Careers Information Security Podcast

The Information Security Media Group podcast with Debbie Wheeler, CISO of Fifth Third Bank focuses on the role of effective risk management for IT security and data leakage prevention. Debbie Wheeler, CISO of Fifth Third Bank discusses recent challenges and changes in the banking community. She highlights provisioning and options for preventing data leakage. The discussion includes how the role of the CISO is to overcome organizational resistance, and she also provides career advice for women in information security. · Their strategy for addressing data loss and leakage · Cost of adopting bleeding edge technologies · Why they offered a "business of banking class" to their IT staff · Aligning your controls to your actual level of risk

In this Information Security Media Group podcast Mark Lobel of PriceWaterhouseCoopers speaks to our audience and updates on recent trends in info security and the importance of effective benchmarking. Mark Lobel is a nationally known expert in information security who leads the PriceWaterhouseCoopers annual survey of Information Security trends. This podcast summarizes his latest findings regarding changing threats, convergence of security functions, and why despite a decrease in certain attacks many organizations are unable to know what is happening on their networks. He also discusses the importance of benchmarking and the components of effective metrics and benchmarking programs. The importance of actionable information and use of Security Information Management systems Changes in information security convergence and its return to an IT focus What factors predict fewer breaches and lower downtime Why many firms admit they really don't know what is occurring on their networks

Join Information Security Media Group's Richard Swart in a conversation with Nathan Johns, former Chief of Information Technology at the FDIC. Based on his years of experience with banks, technology and audits, Johns offers his thoughts on training (classroom, online and hands-on), as well as advice for people just embarking on a career in audits. Listen to gain insight on: Best-practices for auditor training; Key professional certifications; Today's trends and how they will impact tomorrow's IT audits.

Listen in to this Information Security Media Group podcast to hear from the CISO at Investors Bank & Trust talk about what makes successful training programs work. Jeff Bardin has a wealth of experience in developing training programs for a wide range of organizations. Previously he held CIO and Director level positions at organizations such as Arabian Data Systems, Centers for Medicare & Medicaid, Lockheed Martin, General Electric, and Marriott International. Bardin has performed HIPAA, GLBA and SOX assessments and support, documentation, certification and accreditation activities for government agencies with budgets more than $500 billion, over 1 billion in yearly transactions, and 6,000 employees in dozens locations nationwide. He has also authored several articles on information security, edited college textbooks, taught information security, IT governance and risk assessment methodology courses, and spoken at several industry conferences. Listen as Bardin explains why awareness training should be require

The Information Security Media Group podcast series continues with insights from Stephen Northcutt, CEO of the SANS Technology Institute, a postgraduate level IT security college, and an acknowledged expert in training and certification. He founded the Global Information Assurance Certification (GIAC) in 1999 to validate the real-world skills of IT security professionals. GIAC provides assurance that a certified individual has practical awareness, knowledge and skills in key areas of computer and network and software security. Northcutt is author/coauthor of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security 2nd Edition, IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials and Network Intrusion Detection 3rd edition. He was the original author of the Shadow Intrusion Detection system before accepting the position of Chief for Information Warfare at the Ballistic Missile Defense Organization. Stephen founded the GIAC certification

Information Security Media Group hears from Joyce Brocaglia, a leading information security recruiter and her thoughts on how the role of the CISO is evolving in companies and how corporate culture is shifting focus to the "risk strategic" role. Brocaglia discusses the differences between a technically focused CISO and a CISO with a holistic focus; What's driving change in information security; her advice to current and aspiring CISOs; and how to get your seat at the board table. With her 20 years of experience, Brocaglia shares her ideas on developing business understanding and how to learn leadership skills; why it's important to get out of your "comfort zone" and extend yourself to learn presentation skills; why CISOs must develop relationships and have the "soft skills" and not just technical skills in order to succeed. She also talks about what are some of the "must have" skills for information security officers; the convergence of physical and cyber security departments and why creating alliances betwee

Information Security Media Group's podcast series hosts Thomas Smedinghoff, a well known lawyer in the information security and privacy arena. Listen to him explain recent developments in the patchwork of information security laws. Some of the issues Smedinghoff covers include: the general duty of companies to protect data and how it goes beyond personal data; how basic definition of legal standard in regards to information security are beginning to come in focus; laws that impose duty to warn others (including customers) of a data breach. He explains while regulations such as Gramm-Leach Bliley Act and Sarbanes Oxley may catch the headlines, there are many others that include information security duties, including state laws and laws specific to certain industry sectors that you need to know. Smedinghoff also discusses why when making a representation about your data security practices, "Only say what you do, and do what you say" is a good rule to follow. Smedinghoff offers insight into the definition of "re

Listen to this latest podcast on CUInfoSecurity.com. You'll hear Tom Walsh, CISSP, and a business continuity expert give his insights on the following: - Have the lessons learned from 9-11 been retained? - Why FFIEC has a strong emphasis on testing a Business Continuity Plan - Common mistakes and assumptions made by organizations about BCP - Difference between a regular disaster and a pandemic for a financial institution - What scenarios and timetables institutions should plan for to handle a pandemic > Click here to register for the Business Continuity Best Practices webinar.

Every organization is concerned about malware - how it evolves, slips past multilayered defenses and infects networks. John Nielsen, Product Manager for IBM Mobile Security, discusses the latest malware trends and steps organizations may take to fight back.

If you look at recent breaches, you see a common thread: If privileged identities were better managed, breach impacts would greatly lessen. Bill Mann of Centrify discusses the essentials of privileged ID management.

Brent discusses deploying multi-factor authentication to mega-enterprises with millions of end-users, knowledge-based authentication user enrollment, and how educational institutions are utilizing multi-factor authentication solutions.