ISF Podcast

Information Security Forum Podcast
  • 4.6 (15)
  • MANAGEMENT
  • UPDATED WEEKLY

The ISF Podcast brings you cutting-edge conversation, tailored to CISOs, CTOs, CROs, and other global security pros. In every episode of the ISF Podcast, Chief Executive, Steve Durbin speaks with rule-breakers, collaborators, culture builders, and business creatives who manage their enterprise with vision, transparency, authenticity, and integrity. From the Information Security Forum, the leading authority on cyber, information security, and risk management.

  1. Betsy Cooper - The Policy Gap: Navigating AI, Risk and Regulation

    15H AGO

    Betsy Cooper - The Policy Gap: Navigating AI, Risk and Regulation

    In this episode, Steve is in conversation with Betsy Cooper, director of the Aspen Policy Academy at the Aspen Institute. As an expert in cyber and tech policy, Betsy shares her thoughts on how policymakers can keep pace with the rapid developments in AI and quantum technology, building a futureproof compliance strategy, and AI risks. Steve and Betsy also discuss policymaking in a volatile world, how businesses can protect their image after a breach, and what can be done to get governments to care about online scams.  Key Takeaways: Legislative experiments at the local and regional levels will be key for crafting strong, sensible, tech policy on the national level. Tabletop exercises are one of the best tools for preparing the C-suite for breaches and attacks. People must start to speak up against the growing prevalence of having to trade privacy for access to the most basic online tools and sites. Tune in to hear more about: Creating a “future-proof” compliance strategy (7:11) Protecting your brand following a breach, data theft, or disinformation campaigns (13:35) Trading access for personal information (22:31) Standout Quotes: “I do think that it would be preferable to have one coherent framework. I think industry would benefit from that if we did have that sort of framework. But also, I'm not sure that we're at the level of sophistication today that we'd be able to write the best framework because we haven't experimented enough. So I actually think that having the state and local sort of sandboxes leading to future federal policy is not a bad approach.” - Betsy Cooper “It's a very difficult thing to try to prove a negative, and that's why disinformation can be so powerful. But it's also a very fast-moving space, so the faster you can get in there with your counter-narrative, the more likely you are to be successful.” - Betsy Cooper “I'm the mother of a five-year-old, and in order to get my five-year-old's baseball schedule, I have to download an app on my phone. There is no web access for the app that has the baseball schedule. So in order to get that baseball schedule, I have to sign away a whole bunch of privacy just to get my kid to a sports game. I think that shouldn't be allowed.” - Betsy Cooper Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

    26 min
  2. Dr. Keith Morneau - AI & the Resilient Workforce: Thriving in the Next Decade

    MAY 12

    Dr. Keith Morneau - AI & the Resilient Workforce: Thriving in the Next Decade

    Today’s guest is Dr. Keith Morneau, an experienced cybersecurity professional who currently serves as Dean of Computer and Information Science at ECPI University. Steve and Kieth discuss the future of the cyber workforce, cyber education, and if AI is taking our jobs. Steve also asks Keith to step into the shoes of a CEO… Key Takeaways: In today’s cyber world, having an understanding of how systems interact is more important than ever. People with non-technical backgrounds are often quick learners when it comes to cyber, and bring in fresh perspectives.  In new hires, executives should look for people who understand how to work with AI.  Tune in to hear more about: How AI can help junior staff and those entering the cyber workforce (6:15) Dr. Morneau’s ”prepare, practice, perform, assess” philosophy (13:23) One obsolete role chief executives should stop hiring for, and one emerging role they haven't even thought about yet (21:15)  Standout Quotes: “We’re really still in the baby steps of AI, in the beginning stages of it. What I’ve noticed of a lot of folks, there’s AI there, but they’re not 100% understanding how it all works, how the AI actually has to be trained and all that. I think over time what we'll see is the increase in knowledge and skill set using AI for what they’re doing in their jobs should help with the bottom line over time.” - Dr. Keith Morneau “The biggest issue in cybersecurity are the AI systems that are very vulnerable to attacks.” - Dr. Keith Morneau “The type of person you need to look at is the person who’s able to use AI to do the job that you need them to be able to do better and faster, and be more efficient at it. What you have to be careful of is the people that are going to be obsolete are the ones that are basically fighting the AI and not using AI at all to help them, because that is pretty much they are going to be dinosaurs soon, if they’re not already dinosaurs.” - Dr. Keith Morneau Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

    25 min
  3. John "Jock" Brocas - Gut Instinct: The Intuitive Edge in Cyber Security

    MAY 5

    John "Jock" Brocas - Gut Instinct: The Intuitive Edge in Cyber Security

    In today’s episode, Steve sits down with John “Jock" Brocas, a former military member who is now an executive mentor and strategic intuitive intelligence advisor to the C-suite. Jock is far from your typical cyber professional, but his experience working with executives gives him a compelling perspective on challenges faced in our industry. Steve and Jock discuss how we can train ourselves to block out the noise and become better at recognizing the real threats to our business, the value of mindfulness and managing stress, and why leaders must see the big picture. Jock also shares his thoughts on deepfakes, from the perspective of a medium.  Key Takeaways: Adopting a warrior mindset means blending logic and intuition. Taking a break, even just for a few seconds, is crucial to managing stressful situations. Meditating can help you become better at discerning what matters and what doesn’t.  Tune in to hear more about: Discerning the signal from the noise () How leaders can help their teams manage stress, both long-term and in acute situations () Jock’s thoughts on deepfakes () Standout Quotes: “Logic and intuition are not separate. And this is the biggest mistake we make. We don't fail in making decisions, especially in the cyber world because of the amount of data we have. We fail at the discernment of maybe that data.” - Jock Brocas “I think it’s important as well that looking at a more spiritual outlook to things, not religious in any way, a meditative or a contemplative side of things. And how many security professionals or cybersecurity professionals take time for themselves to actually even breathe in between doing something?” - Jock Brocas “Discernment, even as a cyber professional, is important. So discernment of the self, discernment of the mind, that's important.” - Jock Brocas Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

    23 min
  4. Emily Holyoake - Beyond Infrastructure: The Case for Putting People First

    APR 28

    Emily Holyoake - Beyond Infrastructure: The Case for Putting People First

    Today’s episode might sound a little bit different, but it’s a really important conversation. Steve sits down with Emily Holyoake, co-founder of Not A Standard and the brain behind the FRAME Network, to talk about the human harm of cyber attacks, gender-based violence, tech-facilitated abuse, and diversity in the cybersecurity industry. Steve also asks Emily to envision the future of the cyber workforce, one that creates safety for society and people, not just machines and data.  Key Takeaways: Every attack begins and ends with a human and a breach can have an existential impact on people’s lives. Attribution too often is aimed at individual humans, when we should look at the systems that enabled the person to cause the harm. Diversity within your teams enables a richer environment for problem-solving. Tune in to hear more about: The SAFE Framework (1:57) Why Emily pen-tests her personal life – and why you should, too (18:44) Building a cyber workforce for a safer society (20:56) Standout Quotes: “A person clicks on a phishing link that results in a breach. So we blame the individual instead of thinking what did the system, literally or figuratively, allow to happen that meant that person clicked on that link? But we think we've got to find the root cause. So we pick a human rather than thinking about what the system enabled.” - Emily Holyoake “Every attack begins and ends with a human, fundamentally. In security, we talk so often about people being the weakest link. Fair enough, right? You can have all the technical controls in the world and it just takes one person to break that. But we wouldn't have this business, we wouldn't have this culture, we wouldn't have anything without these people. And so people are, if anything, our greatest asset.” - Emily Holyoake “When you have a diverse group of people thinking about the same problem in different ways from different backgrounds, different experiences, you're going to get an infinitely richer understanding or solution to a problem.” - Emily Holyoake Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

    24 min
  5. Brett Johnson - From Most Wanted to Most Valuable: Inside the Cybercrime Landscape

    APR 21

    Brett Johnson - From Most Wanted to Most Valuable: Inside the Cybercrime Landscape

    Today we bring back one of our favorite guests: former US most-wanted cybercriminal Brett Johnson. It’s been seven years since he was last on the show, and much has happened in the world of cyber. Brett shares how his perspective has changed in the past few years, and gives his thoughts on how new technologies impact cyber crime. Steve and Brett discuss compliance and what Brett’s path from prison to helping law enforcement means for other cyber criminals. Brett also answers some rapid-fire questions. Key Takeaways:  Increased ease of access to cybercrime tools and services, along with manpower problems in law enforcement, are key reasons for why cyber crime is one of the world’s largest economies today. Enterprises must shift focus from trying to block every attack to protecting their crown jewels for when an attack inevitably gets through.   Bad things happen because good people remain silent.  Tune in to hear more about: Why cybersecurity awareness training often fail (13:32) If Brett’s path to redemption is still viable for today’s cyber criminals (16:57) Some rapid-fire questions to Brett (21:35) Standout Quotes: “Cybersecurity and security overall is not a romantic thing. It's not an exotic thing. It's simply doing the nuts and bolts of what you need to do. And the problem is that largely that's not happening in the environment. If you've got management that's more interested in butter than they are in guns, you've got those types of issues.” - Brett Johnson “Cybersecurity awareness training or fraud prevention training, scam awareness, anything like that, we tend to educate at a very rational level. For scams and a lot of fraud and stuff like that, it doesn't happen at a rational level. If I'm trying to attack a person and compromise that person, I'm not doing it at a rational level. I'm doing it at an emotional level. I'm trying to get you to set reason and logic aside and to react emotionally. So all that training takes place at that rational level. You can understand it there. That doesn't mean that you understand it at the emotional level whatsoever.” - Brett Johnson “Is it harder? In one respect it is because we now have people that are aware of how money is moved, what criminals seek to do with it. Banks have become more aware of a lot of the new ways to launder and funnel funds. In many ways, it's much harder, but at the same time, criminal networks have adapted to that difficulty.” - Brett Johnson Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

    26 min
  6. Steve Durbin - Global Threats, UK Blind Spots: Cyber Resilience in a Volatile World

    APR 14

    Steve Durbin - Global Threats, UK Blind Spots: Cyber Resilience in a Volatile World

    Today, Steve returns to Business Matters with Juliette Foster. The war continues to rage in Iran, and with it comes an increasing threat of cyber attacks. Steve shares his thoughts on what the conflict means for cyber investment in the private sector, British critical infrastructure, and the British government’s approach to cyber resilience. Steve and Juliette also discuss the UK Financial Minister’s Spring Statement, which didn’t include any references to cybersecurity. What does this omission signal? How will multinational companies react? Is cyber a macro economic issue? This, and more, in Steve’s latest appearance on Business Matters. Key Takeaways:  Cyber is a macroeconomic issue, not just a technical one.  AI has changed the way that the threat landscape is evolving, but it's also brought benefits for cyber defence.  Governments have limited abilities to support the cyber resilience of the private sector; cooperation between large enterprises supports the whole business landscape. Tune in to hear more about: If Steve thinks the UK Finance Minister’s spring statement will impact cyber investments (8:57) The impact on UK businesses of slower economic growth in the UK (14:59) The state of government cyber resilience in the UK (22:39) Standout Quotes: “What you have to do is you have to look at your crown jewels and back to this minimum viable company notion that I mentioned right at the beginning of our chat. You have to understand what the most critical elements of your business are, and then you can track those through these complex supply chains. Those are the pieces you need to be protecting because that's what's gonna bring your business down or ensure that you can continue to operate.”  - Steve Durbin “The business climate in the UK at the moment is exceptionally tough, exceptionally demanding. I think if you look at some of the legislation that's recently come in particularly around hiring, retaining employees, the sheer cost of doing business has risen pretty much exponentially for most organizations, and that means that they have to make cuts somewhere. If they can't do it in terms of some of the core business, they will look to some of the fringe elements. So if you've got an organization that perhaps does not view cyber as being core to what they do, then that may well be somewhere where a cut is made.” - Steve Durbin “I think we'll certainly see a maturing of the industry. It's a very young industry still in terms of the way that it's evolving and changing, and I think that with the benefit of a couple of years under our belt, then most organizations will have moved to a stronger position from a maturity standpoint, and I would hope certainly that we're talking very much more about resilience rather than protection.” Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

    30 min
  7. Special edition – From Awareness to Action: Prostate Cancer, Community and the Case for Early Detection

    MAR 31

    Special edition – From Awareness to Action: Prostate Cancer, Community and the Case for Early Detection

    Today’s episode is a special one, recorded to announce an exciting and important new partnership between ISF and the organisation Prostate Cancer Research. Joining the show is PCR CEO Oliver Kemp, who for nearly a decade has worked to ensure fewer men suffer and die from prostate cancer. Steve and Oliver talk about how prostate cancer screening works and the importance of catching it early. The two also talk about the partnership and how it will help PCR’s efforts across the UK.  Key Takeaways: Early detection saves lives. If you find prostate cancer before it has reached stage 3, the survival rate is 100%. A cancer battle will affect people around you, but they will also be the people whom you can draw strength and support from.  Access to cancer screening varies between regions and demographics.  Tune in to hear more about: What PSA is and how testing for prostate cancer is done (5:28) The new partnership between ISF and PCR (18:58) How AI and new technologies can help in cancer detection (22:34) Standout Quotes: “I think us men are not always the best at going and looking after ourselves and we often need to be nagged to go out and do something. But if you've got prostate cancer, it's gonna get you one way or another, and it'll gradually grow inside of you. And it's far better getting it early and having a relatively simple procedure, which you can now be in and out of hospital in a single day rather than late-stage prostate cancer, which will have very different consequences.” - Oliver Kemp  “I think one of the great things about this partnership is first of all, we're aiming at people who often don't get tested. And there are lots of PSA tests happening across this country, but they're often focused on regional areas. So southeast of England, London has lots of testing. It has lots of the best hospitals in the world, whereas other parts of the country don't have access to that.” - Oliver Kemp  “And for people in cybersecurity, it's about being as proactive about your own health as you are about protecting your organization. So it isn't about waiting for symptoms. I didn't have any. Look at PSA tests. We've said on this show it's a very low cost. And the people that I've come across who've certainly taken that step, and sadly there are more of us than people might think, all tell me the same thing. And as for partners, families, friends that are listening, don't underestimate the power of your encouragement just being there. That's really important. You don't have to do anything big. It's just a quiet conversation that could genuinely help.” - Steve Durbin Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

    30 min
  8. Martina Navratilova - Focus, Adapt, Evolve: Serving up the secrets of success

    MAR 24

    Martina Navratilova - Focus, Adapt, Evolve: Serving up the secrets of success

    In today’s episode, Steve speaks with Martina Navratilova. Martina is one of the most accomplished tennis players of all time, holding the record for most open era titles and Wimbledon wins. Since retiring from tennis, Martina has been a vocal advocate for gay rights and cancer awareness. In her conversation with Steve, she talks about the importance of screening and early detection, and why self-awareness and kindness to yourself are essential when you’re going through something difficult. The two also discuss adapting to change, how to read your opponents and why rehearsing matters – both on the tennis court and in the world of cyber. Martina also gives the audience a piece of advice on staying resilient in the face of uncertainty, from the perspective of a champion. Key Takeaways: If something doesn’t feel right in your body, get tested. And even if you’re feeling fine, do that annual physical.  There is no substitute for practice when it comes to crisis preparedness. Breaches will happen, it’s about how you respond – with clarity and honesty – that matters. Tune in to hear more about: Some news from Steve (1:33) Building the right team (10:18) Recovering after a breach (13:24) Standout Quotes: “We tend to overreact and overcorrect. Less is more in just about everything in life. Less is more. You can always add to it. But if you go too far, you've gone too far.” - Martina Navratilova “At the end of the day, if you are the big boss, you are making the decisions, you have to trust your gut. So you take all the information in, but you have to say, ‘Okay, what really feels right with my knowledge, with my intelligence, with my history, what is the best way forward?’” - Martina Navratilova “No system is bulletproof no matter what. You may hit the best serve ever, but that person guessed and they get it back. It's how you bounce back from that. But nothing is bulletproof. You just need to figure out where was the breach, how can we fix it and avoid doing it again?” - Martina Navratilova Read the transcript of this episodeSubscribe to the ISF Podcast wherever you listen to podcastsConnect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management.

    18 min
See All (342)

Trailer

Ratings & Reviews

4.6
out of 5
15 Ratings

About

The ISF Podcast brings you cutting-edge conversation, tailored to CISOs, CTOs, CROs, and other global security pros. In every episode of the ISF Podcast, Chief Executive, Steve Durbin speaks with rule-breakers, collaborators, culture builders, and business creatives who manage their enterprise with vision, transparency, authenticity, and integrity. From the Information Security Forum, the leading authority on cyber, information security, and risk management.

Information

  • Creator
    Information Security Forum Podcast
  • Years Active
    2016 - 2026
  • Episodes
    342
  • Rating
    Clean
  • Copyright
    © 263000
  • Show Website
    ISF Podcast

You Might Also Like