Cyber Law Revolution

Spencer does an amazing job of letting us know the past, present and future of all things cyber to help organizations and stakeholders at all levels connect, legal, tech, and policy in way that’s easy to understand with the caveat that inaction and stagnation in this arena has fatalities for organizations in the data=currency sense. I’ll continue to listen as new content emerges.

Your creative opening line sounds like something I once heard in a famous Jim Carrey movie.

First, I’m a career auditor, and have spent the last 8+ in IT Audit with multiple related credentials (CISA, CySA+, CDPSE) and several more in progress(Security+, Cloud+, CASP+), and focus on a holistic view of IT Risks encompassing GRC, Cybersecurity, and Data Privacy. I’ve executed audits, reviews, and assessments (including the use of various tools and products, such as Kali) in many different industries and environments and at multiple levels of infrastructure (NW, DB, OS) and across many different out of the box, proprietary, and industry specific Applications and tools. I’ve done work across public and private sector orgs as well. So, first I’m a big fan of this podcast. From the variety of topics, to the structure. Some episodes are short, and some are long, but the length and content generally compliment each other pretty well. Solid job speaking to topics in very real ways, and addressing things in an way that helps quantify the cybersecurity issues we are facing in a very real way. I tend to operate more in the technical details, while this podcast does a great job of making the risks and issues easier for senior execs to understand. My twos criticisms - the general use of the term “Hackers”. Hackers are GOOD. Cybercriminals, Threat actors, Nationstate Attackers, Script Kiddies, black hats, etc. are BAD. We must stop referring to these Cybercriminals as HACKERS, and start using the appropriate terms instead of generalizing. Hackers help organizations and companies address vulnerabilities, and defend against the criminals. Hackers respond to incidents, and help implement defense in-depth. I could go on here, but you get the idea. - The focus here seems to be on enabling companies to protect themselves, even when they have completely failed to do their job, and exert due care to identify and respond to risks. We need attorneys who will not simply try to help negligent orgs, but those who want to see individuals protected, and their interest taking precedence over these negligent organizations. I hope there will be topics addressing how individuals can use cybersecurity law to hold organizations accountable, and push for laws that are based on what is moral and ethical and constitutional. I’d also hope for information on this podcast on around why it’s unethical for the government to break the law, such as with the NSA and the recent ruling by a judge that it’s behavior was illegal. Keep the podcast coming Spencer.

Spencer is a leading thought expert in the cyber law field and his show reflects that. His podcast is informative and engaging and I highly recommend it!