In this episode of Phishy Business, we talk about the improper mindset of not thinking about security until after you have been breached, and some of the major problems this can cause. We do this through the lens of SIEM, ethical hacking, and a focus on the need for leadership in teaching organizations how to be secure. We also discuss how some IT leaders try to keep the results of pen testing quiet.

Our special guest is Dez Rock, CEO of SIEMonster. After dropping out of law school, Dez became an entrepreneur and has run businesses for the last 20 years. Dez has spent a good deal of time in ethical hacking, building great experiences and great stories over the years with both physical and virtual security. She also has plenty of great insights about being a female CEO with ADHD in the cybersecurity industry.

In ‘Exposing Shortcomings in Cybersecurity Leadership and why we need more Dana Scullys’, we discuss:

• What made Dez and her team successful as ethical hackers and how this helped make their product better.
• How there needs to be more transparency about cybercrime, not only between organizations, but within them as well.
• Why boards need to realize that the fact they haven’t been breached makes them low hanging fruit.
• What security decision makers think of vendor marketing and what they also should be aware of when it comes to marketing budgets and tactics.
• The importance of democratizing security.
• The major limitations of adopting point solutions and not thinking of the whole ecosystem.
• The importance of a neurodiverse workforce in cybersecurity and any industry.
• Dez’s experiences as a female CEO.
• How more women need to be represented in STEM careers to get more diversity in these roles.

In this episode of Phishy Business, we talk about various important discussions around AI, including the concerning issue of built-in bias and stereotypes. Imagine AI thinking that all doctors must be male, and all nurses must be female? Well, according to ChatGPT, they are.

Our special guest is Ivana Bartoletti, Global Privacy Officer at Wipro. Ivana has a human rights background and is an internationally recognized thought leader in privacy, data protection, and responsible technology. She’s a fellow at Virginia Tech, a published author, and the founder of the Women Leading in AI Network. Ivana says that she works at the intersection of technology and law and focuses on privacy advocacy. Ivana concentrates her efforts on the collection of data and how that data is used in technology such as AI.

In ‘Built-In Bias: Existing Real-World Inequality in AI and Other Technology’, we discuss:

• How Ivana’s book came about, the themes covered, and how much has changed in this space since it was written.
• Built-in bias in data and AI technology.
• The protection of democracy and human rights when it comes to data collection, digital privacy, and AI.
• Having legislation in place for safe adoption of AI.
• The hype around the dangers of AI.
• The European Union’s proposed AI regulation and businesses speaking out against the Act.
• Cybersecurity considerations when it comes to AI.
• The Women Leading in AI Network – why it was started and its purpose.

In this episode of Phishy Business, we talk about how today's cybersecurity strategy needs to focus on risk while still allowing smooth operation of the business. We also discuss how cybersecurity must involve the board so that business goals and cyber strategy align.

Our special guest is Theo Botha, Global Information Security Officer at Dr. Martens. Theo is responsible for protecting the Dr. Martens brand, one of the most iconic in the world. Theo began his career in physical security which evolved into a more technology-based approach. That led Theo to information security, and then, to cybersecurity and risk management. Today, Theo ensures Dr. Martens’ cybersecurity strategy protects the business while not hindering its ability to operate successfully.

In ‘Protecting Shoes: Balancing Cybersecurity Strategy and Business Success at Dr Martens’, we discuss:

• The main ways the cybersecurity landscape has changed over the years.
• How Theo adapted to being in a brand-new role at Dr. Martens as the world went into lockdown.
• Communicating risks to the board by aligning to business objectives.
• How he protects the online presence of one most well-known brands in the world.
• Educating consumers and employees about cyber threats.
• Managing supply chain attacks.
• The skills shortage and managing the stress placed on teams.

In this episode of Phishy Business, we feature a roundtable discussion with three members from the Center for Internet Security. Mimecast CMO Norman Guadagno hosts this wide-ranging discussion that covers many topics including cybersecurity trends in the public sector and why information sharing is essential to keeping our connected world safe.

Our special guests are Sean Atkinson, CISO, Randy Rose, CIS Sr. Director of Security Operations and Intelligence & Karen Sorady, VP of MS-ISAC Member Engagement (and former NY State CISO). The trio shares the mission and background of CIS. Plus, their experiences and learnings from years working with the public sector.  

In ‘CIS Roundtable – Keeping the Public Sector Secure’ we discuss:

• Are we in better or worse shape in terms of cybersecurity than we were 20 years ago? 

• What is the Multi State Information Sharing and Analysis Center and how does it work in the context of the US? 

• What is the reality of election security and threats? 

• How prioritized is cybersecurity at the local government level?  

• What’s it like being a CISO of a large US state?

• How can the tabletop exercise model be optimized?  

• Why is cybersecurity a great field for recent and upcoming graduates?

In this episode of Phishy Business, we talk about environmental, social, and governance, commonly known throughout the corporate world as ESG, and how cybersecurity fits into corporate sustainability.

Our special guest is Garyn Rapson who is a partner and the head of ESG at African law firm Webber Wentzel. Garyn manages a team of nine lawyers that advise clients on how to be more sustainable organizations. While ESG is complicated and always evolving, Garyn helps clients break through the complexity to manage risks and threats, and uncover the opportunities to protect their organization and make them more resilient. Garyn says that ESG is an understanding as a business that there are certain external issues that must be taken seriously.

In ‘What has ESG got to do with Cybersecurity?’, we discuss:

• What ESG is, and how it’s changed the way organizations think about doing business.
• How the future of work is both digital and sustainable.
• How cybersecurity fits into ESG.
• The importance of cybersecurity transparency and the idea of ‘cyberwashing’ as a concept.
• Why cybersecurity should be a part of reporting in the context of ESG. Using an ESG framework to communicate cyber risk to the board.
• How cybersecurity fits into the ‘E’ (environmental) and the ‘S’ (social) portion of ESG.

In this episode of Phishy Business, we talk about some of the cybersecurity trends and worries facing today’s global CIOs.

Our special guest is Martin Wallgren who is the CIO of global logistics and shipping company, Gulf Agency Company, headquartered in Dubai. Martin says he is an entrepreneurial tech nerd with a business mindset who does business development with a touch of technology. He likes to emphasize the CIO’s business role even though he is passionate about both business and technology. Martin also discusses how impactful cybersecurity has become on the role of the CIO, and how much AI is changing the cybersecurity game.

In ‘CIOs Should think like Entrepreneurs on Dragon’s Den’, we discuss:

• Why CIOs need to have an entrepreneurial mindset
• How to communicate effectively to secure budget from the board
• How the pandemic changed security
• The importance of humour in cyber awareness training
• Advice on cyber strategies
• What scares Martin about AI and why security teams shouldn’t rely on AI to do everything
• Martin’s views on the skills shortage

In this episode of Phishy Business, we talk about the psychology behind crime, particularly cybercrime and white-collar crime. We delve into the reasons why most cybercriminals are roaming free and don’t get caught, yet deep down, really want to tell their story.

Our special guest is Mark T. Hoffmann, a crime and intelligence analyst and business psychologist. Mark specializes in behavioral and cyber profiling and has conducted interviews with criminals, psychopaths, and hackers to understand their internal perspective. Mark is well-known for providing his expertise during international television and streaming appearances and numerous keynote speeches.

Mark is sincerely interested in other people and wants to learn about them, which has led to a fascinating career. After obtaining his degree in business psychology, Mark quickly became interested in the dark side of business and crime which led to his role as a crime analyst, which naturally led him to an interest in cybercrime.

In ‘Proud Hackers: Understanding Criminal Minds’, we discuss:

• What a crime and intelligence analyst is and how Mark found himself focusing on cybercrime.
• How Mark gets criminals to talk to him and provide a certain level of detail
• A typical profile of a cybercriminal.
• Why criminals get into cybercrime.
• Why Mark doesn’t like white, gray, and black hat categories.
• The psychology of cyber awareness training.

In this episode of Phishy Business, we bring you a special recording from the show floor at RSA Conference. Hosted by Mimecast’s CMO Norman Guadagno, this episode delves into cyber insurance and how managing risk has had to adapt to the modern digital economy. You’ll learn exactly what cyber insurance is, why it’s important and how insurers should be trusted partners to organizations looking to better protect themselves from cyberattacks.

Our special guests are Tara Bodden, Head of Claims and General Counsel, and Thom Dekens, Chief Business Officer & GM at At-Bay Cyber Insurance. Tara works to ensure a seamless customer experience for At-Bay clients who have filed a claim. She also works to unlock data insights that can protect clients, and heads up At-Bay’s legal department which is charged with making sure At-Bay can deliver on its aspirations without doing harm. Thom heads up the cybersecurity side of At-Bay, ensuring the company and its clients are as secure as possible.

Tara and Thom use their expertise to provide a look into the importance of cyber insurance in today’s high-risk security environment. They explain how every company is a technology company and how a cyber insurance company can educate organizations on how they can protect themselves. They also provide insight on how a cyber insurance company can help when something goes wrong.

In ‘Keeping Threats ‘At-Bay’ – Normalizing Cyber Insurance as Part of Business’, we discuss:

• How cyber insurance companies work with their customers to ensure they have the most effective security solutions in place.
• How cyber insurers are vital partners for SMBs needing improve their cybersecurity.
• How our guests made their way to the world of cybersecurity.
• The main threats At-Bay’s clients see.  
• At-Bay’s Ranking Email Security Solutions report in which Mimecast was found to be the email security solution associated with the lowest number security incidents.

In part two of this special RSA episode Mimecast CMO, Norman Guadagno, interviews another four guests live from the conference show floor. We talk about how cybersecurity has changed over the years, bringing more diversity to the industry and how exactly one becomes a CISO.

Our guests for part two: Julian Waits, SVP business development at Rapid7 (:54 – 11:44), Kayla Williams, CISO at Devo (12:02 – 23:22), Tyler Warren, deputy CISO at Prologis (23:39 – 33:52) and Josh Copeland, cybersecurity director at AT&T (34:16 – 43:14).

In ‘RSAC Part 2: CISO trends + thinking differently about tradeshows’ we discuss:

• 'Cyversity' – and why cybersecurity needs to become more diverse
• Becoming a CISO without a traditional IT background
• Unpopular opinions at RSA  
• Why vendors should think about being distinctive at tradeshows

In this episode of Phishy Business, Mimecast CMO and guest host Norman Guadagno, chats to four different people at this year’s RSA Conference in San Francisco. Our guests were interviewed in our very own podcast recording studio at the Mimecast booth. In part one of this two-part episode, we learn more about our guests' roles, their companies, and the cool things they're working on. We also discuss what was trending at this year’s show and how the conference has evolved over the years. Did we mention ChatGPT? That was brought up once or twice too!

Our guests for part one: Adrian Sanabria, podcast host of Enterprise Security Weekly, (1:14 – 13:30) Pam Cyr, vice president of technical partnerships at Palo Alto Networks (14:00 – 25:23), Michael Smith, CISO at HKS, Inc. (25:41 – 38:35) and Michiel Prins, co-founder and head of professional services at HackerOne (39:17 – 51:27).

In ‘ChatGPT buzz + much more from the RSAC show floor’ we discuss:

• The major trends from this year’s conference
• How ChatGPT is being used now – and what the future could hold
• Technology partnerships and how they benefit organizations
• Cybersecurity resources to learn more about security and coding
• Why cybersecurity is a great field to go into

In this episode of Phishy Business, we discuss social engineering, the professional con game of burglary for hire, and different aspects of how this very specialized skill can impact organizations and individuals.

Our special guest is Jenny Radcliffe, who was our very first interview on the podcast and made a return appearance in our episode on job hacking. Jenny is well known for being able to get in anywhere and past anyone. She has turned a schooling in the art of breaking and entering during her childhood, into a celebrated career as an expert in social engineering, where she exploits the flaws and weaknesses in top-grade security operations.

Now, Jenny has returned for a third visit to tell us all about her new book, People Hacker. It’s a memoir about her unusual career as an ethical burglar and as you can imagine, it’s filled with fascinating stories.

In ‘Using Criminal Skills for Good - a Memoir of a Burglar for Hire’, we discuss:

• The importance of context in social engineering and how good people hackers adapt their methods according to the scenario and culture
• How real-world social engineering compares to the virtual world
• The importance of diversity in security
• Why Jenny didn’t go over to the dark side despite having all the skills of a successful criminal
• How everyone is hackable and it’s important to make security relevant to everyone
• How to do penetration testing well and without negatively impacting employees