The Security Collective Podcast – Détails, épisodes et analyse

Today we are recapping some of the great episodes from season 11 'In Case You Missed' them!

We have put together a snippet of the best parts from each guest for you, and if you like what you hear, click below to listen to the full episode, or head to wherever you enjoy our podcast, and check out the full back catalogue.

Links:

Marc Bown

Stephen Kennedy

Craig Ford

Naveen Chilamkurti

Paul McCarty

Yvette Lejins

Jamie Newman

Paul Wenham

Samm MacLeod

For the full episode, transcript please visit our website

It’s our last episode for the season, and we are joined by a very good friend of Claire’s and of the podcast, Samm MacLeod. Samm and Claire discuss what's been happening since we caught up with her 12 months ago in season eight, when Samm generously shared her CISO journey through burnout and recent sabbatical. She's now back CISO-ing, and this time they covered digital transformations and security transformations.

Samm MacLeod is an experienced Information Security Executive with experience across multiple industry verticals including tech, financial services, and critical infrastructure. Having led several cybersecurity transformation programs, Samm helps organisations imbed effective security practices through cyber security strategy, security operating models, and risk management frameworks.  Samm’s experience with boards, audit & risk committees, and executives allows her to bring a unique set of experiences and perspective to the management of technology and cyber risk and the delivery of security best practice. She is currently an appointed Netskope Security Board Advisor and has previously held non-executive positions on a critical infrastructure board (AEMO Cybersecurity Board), securitisation & financial services board (MEPM) and Information Security education and research board  (Deakin Executive Board). Based on the Bellarine Peninsula, Samm is an industry speaker and writer, and an advocate for diversity in cyber.

Links:

Samm LinkedIn

For the full episode transcript, please visit our website.

The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

The first episode for this season we welcome Marc Bown the CISO and Enterprise Technology lead at Immutable, a web3 gaming scale up.  Claire and Marc discuss the culture versus tech debate, exactly what web3 gaming is, and Marc shared his thoughts on what we as a security industry are still trying to get right. 

Prior to Immutable, Marc helped found the security teams at Sportsbet, Fitbit and Afterpay. Passionate about building empowered, high-performing teams, he believes that good security is as much about culture as it is technology.

Links:

Marc LinkedIn

The Security Collective podcast is proudly brought to you in partnership with LastPass, the leading password manager.

For the full episode transcript please visit our website.

Paul Chapman is the Global Chief Information Officer at Box, where he is responsible for leading the company’s global information technology strategy, cyber risk and compliance practices and customer advocacy. Prior to Box, Paul was the CIO of HP Software for HP. Paul also served as Vice President of Global Infrastructure and Cloud Operations and Vice President of Enterprise

In this episode, Paul will share his hiring process and describe the characteristics that make a good candidate. He’ll provide insight into the potential conflict between a CIO and CISO, and its necessity in managing an effective decision-making process. Paul discusses Box's requirements for candidates with a strong personal brand, reputation in the market and having the respect of others in the community and why this is critical to the role, as well as finding a good cultural fit. He also shares the ways that Box invests in a number of different dimensions in security to ensure the highest level of security function and structure.

Links:

• LinkedIn
• Box.com

Time Stamps:

• 01:03 - Paul Chapman’s introduction and background
• 06:01 - The process of hiring the proper candidate first
• 08:25 - The characteristic that makes a good candidate
• 10:32 - Hiring principle to follow when selecting new team members
•  12:41 - What’s driving compliance and trust under the CIO?
• 13:30 - “More and more security and compliance functions converging into the one notion of trust. Compliance is such a key component of the value we bring.” - Paul Chapman
• 14:30 - The pressure to have the highest level of security function and structure
• 16:16 - “It’s about being forward-thinking, innovative, and constantly evolving our own security posture to be our own best referenceable company in the market.” - Paul Chapman
• 17:19 - Top advice for other aspiring CIOs

Tamara Martin commenced her career as a qualified lawyer and then transitioned into consulting in Crisis, Emergency, and physical security management, servicing a broad range of global and domestic and critical infrastructure organisations. 

After gaining a well-rounded skill set through her consulting experience and first client-side role with Jemena, Tamara decided to take up a newly created full-time position within the AGL Energy Security team. Since commencing at AGL in mid-2017, Tamara has developed high-end skills and expertise in business resilience, specifically intelligence, strategic, physical security, crisis management, travel security, and aspects of cyber security

During this episode, Tamara will provide insights into finding common ground amongst those within your diverse organisation. Listen as she reveals the most valuable lessons she has learned through her transition into the cyber security industry. Tamara shares her knowledge on the skills gained in other industries and professions that are transferable to cyber security, as well as the traits that can identify a candidate that may be new to cyber but has the potential to enhance your team.

Link:

• LinkedIn


Time Stamps:

• 00:34 - Tamara Martin’s introduction and background

• 03:13 - What makes someone a good choice to come into a security team
?
• 04:50 - Key skills from legal and consulting days that Tamara was able to bring into physical, security and resilience work

• 06:55 - The role of diversity in the success of the team

• 07:43 - “If you've got a really strong leader who can encourage the traits which motivate and drive you to work towards common goals and objectives, and the occasional giggle, it seems to work quite well.” - Tamara Martin

• 08:15 - Finding the common ground and endearing trust

• 08:49 - The importance of having support groups for a certain community

• 10:50 - Gaining skills in other disciplines of the security industry

• 12:23 - “We're all operating in roles that are inherently risk-based, and you will operate better and make more informed decisions if you're aware of those cross-functional cooperation opportunities and their impacts.” - Tamara Martin

• 13:35 - Taking a chance on a not-so-obvious candidate who has the potential

• 14:49 - “Self-driven learning manifests in a much more productive and enthusiastic team member.” - Tamara Martin


Damien Scalzo is the CIO of Mercedes-Benz Financial Services Australia/New Zealand. For over 15 years, Damien has combined his business and technology experience as a CIO, Management Consultant, Systems Integrator and Chartered Accountant to help organisations use technology to add value to their core and new business processes across industries including Financial Services, Manufacturing, Utilities, and Public sector. Damien is passionate about technology and also spends time mentoring startups to grow and scale

In this episode, Damien will share his tips on managing cyber security at the executive level. As a mentor for startups, Damien is able to share with us exactly when startups should be considering their security strategy. Using his experiences from a combination tech leadership and security background, Damien shares various effective reporting structures for security leaders. Find out how Damien keeps his knowledge on current security trends updated, and how he uses this information to protect the organisation

Links:

• LinkedIn

Time Stamps:

• 01:00 - Damien Scalzo’s introduction and background
• 04:08 - How security organisations can obtain value and funding 
• 05:55 - Your first hire when building a new team security team
• 06:14 - “I always liked the idea, in anything, in hiring the talent that finds its own talent. It’s always been better to hire the leader first who then builds their team up.” - Damien Scalzo
• 07:20 - Understanding how to take risk in a corporate environment
• 08:10 - Should security leaders report directly to the CEO?
• 09:22 - “Whether the CIO represents security at the board or the CISO comes into the board as a guest, the CEO has to be the person that sets the tone from the top for security.” - Damien Scalzo
• 10:03 - Understanding cyber security at the executive level
• 12:08 - How to stay current with updated knowledge on security trends to keep your team, peers and executives informed
• 15:05 - When should a start up organisation consider a security strategy and dedicated security leaders? What can they do in the meantime?
• 17:00 - Damien's best advice for CIOs from his unique experience combination of start-up mentoring, and being a leader in tech with a security background

Victoria Kluth is the CEO of Araza, a technology company that specialises in the implementation of complex solutions including cloud-based applications and enterprise systems integration. 

Victoria is recognised as one of Australia’s most successful entrepreneurs and has won the Optus Business Leader of the Year award and ARN Entrepreneur of the Year.  Her organisation has been presented multiple technical awards, and is on multiple 'fast' lists in Asia and Australia.

During this episode, Victoria will share the guiding principles that have allowed Araza to achieve fast growth. Listen and learn about the Araza Women in Cyber program, developed to help address gender diversity within the cybersecurity industry. Discover how the program is providing entry-level female cybersecurity candidates with experience to launch their cyber careers.

Links:

• LinkedIn
• Twitter

Time Stamps:

• 00:32 - Victoria Kluth’s background and introduction
• 03:03 - “So many people just take clients for the sake of having that work. They are not looking at, well is this the type of company we should be partnering with. Are we both going to look good?” - Victoria Kluth
• 04:20 - How to attract a diverse workforce of women
• 06:43 - Principles to follow when building teams in the tech industry
• 07:22 - “Be great and be grateful. Striving to be great is ensuring success for yourself, your client, and company.” - Victoria Kluth
• 10:20 - The Araza Women in Cyber Program
  
• 16:30 - Recruiting high-level cyber industry entry employees
• 19:39 - Examples of training for program participants
  
• 21:48 - Attracting diverse candidates for a successful team
• 25:40 - “Diverse teams, whether it’s in cyber or anything, perform better. All the research shows it.” - Victoria Kluth

Anna Leibel is the Chief Information Officer of UniSuper, an Australian superannuation fund that provides superannuation services to employees of Australia's higher education and research sector. She has spent two decades building and leading teams to deliver business transformation, and has been successful in launching new businesses, expansion into Asia, enterprise technology, global sales, and start-ups.

During this episode, Anna will share her business technology and transformation strategy for Cyber Security leaders in this digital transformation age. Learn the non negotiable traits a successful security leader must have. Gain insight into the gender diversity in the workplace and the strategy for an internal or external security breach.

Links:

• LinkedIn

Time Stamps:

• 01:10 - Anna Leibel introduction and background
• 06:00 - The fundamental shift in the size and focus of security teams
• 08:44 - Non Negotiable traits a security leader must have
• 10:33 - Insight into gender diversity in the workplace
• 11:09 - “I think we are missing a really big opportunity to help people understand why it’s so important to have diversity. And for me, it's diversity of thought.” - Anna Leibel
• 12:09 - New cyber trends from the board perspective
• 14:49 - Are board members proactively educating themselves around cyber?
• 16:51 - The immediate strategy for an actual security breach
• 23:13 - Building a relationship with your CISO
• 26:53 - Adjusting to the security language within your organisation
• 28:17 - The role of the cloud & protection methods
• 32:52 - Learnings from working within the cyber security industry
  

Fatemah Beydoun is a founding team member of Secure Code Warrior, a secure coding company with innovative solutions helping AppSec Managers and DevSecOps to not only shift left but start left. As VP of Customer Success and Operations, Fatemah is responsible for turning SCW’s customers into its biggest advocates, improving Customer Success maturity, and leading the Customer Success teams globally. 

During this episode, Fatemah will discuss a family-friendly policy that will allow you to finally find your work & family balance. You’ll also hear insight into why the organisation attracts so many passionate employees. Lastly, find out how to retain quality staff during the ‘skills crisis.’

Links:

• Securecodewarrior.com
• LinkedIn

Time Stamps:

• 00:25 - Fatemah Beydoun introduction and background
• 04:28 - “We really believe that diversity is what makes really strong teams.” - Fatemah Beydoun
• 04:39 - What attracts passionate employees to your organisation
• 06:26 - Secure code policies for maternity and maternity leave
• 09:10 - A policy that allows you to not have to choose between work & family
• 11:29 - Lessons learned from a family-friendly policy
• 12:06 - “Everyone in the organisation can play a role in creating that non judgemental environment where people except children into the workspace.” - Fatemah Beydoun
• 13:25 - Attract and retain the proper quality staff during the ‘skills crisis’
• 14:59 - Best advice to those aspiring to be in a leadership position

Kathleen Smith, CMO for CyberSecJobs.Com and ClearedJobs.Net, has coached thousands of job seekers and employers on how to better connect and work together to achieve the mutual goal of employment. 

Kathleen presents at several conferences each year on recruiting and job search. Some of the conferences she has presented at as a sole presenter or moderator include BSidesLV, BSidesTampa, BSidesSATX, DerbyCon, CircleCityCon, FedCyber, and CyberSecureGov. Kathleen is Director of HireGround, BSidesLV’s two-day career track. 

During this episode, Kathleen shares how industry volunteering can help career progression within your company. Learn to solve the cybersecurity skills shortage within your organization. Lastly, find out how to promote employee retention with quality security employees in the security market. 

Link:

• LinkedIn

Time Stamps:

• 00:25 - Kathleen Smith’s introduction and background
• 02:08 - Uniquely servicing the candidate community
• 03:08 - Cyber security career survey overview: Talent Shortage
• 03:34 - “We hear sometimes that there is this talent shortage, but there has not been a shortage of people who are constantly learning about finding better ways to be secure.” - Kathleen Smith
• 06:49 - Four major job search methods
• 07:25 - “Employee referrals and job boards are the number one and 2 ways of company’s finding their next candidate.” - Kathleen Smith
• 10:01 - Why money is a driving force to join particular organisations
• 12:53 - A survey around community volunteer work
• 17:25 - Top skills that volunteer learn from volunteering 
• 20:42 - Employee retention in the security industry
• 22:59 - Advice to employers who are hiring and build new security teams