In this episode of the Business of Infosec podcast, host Michelle Ribeiro is joined by mentor, speaker, podcaster and award-winning Cybersecurity Professional, Jalpa Bhavsar. Together they walk through Jalpa’s bittersweet transition to a cyber role, and how she’s continuously investing in herself to serve her clients and the organisations she works for.

In the discussion this week:

• Some of successful ways to identify and leverage transferable soft skills
• Strategies to invest in developing the technical skills required for cybersecurity professionals
• Jalpa’s inspiring experience shifting careers while going through the maternity journey
• Successful examples of people she has mentored, including a chef, a retail store manager, and a civil architect
• How Jalpa is continuously supporting those interested in pursing a career in cyber in her video and podcast

In this week’s episode of the Business of Infosec podcast, our host Michelle Ribeiro is joined by Deepa Bradley, Transformation Executive and Daniel Shore Co-Founder, Let’sWeCan. Together they walk through Deepa and Daniel’s journeys into cybersecurity and how to get the best out of your teams.

In the discussion this week:

• Psychological safety is not optional – how to create a safe environment for the teams and praise each one of them by letting them know every one of them matters
• Cybersecurity decisions are often made on the spot – sometimes they’re good decisions, sometimes not. How can you make sure everyone in the team owns those decisions together?
• Building a respectful team is critical in creating high performing teams – strategies to respect their capabilities, understand that people work differently, give them autonomy, and avoid micromanagement
• Why you should build a highly capable team before the organisation is in a crisis mode
• Lessons learned from remaining capable and resilient to be a role model in an unhealthy environment
• Practical tips and hints for CISOs to roll up their sleeves and turn their teams into highly capable teams

During the Equifax 2017 Data Breach (which exposed the sensitive information on 146 million US consumers), Graeme Payne was Senior Vice President and CIO of Global Corporate Platforms. He was fired the day before the former Chairman and CEO of Equifax testified to Congress that the root cause of the data breach was human error and technological failure. Graeme would later be identified as “the human error”.

In this episode of the Business of InfoSec Podcast, host Michelle Ribeiro talks with Graeme Payne on lessons learned from the Equifax data breach and ideas on how cybersecurity leaders can effectively report risks to the board.

In the discussion this week:

• How the CISO role is changing and blending into the CIO role
• What the cybersecurity role might look like in the future
• Biggest challenges cybersecurity leaders face when reporting risks to the board, and tips and hints on how to overcome them
• “Dos” and “don’ts” when engaging the board and building stronger security programs and maturing their capabilities

Neil Thacker, Chief Information Security Officer at cloud security firm Netskope thinks it’s time for Security to shake off its reputation as a roadblock to innovation.

If you’d like to connect with Neil to continue the conversation you can connect with him on LinkedIn here.

Naveed Islam, Chief Information Security Officer at UK-based payments company Dojo, argues that people are the first line of cybersecurity defense

Maricopa County CISO Lester Godsey shares his experiences overseeing information security in a hotly contested presidential election

iRhythm Technologies Privacy and Compliance Lead Jonathan Craven discusses how psychology can be a useful tool to promote cyber-secure behavior in the workplace

In this episode of the Business of InfoSec Podcast The Francis Crick Institute CISO Guy Morrell shares the successes, challenges, and surprises that he experienced during his first year as a CISO

In this episode of the Business of InfoSec Podcast, we talk to Center for Internet Security editorial panel member Rick Doten about the version eight updates to the organization’s CIS Controls

In the last of our conversations from CISO London, L&Q Group CISO Goher Mohammad explains how best to prepare your organization in a rapidly changing threat landscape and what he expects from attackers in the coming year.

In this episode of the Business of InfoSec Podcast, we sat down with Mark Osborne, CISO at financial services firm JaJa Finance, at the recent CISO London conference to cut through the spin and discover the essential core of zero trust.

In this week’s episode of the Business of InfoSec Podcast, we chat to Voya Financial CISO and author Raj Badhwar about how quantum computing will transform cryptography as we know it.

In this week’s episode of the Business of Infosec podcast, our host Michelle Ribeiro is joined by Rob Wiggan, a Former CISO and accomplished IT professional with over 25 years of industry experience. Together they walk through Rob’s background, what he has learned during his experiences as a CISO, how to understand what you need for your cyber insurance strategy and adopt a winning approach for your organisation.

In the discussion this week:

• Is there life after CISO?
• Most common myths around cyber insurance – and how to bust them
• Speaking from his experience as a previous CISO who understands the challenges of the role, Rob shares how CISOs should rethink their cyber insurance strategy
• How risk management and cyber insurance can complement other cyber security solutions
• Successful ways to take cyber insurance as part of your company’s risk management approach
• Last, but not least, how CISOs can get buy-in from senior management when adopting cyber insurance

In this episode of the Business of InfoSec Podcast TrueBlue CISO and SVP Karen Holmes explains why she is putting automation and orchestration at the heart of her firm’s cybersecurity strategy.

University of Edinburgh Deputy CISO Garry Scobie joins us on the Business of InfoSec Podcast to discuss the implications of IoT on our homes, our cities, and our lives

In this week’s episode of the Business of Infosec podcast, our host Michelle Ribeiro is joined by Award-Winning Cybersecurity Strategist, Jay Hira. Together they walk through Jay’s impressive background studying computer science and engineering and starting his career in security as a penetration tester. With an incredible wealth of knowledge, Jay shares invaluable tips on how to make your Zero Trust strategy work. He also stresses the importance of diversity, inclusion, and collaboration in cyber.

In the discussion this week:

• Some of successful ways companies can benefit from having a diverse cybersecurity teams
• Tips to keep up with the evolving threat landscape that’s forcing companies to review the way they operate and make strategic decisions
• Why collaboration is paramount and how it can be successfully applied to the cybersecurity function across different businesses
• Zero Trust is not a new concept – how it has evolved, and why organisations should shift focus on the strategy instead of the tool
• Dos and don’ts of Zero Trust strategy

In this week’s episode of the Business of Infosec podcast, our host Michelle Ribeiro is joined by UniSuper’s Cyber Security Analyst, Security Operations Cosi Robinson. Together they walk through Cosi’s inspirational career transition from an Executive Assistant role into the cybersecurity world. She also shares her experience as a victim of identity theft, the implications and repercussions it has had on her life, and advice on preventative measures. She also shares invaluable tips on steps one should take if you fall victim to this crime.

In the discussion this week:

• Some of the unimaginable skills an EA can transfer into a cybersecurity role, including board reporting
• Overcoming career transition challenges, uncertainties, tips to prepare and the importance of a good mentor to boost your confidence
• How overnight studying and hard work paid off and left Cosi with an incredible sense of mission accomplished and achievement
• How being a victim of identify theft has affected her life ten years ago
• Her inspiring journey taking control of life while looking after her mental health during those challenging days
• Recovering from one of the hardest things she has ever had to deal with
• How she uses her experience to increase cybersecurity awareness and positively change people’s behaviors

In this week’s episode of the Business of Infosec podcast, our host Michelle Ribeiro is joined by Chirag Joshi, Best Selling Author of the 7 Rules to Influence Behaviour and Win at Cyber Security. They lost track of time in an organic conversation around Chirag’s journey into cybersecurity and his wealth of knowledge across different countries and industry sectors.

In the discussion this week:

• The importance of moving beyond the concept of awareness by changing the culture and encouraging everyone to act
• How the CISO role has evolved so dramatically from technical to advisor and the importance of developing the skills to enable them to articulate threats in a way that translates to financials and risks
• The soft skills required for the new CISO: how to develop abilities in finance, contract management, negotiation skills, change manager, and many others
• The CISO role has gained tremendous importance to most businesses: what are the dos and don’ts for them to meet what’s now expected of their prominent position
• The importance of not being a function of “no”
• Developing emotional intelligence by continuously improving yourself
• Improving your story-telling skills: good stories inspire emotions, and emotions inspire people to act, which is a key responsibility of any cybersecurity practitioner

In this week’s episode of the Business of Infosec podcast, our host Michelle Ribeiro is joined by Jo Stewart-Rattray, CSO for Silver Chain. Together they walk through Jo’s journey into IT and security and her immense experience supporting female leaders advance their careers by hard work, confident and determination.

In the discussion this week:

• Ways for women to advance their careers by investing in education, not being afraid of failure, moving on and chasing their dreams
• Successful ways to communicate to the board and describe the importance of cybersecurity investments
• Ensuring your organisation has strong cyber hygiene practices before going to more elaborate solutions
• Assess if your organisation is investing an appropriate amount of money in security based on its needs and its level of maturity
• Speaking the business language in a professional and strategic way – don’t just throw acronyms, explain things in a clear and objective way, why invest and the benefits
• Don’t underestimate the board’s knowledge and understanding of technology
• Approach technology as an enabler, not the focus

In this week’s episode of the Business of Infosec podcast, our host Michelle Ribeiro is joined by Rosemary Cooper, Global Information Systems - Governance, Risk and Compliance Manager for Sonic Healthcare. Together they walk through Rosemary’s journey into IT and how a strong data governance framework can dramatically reduce cyber risks.

In the discussion this week:

What cross-sector organisations can learn from data governance in healthcare as protecting the patient’s information has always been a top priority

The CIA Triad of Data – how to get the right balance between confidentiality, integrity and availability

Cyber gets a lot of attention but if data governance is done well risks should be reduced

How to put data governance in the right place in the organisation and give it the right authority

How does a weak data governance framework look like?

And how does a good data governance model look like

When it comes to cybersecurity how do you know what you have in place is effective

In this week’s episode of the Business of Infosec Podcast, our host Michelle Ribeiro is joined by Faizal Janif, Executive Advisory Board Member for the Australian Information Security Association, and Advisory Board Member from Corinium APAC CISO Advisory Board. Together they walk through Faizal’s journey into cyber and his vast experience planning and executing cyber strategy.

In the discussion this week:

• The risks and implications of the tick box exercises for CISOs and the organisation
• How well do executives understand the effectiveness of their cyber tools – are they implementing it effectively?
• How to get out of the “should be alright” attitude and invest in adopting a proactive – as opposed to reactive – approach
• Getting an in-depth understanding of your business and your people and adopting an appropriate level of cyber investment for your organisation
• How will the next-gen workforce want to operate and how companies and cybersecurity will have to adapt to the employee of the future

Deepa Bradley, a Global Transformation Senior Executive chats with us about risk quantification – challenges, solutions, and future plans

In this week’s episode of the Business of Infosec podcast, our host Michelle Ribeiro is joined by Deepa Bradley, a Global Transformation Executive with experiences as a member of SEEK’s cyber leadership team, and a leader of the cyber security team for the UK Government. Together they walk through Deepa’s journey into cyber and her experiences on risk quantification.

In the discussion this week:

• Breaches can affect a country’s entire population resulting in loss of services and impacting processes and scheduling
• The formula that can estimate the dollar figure of those impacts
• Some of the key risk quantification challenges and successful ways to overcome them
• How to mature the organisation’s capabilities and strengthen the cyber posture in times of high risk
• Advice for leaders wanting to articulate risk quantification
• How the board, cyber and risk teams can work together to avoid being caught unaware