Cracking Cyber Security Podcast From Teiss

It’s back to Nashville, Tennessee this week on the teissPodcast as I speak with Chris Hallenbeck, CISO for the Americas at Tanium, the endpoint security and systems management company.I caught up with Chris at Tanium’s recent annual conference – Converge – where we discussed the industry’s need for critical thinkers, mentors, as well as the challenges around visibility, human nature and the "unchanging" threat landscape.Before joining Tanium in 2016, Chris worked for six years on the U.S. Department of Homeland Security’s Computer Emergency Readiness Team…so I was eager to probe and hear his views on the current the state of cyber security.

What is behavioural economics, and how can it derail successful security training? That’s our topic this week on the teissPodcast with Bridget Kenyon, DIS EMEA CISO and Information Security Programmes, at Thales.I caught up with Bridget at the security conference Cyber Connect UK back in November. Bridget never fails to fascinate me with her ability to talk about any topic in great detail and this time she delved into why security training isn’t working in its current form – instead of working against people’s natural behaviours, we need to work with them. In fact, trying to get people to change their behaviours is, quite frankly, useless.Bridget explains how cyber security can work for and with people, and how this isn’t about win/lose battles…cyber security is an infinite game.Here Bridget is, giving a brief of what behavioural economics is…iTunes: https://itunes.apple.com/gb/podcast/cracking-cyber-security-podcast-from-teiss/id1378994502?mt=2Stitcher: https://www.stitcher.com/podcast/business-reporter/crac

On this week’s teiss Security Leaders Roundtable Podcast - Shan Lee, CISO, Transferwise and Thom Langford, Founder TL(2) Security Ltd debate whether a CISO can make a significant change to an organisation’s culture in just 18 months (the average time a CISO stays in a company). They also discuss the Travelex breach, the spate of ransomware attacks against US state institutions and their security predictions for 2020! Please note that this was recorded on January 3rd 2020 – before it was confirmed that the Travelex cyber-attack was indeed a ransomware attack. Lots of excellent advice from both Shan and Thom and I hope you enjoy.Music: Light the Fuze, Audio Network and Late Night (Loops), Joseph McDade

On this week’s podcast we speak with Chris Hodson, CISO for cyber security provider, Tanium.I met fellow Brit in Nashville, at the end of last year, at Tanium’s annual conference. Previously CISO at Zscaler, Chris is one of the movers and shakers of the industry – as well as his role at Tanium, Chris is a prolific writer and vlogger about all things security, and he's named as one of the 'Top 10 Cyber Risk Experts to Follow' by Vulcan Cyber. In between conference sessions, I sat with Chris to discuss his cyber security predictions for 2020, how he prevents self burnout, and how he goes about implementing a culture of security in the organisations he works with.Presenter: Anna DelaneyMusic: Light the Fuze, Audio Network

On this week’s teiss podcast I am joined by Helen Rabe, Global CISO for biotech company, Abcam.I met up with Helen at Cyber Connect UK Conference at the end of last year where we discussed resiliency – both personal and for business, the language of security and how not to alienate your end-users, and how to be the constant eye in the storm as a security leader. Helen oozes warmth and charisma and had plenty of advice to divulge in the interview, so I hope you enjoy.Presenter: Anna DelaneyMusic: Light the Fuze, Audio Network

On this week’s teiss Security Leaders Roundtable Podcast - Thom Langford, Founder of (TL)2 Security Ltd and Javvad Malik, Security Awareness Advocate at KnowBe4, discuss cyber security news stories such as organisations failing to maximize use of Microsoft 365 security, the “people” element in a cyber security strategy, and fake voicemail alerts in suspected whaling campaigns.I hope you enjoy the themes and the all-round bantz.Music: Light the Fuze, Audio Network and Natural Duality, Joseph McDade

This week we are exploring the weird world of deepfakes - one of the latest ways cybercriminals are exploiting people and making money. Put simplistically, the term “deepfake” refers to an image, video, or audio clip that is manipulated using artificial intelligence and deep learning to depict something that did not really happen.  On this week’s episode, we have two experts tackling the topic, first from a tech perspective - Andrzej Kawalec, Director of strategy and technology at Optiv, who explains how criminals are using deepfakes to their advantage, how companies should start to think about them, and what tech is developing in the arena to combat the threat. My second guest is Tamara Quinn a non-contentious IP and Data Privacy Partner at Osborne Clarke, who shares a legal perspective on the topic. 

According to the National Crime Agency more than 2,500 arrests were made last year in the UK, after Facebook reported offenders for trying to entice children into sharing indecent images or meeting in real life.Today’s children and teenagers have grown up in the online world, and with all its benefits, these arrests are proof of the darker side of the digital space. So how can we better our children and teenagers online?On this week’s teissPodcast I had the honour of speaking with Lorin LaFave, the mother of Breck Bednar, who was murdered in 2014 after being groomed online. Two weeks after her son’s murder, Lorin set up the Breck Foundation to educate young people and their parents about online grooming and internet safety.In the interview, Lorin talks about the misconceptions about online grooming, what measures she would like to see put in place when it comes to security by design for products and games and what she feels the cyber security industry could be doing to improve internet safety.Do watch Breck’s

Apparently there’s an election on December 12th, so on this teissPodcast we’re exploring which cyber threats are going to impact the upcoming UK election.Our expert guest this week is Priscilla Moriuchi, director of strategic threat intelligence at Recorded Future, who’s researched the security threats facing elections globally, with a large focus on disinformation campaigns.  On the podcast Priscilla discusses the tactics hackers are using to target elections, whether political micro-targeting can really impact election results and what the security world can learn from election campaigns.   

Red teaming is one of the most fascinating activities an ethical hacker can be involved in. The practice usually involves an independent group that assumes the role of a hacker to show organisations what vulnerabilities or backdoors pose a threat to their cyber security. Sounds like every organisation should employ one…but is it always necessary? And if so, how do you know if your organisation is ready for red teaming? On this episode of the teissPodcast I speak with Ed Williams, EMEA director at SpiderLabs, Trustwave, about red teaming and deciding when is the right time for an organisation to engage a red team. Ed, a patriotic Welshman and ardent rugby enthusiast, explains some common tactics hackers use to manipulate people, where red teaming should sit in the overall cyber security strategy and how can cyber maturity be achieved through red teaming.

We are told that the expected cyber skills shortage is estimated to be 1.8 million by 2022 and yet just 12% of the cybersecurity workforce is under the age of 35.This week I speak with Mark Walmsley, CISO, Freshfields, about finding, nurturing and growing the next generation of cyber talent. Mark has a wealth of knowledge and experience in sourcing and recruiting talent – particularly in the more untraditional places – so I asked him about where and from what age the search should begin, what it takes to motivate young people, and what the industry should be doing to increase its talent pipeline.Mark will be speaking at Cyber Security Connect UK.

There’s a saying that culture trumps strategy every time, but how do you build a strong, positive culture in the first place?I caught up with Steve Moore, VP and Chief Security Strategist at Exabeam. Steve’s been on the podcast before and it’s always inspiring to hear his thoughts on leadership, nurturing talent and creating a culture which allows people to grow and thrive in their roles. Easy right? Steve highlights some approaches which can help. He also mentions Exambeam’s recent Cybersecurity Salary Survey which is worth a read.Check out Steve’s podcast The New CISO!Interview recorded at the Exabeam user conference, San Francisco, earlier this year. 

Welcome to the Security Leaders’ Roundtable Podcast, where I am joined by two exceptionally talented CISOs, Brian Brackenborough, CISO of a major broadcaster and Nick Nagle, CISO of the Publishing House, Conde Nast International. On this podcast, recorded in July 2019, I asked them to bring two cyber security news stories to the table, as well as a “grudging respect” – a story/hack/response to a breach which deserves a tip of the hat. Brian selected the story about the ICO intending to fine British Airways £183.39M for breaches of data protection law. Nick chose one on the anonymous hacker who was arrested after dropping a USB stick while throwing a Molotov cocktail, as you do.Brian’s “grudging respect” (though not so much grudging, but more pure respect) was for the digital bank Monzo and how they responded to the Ticketmaster and BA breaches. Nick’s contribution was about a fake French minister in a silicone mask who stole millions. True story.Hope you enjoy the discussion.

Whether it’s external threats to an organisation or bracing personal challenges, how do you respond to the unknown unknowns? Well fortunately our guest this week, Colin Anderson, CISO at Levi Strauss & Co, has had much experience in this realm.I had the opportunity to speak with him at the Exabeam user conference in San Francisco last week where we spoke about his leadership style, how he forms partnerships and support from within the board and whether cyber security can be measured in numbers alone.And…yes, he only wears Levi’s.

What can we learn from the way cybercriminals recruit and train people in their networks to help us with our own cyber security skills shortage? On this podcast we are visiting the dark side of the moon with teissPodcast friend and regular, Joe Carson, Chief Security Scientist & Advisory CISO at Thycotic. We explore how criminals recruit and train people in their network and how quickly can they take someone with no experience and coach them to be a functional member of their team. Essentially, with ethics in mind, what could we learn and even copy from them?

This week the teissPodcast jumps right into the heart of cyber security innovation at LORCA (the London Office for Rapid Cybersecurity Advancement) –  a Government-backed cyber accelerator which supports the most promising cyber security innovators in scaling and growing solutions to the cyber problem.teiss speaks with programme director, Saj Huq about the emerging trends in cyber innovation, the challenges that cyber start-ups face on both macro and micro levels and what role investors should play in this space. We also discuss safeguarding and nurturing international cyber talent as the Brexit date looms.

This week, The teissPodcast is at The National Museum of Computing on Bletchley Park in Milton Keynes.If you’ve not already been there – GO - it’s a treasure trove of historic computers…In fact, it's home to the world’s largest collection, from the Turing-Welchman Bombe and Colossus of the 1940s through the large systems and mainframes of the 1950s, 60s and 70s, to the rise of personal computing and the rise of mobile computing and the internet.Seeing a floppy desk, Pacman mazes and a Sega Mega Drive in a museum did make me feel quite old, but it’s incredible how these holy relics really arouse the inner child in you. It certainly did with my guest, Paul Watts CISO at Domino’s Pizza Group PLC, who bounded and buzzed with excitement at the technology that had occupied his adolescence.I always enjoy talking with Paul and hearing his thoughts on the past, the present and the future…In this interview we talk data - ethics and its future, the double-edged sword that is technology and...Chuckie Egg!With many t

There’s a cyber skills shortage, but are cyber security hiring and retention processes doing more harm than good to your organisation?This week I speak with Vicki Gavin, about recruitment, talent retention and leading teams. Vicki is an advisor on security, privacy and resilience and was previously CISO for the Economist; with years of experience under her belt I thought she was ideal to discuss these topics with.Vicki speaks with genuine warmth, passion and clarity and admits that it wasn’t until she became a mother that she discovered how to be a good leader. "It’s the same skill set," she says, "never forcing but helping them to understand the world around them and be the best they can be.” I love that.So let’s look at the stats, findings revealed in ISACA’s recent State of Cybersecurity 2019 research, say that 64% of respondents indicated that they have trouble retaining qualified cyber security professionals. So what's going wrong?

Can you imagine a world where our water, energy and transport systems just stop working? How about our hospitals, telecoms and financial services? It’s a picture I struggle to visualise, and yet we are told that the risks to our national security have never been greater. So, how safe actually is our National Critical Infrastructure right now and are we able to protect ourselves? Questions we’ll be exploring on this episode of the Cracking Cyber Security Podcast. Tim Mackey, Principal Security Strategist at the Synopsys CyRC (Cybersecurity Research Centre) about the ominous potential of a cyber-attack on our National Critical Infrastructure. We discuss the threats, the problems and some possible solutions.

How can we tackle the cyber skills shortage? What’s the best way to up-skill your cyber security workforce? Does it take more than just passion to work in cyber security? These are questions we’ll be exploring on this week’s Cracking Cyber Security podcast.This week I chat with Principal Security Consultant (CCSAS) at Trustwave SpiderLabs, Matt Lorentzen. We are told that cybersecurity skills shortage is worsening for the third year in a row and according to the annual global study of cybersecurity professionals by the Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG) has impacted nearly three quarters (74 percent) of organisations. So what can be done about it? On the podcast Matt gives some great advice to anyone looking to work in cyber security, as well as employers who want to up-skill their current workforce.