The Cybersecurity Readiness Podcast Series

How do you make security a first-class citizen of the software development process? According to an industry report, “many information security engineers don’t understand software development—and most software developers don’t understand security. Developers and their managers are focused on delivering features and meeting time-to-market expectations, rather than on making sure that software is secure.” Harshil...
In a wide-ranging discussion, Vishal Salvi, CISO & Head of Cyber Practice at Infosys, sheds light on a range of topics from CISO empowerment to creating and sustaining a high-performance information security culture. He highlights the importance of “delivering on your agenda” for CISOs to gain trust and credibility. Vishal also recommends making the CISO...
Using compelling stories and metaphors, Ted Harrington, author of Hackable: How To Do Application Security Right, and Executive Partner at Independent Security Evaluators, explains the process of hacking and the importance of being able to think like a hacker. He encourages leaders to get excited about information security investments and look for ways of gaining...
“The story of the RMS Titanic has served as a grim reminder that regulatory compliance does not guarantee safety or security. The ship was carrying 2,224 passengers and crew when it sank one April night in 1912, killing over 1,500 people. The designers of Titanic had followed the British Board of Trade by equipping it...
Security experts are split on cyber insurance and its place in business, with just as many arguing that it is a useless add-on as an essential business enabler. A KPMG study indicated that these policies were not overly trusted by business leaders. In this podcast episode, Erica Davis, Global Co-Head of Cyber, Guy Carpenter &...
The phenomenon of cyber trauma is very real and individuals and organizations are often not adequately prepared to deal with it. Patrick Wheeler, a Luxembourg-based cybersecurity practitioner and Director of the Cyber Wayfinder program, shares his experience in dealing with cyber trauma incidents. He also talks about the Cyber Wayfinder program that is designed to...
Art Ehuan, Vice President, Palo Alto Networks, and Former FBI Special Agent, discusses at length the unfortunate evolution and escalation of ransomware attacks. He explains how the threat actors have upped their game and are now engaging in double, triple, and quadruple extortions. While lamenting that “organizations continue to make the same mistakes,” Art also...
Cybersecurity communication should be simple, immersive, attractive, continuous, and multi-channel, says Marcin Ganclerz, a subject matter expert. He passionately argues for creating a ‘culture of enablement and not fear’ so employees can play a vital role in enhancing cybersecurity communication effectiveness. Marcin also shares several examples and best practices in support of his recommendations. Time...
In episode 18, Alan Mihalic, President IoT Security Institute, speaks to the challenges and success factors associated with securing Internet-of-Things (IoT) devices in smart supply chains. He draws upon the IoT Security Framework to share guiding principles and practices to help supply chain participants specify, procure, install, integrate, operate, and maintain IoT securely for smart...
When justifying cybersecurity investments, Andy Bates, Chief Development and Strategic Partnership Officer, Global Cyber Alliance, recommends making the business case from the standpoint of reducing the carbon footprint. He feels people will make a stronger emotional connection with the carbon reduction argument and thereby be more willing to fund and participate in cybersecurity initiatives. Changing...
Nadia El Fertasi, Human Readiness and Resilience Expert and former NATO senior executive, highlights the importance of leveraging emotional intelligence to create and sustain a healthy information security culture. During a very thought-provoking discussion, Nadja made some poignant statements and recommendations such as a) build a culture of empowerment and not fear, b) use empathy...
Renowned authority in human-technology interactions and Presidential appointee Prof. Missy Cummings of Duke University, spoke to the importance of understanding human motivation and behavior to proactively predict and detect deception. In a very candid and engaging conversation, Prof. Cummings expressed her concern about cybersecurity as a field not receiving the necessary scientific recognition and support....
Robert Austin, Professor, Ivey Business School, discusses the value of cyber-attack simulation by drawing upon the learning tool (IT Management Simulation: Cyber Attack!, Harvard Business School Publishing) that he has developed. Using powerful metaphors such as “it’s better to have a smaller portion of an expanding pie than to have an expanding portion of a...
“Cybersecurity is patient safety and patient safety is cybersecurity,” is how Stoddard Manikin, Chief Information Security Officer, Children’s Healthcare of Atlanta, described the significance of cybersecurity readiness in the healthcare sector. Speaking with exceptional clarity and eloquence, Stoddard traced the evolution of the cybersecurity threat landscape and governance approaches, before discussing in detail what it...
The incredibly articulate Anne Leslie, Threat Management Consultant, IBM Security, shares some powerful messages and recommendations on threat management. One such message is to nurture a Whole-of-Enterprise approach where “leaders believe that the people who work for them are not just as important as the systems and the data, they’re more important.” Anne also emphasizes...
Fly the Plane is how Dr. Timothy Chester, Vice President of Information Technology, The University of Georgia, characterizes his philosophy and approach to cybersecurity readiness. Dr. Chester spoke at length about a proactive approach to information security management anchored on strategic planning, senior leadership commitment, strong teamwork, sophisticated intelligence monitoring, and robust training and testing...
Driven by a mission and passion to fight online crime, Ori Eisen, Founder and CEO of Trusona, explains the fundamentals of passwordless authentication and why it is a superior and simpler way of securing access. He also dispels several myths and addresses potential adoption hurdles, ranging from incompatibility with legacy applications to transition costs, regulatory...
While small and medium-sized enterprises (SMEs) face the same cybersecurity issues as large enterprises, SMEs don’t have the resources to effectively manage those risks. Research reports reveal alarming statistics on the state of cyber readiness of SMEs — 60% of small businesses that are victims of a cyber attack go out of business within 6...
From the standpoint of cybersecurity governance, how does an organization stay on the right side of the law? Rois Ni Thuama, Ph.D. (Doctor of Law), Head of Cyber Governance, Red Sift, spoke with great clarity and eloquence in explaining what it means to practice good and sensible cyber governance. She emphasized the importance of looking...
In a very engaging and thoughtful discussion, Dr. Jimmie Lenz, Dir. Master of Engineering in FinTech and Master of Engineering in Cybersecurity at Duke University’s Pratt School of Engineering, spoke to the importance of a multidisciplinary and integrative approach to cybersecurity education. He emphasized the need for a very pragmatic approach to cyber education where...
Ram R. Kumar, Executive Director, AT&T Business, discusses at length significant cybersecurity governance issues, from achieving inter-and intra-organizational buy-in to employee empowerment, education and training, integration of security and development teams, vendor selection and monitoring, and more. Mr. Kumar also speaks to the operational realities and dilemma of speed vs safety and ethics vs loyalty....
Richard Biever, Chief Information Security Officer, Duke University, shares valuable insights on how to create an effective CISO function. In a wide-ranging and substantive discussion that touched upon key aspects of cybersecurity governance, Richard shared his philosophy and approach to a) building strong relationships, b) creating a strong sense of agency and ownership, c) communicating...
A widely reported 2019 survey found that 99% of the attacks are focused on exploiting human vulnerabilities by targeting people instead of computer systems and infrastructure. Some of the most significant data breaches were carried out after stealing login credentials from human actors. Jenny Radcliffe, also known as “The People Hacker,” a world-renowned Social Engineer,...
When top management proactively takes every possible precaution to protect sensitive data because it is the right thing to do and not because there is a legislative requirement, that’s when the organization would have taken a huge step forward in earning customer confidence and trust. Tushar Sachdev, Executive Vice President, and Chief Technology Officer, KORE...
Educational institutions have been the target and victim of ransomware attacks. Garry Scobie, Deputy Chief Information Security Officer, The University of Edinburg, spoke at length with Dr. Dave Chatterjee on protecting academic institutions from ransomware and other forms of cyber-attacks. The very engaging and informative discussion covered a lot of ground ranging from identifying the...
The recent ransomware attacks on Colonial Pipeline and JBS are grave reminders that organizations at all levels must constantly be in a high state of cybersecurity readiness and alert. This is no easy task as the points of vulnerabilities are numerous, especially the probability of humans falling prey to innovative hacking maneuvers. The senior leadership...
Welcome to the Cybersecurity Readiness Podcast! The Podcast serves to have a reflective, thought-provoking and jargon free discussion on how to enhance the state of cybersecurity at an individual, organizational and national level. Host Dr. Dave Chatterjee converses with subject matter experts, business and technology leaders, trainers and educators and members of user communities. He has...