a risk to your company?

In this podcast edition, Robert Wood, Chief Information Security Officer (CISO) at Centers for Medicare & Medicaid Services (CMS) and Founder of the Soft Side of Cyber, joins Matthew Davies, VP of Product at SureCloud, to have an in-depth discussion on Third Party Risk Management (TPRM) for healthcare. Additionally, Robert tells about his TPRM-related challenges and how he approaches them.

Warning: This podcast episode has background noise in a few spots. 

Every month, our experts Nick, Hugh and Arron will highlight the current and emerging cyber threats you need to know about right now, giving you great insights to help protect your organization.

March's Cyber Threat Briefing covers:
💡 Microsoft OneNote used to spread malware across networks
💡 TPM 2.0 flaws leave cryptographic keys vulnerable
💡 The line between good and bad in cybersecurity

Every month, our experts Nick, Hugh and Arron will highlight the current and emerging cyber threats you need to know about right now, giving you great insights to help protect your organization.

February's Cyber Threat Briefing covers:
💡 European infrastructure under cyberattack from Russian hackers
💡 Reddit's security "incident". What happened?
💡 GoDaddy subject to a multi-year cyberattack campaign

In this podcast edition, Tyler Britton, Cyber Risk Manager at Dropbox, joins Matthew Davies, VP of Product at SureCloud, to discuss Factor Analysis of Information Risk methodology and how he has embedded it in his organization, Dropbox. He explains his role as a Quantitative Cyber Risk Manager and goes through the challenges and benefits of implementing Factor Analysis of Information Risk (FAIR) methodology in organizations.

In this episode, Matt Davies sits down with Tom Cornelius from the SCF and Compliance Forge to dive into the world of risk assessments. Together, they explore the latest developments in risk assessment practices, how recent SEC changes have influenced risk management strategies, and introduce an innovative approach to transform the way you work.

In this episode, hear more about the following:

• Why risk assessment methods are often broken, with teams asking irrelevant questions and lacking executive management involvement.
• How the SEC has introduced changes that require publicly traded companies to have board oversight of cybersecurity threats and manage material risks.
• How the new approach to risk assessment aligns with the Secure Controls Framework (SCF) and focuses on aligning risk assessments with executive management, using control maturity, and providing situational awareness to business leaders.
• How to address key challenges by providing meaningful risk assessment results, speaking the language of the business, and ensuring the right people make risk decisions.

Matthew Davies Linkedin: https://www.linkedin.com/in/matthew-daviesgrc
Tom Cornelius Linkedin: https://www.linkedin.com/in/tcornelius
SureCloud Linkedin: https://www.linkedin.com/company/surecloud

In this CISO How To podcast episode, SureCloud's Senior Consultant, Tom Hulme, and Senior Director of Cybersecurity, Nick Hayes, discuss Vulnerability Management (VM). Watch this video to learn more about VM and what value your organization can get running a solid vulnerability management program.

In this CISO How To podcast episode, SureCloud's Principal Cybersecurity Consultant Mark Wardlow, Senior Cybersecurity Consultant Steve Velcev and Senior Director of Cybersecurity Nick Hayes discuss Red Teaming. Watch this video to learn more about Red Teaming, the differences between penetration testing and red teaming services, and the stages involved when leveraging red teaming services for your organization.

Every month, our experts Hugh and Nick will highlight the current and emerging cyber threats you need to know about right now, giving you great insights to help protect your organization.

The first Cyber Threat Briefing of 2023 covers:
💡 The LastPass incident update - how secure are password managers?
💡 Slack's GitHub breach - what is the value of knowing your attack surface when using cloud-based services?
💡 Biden's classified documents - what are the risks, and how can you protect your organization?

In this podcast edition, George Finney CISO, author, speaker, professor, and consultant, joins Matthew Davies, VP of Product at SureCloud, to discuss security awareness and the concept of zero trust, the subject of his bestseller 'Project Zero Trust: A Story about a Strategy for Aligning Security and the Business'. Besides being the author of a bestseller, George wrote several other cybersecurity books, including: 'Well Aware: Mastering the Nine Cybersecurity Habits to Protect Your Future', 'No More Magic Wands: Transformative Cybersecurity Change for Everyone' and more.

In this podcast edition, Jane Frankland, Entrepreneur, Author, Speaker, and Influencer, joins Matthew Davies, VP of Product at SureCloud, to discuss her role within the tech industry and how this impacts businesses, society, and women's lives.

In this CISO's How-To episode, SureCloud's Principal Security Consultant, Simone Q., and Senior Director of Cybersecurity, Nick Hayes, discuss AppSec (Application Security). Listen to this podcast to learn more about AppSec, DevSecOps (Development, Security, and Operations), shift left testing, what are the differences between them, and how your organization can implement its own AppSec program.

In this CISO Interview, Katie Arrington, former CISO at the US Department of Defense (DOD) and Owner of LD Innovations, LLC Cybersecurity, joins Matthew Davies, VP of Product at SureCloud, to discuss the scope of the Cybersecurity Maturity Model Certification (CMMC) program, her creation within the US DOD. Additionally, Katie spoke about Supply Chain Risk Management (SCRM) and how companies should be looking at that. Katie shares great insights on cybersecurity best practices and explains how she handles the many challenges this busy and demanding role involves.

Every month, our experts Hugh and Nick will highlight the current and emerging cyber threats you need to know about right now, giving you great insights to help protect your organization. November's Cyber Threat Briefing covers: - NCSC launches scanning capability to identify UK vulnerabilities. - UK defends Ukraine with £6m cyber defense program. - Iran exploits Log4j and gains access to US government networks.

In this podcast episode, Claude Mandy, Chief Evangelist, Data Security at Symmetry Systems, joins Matthew Davies, VP of Product at SureCloud, to discuss his approach to security, privacy, and risk management. Claude also shares some great insights on data security innovation and his experiences, having previously worked as a Senior Director Analyst at Gartner and CISO. Contact Claude Mandy 👉 Claude's LinkedIn: https://www.linkedin.com/in/claudemandy/ 👉 Symmetry Systems' website: https://www.symmetry-systems.com/ Contact Matthew Davies 👉 Matthew's LinkedIn: https://www.linkedin.com/in/matthew-daviesgrc/ 👉 SureCloud's Website: https://www.surecloud.com/ Warning: This podcast has audio issues in a few spots that have internet glitches.

Every month, our experts Hugh and Nick will highlight the current and emerging cyber threats you need to know about right now, giving you great insights to help protect your organization. October's Cyber Threat Briefing covers: - Australian cyberattacks – is the region an easy target? - Does age impact our attitude towards security? - BlueBleed: Microsoft customer data leak - 150k companies affected

In the latest SureCloud Cyber & Risk Leaders Podcast, Jodie Lash, a cybersecurity professional, discusses her career journey, the importance of continuous control monitoring (CCM), and the challenges and priorities in the industry. She emphasizes the need for effective security programs, automation in controls assurance, and the role of cybersecurity awareness. Jodie also shares insights on implementing CCM technology, the skills required for information security professionals, and her wish for more time to focus on solving security problems.

#governance #risk #compliance #grc #cybersecurity #podcast

Contact Matthew Davies
👉 Matthew's LinkedIn: https://www.linkedin.com/in/matthew-davies/
👉 SureCloud's Website: https://www.surecloud.com/

Contact Jodie Lash
👉 Jodie's LinkedIn: https://www.linkedin.com/in/jodie-lash/

In this edition of the podcast, Holly Foxcroft, Head of Neurodiversity in Cyber Research and Consulting at Stott and May Consulting, joins Matthew Davies, VP of Product at SureCloud. They discuss the inclusion of neurodiversity individuals in cybersecurity. Holly shares her point of view as a woman and a neurodiverse person in this market. Contact Holly Foxcroft 👉 Holly's LinkedIn profile: https://www.linkedin.com/in/hollyfoxcroft/ 👉 Stott and May's website: https://consulting.stottandmay.com/ Contact Matthew Davies 👉 Matthew's LinkedIn: https://www.linkedin.com/in/matthew-daviesgrc/ 👉 SureCloud's Website: https://www.surecloud.com/

In this CISO Interview, Jake Bernards, VP of Security and Compliance at Whistic, joins Matthew Davies, VP of Product at SureCloud, to discuss his approach to cybersecurity and Compliance running an information security team. He explains how he handles the many challenges that his busy and demanding role involves. Warning: This podcast has audio issues in a few spots that have internet glitches.

Join SureCloud's Nick Hayes, Arron Dowdeswell, and Hugh Raynor in this Cyber Threat Briefing episode. Among other cybersecurity hot topics, Nick, Arron, and Hugh will be discussing the latest many cyberattacks happening in only one week: September's Cyber Threat Briefing covers: - The Uber breach - cloud systems hijacked. - Rockstar Games - source code was stolen. - Revolut hack - 50,000 users affected.

Join SureCloud's Nick Hayes and Hugh Raynor in this Cyber Threat Briefing episode. Among other cybersecurity hot topics, Nick and Hugh discuss the recent Cisco hack, the phishing attacks Twilio and Cloudflare suffered, and the NCSC and ICO's positions on ransomware payments.

In this edition of the podcast, Benjamin Corll, Chief Information Security Officer at Coats joins Matthew Davies, VP of Product at SureCloud to discuss his approach to cybersecurity and to running an information security team. He explains his approach to handling the many challenges that his busy and demanding role involves.

In this CISO Interview, Ian Brown, Chief Information Security Officer at Spectris, joins Matthew Davies, VP of Product at SureCloud. Ian and Mathew discuss the challenges associated with being responsible for cybersecurity management at an FTSE 250 company.

Join SureCloud’s Nick Hayes and Hugh Raynor in this Cyber Threat Briefing episode. Among other cyber security hot topics, they discuss a recently released report from Authomize which reveals the potential for passwords to be stolen from the Okta solution.

In this podcast edition, Mike Privette, VP of Cyber Security at Passport, joins Matthew Davies, VP of Product at SureCloud, to discuss his approach to cybersecurity and how he manages, maintains, and develops the security strategy, programs, and operational security requirements of the company he works for. He explains his main challenges and shares some of the strategies he uses to manage risk.

Join SureCloud’s Craig Moores and Hugh Raynor for our latest Cyber Threat Briefing. Craig and Hugh will be discussing the recently recent zero-day Follina and Confluence vulnerabilities, in addition to talking about cybersecurity and vulnerability management best practice and the rise of SMSing in the corporate world.

Join Nick Rafferty, Matthew Davies and Yang Zheng from SureCloud, who will be discussing the development of GRC solutions from their origins over two decades ago. They also consider market trends, common challenges and shortfalls, and how the technology will evolve in years to come.

In this podcast episode, Brent Deterding, the CISO at Afni, joins Matthew Davies, the VP of Product at SureCloud. They discuss Brent's approach to organizational risk. Brent outlines his four steps for significantly reducing risks within businesses in a manner that is simple, easy, and inexpensive.

Contact Brent Deterding
👉 Brent's LinkedIn:  / brent-deterding 
👉 Afni' website: https://afni.com/

Contact Matthew Davies
👉 Matthew's LinkedIn:   / matthew-daviesgrc 
👉 SureCloud's Website: https://www.surecloud.com/

Join Matthew Davies of SureCloud, and Tom Cornelius, Co-Founder of the Secure Controls Framework, who discuss what the SCF is doing to assist organizations in their journey towards compliance and enhanced cybersecurity.

Join Matthew Davies and Yang Zheng from SureCloud, who will be discussing the forthcoming UK SOX laws and identifying the key areas that organizations should be focusing on to get ready and to ensure they remain compliant.

Join SureCloud’s Craig Moores and Hugh Raynor in this Cyber Threat Briefing episode. They discuss the recently released CISA report, which highlights the top vulnerabilities that threat actors were able to exploit over the past year.

Join Nick Rafferty, Matt Davies and Yang Zheng of SureCloud, who discuss ways in which organizations can enhance their third-party risk management operations and practices.

Join Nick Rafferty, Matt Davies and Yang Zheng of SureCloud, for a discussion of the most common third-party risk management challenges that they see on consulting engagements.

In this CISO's How-To episode, join SureCloud's Nick Hayes and Hugh Raynor. They discuss and provide practical solutions to cloud-based security challenges.

Join Craig Moores and Hugh Raynor of SureCloud, in this Cyber Threat Briefing episode. They discuss a recently released report from The UK’s Department for Digital, Culture, Media and Support (DCMS), which examines the prevalence of cyber breaches over the past year.

In this CISO Interview episode, Greg van der Gaast, Chief Information Security Officer at ScoutBee, joins Matthew Davies, SureCloud's VP of Product. Greg and Mathew discuss both the challenges and opportunities that come with being instated as a growing company’s first Chief Information Security Officer, in addition to delving into Greg’s visionary approach to strategic security management.

In this CISO interview episode, Phil Lea, Chief Privacy Officer at Tenth Revolution Group, joins Matthew Davies, SureCloud's VP of Product. Phil and Mathew discuss Phil’s role as Chief Privacy Officer - the main challenges he faces and the key initiatives he is undertaking.

The NCSC has issued a report that states that an extremely high level of phishing scams are currently being circulated that claim to be fundraising to support the Ukrainian cause. So why are fraudsters choosing this particular topic? In many ways, it’s the perfect subject as it contains many of the key ingredients of a successful and compelling phishing scam. The Ukrainian situation is: a matter of urgency; highly compelling – something that is close to most people’s hearts; something that many people may be motivated to share, providing a viral element to the scam.

As technology rapidly evolves, so does the landscape of compliance. 

 

In the latest SureCloud podcast episode, Michelle Garcia, Director of Information Security and Compliance at Carnival Cruise Line, and Matthew Davies of SureCloud discuss on the transformative journey of compliance and the emerging tools reshaping its future. 

 

In today's fast-paced tech landscape, why is automation not just an advantage but a must for compliance? 

 

And how can businesses best use its power? 

Chad Brustin, Lead Security Engineer at Clyde joins Nick Hayes and James Pierce, both Directors at SureCloud, to talk about the Strengthening American Cybersecurity act, which has recently been passed by the US Senate. Our expert panel will discuss the varied implications of the key features within this emerging legislation.

Join SureCloud’s Risk Advisory Senior Director, Craig Moores, and Senior Cybersecurity Consultant Hugh Raynor, in this Cyber Threat Briefing episode. This Cyber Threat Briefing will focus on the most common and prevalent threats that exist within the current threat landscape and what organizations can do to mitigate threats and enhance their security posture. Craig and Hugh will be discussing cybercriminal activity linked to the Russia-Ukraine conflict.

Robin Smith, Chief Security Officer at Aston Martin, joins SureCloud’s Matthew Davies for the latest instalment of our Leaders in Cybersecurity and Risk series. Robin explains what he is doing to take Aston Martin on a cybersecurity journey to enhance their information security posture and enable the company to become more productive and profitable. Robin also recounts aspects of his career journey that led to him becoming the CISO of Aston Martin and highlights the most important things he’s learned along the way.

We are living in times of political uncertainty. The increasingly hostile occurrences of recent weeks have far wider implications than many people realize. Cyber warfare is now a recognized tactic employed by aggressive nation-states, and these cyber-attacks can represent a significant proportion of the weaponry used by warring factions. And even civilian businesses and other organizations that seem unconnected to these disputes can become caught in the crossfire. SureCloud's cybersecurity experts, Nick Hayes and Nick Rafferty discuss the implications of cyber warfare for all businesses, regardless of where they are located and what industry they are a part of. Watch their discussion to learn what the risks are and what you can do to protect your business.