ISF Podcast

Today, Steve sits down with Duncan Wardle, the former head of innovation and creativity at Disney. Duncan talks to Steve about his current work teaching leaders to embrace creativity and inspire innovation in their teams. He suggests practical ways that leaders can create a more collaborative and fun work culture that will lead to more successful outcomes and enhance their teams’ job fulfillment. Key Takeaways: We’re all born with creativity, and a great leader can unlock it within people who may have lost it along the way. Creativity is the ability to have an idea; innovation is the ability to get that idea done. With AI, we have the opportunity to hand off mundane tasks and give ourselves time to think, be creative, and innovate. Tune in to hear more about: Why it matters to say “yes, and…” instead of “no, because…” The impact of AI on creativity and innovation Actions leaders can take to spark more creativity within their organizations Standout Quotes: “I define creativity as the ability to have an idea, and I think we can all do that every day. I define innovation as the ability to get that done. That's the hard part.” - Duncan Wardle “As leaders, we have responsibilities, we've got quarterly results, we've got bosses, we've got – but if the first two words out of our mouth are ‘no, because,’ they're the first two words when somebody comes at us with a new idea, they're not coming back in the door again, and they may have genius next week or next-. Just remind ourselves as leaders, we're not green lighting this idea for execution today. We're merely green housing it together, using ‘Yes, and.’ As leaders, if we can use ‘Yes, and’ before ‘No, because’ you can completely and utterly change your culture.” - Duncan Wardle “Algorithms, and everything that AI will bring to the table, will merge with the human race, creativity, intuition, empathy, imagination, etc, we will merge to become a superhuman race.” - Duncan Wardle Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In this episode, Steve sits down with author and leadership expert Sylvie di Giusto. Sylvie delineates five areas for everyone to consider in order to enhance their emotional intelligence. She and Steve also discuss how self-awareness and authenticity relate to situational awareness, and how improving in these areas can support career mobility. Key Takeaways: The subconscious takes up 95% of the brain – use that to your advantage to gain the trust of the people you interact with. Situational awareness is more important than one-size-fits-all ideas of “always smiling” or “maintaining eye contact. Your appearance, behavior, communication, digital footprint, and environment all matter for how people see you. Tune in to hear more about: How the meaning of emotional intelligence in business has changed over the years (01:48) Sylvie di Giusto’s A.B.C.D.E. (Appearance, Behavior, Communication, Digital footprint, Environment) framework (07:50) The four levels of visibility (20:05) Standout Quotes: “The subconscious mind of a human takes up 95% of your brain. And 95% of your brain is where emotions live, where feelings live, where your gut feelings live. And only 5% of our brain actually transmits data, facts, figures, information. That is where your contracts are, where your proposals are, where all the facts and figures are that you deliver to your clients. [...] So, I always say, why don't you use this to your advantage, that behavior, and actually use the 95% of the brain and instantly imprint that feeling of trust in them and use it to your advantage. And before they buy into your solution, into your technical solution, let them buy into you.” - Sylvie di Giusto “You have to learn to read the moment, [...] and then adjust your behavior and make more intentional choices. I think one of the biggest challenges that we have nowadays, also driven by technology because we are constantly distracted by technology, is that we run on autopilot most of the day. Most of the day, we are so in our habits, in our patterns, that we do things, say things, that we are not even aware of, and they have a macro impact on our relationships. And we have to step back and sometimes turn that autopilot off, read the room, and be more intentional with the tools that we already have.” - Sylvie di Giusto “I think that authenticity means that we all play a role, but different roles, and in those roles, we are true to ourselves. [...] And in all those roles, I promise you, I'm truly authentic. But if I would try to talk with my husband the way I talk with my clients, we wouldn't have made it to 23 years, I promise you. Or if I would treat my clients like I treat my children, or if I look at home like I would on stage, and vice versa. So, yes, we are all authentic in those roles, but I think we have to accept that you just do you, no matter the circumstances – which brings us back to situational awareness – I think it's a lie that this is possible.” - Sylvie di Giusto Mentioned in this episode: Dear InfoSec Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve is speaking with Rear Admiral Brian Luther. After more than 30 years in the US Navy and at the Pentagon, Brian is now president and CEO of the insurance firm Navy Mutual. Brian talks about what he learned about leadership in his time commanding an aircraft carrier in the Navy and how he has translated his skills into working in the private sector. He and Steve also discuss how leaders can move from a tactical mindset into a logistical one, and prepare your team for worst case scenarios. Key Takeaways: There might be differences between generations or people of different cultures, but fundamentally most people want the same things, and basic respect goes a long way. As a leader, don’t get bogged down in tactics. Remember to think about the logistics, so there is a plan B if something goes awry. Technology can be an immensely useful tool, but don’t get overly dependent on it. Tune in to hear more about: The three stages of leadership (7:46) Conducting business in volatile regions (12:28) How a tabletop drill can reveal important weaknesses in your organization’s crisis response (18:48) Standout Quotes: “You have to very clearly articulate to the people what you want done. And if it's very specific, you say, ‘I want this done,’ and if it's generic, you say, ‘I want this outcome,’ right? You can't say I want a general outcome when you have something specific in mind, because they're going to go off and do it whatever way you want. But if you're very clear, ‘I want this done this way,’ or ‘I just want this outcome,’ and you decide, delegate, disappear, you'd be amazed at what people can do.” - Brian Luther “If you go there and give them an opportunity to see you as just who you are, and learn them just as they are, you find that there's more in common than people would give credit for. So I would always say, before you go internationally, take some time to learn where you're going and respect the culture that you're going to be operating in.” - Brian Luther “There are tremendous benefits associated with technology, but any strength pushed too far is a weakness [...]. Don't be overreliant on something, and you put all your eggs in that one basket and you lose it, and then you don't have a second or a third option. You should be asking yourself, ‘What if I lose this, what if they figure out a way to foil that?’ Because, remember, we put something out there, and in a strategic competition, there's move-countermove all the time. […] So use it as a tool, but don't be totally dependent on it that if someone takes that tool away from you, your whole organization collapses.” - Brian Luther Mentioned in this episode: Dear InfoSec Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today’s episode, Steve sits down with Paul Bartel, a senior intelligence analyst with PeakMetrics. Paul was previously with the Defense Intelligence Agency, and he speaks with Steve about his experience working in the government sector, how the public and private sectors can cooperate more effectively, and what businesses can do to protect themselves from misinformation campaigns.Key Takeaways: Generative AI is rapidly changing the nature of misinformation. Social media companies must take more responsibility for moderating the content on their platforms. To protect your organization from damage from misinformation, being aware of the current information environment and what information is out there about you, is key. Tune in to hear more about: Paul Bartel’s background with the Defense Intelligence Agency (1:30) The three primary sources of misinformation in the US (4:40) How businesses can adapt to the changing information environment (17:56) Standout Quotes: “I think one of the biggest things that we have going now, and this is obviously in every sort of sector, is the use of generative AI. So what we're seeing a lot in social media now is instead of just random accounts that might be controlled by a person or two, what you're seeing is hundreds and hundreds of bot accounts that are able to push forward a large amount of information very quickly.” - Paul Bartel “The biggest thing I think that needs to start happening is the social media companies really especially need to take accountability for their own clientele base that might be spreading the misinformation.” - Paul Bartel “Getting an early handle on what's being said about them, and the information environment at large, can help them [organizations] navigate a lot of the challenges that we see in an information environment that's pushing out more and more information and can change on a minute to minute, hour to hour basis.” - Paul Bartel Mentioned in this episode:Dear InfoSec Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today we’re listening to the second half of Steve’s recent Emerging Threats webinar for security leaders. In this episode, Steve responds to audience questions, covering everything from government regulation to supply chain to raising awareness within your organization.Steve Durbin’s Contact Information:[email protected] Steve Durbin on LinkedInKey Takeaways: 1. Knowing what your crown jewels are and how to protect them is paramount in a volatile world. 2. The government should do what the government does well, and it should let businesses do what businesses do well. The government should provide clear guidelines, but then there should be little interference. 3. Everything begins and ends with cyber resilience. How do we deal with the aftermath of the cyber incident that inevitably will occur? Tune in to hear more about: 1. How to get the board to care about cybersecurity and cyber risk (2:48) 2. How to avoid making regulatory compliance a tick box exercise (9:13) 3. How ISF can help make your organization more resilient (26:06) Standout Quotes: 1. “I like bringing people into the cyber space that are not technical. That doesn't mean to say you don't need technical people in cyber – you do, your security team needs to have a combination of the two – but I do very much like bringing them in from the business because their perspective is very much more about how they're going to make use of the technologies and therefore the use and the role that cybersecurity can play in securing the critical assets. Now, because we obviously are in an industry where there's a shortage of skills, what it does do is open up the markets to attracting – if you get it right – a whole variety of people that perhaps you wouldn't normally be able to bring into cybersecurity. So not only does it give you fresh perspective, not only does it align you more closely with the business, but it also opens up a pool of talent that otherwise might not be there.” - Steve Durbin 2. “I don't actually differentiate very much anymore between cyber risk and enterprise risk. [...] The reason I don't is that for me, I've become very much more convinced that cyber is so integral in everything that we do, that actually you create something of a problem for yourself if you begin to differentiate between enterprise and cyber.” Steve Durbin 3. “We need to make it simple for our users to be able to contact somebody in security if they are at all concerned about something that they've seen either through their email, on a system. And all too often we're not doing that. I can't tell you the number of times I've spoken to organizations and they simply aren't doing some of those basics. We don't need to complicate it all the time.” Steve DurbinMentioned in this episode:Dear InfoSec Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

We’re starting 2025 with a preview of the episodes ahead, featuring Steve in conversation with thought leaders and security experts from around the world. We look forward to sharing the full episodes with you this winter. Stay tuned! Featured: • Rear Admiral Brian Luther, president and CEO of the insurance firm Navy Mutual • Duncan Wardle, former head of Innovation and Creativity at Disney • Dr. Kate Darling, research scientist at the MIT Media Lab, research lead at the Boston Dynamics AI Institute • Best-selling author and hypnotist Dr. Paul McKenna • Author and leadership expert Sylvie di Giusto • Paul Bartel, senior intelligence analyst with PeakMetrics Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today’s episode is our annual lookahead to next year, as we present Steve’s recent Emerging Threats webinar for security leaders. You’ll get to hear Steve share some of his thoughts on the threats cybersecurity professionals should be prepared to see in 2025. And of course, he also offers suggestions on how to handle these threats. Steve Durbin’s Contact Information:[email protected] Durbin on Linkedin Key Takeaways: Cybersecurity is becoming more of a business issue, which presents both opportunities and challenges. Supply chain, cloud storage, data integrity, and AI will be key information security issues in 2025. Information security professionals must learn how to align cybersecurity objectives with business objectives. Tune in to hear more about: Key information security challenges for 2025 (4:20) How to manage supply chain risks and AI-related security challenges (9:34) How to align cybersecurity objectives with business objectives (20:16) Standout Quotes: “The piece that worries me the most, and I've said this for a very long time, is the data integrity. AI data sets are vulnerable to deliberate poisoning or accidental pollution. Now, if I talk to AI providers, they will tell me that their AI is sufficiently intelligent, that it can really spot these things. I don't buy it. If I'm using AI, I want to make sure that the data it's actually telling me to make decisions about has a huge amount of the traditional information security guidance around it.” - Steve Durbin “The challenge for us is to align cyber risk management with the needs of the business by identifying how risk management and resilience are aligned and help to meet business objectives. That way, I can guarantee you will get the ear of the business. And if you can crack that one, then some of the other issues that we're dealing with, such as resourcing, such as alignment, such as commitment, tend to go away.” - Steve Durbin “The ones that I think are really going to succeed and flourish in 2025 are going to have aligned security with the business, and are going to have put in place mechanisms for all elements to change in sync with each other. Keeping on track is going to require a huge amount of collective collaboration across the enterprise.” - Steve Durbin Mentioned in this episode:ISF Analyst Insight Podcast Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today’s episode, journalist Nick Witchell speaks with Steve for the second of a two-part conversation about the coming Trump administration. Nick and Steve consider how Trump’s famously unpredictable behavior may impact business confidence and the steps business leaders can take to insulate their business from possible market changes.Key Takeaways: For business leaders, there is reason to be optimistic about the incoming Trump administration. Businesses in the US can take a “sit back, wait, and see” approach and await what new policies Donald Trump introduces in the beginning of his presidency. It’s always wise to invest in cyber resilience. Tune in to hear more about: How the incoming Trump Administration can benefit businesses (1:44) How to “trump-proof” your business (5:02) The constant need for cyber resilience, no matter who’s leading the country (8:07) Standout Quotes: “So what do you expect from any incoming elected leader? Well, you hope for clarity. You hope for a very clear set of guidelines within which you can operate. You hope for removal of ambiguity. You hope for a reduction, I would say, in unnecessary regulation. The opposite of that, that what slows business down is an increase in regulation that is perhaps unnecessary and a lack of clarity. So I think that businesses will be hoping for that clarity.” - Steve Durbin “I think that certainly focusing more on the need for cyber resilience is something that business leaders need to do. I don't know that I particularly want my government to be telling me what to do. So I very much like being able to run my business in the way that I think is best suited to my needs. I'm not a fan of nanny government. What I am a fan of is clarity in government, understanding from government, and allowing me to get on and do what I'm good at.” - Steve Durbin “People are desperately looking for some form of guidance, something to trust. And I think that business leaders have a relatively unique opportunity, because we do have huge responsibility to the people that work within our businesses and also to our customers. And there's a significant opportunity, I think, in that, to carve out a path that allows us to be viewed in a way that, yes, suits the needs of the business, but also fills this gap in society for something that you can actually trust, something that people know you really do stand for and can get behind.” - Steve Durbin Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today’s episode, journalist Nick Witchell speaks with Steve about the coming Trump administration will mean for businesses. In the first part of their two-part discussion, Steve and Nick consider potential changes to the US approach to tech regulation and foreign policy.Key Takeaways: The fact that cyber security wasn’t part of Donald Trump’s campaign, doesn’t necessarily mean it won’t be a focus of his presidency. Election interference is about misinformation as much (if not more) as it is about hackers getting into voting systems. Government must collaborate with private sector to create meaningful policies around digital security. Tune in to hear more about: Expectations and hopes for the Trump administration’s approach to cyber security (2:35) Regulation of social media (6:51) The importance of cooperation between government and private sector (11:43) Standout Quotes: “If we look at some of the initiatives that he [Donald Trump] has in place around, for instance, immigration, then cybersecurity is fairly core and central to some of these programs and plans, because anything that involves technology, of course, also involves cybersecurity. So I think that that's the way we're going to start seeing cyber coming into his perspective on the world. Where it touches some of his other frontline policies, then we're going to see it playing a role.” - Steve Durbin “As soon as you implement technology without security, you're creating a huge problem for yourself further down the road; one which, unless you have invested ahead of time, is going to cost you a horrible amount of money to try to fix later.” - Steve Durbin “You need to have people in government who've actually been there and done it, because if you haven't, then where do you begin? And so I'd like to see a lot more collaboration between government and private sector in terms of getting a lot more knowledge, frontline knowledge, into some of the things that you absolutely must do to secure this technology, rather than simply deciding that that's the way we're going to go and then leaving it up to the different departments to figure things out.” - Steve Durbin Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

An interview with Steve Durbin, ISF CEO, by Security editor Stephen Pritchard. Originally published by Security Insights Podcast.Cybersecurity and geopolitics are more tightly linked than ever.The growth of online espionage, attacks by state actors, and governments turning a blind eye to cybercrime, are all increasing risk.And the “attack surface” is growing too. More and more of what we do every day is online, and this presents more opportunities to bad actors. In a connected world, it does not take much to cause huge disruption, whether by accident or design.The rise in ransomware over the decade shows just how vulnerable we are to cyber attack. And some of the most prolific ransomware groups have at least informal ties to nation states. But behind the scenes, the threats from state-based, not just state sanctioned, cyber attacks are growing.This, in turn, needs a different response from organisations, and their security teams. Geopolitics is driving cybersecurity threats, in ways that could hardly be imagined in the early days of the information security business.Our guest this week is Steve Durbin, CEO of the Information Security Forum. As he points out, a lot has changed over the last few decades, and especially in the last few years. We are now in a very risky place. And, in an increasingly connected world, cyber has the potential to be the “Achilles Heel” of our defences, he argues.Could we see the current level of cyber threats spill over into more overt conflict? And do organisations have the resources to operate in a more dangerous world?

In this episode, ISF CEO Steve Durbin is in conversation with Raffael Marty, Executive Vice President and General Manager of Cybersecurity Management at ConnectWise. Raffael is also the author of Applied Security Visualization and the Security Data Lake. He and Steve discuss how to prevent data from being compromised, what government and private enterprise can learn from each other vis a vis cybersecurity, the pros and cons of cyberinsurance, and more. Related ISF Resources: Protecting the Crown Jewels: How To Secure Mission-Critical Assets Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management

This episode is the first part of a two-part conversation between Steve and Dr. Christopher Hand. Chris is a senior lecturer in psychology at the University of Glasgow in Scotland. He and Steve talk about trust and authenticity online, cyber-bullying in the context of work, and what we know so far about the decision to return to the office post-pandemic.Mentioned in this episode:ISF Analyst Insight Podcast Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management

Today, Steve is speaking with investigative tech journalist Geoff White, who has been covering tech and financial crime for more than 20 years. Listeners may be familiar with his popular podcast The Lazarus Heist for the BBC World Service, and now his new book, Rinsed: From Cartels to Crypto: How the Tech Industry Washes Money for the World's Deadliest Crooks, will be available from Penguin Random House next week. Steve and Geoff discuss current trends in organized cybercrime, how these criminals are—or maybe aren’t—adopting AI, and the difficulties law enforcement still faces in helping the victims of these crimes. Key Takeaways: 1. Nation states and government agencies have been known to adopt tactics from organized crime gangs and activists – a sort of trickle-up effect. 2. As technological advancements are presenting criminals with new avenues for money laundering, law enforcement is not always able to keep up and instead is having to prioritize high level crimes. 3. The law enforcement landscape is a fast changing world, as agencies adapt and gain more awareness of cybercrime tactics relating to AI and cryptocurrencies. Tune in to hear more about: 1. Cybercrime evolution, nation-state involvement, and tactics (3:31) 2. AI use in cybercrime, potential for innovation and defense (8:29) 3. Cybercrime and money laundering, with a focus on the role of technology and law enforcement (11:45) 4. Cybercrime, crypto, and organized crime evolution (15:59) Standout Quotes: 1. “Sometimes the tools of organized cybercrime, gangs, nation states have also learned from hacktivists. From leaks from people like WikiLeaks or from Anonymous, they've learned the damage that a leak can do a leak of information can do. And that's fed into that disinformation piece nation states now extremely astute at getting in stealing information and then weaponizing that information to change elections, to change people's attitudes, to influence world events, the nation states have got both feet in to this cybercrime game.” -Geoff White 2. “I think maybe it's worth thinking like a criminal and understanding how thinking like a criminal is different to thinking like a different type of enterprise. The reason I enjoy thinking about organized crime and covering organized crime is because it's organized. These are networks, as you say, of professional, organized people. But they're not out to win customers. They're not like Microsoft and Google who wants to come out with innovation and innovative new products to win customers in their competition. No. They want to make money from victims. And frankly, as long as you're making enough money from your victims month in month out, you don't change. There's no reason to innovate. Crime gangs innovate when law enforcement and the force of authority stop them from making the money they usually make. That's when you innovate.” -Geoff White 3. “I think there was a time when, frankly, explaining Bitcoin to sort of rank and file police officers was a struggle. I think those days are gone … There's been this realization that things like cryptocurrency is something that law enforcement needs to be on top of.” -Geoff White 4. “As cryptocurrency gets larger, as more financial institutions get behind it, as governments get behind it, yes, it can make it more legitimate, it can expand the legitimacy of it. But it also creates more noise, if you like, for the criminals to hide.” -Geoff White Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

This is the second of a two-part conversation between Steve and Brian Lord, who is currently the Chief Executive Officer of Protection Group International. Prior to joining PGI, Brian served as the Deputy Director of a UK Government Agency governing the organization's Cyber and Intelligence Operations. Today, Steve and Brian discuss the proliferation of mis- and disinformation online, the potential security threats posed by AI, and the need for educating children in cyber awareness from a young age.Key Takeaways:1. The private sector serves as a skilled and necessary support to the public sector, working to counter mis- and disinformation campaigns, including those involving AI.2. AI’s increasing ability to create fabricated images poses a particular threat to youth and other vulnerable users.Tune in to hear more about:1. Brian gives his assessment of cybersecurity threats during election years. (16:04)2. Exploitation of vulnerable users remains a major concern in the digital space, requiring awareness, innovative countermeasures, and regulation. (31:0)Standout Quotes:1. “I think when we look at AI, we need to recognize it is a potentially long term larger threat to our institutions, our critical mass and infrastructure, and we need to put in countermeasures to be able to do that. But we also need to recognize that the most immediate impact on that is around what we call high harms, if you like. And I think that was one of the reasons the UK — over a torturously long period of time — introduced the The Online Harms Bill to be able to counter some of those issues. So we need to get AI in perspective. It is a threat. Of course it is a threat. But I see then when one looks at AI applied in the cybersecurity test, you know, automatic intelligence developing hacking techniques, bear in mind, AI is available to both sides. It's not just available to the attackers, it's available to the defenders. So what we are simply going to do is see that same kind of thing that we have in the more human-based countering the cybersecurity threat in an AI space.” -Brian Lord2. “The problem we have now — now, one can counter that by the education of children, keeping them aware, and so on and so forth— the problem you have now is the ability, because of the availability of imagery online and AI's ability to create imagery, one can create an entirely fabricated image of a vulnerable target and say, this is you. Even though it isn’t … when you're looking at the most vulnerable in our society, that's a very, very difficult thing to counter, because it doesn't matter whether it's real to whoever sees it, or the fear from the most vulnerable people, people who see it, they will believe that it is real. And we've seen that.” -Brian LordMentioned in this episode: • ISF Analyst Insight PodcastRead the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today’s episode, Steve speaks with David Weisong, CIO of Information Systems at Energy Solutions, a growing company with many US government clients. He speaks with Steve about his experiences overseeing a full migration of the company’s security framework, how he got buy-in for security from the C-suite, and how he has approached the challenge of staffing. Key Takeaways: 1. Organisations are advised to focus on protecting critical assets and closely monitoring any supply chain issues. 2. Security leaders and teams are also having to prepare policies for AI use and investigate cloud provider dependencies. 3. Security leaders and teams should be monitoring developments in quantum, staying in step with regulations and needed skills. Tune in to hear more about: 1. Security risks in technology innovation and adoption (1:29) 2. The impact of quantum computing on cybersecurity and the need for organisations to prioritise legacy technology updates (6:59) 3. Volatility, uncertainty, and technological change in the security industry (12:45) 4. How technology innovations can disrupt and improve organisations (18:22) 5. Managing innovation in a rapidly changing digital landscape (20:40) 6. Limitations of accessing powerful technologies due to restrictions, threats, and security concerns (26:12) 7. Emerging threats and risks in technology, including quantum computing, AI, and legacy systems (32:18) Standout Quotes: 1. “We're a professional services organisation, so our contracts are the foundation. And if they're not 100% met, then you actually don't proceed. So it became very easy to say, there's cause and effect here. And that's where that's taken a lot of … repeat exposure, I think, is one part of it, but also setting the stage that it's dynamic. It's not like, oh, yeah, we're done with that, so we can just kind of move on. It's like, we're done with this particular initiative right now. And there are more, and it will be changing probably, quarter to quarter.” - David Weisong 2. “There’s a lot of things that are being put onto platforms or systems that you sometimes get into the area where you might have a unique combination of things that creates problems. And so that's where I think the industry is looking at it still in a category basis. I think there's a need for a more holistic approach, dare I say, coordination or cooperation between companies and their solution offerings.” - David Weisong 3. “When I think about the three to five year window, I mean, there's clearly more fraud and more cybersecurity attacks. It is significant, and it's not decreasing. And so the ability for both organisations to share and for the industry that serving up different solutions, there has to be a coordination and a collaboration around that. Because the priority could change from year to year.” - David Weisong Mentioned in this episode: Times Higher Education: We need a social science of data by Cristina Alaimo and Jannis Kallinikos ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In today’s episode, Steve speaks with Steve Satterwhite, the founder and CEO of Entelligence, and author of "Above the Line: How the Golden Rule Rules the Bottom Line." He shares some simple but fresh ideas about how to find the right person for the right role, how to overcome the skills shortage, and why putting people first is the key to successful cybersecurity.Key Takeaways:1. Successful companies can upskill employees in technology, using positive experiences and promising opportunities.2. Satterwhite reflects on fatherhood, emphasizing the importance of helping children discover their purpose and identity.3. Satterwhite believes that the organisation’s role is to provide tools and systems for team members to thrive, while also acknowledging the reality of short-term employment.4. Open-minded technology leaders who integrate technical skills with emotional intelligence thrive. Tune in to hear more about:1. Attracting and retaining talent in the cybersecurity industry (2:40)2. Cybersecurity talent shortage and skills gap in enterprises (10:00)3. Finding and upskilling cybersecurity professionals for new technologies (16:44)4. Prioritising people in business to boost revenue and profits (21:58)5. Prioritising emotional intelligence in technology leadership (27:06)Standout Quotes:1. “I believe that that culture attracts the kind of folks that are ambitious, that are hungry to learn, that are eager to move up in whatever way that they define moving up in their lives. And I think it's our job, really, as leaders, and especially here in our organisation. It’s to create that environment so that people can thrive.” - Steve Satterwhite2. “Here’s a stupid analogy, but I like to use it because it's how I think about the business. It's really just to simplify it. Let's say that you're a new airline, or you have a new airline route that you want to go from Houston to Paris, and you're short of pilots to fly the big Dreamliner or the big Airbus from here to there. It's a different operation. So what we do is we go look for people that have been flying 737s most of their career. They're deeply passionate about flying, and they're really good at it, and all we need to do is just kind of upskill them in a short period of time just to fly a different airplane. It's still piloting, it’s still flying. That's what we do. So if you think about just the evolution of technology and the things that we're doing, all we're doing, constantly, at Entelligence is just upskilling people in the shortest possible time.” - Steve SatterwhiteMentioned in this episode:ISF Analyst Insight Podcast Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve sits down with Dr. Andrew Newell, Chief Scientific Officer at the British biometrics firm iProov, for a conversation about deep fakes. As technology improves, it’s becoming ever more difficult to determine what’s real and what’s fake. Steve and Andrew discuss what this will mean going forward for security, social media platforms, and everyday technology users.Key Takeaways:1. Technology is the key to mitigating the threat of deep fakes, which are synthetic images or videos created to deceive.2. Deep fakes are becoming increasingly sophisticated, making them hard to spot.3. Newell breaks down the problem into two parts: secure identity verification and detecting synthetic images.4. Incentives for verifying imagery will radically shift as deep fakes become more prevalent. Tune in to hear more about:1. Deep fake technology and its potential impact on identity verification processes (5:57)2. Preventing deep fake images and videos using technology and algorithmic systems (9:57)3. Deep fakes and their potential uses, including filmmaking and education (13:11)4. Deep fakes and their impact on society, with a focus on technology’s role in verifying authenticity (18:43) Standout Quotes:1. “I think the urgency here — and this is the absolutely key part — is that we need to get the technology in place to make sure that the processes that rely on the genuineness of the person in imagery, that we can have something in place that we know works, that we know that we can trust, and is something that is very easy to use.” - Andrew Newell2. “I think on the protection of identity proofing systems against the threat from deep fakes, we have a technology solution now. And the urgency is to make sure that this technology is used wherever that we need to actually guard against that threat.” - Andrew Newell3. “And one of the most important things, if not the most important thing, is: when we think about a way to mitigate these threats, it has to be something that works for everybody. We cannot end up with a system that only works for certain groups in a society.” - Andrew Newell Mentioned in this episode:Dear Infosec Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today we bring you the second conversation with ISF CEO Steve Durbin around the increasing impact of technology on society and business. Societies have always been divided, but how future divisions may manifest feels more uncertain than ever right now. In this episode, Steve and producer Tavia Gilbert offer an analysis of potential future scenarios, as well as practical tips for what organisations can do now to prepare.Key Takeaways:1. The future will be defined by technology and social media, leading to a shift away from traditional divisions and towards a more complex world where data and information are highly instantaneous and influential.2. Leadership will need strong empathy, consolidation skills, and the ability to challenge/be challenged.3. Leaders should assume imperfection and constantly update their situational awareness to make informed decisions. They also ought to prioritize simplicity and clear communication to build trust and drive success.Tune in to hear more about:1. Leadership and organisation in a rapidly changing world (4:44)2. The role of businesses in society, including their potential to fill the void left by declining trust in traditional leadership models (9:58)3. Information security and the importance of skepticism in the digital age (14:33)4. Technology’s impact on information sharing and nationalism (18:33)5. Trust and verification in social media and supply chains (22:35)6. Leadership, adapting to change, and the importance of soft skills in a rapidly changing world (28:23)Standout Quotes:1. “Businesses have a new responsibility in the modern era … provide guidelines and stability in a time of deep division.” - Steve Durbin2. “The one thing that is going to be so important that will differentiate the winners from the losers in the organisational stakes is: those organisations that are able to consolidate this overall sense of corporate purpose with purpose of the individual, whatever that looks like. And if we can do that, then I think that we'll create something that's particularly special and magic.” - Steve DurbinMentioned in this episode:Dear Infosec Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today’s episode is the first of three conversations with ISF CEO Steve Durbin around the coming impact of technological development on society and business. We know that new technologies have always tested organisations, and technological innovation and integration into our lives and enterprises — it’s only accelerating. We offer an analysis of potential future scenarios, as well as practical tips for what organisations can do now to prepare. Key Takeaways: 1. Organisations must prioritise supporting smaller entities in keeping up with the fast pace of technological change. 2. Security can deliver competitive advantage, but implementation challenges persist, and security risks can become low priority in a fast-paced tech landscape. 3. Organisations face pressure to modernise technology while managing legacy systems and regulatory demands. 4. CEOs must balance competing priorities, including ESG initiatives, employee expectations, and shareholder demands. 5. Political developments may force organisations to respect local restrictions on technologies. 6. Organisations are advised to protect crown jewels, ensure data protection, and monitor supply chain partners. 7. Organisations must prepare for quantum-proof encryption and socialise policies for AI use. Tune in to hear more about: 1. The impact of technological innovation on business and society, with a focus on adoption challenges and timing (0:00) 2. Security risks in technology innovation and adoption (1:29) 3. The impact of quantum computing on cybersecurity and the need for organizations to prioritize legacy technology updates (6:59) 4. Volatility, uncertainty, and technological change in the security industry (12:45) 5. How technology innovations can disrupt and improve organizations (18:22) 6. Managing innovation in a rapidly challenging digital landscape (20:40) 7. Limitations of accessing powerful technologies due to restrictions, threats, and security concerns (26:12) 8. Emerging threats and risks in technology, including quantum computing, AI, and legacy systems (32:18) Standout Quotes: 1. “Organisations could certainly find themselves cut off from the supercharged processing power, because it may be developed by a government for its own ends and restricted, expensive, all of those sorts of things, so that it effectively becomes unavailable. And I think organisations, despite all of that, are going to have to operate in the shadow of this massive computing power shift when it comes about as the pace of change accelerates, innovations proliferate, traditional life cycles of technology shorten.” - Steve Durbin 2. “If we're going to have smaller organisations within our overall ecosystem, we need to be just sparing a bit of a thought for how they might be keeping up with such a fast pace of change and how we're going to support them in continuing to meet some of the standards and bars that were setting, so that everybody benefits, frankly.” - Steve Durbin 3. “So the world is also reshaping, as we're introducing AI into what we're doing. And so again, I think that the challenge from the business perspective, from the security perspective, from the technology perspective, is really about: how do you focus on what is important for your organisation, for your people, for your customers, in a world that is constantly now changing? And the speed of that change is only going to get faster. And we haven't seen that before.” - Steve Durbin 4. “So you're in a much better position, if you can control your innovations irrespective of what's going on. But you're never going to be able, I think, to divorce yourself completely from the market, because you operate in the market. And so the speed at which the market is evolving is going to, I think, determine — to a certain extent, anyway — your success in managing your own innovation, so you may need to be innovating more quickly than you're comfortable, just in order to try to keep up.” - Steve Durbin Mentioned in this episode: ISF Analyst Insight Podcast ISF Podcast: Data Dilemmas: Outsmarting the perils of AI Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, BBC journalist Nick Witchell interviews Steve about the threat landscape in light of a number of damaging hacks that have recently been made public. They consider the challenges regulators face given the current geopolitical situation and discuss how organisations can create a thorough cyber defense and response plan. Key Takeaways: 1. Organisations cannot abdicate responsibility for data security, even when outsourcing to third parties. They need strong incident response plans and ongoing assessment of third-party security capabilities. 2. In terms of any country’s political agenda on cybersecurity, AI regulation is often overshadowed by other issues. 3. Few parliamentarians and ministers come from a security background, which is one reason why it’s critical to provide guidance and insight to them. 4. A more thoughtful and funded approach to security would benefit society, considering the potential impact on people’s lives and the need for effective incident response. Tune in to hear more about: 1. Accountability and responsibility in cybersecurity (1:59) 2. Role of cybersecurity centers and national institutions (5:13) 3. Government and political involvement in cybersecurity (8:29) 4. Public awareness and the ISF’s role (12:21) 5. Risk management and security investment (16:32) 6. Concerns about technology implementation (20:14) Standout Quotes: 1. “We (at the ISF) don't want to be one of those organisations that's constantly barracking people and complaining. We want to be holding true to some of our founding principles, which is about providing best advice, providing some of the best tools, providing some of the best insights that we gather from our own team and also from our member community. But we do need to make more noise about that, because people desperately need to understand some of the implications, and indeed, very much more importantly, what they can actually practically do about it.” - Steve Durbin 2. “There is no one size fits all. That's the other thing about this. You have to have it in line with your business direction, your size, your maturity, all of those sorts of things. Very often people ask me for blueprints or, what does good look like? And my answer is always the same: it varies depending on your stage of maturity and your willingness to spend, and how important your data is to you.” - Steve Durbin Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today’s conversation is a fascinating discussion on the nature of data with Jannis Kallinikos, professor of Information Systems at the London School of Economics. Jannis co-wrote the recently published book Data Rules: Reinventing the Market Economy, in which he and co-author Cristina Alaimo posit that data are a fluid cultural record, rather than a static statistical entity. He and Steve discuss the implications of this understanding of data for the security industry, from how it could change regulatory approaches to how we understand ourselves as humans in relation to data. Key Takeaways: 1. Kallinikos argues that data are not just statistical entities, but cultural entities that convey aspects of our world and reality. 2. Data are cultural records, not just statistical entities, and are fundamental to economic and social transformation. 2. Durbin and Kallinikos discuss concerns about data-driven perspectives reinforcing narrow worldviews. 3. Data regulation needs to reflect data’s interactive and morphing nature and serves to protect society from greedy companies. 4. Kallinikos warns that politics has become instinct-based, with little time for reflection. Tune in to hear more about: 1. Data’s role in society, economy, and transformation (0:00) 2. Data’s impact on society, culture, and individual perspectives, with a focus on regulation and balance (7:10) 3. Data as a living entity, challenges for security professionals, and need for education (18:01) 4. Data’s impact on society and politics, with a focus on education and government’s role in protecting data (23:15) Standout Quotes: 1. “Data are cultural elements and not statistical entities. It makes a whole lot of difference. By cultural entities, we mean that they are records by which we represent our world. and we act upon the world. We use them to produce, we use them to interact, we use them to communicate. In this respect, data are cultural records, once again, and not statistical entities or entities like those ones that contemporary data science debates.“ - Jannis Kallinikos 2. “Think how many things we can do that were out of reach before these beasts and these technologies and the data we produce in the facilities that they prepare for us, how many things we can do that were not virtually possible before. So there is a positive side to it. But as you English say, there is no free lunch in life. And this applies here. We win a lot. But there are also important things that we lose.“ - Jannis Kallinikos 3. “But these are difficult discussions to have in politics. Because they require a little bit of reflection, a step back, a little bit of time. Politics, for good or bad, has become very instinct based over the last three or four decades. Instinct based, more to react, target, and produce reactions of a particular type that are mostly emotional or instinctual.“ - Jannis Kallinikos Mentioned in this episode: Times Higher Education: We need a social science of data by Cristina Alaimo and Jannis Kallinikos ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

For our special Summer Listening series, we revisit some favorite listens: episodes that cover some of the most important, and current, issues in cyber. In today’s episode, Steve speaks with actress, voice coach, leadership consultant, and expert in core energetics, or body-led psychotherapy, Kate Montague. Kate discusses the effectiveness in taking time to reset, what happens when you stay connected to your body and your breath, how to take the temperature of the room when the rooms are remote, and more. Learn more about Kate Montague. Mentioned in this episode: Royal Central School of Speech and Drama Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management

For our special Summer Listening series, we revisit some favorite listens: episodes that cover some of the most important, and current, issues in cyber. Today, ISF CEO Steve Durbin is in conversation with Dr. Brian Cox, professor of Particle Physics at the University of Manchester. Dr. Cox worked on the ATLAS experiment at the Large Hadron Collider at CERN in Switzerland and has co-written several books on physics, including Why does E=mc2? and The Quantum Universe. He’s also known for appearances in many science programmes for BBC radio and television, including In Einstein's Shadow and the BBC Horizon series. Dr. Cox and Steve discuss how to translate a complex message to a lay audience, the need for intellectual honesty, and the value of play even in serious endeavors. Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management

For our special Summer Listening series, we revisit some favorite listens: episodes that cover some of the most important, and current, issues in cyber. In this episode, ISF CEO Steve Durbin speaks with computer programmer, philanthropist, and co-founder of Apple, Steve Wozniak. Woz reminisces about the past and looks into the future of Big Tech, and considers what both could mean for the future of security. Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management

For our special Summer Listening series, we revisit some favorite listens: episodes that cover some of the most important, and current, issues in cyber. In this episode, Steve speaks with a guest whose focus includes human culture, behavior, and storytelling: singer/songwriter and activist Sir Bob Geldof, lead singer of the Boomtown Rats and founding member of Band Aid, famous for raising money for Ethiopian famine relief. Steve and Sir Bob discuss the effect of the Covid19 pandemic on creativity, the political turmoil facilitated by rapidly advancing digital technology, Sir Bob’s hope for fresh ideas, the courage to embrace change, and more. Learn more about Sir Bob Geldof and the Boomtown Rats. Mentioned in this episode: Pete Briquette Simon Crowe Garry Roberts Vladimir Putin Xi Jinping Recep Tayyip Erdogan Boris Johnson Donald Trump Charles Darwin Sigmund Freud Karl Marx Live Aid Live 8 QAnon Thomas Piketty Shoshana Zuboff Marshall McLuhan Novacene: The Coming Age of Hyperintelligence by James Lovelock Richard Branson Bill Gates Steve Jobs Mark Zuckerberg Jack Ma Larry Page Sergey Brin Winston Churchill Alan Brooke George Bernard Shaw Tim Berners-Lee Johannes Gutenberg Colin Wilson The Rolling Stones Mick Jagger Keith Richards Billie Holiday John Lennon Paul McCartney Paul Allen Steve Wozniak Gaia Theory Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn From the Information Security Forum, the leading authority on cyber, information security, and risk management.

For our special Summer Listening series, we revisit some favorite listens: episodes that cover some of the most important, and current, issues in cyber. In this evergreen episode, Steve and Tavia discuss the constantly changing world of risk, what security can do to prepare for and mitigate risk, the role of the business leader, and the impact of risk management on strategy and business direction. Mentioned in this episode:ISF Analyst Insight Podcast Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management

Steve recently sat for an interview with veteran journalist Julie MacDonald for a feature with The European. Last week, we listened to the first part of that conversation, and today, we’re hearing the second. Julie and Steve talk about scenario planning, transparency within industries, and what good leadership looks like in this complex moment in history.Key Takeaways:1. Durbin emphasizes AI’s dependence on data integrity and the importance of starting with good data.2. Durbin discusses the challenges of geopolitical threats and market flux, and how organizations must prepare for an uncertain future.3. Durbin notes increased use of ISF’s supplier assessment tools to mitigate risks due to geopolitical tensions and COVID-19.Tune in to hear more about:1. Cyber security, AI, and data integrity (0:00)2. Cyber security threats, vulnerabilities, and supply chain risks (3:40)3. Risk management, leadership priorities, and the importance of collaboration (9:28)Standout Quotes:1. “Bear in mind that when it all comes crashing down, there isn't a piece of technology in the world that will get your systems back up and running. And so don't forget the role that people have to play. So look after the people, make sure that they understand the important role that they have, because I think all too often, we talk about them being the weakest link. Actually, they're the strongest link.“ - Steve Durbin2. “You have to focus on the crown jewels. That's your starting point. Very often, people will say to me, well, how much should we be spending? And my answer to that is, it depends. It depends on your risk profile, depends how nervous you are, it depends if you're going to enter new markets, it depends if you're coming out of markets. So you have to, as the leader of an organization, I think, juggle all of those things. And you have to do it in a very sort of swanlike way.“ - Steve Durbin3. “You will make mistakes. And the mistake itself isn't important. What is important is how you recover from that, and how you learn from it going forward. And how you share that with other people in your organization. And how you become very much more agile to take advantage of some of the opportunities that that might open up.“ - Steve DurbinMentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Steve recently sat for an interview with veteran journalist Julie MacDonald for a feature with The European. For the next two weeks, we’ll be presenting that conversation in two parts. In the first part, Julie and Steve discuss the regulatory landscape, improving communication across the business, and how enterprises can successfully marry technology with the human element of work. Key Takeaways: 1. Durbin emphasizes the importance of alignment in creating a culture that supports risk management and growth. 2. MacDonald emphasizes the need for transparency beyond organizational borders, including collaboration with competitors and regulators. 3. Large organizations have resources to keep up with supply chain risks, while midsize and small enterprises struggle. 4. Durbin stresses the need for basic security practices and security awareness training, providing feedback in real-time to help individuals remember what they should have done. Tune in to hear more about: 1. Cybersecurity risks and how businesses can manage them effectively (0:00) 2. Cybersecurity transparency, regulation, and communication (5:13) Standout Quotes: 1. “I think for security people, what they have to be better at is understanding the role that security plays in achieving the business objectives, the business strategy, because if they can do that, then suddenly they have the ear of the business. On the other side, from the business perspective, they need to understand the role that technology plays in achieving what they're trying to do. Because technology equals security equals risk.“ - Steve Durbin 2. “If you look at the way in which now, technology is all pervasive, we use different elements of technology to do our jobs. So we may be doing something on our own mobile phone, for instance, which we wouldn't have been doing before. So the importance of security awareness has actually increased significantly. “ - Steve Durbin Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, author and disability diversity expert Ruth Rathblott offers a fresh perspective on how we understand and approach diversity in the workplace. She and Steve discuss how DEI can benefit both your culture and your business, and they give practical tips for leaders looking to build a more inclusive environment. Key Takeaways: 1. Leaders need to go first in being vulnerable and trustworthy. 2. Hiding is universal and exhausting, and people fear judgement and rejection for keeping secrets. 3. Unhiding can increase staff retention and engagement. 4. Leaders who adopt unhiding can be more innovative and creative, and better connect with millennials and Gen Z employees. 5. Unhiding is the key to connection, and it will make leaders stronger and drive business results in today’s pandemic of loneliness. Tune in to hear more about: 1. Diversity, equity, and inclusion with a focus on disability inclusion (0:00) 2. Hiding and sharing personal aspects of one’s identity in the workplace, with a focus on disability and diversity (5:08) 3. Leadership vulnerability and creating a safe space for teams to thrive (10:26) 4. The benefits of “unhiding” in the workplace, leading to increased trust, retention, and innovation (14:41) 5. Uncovering hidden potential through self-awareness and connection (18:49) Standout Quotes: 1. It's funny, I was talking to a woman recently. And she said, I love this concept of hiding, I love the work that you're doing, Ruth, and as a leader, I will never unhide to my team. And I said, okay, why? And she said, because I don't trust them. And it got me into the space of thinking, Steve, that either she has the wrong team, or she's the wrong leader. Because if we can't trust our teams, why are we in this business? Because that's our job is to build teams that trust us, that work with us, that get us to our next level in terms of a company. And so how do we create those spaces? And it's by leaders going first, and being vulnerable. - Ruth Rathblott 2. “There is a privilege in being able to unhide. I recognize that. In terms of being able, whether you're in the securities industry or in a different industry, because there are still in 2024 reasons that people would be fearful, and for good reason be fearful, of sharing parts of themselves, for retaliation, et cetera. I think where I've seen the benefit and the other side is the retention increases. People feel better about the place that they work, because they don't feel like they have to hide that part of themselves. They feel like this is a company who understands me, I'm going to stay longer. They feel more engaged with their peers, because they're not hiding.” - Ruth Rathblott 3. “I use the methods of therapy. I use the methods of journaling. I use the methods of meditation, to just take a pause in our lives to say, what is holding me back? Where am I hiding part of myself to fit in for fear of judgment and fear of rejection? Take that inventory or that audit on yourself. Acknowledge it.” - Ruth Rathblott Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today is the second in a two-part conversation centered on cultural fluency with global leadership strategist and corporate coach Jane Hyun. Jane is the author of Leadership Toolkit for Asians: The Definitive Resource Guide for Breaking the Bamboo Ceiling and Breaking the Bamboo Ceiling: Career Strategies for Asians, and co-author of Flex: The New Playbook for Managing Across Differences. In this episode, Steve and Jane define cultural fluency and give more tips on fostering cohesion and innovation in global teams.Key Takeaways:1. To be effective in a global team with diverse languages and continents, leaders must recognize and attend to cultural differences.2. Mergers and acquisitions can fail due to cultural differences.3. In the security industry, retention is a significant issue, and creating a fun and thriving work environment can help address it.Tune in to hear more about:1. Cultural fluency and its importance in leadership, particularly when working with people from different backgrounds and cultures (0:00)2. Cultural fluency in the workplace (6:17)Standout Quotes:1. “It's actually about building leadership capacity to work across difference. And it's not just for one cultural group or another; it’s actually for everyone. To build that cultural self awareness and to create an environment where we can ask questions, thoughtfully, that we give some room to each other.” - Jane Hyun2. “If the leader can be attuned to those little things and show that kind of empathy that engages someone who feels, perhaps, kind of in the margins, or their voice is not always heard, I think that can make a tremendous difference in how they connect to your company, how loyal they are to you, and how much output you will get from their productivity as well.” - Jane HyunMentioned in this episode: Flex: The New Playbook for Managing Across Differences Breaking the Bamboo Ceiling: Career Strategies for Asians Leadership Toolkit for Asians: The Definitive Resource Guide for Breaking the Bamboo Ceiling ISF Analyst Insight Podcast Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today is the first in a two-part conversation centered on cultural fluency with global leadership strategist and corporate coach Jane Hyun. Jane is the author of Leadership Toolkit for Asians: The Definitive Resource Guide for Breaking the Bamboo Ceiling and Breaking the Bamboo Ceiling: Career Strategies for Asians, and the co-author of Flex: The New Playbook for Managing Across Differences. In this episode, Steve and Jane discuss how leaders can get the best out of their workers in a remote work environment and discuss practical ways leaders can facilitate productive meetings with teams spread out all over the world. Key Takeaways: 1. Leaders must cultivate self-awareness and recognition of areas for improvement in personal and professional growth. 2. Innovation can be driven by bringing different cultural norms and views together virtually. 3. Culturally adaptive facilitation can lead to more innovative ideas in remote settings. Tune in to hear more about: 1. Navigating cultural differences in business leadership (0:00) 2. Self-awareness and cultural understanding in business leadership (3:18) 3. Remote work, cultural perspectives, and effective meeting strategies (6:51) Standout Quotes: 1. “There's no way we can keep doing things the same way. Because if we do, we're gonna get nothing different, right? We’re not going to get the innovation that we want.” - Jane Hyun 2. “I just wanted to be accepted. I just wanted to be like everybody else. But then I realized, as I matured, there's nothing wrong with my cultural background, and really, I had to lean into who I was. The values that my parents and the things that I learned from my Korean community are really interesting and good and helpful, and could be a driver for innovation for the work that we do. And until I got to that point, I don't think my work was able to truly flourish in the way I could.” - Jane Hyun Mentioned in this episode: Flex: The New Playbook for Managing Across Differences Breaking the Bamboo Ceiling: Career Strategies for Asians Leadership Toolkit for Asians: The Definitive Resource Guide for Breaking the Bamboo Ceiling ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

In this episode, Steve speaks with Amanda Fennell, a security professional with over two decades in the industry who currently serves as CISO and CIO of Prove and adjunct professor of cybersecurity at Tulane University. She talks to Steve about why a CISO must be an educator at heart, how to embrace feedback in order to grow, and how young professionals can shape their careers in security as the role of the CISO evolves. Key Takeaways: 1. Important foundational principles in security include least privilege, risk mitigation, and vulnerability management. 2. Amanda Fennell suggests that new CISOs befriend their legal officers, in order to better understand security and risk. 3. Handing change can be a key indicator of high performance in security, with those who thrive in change being more likely to be high performers. Tune in to hear more about: 1. Teaching technical skills and emotional intelligence in a technical field (2:25) 2. Security leaders’ communication and education strategies (4:35) 3. Security fundamentals and vulnerability management (10:37) 4. Evolving role of CISOs, career progression, and coping with stress in security leadership positions (13:21) 5. Managing stress and mental health in leadership roles (18:57) Standout Quotes: 1. “It was a long, long time ago. My boss sat me down for a performance review and said, you have a reputation for not taking feedback well, because you're really sure that you're right. And I took that to heart. And for a long time, I did have to fake that feedback coming to me, like, ‘Thank you for the feedback. I'll think about this. That’s so …’ You know, whatever, and just freeze your face into a smile. Now, I love it. I invite it.” -Amanda Fennel. 2. I think that probably, my other big advice for people who are first-time CISOs who are new in their role: become good friends with your legal officer.That’s going to be your best friend on the team. They understand, especially if they have compliance and audit — those people, and I say this as someone who worked at a legal tech company, software for five years — but your legal officers understand security and risk really well. And they're going to help you to interpret and translate things often. And that has been one of my biggest helps in my career. -Amanda Fennell Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve is speaking with investigative tech journalist Geoff White, who has been covering tech and financial crime for more than 20 years. Listeners may be familiar with his popular podcast The Lazarus Heist for the BBC World Service, and now his new book, Rinsed: From Cartels to Crypto: How the Tech Industry Washes Money for the World's Deadliest Crooks, will be available from Penguin Random House next week. Steve and Geoff discuss current trends in organized cybercrime, how these criminals are—or maybe aren’t—adopting AI, and the difficulties law enforcement still faces in helping the victims of these crimes.Key Takeaways:1. Nation states and government agencies have been known to adopt tactics from organized crime gangs and activists – a sort of trickle-up effect.2. As technological advancements are presenting criminals with new avenues for money laundering, law enforcement is not always able to keep up and instead is having to prioritize high level crimes.3. The law enforcement landscape is a fast changing world, as agencies adapt and gain more awareness of cybercrime tactics relating to AI and cryptocurrencies.Tune in to hear more about:1. Cybercrime evolution, nation-state involvement, and tactics (3:31)2. AI use in cybercrime, potential for innovation and defense (8:29)3. Cybercrime and money laundering, with a focus on the role of technology and law enforcement (11:45)4. Cybercrime, crypto, and organized crime evolution (15:59)Standout Quotes:1. “Sometimes the tools of organized cybercrime, gangs, nation states have also learned from hacktivists. From leaks from people like WikiLeaks or from Anonymous, they've learned the damage that a leak can do a leak of information can do. And that's fed into that disinformation piece nation states now extremely astute at getting in stealing information and then weaponizing that information to change elections, to change people's attitudes, to influence world events, the nation states have got both feet in to this cybercrime game.” -Geoff White2. “I think maybe it's worth thinking like a criminal and understanding how thinking like a criminal is different to thinking like a different type of enterprise. The reason I enjoy thinking about organized crime and covering organized crime is because it's organized. These are networks, as you say, of professional, organized people. But they're not out to win customers. They're not like Microsoft and Google who wants to come out with innovation and innovative new products to win customers in their competition. No. They want to make money from victims. And frankly, as long as you're making enough money from your victims month in month out, you don't change. There's no reason to innovate. Crime gangs innovate when law enforcement and the force of authority stop them from making the money they usually make. That's when you innovate.” -Geoff White3. “I think there was a time when, frankly, explaining Bitcoin to sort of rank and file police officers was a struggle. I think those days are gone … There's been this realization that things like cryptocurrency is something that law enforcement needs to be on top of.” -Geoff White4. “As cryptocurrency gets larger, as more financial institutions get behind it, as governments get behind it, yes, it can make it more legitimate, it can expand the legitimacy of it. But it also creates more noise, if you like, for the criminals to hide.” -Geoff WhiteMentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Recently, British journalist Juliette Foster interviewed Steve for a feature in The European, and today we’re listening to that conversation. Steve and Juliette explore a range of topics, including how to get buy-in to your security strategy at all levels of the organization, how much security should cost, navigating the regulatory landscape, and which industries and enterprises Steve believes could be templates for security. Key Takeaways: 1. Good cyber strategy aligns with business strategy, is quantifiable, and involves all employees. 2. Durbin suggests involving security in project planning to avoid retrofitting security measures. 3. Durbin suggests that security teams need to spend more time explaining security implications to business leaders in a way they can understand. 4. Durbin suggests that leaders must create a personal investment in security by providing feedback and justifying costs in a way that resonates with each individual’s role and responsibilities. 5. Durbin highlights the evolving regulatory landscape, with a shift from standardization to protectionism and complexity for organizations. 6. Durbin highlights the evolving threat landscape, including malware, ransomware, and phishing attacks. Tune in to hear more about: 1. Aligning cybersecurity strategy with business goals and outcomes (1:36) 2. Cybersecurity strategies, testing, and budgeting (10:42) 3. Regulation complexity and its impact on businesses (18:00) 4. Cybersecurity investment, risk management, and emerging threats (22:44) 5. Evolving cyber threats and the importance of resilience (26:58) Standout Quotes: 1. “What is important for organizations is not to become over fixated on the threats — that’s necessary, obviously, to have a good defense — but also to figure out this whole notion of resilience. How quickly could we get our systems back up and running? How quickly could we get our organization functioning again? How are we going to recover our data? Where are we storing it? Those sorts of things.” - Steve Durbin 2. “... the crux of good cyber strategy is having an alignment with a business strategy happening in alignment with what it is that the organization is looking to do on a daily basis, which in the majority of cases is: increase revenue, increase shareholder value, deliver back to employees, customers, and to further the ideals of the organization.” - Steve Durbin 3. “So the role of the security leader in any budget cycle is to try to align whatever spend she or he wishes to have with the future direction of travel of that organization. And if you can start to do that, then the whole conversation becomes very much easier. But I'm not a huge fan of setting fairly random percentages, because I think it sends entirely the wrong message. You run the risk of overspend or underspend. And what you actually want to be doing is spending appropriately to deliver the right level of protection for your critical assets, for your company, for your employees, for your shareholders, so that you can continue to provide a thriving environment.” - Steve Durbin Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve is speaking about security leadership with executive coach and CEO and Founder of Serenity in Leadership Thom Dennis. Thom brings his expertise in psychology to bear in their discussion of the role of leaders in culture change, how to let go and trust your workforce, and practical tips for embracing the challenges leaders face day to day. Key Takeaways: 1. Fast-paced change and unease about people being away from work for extended periods of time are impacting leadership development. 2. Trust and clarity are key to successful remote work, letting go of control and setting clear objectives. 3. Incorporating breaks into work schedules serves to avoid burnout and increase productivity. 4. Thom Dennis predicts a shift in leadership thinking, where society’s demands will be prioritized over corporate standards. Tune in to hear more about: 1. Trust, fear, and delegation in leadership (3:56) 2. Creating space for focus, trust, and organizational leadership evolution (11:29) 3. Leadership evolution, prioritizing people over analysis, and fostering trust and community in organizations (17:22) Standout Quotes: 1. Let people go. Tell them what you want them to achieve, tell them what the objectives are, and then let them get on with it. There's this sort of sense of fear that one isn't going to be in control. So I think people have got to learn to trust, and to be very clear about what it is that they're looking for. And then letting go. And I think often, you will get a far better result from that. Above anything else, I think, in forcing the briefer to be absolutely clear about what they want to achieve, that can save an awful lot of time and money in and of itself. -Thom Dennis 2. Some people who write and have incredibly busy jobs, they're up at five o'clock, or even four o'clock, and they’re writing for an hour, and then they go to the gym, and then they … and so on. Whatever your routine is. But if they're doing that, they're probably in bed at eight o'clock in the evening. So look, a part of this is self discipline, isn't it? It’s deciding on your routine, and then doing whatever it is that you can do to keep yourself to it. -Thom Dennis 3. I think we need to create quiet spaces for ourselves so that we can actually hear our inner knowing. They say that there's more signals that go from the heart to the brain than the other way around. And they've identified that there are brain type cells in the heart, and also in the gut. So all these things people have been talking about oh, well, I just go by my gut feelings, well, that's not as silly as it sounds. And I think that leaders of the future have got to become just a little bit less — not totally, but a little bit less cerebral, and more in touch with their inner knowing. — Thom Dennis Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve is speaking with Erik Avakian, who served as CISO for the Commonwealth of Pennsylvania in the United States for more than twelve years before moving into the private sector, where he currently works as the technical counselor at Info-Tech Research Group. Erik brings his passion and experience to a lively conversation in which he and Steve discuss coping with change through multiple leadership turnovers, practical examples of how security leaders can demonstrate their department’s value to an organization beyond theoretical breach prevention, and overcoming challenges in the public and private sectors. Key Takeaways: 1. Embracing change in state/local government requires technical architecture and common architecture. 2. Public sector security faces unique challenges, including political considerations. 3. It’s critical for public funds to be used efficiently while also reducing duplication of work and building knowledge sharing across agencies. 4. Security testing and phishing simulations can demonstrate return on security investment, saving time and money in the long run. Tune in to hear more about: 1. Embracing change in security leadership in the public sector (0:00) 2. Building security foundations in public sector organizations (4:45) 3. Funding challenges in security, with tips for effective resource utilization, building strong teams, and collaboration (8:48) 4. Demonstrating security value to business leaders through cost-benefit analysis and service metrics (14:02) 5. Demonstrating security value to non-technical stakeholders through practical examples (18:33) Standout Quotes: 1. One of the reasons I love the industry and I loved the position of CISO is you're constantly trying to just improve, right? You're not trying to rebuild every, all the time. You know that the business might want to rebuild, but you're there to constantly improve that foundation, continuingly building your team, and continually building your capabilities. So regardless of who comes and goes, you have that foundation, and you continue to grow it. - Erik Avakian 2. It's really about enabling the business. How can we say yes, but do things more securely and put a positive spin on it? Whereas, you know, in the past, you know, security is looked at oh, these are the guys that say no. So really, a CISO's a partner to the business, a collaborator building relationships, and really, that's been the change, right? It's gone from less of a technical kind of a thing to being a coach, being a leader, and really working and building those relationships at the business level. - Erik Avakian 3. I look at it as almost like a baseball team. So in the baseball world, you have a catcher, you have a pitcher, you have all these people on the field. And it's identifying what are the strengths of your team, and letting those players — if we look at it from that perspective — letting them thrive, letting them grow in the position that they're passionate about. And then you can just grow in that passion, give them the training, give them extra training, helping them build where they're really good at and what they really like to do. And then the baseball world is that example. We wouldn't necessarily make the pitcher catch — they might not be comfortable with that — or the catcher pitch, and all sorts of other things. Because they do what they do well, that's their position on the field. And what I've found is that if we can do that, we can build our teams and build rock stars out of them in the places where they really are passionate about, then we have retention. I think my retention throughout my tenure was almost 99%, because I looked at people as to what drives them. - Erik Avakian Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve and producer Tavia Gilbert discuss the impact artificial intelligence is having on the threat landscape and how businesses can leverage this new technology and collaborate with it successfully. Key Takeaways: 1. AI risk is best presented in business-friendly terms when seeking to engage executives at the board level. 2. Steve Durbin takes the position that AI will not replace leadership roles, as human strengths like emotional intelligence and complex decision making are still essential. 3. AI risk management must be aligned with business objectives while ethical considerations are integrated into AI development. 4. Since AI regulation will be patchy, effective mitigation and security strategies must be built in from the start. Tune in to hear more about: 1. AI’s impact on cybersecurity, including industrialized high-impact attacks and manipulation of data (0:00) 2. AI collaboration with humans, focusing on benefits and risks (4:12) 3. AI adoption in organizations, cybersecurity risks, and board involvement (11:09) 4. AI governance, risk management, and ethics (15:42) Standout Quotes: 1. Cyber leaders have to present security issues in terms that board level executives can understand and act on, and that's certainly the case when it comes to AI. So that means reporting AI risk in financial, economic, operational terms, not just in technical terms. If you report in technical terms, you will lose the room exceptionally quickly. It also involves aligning AI risk management with business needs by you know, identifying how AI risk management and resilience are going to help to meet business objectives. And if you can do that, as opposed to losing the room, you will certainly win the room. -Steve Durbin 2. AI, of course, does provide some solution to that, in that if you can provide it with enough examples of what good looks like and what bad looks like in terms of data integrity, then the systems can, to an extent, differentiate between what is correct and what is incorrect. But the fact remains that data manipulation, changing data, whether that be in software code, whether it be in information that we're storing, all of those things remain a major concern. -Steve Durbin 3. We can’t turn the clock back. So at the ISF, you know, our goal is to try to help organizations figure out how to use this technology wisely. So we're going to be talking about ways humans and AI complement each other, such as collaboration, automation, problem solving, monitoring, oversight, all of those sorts of areas. And I think for these to work, and for us to work effectively with AI, we need to start by recognizing the strengths both we as people and also AI models can bring to the table. -Steve Durbin 4. I also think that boards really need to think through the impact of what they're doing with AI on the workforce, and indeed, on other stakeholders. And last, but certainly not least, what the governance implications of the use of AI might look like. And so therefore, what new policies controls need to be implemented. -Steve Durbin 5. We need to be paying specific attention to things like ethical risk assessment, working to detect and mitigate bias, ensure that there is, of course, informed consent when somebody interacts with AI. And we do need, I think, to be particularly mindful about bias, you know? Bias detection, bias mitigation. Those are fundamental, because we could end up making all sorts of decisions or having the machines make decisions that we didn't really want. So there's always going to be in that area, I think, in particular, a role for human oversight of AI activities. -Steve Durbin Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

This is the second of a two-part conversation between Steve and Brian Lord, who is currently the Chief Executive Officer of Protection Group International. Prior to joining PGI, Brian served as the Deputy Director of a UK Government Agency governing the organization's Cyber and Intelligence Operations. Today, Steve and Brian discuss the proliferation of mis- and disinformation online, the potential security threats posed by AI, and the need for educating children in cyber awareness from a young age. Key Takeaways: 1. The private sector serves as a skilled and necessary support to the public sector, working to counter mis- and disinformation campaigns, including those involving AI. 2. AI’s increasing ability to create fabricated images poses a particular threat to youth and other vulnerable users. Tune in to hear more about: 1. Brian gives his assessment of cybersecurity threats during election years. (16:04) 2. Exploitation of vulnerable users remains a major concern in the digital space, requiring awareness, innovative countermeasures, and regulation. (31:0) Standout Quotes: 1. “I think when we look at AI, we need to recognize it is a potentially long term larger threat to our institutions, our critical mass and infrastructure, and we need to put in countermeasures to be able to do that. But we also need to recognize that the most immediate impact on that is around what we call high harms, if you like. And I think that was one of the reasons the UK — over a torturously long period of time — introduced the The Online Harms Bill to be able to counter some of those issues. So we need to get AI in perspective. It is a threat. Of course it is a threat. But I see then when one looks at AI applied in the cybersecurity test, you know, automatic intelligence developing hacking techniques, bear in mind, AI is available to both sides. It's not just available to the attackers, it's available to the defenders. So what we are simply going to do is see that same kind of thing that we have in the more human-based countering the cybersecurity threat in an AI space.” -Brian Lord 2. “The problem we have now — now, one can counter that by the education of children, keeping them aware, and so on and so forth— the problem you have now is the ability, because of the availability of imagery online and AI's ability to create imagery, one can create an entirely fabricated image of a vulnerable target and say, this is you. Even though it isn’t … when you're looking at the most vulnerable in our society, that's a very, very difficult thing to counter, because it doesn't matter whether it's real to whoever sees it, or the fear from the most vulnerable people, people who see it, they will believe that it is real. And we've seen that.” -Brian Lord Mentioned in this episode: • ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

This episode is the first of two conversations between Steve and Brian Lord, who is currently the Chief Executive Officer of Protection Group International. Prior to joining PGI, Brian served as the Deputy Director of a UK Government Agency governing the organization's Cyber and Intelligence Operations. He brings his knowledge of both the public and private sector to bear in this wide-ranging conversation. Steve and Brian touch on the challenges small-midsize enterprises face in implementing cyber defenses, what effective cooperation between government and the private sector looks like, and the role insurance may play in cybersecurity.Key Takeaways:1. A widespread, societal approach involving both the public and private sectors is essential in order to address the increasingly complex risk landscape of cyber attacks.2. At the public or governmental levels, there is an increasing need to bring affordable cyber security services to small and mid-sized businesses, because failing to do so puts those businesses and major supply chains at risk.3. The private sector serves as a skilled and necessary support to the public sector, working to counter mis- and disinformation campaigns, including those involving AI.Tune in to hear more about:1. The National Cybersecurity Organization is part of GCHQ, serving to set regulatory standards and safeguards, communicate novel threats, and uphold national security measures in the digital space. (5:42)2. Steve and Brian discuss existing challenges of small organizations lacking knowledge and expertise to meet cybersecurity regulations, leading to high costs for external advice and testing. (7:40)Standout Quotes:1. “...If you buy an external expertise — because you have to do, because either you haven’t got the demand to employ your own, or if you did the cost of employment would be very hard — the cost of buying an external advisor becomes very high. And I think the only way that can be addressed without compromising the standards is of course, to make more people develop more skills and more knowledge. And that, in a challenging way, is a long, long term problem. That is the biggest problem we have in the UK at the moment. And actually, in a lot of countries. The cost of implementing cybersecurity can quite often outweigh, as it may be seen within a smaller business context, the benefit.” -Brian Lord2. “I think there probably needs to be a lot more tangible support, I think, for the small to medium enterprises. But that can only come out of collaboration with the cybersecurity industry and with government about, how do you make sure that some of the fees around that are capped?” -Brian LordMentioned in this episode:ISF Analyst Insight Podcast Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve is in conversation with AI expert Eric Siegel. A former professor at Columbia University, Eric is the founder of the long-running Machine Learning Week conference series and a bestselling author. His latest book, The AI Playbook, looks at how businesses outside Big Tech can leverage machine learning to grow. He and Steve discuss the differences between generative and predictive AI, the most effective ways to implement AI into an organization’s operations, and how we might expect this technology to be useful in the future. Key Takeaways: 1. No matter how controlled or well thought out a project is, any project relying on AI is only as good as its data inputs. 2. The more we learn to differentiate types of AI and apply their functions skillfully, the more we will learn about what is possible. 3. As predictive AI systems emerge, applying quality data analysis to a well chosen project could make a measurable difference for a company’s bottom line. Tune in to hear more about: 1. Designing a project involving predictive analytics does require quality data and specific domain areas. (3:00) 2. Generative analytics is still in early stages, and popular notions around its use currently differ from what can reasonably be expected or achieved (4:42) 3. Using AI to work with errors and improve a system requires quality data and carefully applied labels (11:59) Standout Quotes: 1. “It's absolutely critical to have a fine scope, a reasonable scope, well defined for the first project. But the most well defined, sort of, well, scoped project is, in another way, the biggest because really what we're talking about, if you're looking at what should your first opportunity be with predictive AI that you want to pursue, it should be your largest scale operation that stands to improve the most, and that even an incremental improvement provides a tremendous bottom line. -Eric Siegel 2. “ … It's such a funny time, because predictive and generative are really apples and oranges. They're both built on machine learning, which learns from data to predict. But generative isn't a reference to really something specific in terms of the technology; it's just how you're using it, which is to generate new content items. So, writing a first draft in human language, like English, or of code, or creating a first image or video — these endeavors typically need a human in the loop to review everything that it's generated. They're not autonomous. And the question is, how autonomous could they be?” -Eric Siegel 3. “You can only predict better than guessing, which turns out to be more than sufficient to drive an improvement to the bottom line. So who's going to click, buy, lie or die, or commit an act of fraud, or turn out to cancel or be a bad debtor? These are human behaviors for those examples, or it could be a corporate client, or it could be a mechanism like a satellite, or the wheel of a train that might fail. But whatever it is, we don't have clairvoyance or a magic crystal ball. We can't expect your computers to, either. So it's about tipping the odds in these numbers games and predicting better than guessing … no matter how good the data is and how devoid of wrong values and those types of errors, you're still going to have that limitation. There’s still a ceiling. No matter how advanced the method is, it's not going to become supernatural. There's a thing called chaos theory, which basically says that even if you knew all the neurons of every cell of the person's brain, you wouldn't necessarily be able to predict very far into the future. And of course, we don’t. So it's always limited data anyway.” -Eric Siegel 4. “I wrote this new book, The AI Playbook, because we need an organizational practice to make sure that we're sort of planning the project not just technically but organizationally and operationally, so that it actually gets deployed and makes a difference and actually improves operations. And in general, the awareness and understanding of it and how it can be integrated into organizations is still only improving.” -Eric Siegel Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve is speaking with Mariarosaria Taddeo, Professor of Digital Ethics and Defence Technologies and Dslt Ethics Fellow at the Alan Turing Institute. Mariarosaria brings her expertise as a philosopher to bear in this discussion of why and how we must develop agreed-upon ethical principles and governance for cyber warfare. Key Takeaways: 1. As cyber attacks increase, international humanitarian law and rules of war require a conceptual shift. 2. To maintain competitive advantage while upholding their values, liberal democracies are needing to move swiftly to develop and integrate regulation of emerging digital technologies and AI. 3. Many new technologies have a direct and harmful impact on the environment, so it’s imperative that any ethical AI be developed sustainably. Tune in to hear more about: 1. The digital revolution affects how we do things, how we think about our environment, and how we interact with the environment. (1:10) 2. Regardless of how individual countries may wield new digital capabilities, liberal democracies as such must endeavor tirelessly to develop digital systems and AI that is well considered, that is ethically sound, and that does not discriminate. (5:20) 3. New digital capabilities may produce CO2 and other environmental impacts that will need to be recognized and accounted for as new technologies are being rolled out. (10:03) Standout Quotes: 1. “The way in which international humanitarian laws works or just war theory works is that we tell you what kind of force, when, and how you can use it to regulate the conduct of states in war. Now, fast forward to 2007, cyber attacks against Estonia, and you have a different kind of war, where you have an aggressive behavior, but we're not using force anymore. How do you regulate this new phenomenon, if so far, we have regulated war by regulating force, but now this new type of war is not a force in itself or does not imply the use of force? So this is a conceptual shift. A concept which is not radically changing, but has acquired or identifies a new phenomenon which is new compared to what we used to do before.” - Mariarosario Taddeo 2. “I joke with my students when they come up with this same objection, I say, well, you know, we didn't stop putting alarms and locking our doors because sooner or later, somebody will break into the house. It's the same principle. The risk is there, it’s present. They’re gonna do things faster in a more dangerous way, but if we give up to the regulations, then we might as well surrender immediately, right?” - Mariarosario Taddeo 3. “LLMs, for example, large language models, ChatGPT for example, they consume a lot of the resources of our environment. We did with some of the students here of AI a few years ago a study where we show that training just one round of ChatGPT-3 would produce as much CO2 as 49 cars in the US for a year. It’s a huge toll on the environment. So ethical AI means also sustainably developed.” - Mariarosario Taddeo Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

A repeat of one of our top episodes from 2023:October is Cyber Awareness Month, and we’re marking the occasion with a series of three episodes featuring Steve in conversation with ISF’s Regional Director for Europe, the Middle East and Africa, Dan Norman. Today, Steve and Dan discuss the importance of cyber resilience and how organisations can prepare for cyber attacks.Mentioned in this episode:ISF Analyst Insight Podcast Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today’s episode was recorded at ISF’s 2023 Congress in Rotterdam. Steve sat down with Tali Sharot, professor of neuroscience at University College London, to talk about her fascinating research on optimism bias. Tali offers fresh, evidence-based ideas on effective communication for security leaders seeking to present their message to their board and raise cyber awareness within the organisation. Key Takeaways: 1. Innately, the brain is an optimist. 2. Implications for the business community. 3. Present bias means that people care more about now than the future. 4. Data is key, and pairing anecdotes with data can be more effective. Tune in to hear more about: 1. Sharot’s research about how emotion affects memory (0:28) 2. Optimism bias has implications for the way we evaluate risk (4:25) 3. Sharot considers present bias and how it shows up in organisations (9:39) 4. Why storytelling is so effective when paired with data (15:30) Standout Quotes: 1. “It turns out that in behavioral economics, there was quite a lot of research about this thing called the optimism bias, which is our tendency to imagine the future as better than the past, than the present. And that's exactly what I was seeing in this experiment. And that was really the first experiment that I did looking at what goes on inside the brain that causes us to have these kind of rose-colored glasses on when we think about the future.” -Tali Sharot 2. “What we find again and again is that people underestimate the risk. And that's, of course, a problem. And it's not just underestimating risk. People also underestimate how long projects will take to complete, how much it would cost, underestimating budgets. All these are related to this phenomena of the optimism bias. And so it's really difficult to try to convince people that their estimate is incorrect. Because what we found is that if you give people information to try to correct their estimate, and you tell them actually, it's much worse than what you thought, your risk is much higher than what you're thinking, people don't take that information and change their belief to the extent that they should. They do learn a little bit, but not enough … However, if you tell them actually, you don't have as much risk as you think, you're in a great position, then they learn really quickly.” -Tali Sharot 3. “The immediacy is quite important, because we have what's called a present bias. We care more about the now than the future. In general, even if we're not aware of that.” -Tali Sharot 4. “And what stories do, they do a few things. First of all, we're more likely to attend to stories, right to listen, they're more interesting, they're more colorful, they're more detailed, we're more likely to remember them, partially because they usually elicit more emotion than just the data. So it's good to pair the two, to have the anecdote that kind of illustrates the data that you already have in hand.” -Tali Sharot Mentioned in this episode: Human-centred Security: Positively influencing security behaviour ISF Analyst Insight Podcast books by Tali Sharot Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

This week, we’ve got another fascinating conversation recorded at the 2023 ISF Congress in Rotterdam. This time, Steve speaks with generative AI expert Nina Schick. Nina and Steve discuss how AI, along with other technological trends that are evolving at exponential speed, are shaping both geopolitics and individual lives. Key Takeaways: 1. Generative AI is reshaping the geopolitical landscape. 2. Educating ourselves and others about the implications of quickly evolving tech in global affairs. 3. Industries struggling to regulate exponential technology. 4. There are more questions than answers as we look to the future in tech. Tune in to hear more about: 1. AI’s geopolitical impacts (3:13) 2. Learning about how tech is impacting global affairs (9:53) 3. Regulation challenges (11:55) 4. Nina Shick’s take on the economics of generative AI (16:27) Standout Quotes: 1. “As the oil economies of Saudi Arabia and UAE seek to diversify away from oil and energy, one of the things that they're doing is trying to become very high tech economies when artificial intelligence is absolutely leading the way with these strategies. And there's so much money going to be invested in the Gulf in the coming decade when it comes to artificial intelligence. Again, even though these are relatively small countries, they are perhaps going to punch above their weight when it comes to power that is harnessed by artificial intelligence. And that means in a military sense, in an economic sense, and ultimately, you know, a geopolitical sense.” -Nina Schick 2. “I think the harder thing also are the non technical solutions – you know, education, literacy – how do people get upskilled in terms of understanding the new capabilities of artificial intelligence and how they will be deployed in their respective domains? So I think it's not only that there are technical solutions, there are also societal and learning solutions which perhaps we're going to have to get on top of very, very quickly.” -Nina Schick 3. “Regulators have to work with industry. There's no way they can do this themselves. And already in many of the kind of more promising areas with dealing with some of the challenges, such as information integrity, when you come to questions like provenance, you see industry championing the way and supporting regulators.” -Nina Schick 4. “Will there be economic value associated with AI? I think, absolutely. But the question is, how's that going to be distributed? And is it going to be monopolized? So that's going to happen with regards to the tech giants, who I think will become very, very, very powerful. I think this will continue to be a priority of utmost importance to governments. I think this challenge, or this kind of race between China and the US with regards to artificial intelligence will continue to play out. I think the Middle East is going to become a strong contender. And I suspect Europe might fall behind a little bit … And actually, I think that this technology is also going to be in the hands of millions of people.” -Nina Schick Mentioned in this episode: Threat Horizon 2024: the Disintegration of Trust ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

This week, we have a rare repeat guest on the podcast. Listeners may remember innovator and thought leader Peter Hinssen from the 2019 ISF Congress in Dublin. We had him back this year at ISF’s 2023 Congress in Rotterdam. He and Steve had a chance to talk about the future of work post-pandemic. Their conversation offers lots of practical tips for leaders working to prevent workforce burnout and how boards can approach adopting new technologies like AI.Key Takeaways:1. COVID has made lasting impacts on the future of work. 2. Annual budgets and other commonly used business practices are in the process of evolving into ones that are more malleable and adaptive.3. Companies will need to reinvent themselves to thrive in the new “never normal.”4. With the rise of AI and large language models, organisations do have a lot of work ahead.Tune in to hear more about:1. COVID’s impact on the future of work (1:40)2. Sunsetting pre-pandemic business norms while imagining new ones (2:47)3. Companies in every sector will be reinventing themselves in order to thrive in the new “never normal.” (6:33)4. As AI and large language models are integrated into global business, what’s next for business leaders? (14:12)Standout Quotes:1. “One of the good things I think that we've gotten back from COVID or that we've retained from COVID is that I think the acceleration of the future of work has really happened. I think we're now seeing companies that clearly see that the way we did HR, employment, and work pre pandemic, we can't just hope that that is going to come back. And I think that is a fundamental change that I think was really something that the pandemic helped us with.” -Peter Hinssen2. “But you know, that stronghold, that idea, that framework of an annual budget that we've held on to for such a long time is very difficult to actually give up. But I think it's exciting, because I think in this never normal, we're going to see new mechanisms and new ideas and new concepts and new governance ideas that are going to come to fruition. But at this moment, we're still very much in that transition.” -Peter Hinssen3. “I really believe after a decade of unicorn applause, we're now going to have a decade of potential phoenixes out there. And I think a big part as a leader in such a phoenix transformation is to actually give your workforce, your people that sense of we're going to do this together.” -Peter Hinssen4. “We're going to have to deal with that governance of content, unstructured flows, and that's a whole new kettle of fish that we have to understand. New technologies, new mechanisms, new ways of dealing with that. And I think it's going to open up a huge opportunity in terms of thinking about risk and thinking about security in that context. So I don't think you can ignore this. This is the biggest thing that I have ever seen in 30 years in IT. And if you're not on top of this, you're gonna be behind … And I think honestly, more and more boards are going to need to figure out how to build the skills and the mechanisms and the place to discuss these things that are not just compliance with the tsunami, but also the innovations that you cannot afford to miss. And I think, honestly, that's going to change the dialogue in the board quite a bit.” -Peter HinssenMentioned in this episode: Remote Working and Cyber Risk Threat Horizon 2025: Scenarios for an uncertain future - full report (ISFLIve) ISF Analyst Insight Podcast The Phoenix and the Unicorn Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve is in conversation with Christy Pretzinger, founder, president and CEO of WriterGirl. Over the past 20 years, Christy has grown the company from a modest freelance writing business into a healthcare content consultancy. She speaks with Steve about some of the practical tools she has implemented in order to grow the company’s culture, the role of leadership in training and retaining emotionally intelligent employees, and the impact her focus as a leader on the company’s cultural balance sheet has had on their financial balance sheet.March 8th is International Women’s Day and we want to mark the occasion and make sure you haven’t missed our many valuable episodes with Steve in conversation with women in leadership. So we’ve put together a specially curated playlist featuring the best of women in leadership, and we want to give you special access. All we ask in return is this: just rate and review the ISF podcast on Apple Podcasts, Spotify, or wherever you listen, send a screenshot of that rating and review to [email protected], and I’ll send you back special access to the curated playlist.Key Takeaways: Leaders should track their cultural balance sheet just as they watch their financial balance sheet. A leader who is intentional about culture increases employee retention. Helping employees grow in emotional intelligence as the company grows can make work more productive and rewarding for everyone, especially clients. Technology is never the answer to a people problem, and it will never replace human connection. Tune in to hear more about:1. Pretzinger’s story of growing her business (1:45)2. The cultural balance sheet and how leaders can create a corporate culture based on emotional intelligence (2:40)3. Preventing employee turnover (9:09)4. Implementing new technological solutions with sensitivity to employee experience and client needs (11:26)5. The need for human connection in business even was we advance technologically (15:46)6. Building a team that works from home (16:34)7. Intentionality when building culture (17:10)Standout Quotes:1. “Anyone who looks at a balance sheet knows that employee turnover is a hidden cost. It doesn't show up on a balance sheet. And I can count on one hand the number of people that have left our organization. And in fact, I don't even need the whole hand. And many people who leave continue to work with us on a contracted basis, so there is very, very little turnover. And even our younger employees expressed interest in retiring from this organization, which is really great.” - Christy Pretzinger2. “We had everybody do a day-long workshop. And it was incredibly revealing. It took a lot of time. And it was very … I guess the things that I look for when we do these things are what Brené talks about is what every human wants is love and belonging. They want love and belonging, and they want to know that they matter.” - Christy Pretzinger3. “About retention: I think about, obviously, a hidden cost on the balance sheet. But what I think about too, is all of that intellectual property walking out your door. You know, you've got ,we have people who have been here, I think, my longest employee is 13 years, I think. She started right after she got married, and now she has five kids. So I've literally watched her grow up. If she walked out that door, and we were so much smaller, she literally built the sales department and built the CRM tool, and still worked very heavily in contributing to that — if she walked out the door, it would be devastating. But yet, that's not going to show up on a balance sheet. .” - Christy Pretzinger4. “So I still think that there is a tremendous place for — and not only a place but a need and a yearning for true human connection. And because I own a virtual organization, I know that you can have true human connection virtually, but it does require a camera.” - Christy PretzingerMentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today, Steve is speaking with American football coach Randy Jackson. During his 30-year tenure coaching high school football in Texas, Randy earned a reputation for transforming struggling programs. In 2022, in a move reminiscent of Ted Lasso, he moved to Germany to coach the Potsdam Royals, and with Jackson as the offensive coordinator, the Royals went all the way to the German Bowl. When he’s not coaching football, Randy is a business consultant. Today, he and Steve talk about how he applies his experience as a football coach in the business world. They go beyond sport cliches and dig into some concrete ways leaders can build the culture of their organisation.Key Takeaways:1. At its inception, any organisation can benefit from building relationships and establishing a shared vision.2. Leaders will do well to speak up frequently, reminding teams of shared aims.3. When something goes wrong (or right!) it can be a good time to reflect, or as Randy puts it, perform an autopsy.Tune in to hear more about:1. Establishing a shared vision, charting a collective course. (3:50)2. Staying vocal as a leader. (6:05)3. Whether something goes to plan or not, an autopsy of the scenario can be a helpful way forward. (10:06)Standout Quotes:1. “So this is an activity I always do, and I did this in Germany, but close your eyes and then turn around three times, and then point True north. Well, I don't know how many people are in the room, but let's say I had 50. You're going to have 50 fingers pointing in all different directions. And so what we're going to do is, people will point in the same direction if you give them something to point at. And what you're in on you're in with.”” -Randy Jackson2. “And if you'll talk about it, you can achieve it, but you can't talk about it once a week – you must talk about it. So whatever you want, I think every leader should say, here are the three things I want. You got to talk about those three things every day.” -Randy Jackson3. “And the autopsy is about improvement, right? It's not about finger pointing, it's about trying to figure out how the collective can, if they hit that situation, again in the future, can adapt or behave differently.” -Steve DurbinMentioned in this episode: Building Tomorrow’s Security Workforce ISF Analyst Insight Podcast Titles by Randy Jackson Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today's installment of the ISF Podcast revisits an earlier episode published February of 2023. In this episode, ISF CEO Steve Durbin is speaking with author and former Chief Business Officer of Google X Mo Gawdat. Mo and Steve discuss the complicated relationship humans have with technology, particularly AI, and how both individuals and businesses can navigate that wisely. Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management

Steve is in conversation with quantum computing expert Konstantinos Karagiannis. Konstantinos is the Director of Quantum Computing Services at Protiviti, where he helps companies prepare for quantum opportunities and threats. He talks to Steve about how this nascent technology is already a security concern and what security leaders can do now to prevent problems down the road. He also offers ideas for overcoming the skills shortages that both the security and quantum computing fields face. If you’re interested in discovering more about the technological implications of automation, machine learning and quantum computing, download the ISF’s Threat Horizon 2025: Scenarios for an uncertain future report, available to members on ISF Live. Not a member? Get in touch with your regional director today at https://www.securityforum.org/contact/. Research: Threat Horizon 2025: Scenarios for an uncertain future - full report (ISFLIve) Key Takeaways: 1. It’s a big year for compliance. Per NIST, companies are asked to start their plans for migration in 2024. 2. Konstantinos sees a need for quantum programs at the university level. 3. Where quantum is today is just a glimpse of where it’s going. Tune in to hear more about: 1. The future is now! (4:38) 2. What can be done at the university level to resource the industry (7:45) 3. Quantum computing speeds as an advantage (12:17) Standout Quotes: 1. “It'll be time for companies, starting in 2024, to start their plans for migration. In the US, the White House has already telegraphed what's going to be expected of federal agencies. They published the NSM-10 memo, which states that once the finalists are out, you have to have a plan for migration, the timeline for deprecation of ciphers, all these steps are going to kick in.” -Konstantinos Karagiannis 2. “I don't see any university have that set for a quantum program. Like, you can't just go, come out, and like, we know that we can hire you to like, implement algorithms. There's no such thing. And I'd like to see that kind of preparation, so within a few years, we've got a whole crew of folks ready to at least implement algorithms. They might not be able to create a brand new one, but there's only a few dozen of them in the world anyway.” -Konstantinos Karagiannis 3. “Quantum works well on simulations. You could simulate up to like, 50 qubits, let's say, and you can make sure your algorithm works right. And you could torture test it. And then when you're ready to actually run it, that's when you pay for what we call shots, which is just runs on a quantum computer. So yeah, you might work on this, tweak it all month, and then you spend $1,000, let's say, and you do your runs, and you're good. You're done.” -Konstantinos Karagiannis Mentioned in this episode: Threat Horizon 2025: Scenarios for an uncertain future – executive summary ISF Analyst Insight Podcast Chicago Quantum Exchange Recent work on Quantum Portfolio Optimization Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Today’s episode is the second part of journalist Nick Witchell’s conversation with Steve at the 2023 ISF Congress in Rotterdam. As organisations become increasingly data-driven, technologies like artificial intelligence and quantum computing will have a huge impact on data security. Today, Steve looks at how security professionals can help their organisations adopt these technologies safely and smartly.Key Takeaways:1. Trade policy is feeling the effects of geopolitical conflicts.2. Major technological advancements are not without environmental impact.3. Business leaders would do well to remember that data in any quantitity can be faulty, can be tampered with, making regulation and collaboration all the more important.Tune in to hear more about:1. Conflicts such as the war in Ukraine shine a particular light on organisations’ areas of vulnerability. (2:42)2. In the context of global warming, quantum computing poses major challeges. (5:50)3. As quantity of data increases exponentially, so does the importance of quality. (9:33)Standout Quotes:1. “I think that the situation in the Ukraine, in particular, was a huge wake up call for a lot of organisations and a lot of individuals. I think very few people actually understood the way in which complex supply chains today actually operate. We do take things for granted, don't we?” -Steve Durbin2. “Quantum computing requires immense computing power. Immense computing power requires a huge amount of electricity and generates a huge amount of heat. So if you think about all of those things in the environmental context, we really do need to figure out how we're going to exist in a world where global warming is a reality, where we are really driving as hard as we can in pursuit of different technological answers.” -Steve Durbin3. “My biggest concern, the biggest threat that I see is data that has been tampered with. Because you or I may look at something and think that doesn't look quite right, so we'll dig into it. A machine doesn't necessarily do that.” -Steve DurbinMentioned in this episode: Securing the Supply Chain During periods of instability Threat Horizon 2025: Scenarios for an uncertain future – executive summary ISF Analyst Insight Podcast Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and TwitterFrom the Information Security Forum, the leading authority on cyber, information security, and risk management.