Uncovering Hidden Risks

Beau Faull, Technology Specialist at Microsoft and Asia Security Strategy Leader, Dmitry Butko,  join guest host Manny Sahota on this week's episode of Uncovering Hidden Risks. Today's episode sets the stage for a detailed exploration of regulatory challenges, cybersecurity trends, and Microsoft's approach to ensuring regulatory readiness in the digital landscape. Beau discusses Australian and global regulations, emphasizing the need to meet industry standards like GDPR and the Essential 8, while Dmitry expresses excitement about the increasing focus on regulatory compliance. The discussion highlights the complexities of balancing technology solutions with regulatory compliance, the importance of responsible data management practices, and the evolving culture of cybersecurity within organizations.    In This Episode You Will Learn:       The vital role of general counsel in tech solutions and compliance decisions Misconception surrounding AI's role in surfacing security issues within organizations  The importance of aligning technology solutions with regulatory requirements  Some Questions We Ask:       How Microsoft integrates security in product development?  What are some global cybersecurity trends, particularly in regions like Australia?  How does Microsoft Copilot ensure global regulatory compliance?      Resources:     View Beau Faull on LinkedIn   View Dmitry Butko on LinkedIn  View Manny Sahota on LinkedIn   View Erica Toelle on LinkedIn                  Related Microsoft Podcasts:                   Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast    Microsoft Threat Intelligence Podcast  Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Uncovering Hidden Risks is produced by Microsoft and distributed as part of N2K media network.

Jef Kazimer, Microsoft's Principal Product Manager, and Bailey Bercik, Senior Product Manager, join Erica Toelle and guest host Lisa Huang-North on this week's episode of Uncovering Hidden Risks. Today's episode will focus on security in the era of cloud and AI, with insights from Microsoft Security's product team. It will encompass AI-driven security measures, data protection, identity management, and compliance in the cloud while providing valuable insights for professionals navigating the evolving landscape of cloud security and AI's influence on it. Together, they discuss the importance of basic security hygiene, the implications of sophisticated AI-based attacks, and the necessity of adopting a defense-in-depth strategy to protect against emerging threats.    In This Episode You Will Learn:       The use of generative AI in attack vectors like phishing and social engineering  Principles of zero trust and how they apply to AI systems  Challenges and opportunities for securing identity and access in 2024   Some Questions We Ask:       How can organizations leverage Microsoft’s Zero Trust framework to protect their data?  What are the best practices when implementing passwordless authentication?  Are the principles of Zero Trust still relevant to this new wave of threats?     Resources:     View Lisa Huang-North on LinkedIn   View Jef Kazimer on LinkedIn   View Bailey Bercik on LinkedIn   View Erica Toelle on LinkedIn      MITRE ATLAS: MITRE | ATLAS™ Book: Not with a Bug but with a Sticker Blog Post: Demystifing LLMs and Threats. Based off of my presentation for CSA | by Caleb Sima | csima | Medium           Related Microsoft Podcasts:                     Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast    Microsoft Threat Intelligence Podcast    Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Uncovering Hidden Risks is produced by Microsoft and distributed as part of N2K media network.

Patrick Chavez, Chief Privacy Officer at Edward Jones, joins Erica Toelle and guest host Mark Diamond, CEO of Contoural, on this week's episode of Uncovering Hidden Risks. Patrick leads the firm's privacy efforts and develops and implements policies and processes for preparing for and responding to cyber and privacy incidents. He also oversees the firm’s Records and Information Management Program within the Legal Division. He provides legal guidance and advice to the firm’s business areas on eDiscovery, privacy, information and data security and protection, and information governance. Contoural is the largest independent provider of strategic Information Governance consulting services, including records management, privacy, litigation readiness, and employee collaboration. Contoural is also a trusted advisor to more than 30% of the Fortune 500 plus many mid-size and public sector organizations.   In This Episode You Will Learn:      How to successfully execute policies and meet regulatory requirements Management tools for privacy, eDiscovery, and Information Security conflicts How Edward Jones aligns its legal support for privacy and records management. Some Questions We Ask:     How have you seen companies successful in building senior-level support? What is the most significant barrier to creating a unified or federated approach?  How should organizations consider policy creation to ensure they can be executed? Resources:    View Patrick Chavez on LinkedIn View Mark Diamond on LinkedIn View Erica Toelle on LinkedIn                Related Microsoft Podcasts:                   Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast   Microsoft Threat Intelligence Podcast Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Uncovering Hidden Risks is produced by Microsoft and distributed as part of The CyberWire Network.

Herain Oberoi, General Manager of Data Security, Privacy, and Compliance for Microsoft, joins Erica Toelle and guest host Tina Ying, Senior Product Marketing Manager at Microsoft, on this week's episode of Uncovering Hidden Risks. Microsoft has recently released a new report called the Data Security Index. Erica, Tina, and Herain explain what drove the team to complete this research, release the report, and share valuable insights that can empower organizations to optimize their data security programs.    In This Episode You Will Learn:       Why more tools bring less security, but organizations still adopt them  When organizations should allocate resources to optimize data security  How security leaders can lead their teams with the goal of enhancing all-up security posture  Some Questions We Ask:      How can organizations enhance their data security posture?  Should organizations purchase best-of-suite or best-of-breed solutions?  What advice do you give organizations with the challenge of using isolated solutions?     Resources:     View Herain Oberoi on LinkedIn  View Tina Ying on LinkedIn  View Erica Toelle on LinkedIn    Related Microsoft Podcasts:                   Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast   Security Unlocked     Security Unlocked: CISO Series with Bret Arsenault Microsoft Threat Intelligence Podcast Secure the Job: Breaking into Security       Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Uncovering Hidden Risks is produced by Microsoft and distributed as part of The CyberWire Network.

Drew Nicholas, Microsoft Principal Security Global Black Belt, joins Erica Toelle and guest host Daniela Villarreal, Sr. Product Marketing Manager for Microsoft Defender for Cloud, on this week's episode of Uncovering Hidden Risks. Drew has spent eight-plus years at Microsoft in different roles. These roles include working for Microsoft's consulting services, Microsoft's customer-facing Incident Response team, and his current position. Drew, Erica, and Daniela provide insight into hidden risks in cloud-native apps to help customers gain visibility and control of their cloud security posture to take a risk-based approach to proactive cloud security.     In This Episode You Will Learn:       How cloud security posture fits into the big picture of security  Qualities organizations should look for in a cloud security posture management tool  How different platforms can help strengthen cloud security posture  Some Questions We Ask:      Regarding cloud-native application development, what security trends have you seen?   Why is cloud security posture so important?  What risks can a unified security posture management approach help address?    Resources:     View Drew Nicholas on LinkedIn  View Daniela Villarreal on LinkedIn  View Erica Toelle on LinkedIn    Related Microsoft Podcasts:            Listen to: Afternoon Cyber Tea with Ann Johnson    Listen to: Security Unlocked       Listen to: Security Unlocked: CISO Series with Bret Arsenault          Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Uncovering Hidden Risks is produced by Microsoft and distributed as part of The CyberWire Network.

Cybersecurity is not just a defensive strategy; it can be a powerful driver of an organization's success. In this episode, host Erica Toelle talks to Nashid Shaker, AVP, Information and Cyber Security Strategy at Canadian Western Bank Financial Group, and Antonio Maio, Managing Director at Protiviti, about how to tactically create a cybersecurity strategy that aligns with business goals, fosters trust, and enables innovation. Nash is an experienced and innovative cybersecurity leader passionate about orchestrating secure digital transformations that fuel growth—leveraging a multidisciplinary background in strategic planning and cybersecurity.    In This Episode You Will Learn:       When it’s time to re-evaluate your cybersecurity strategy.  What cybersecurity leaders should think about today to prepare for a future that will use AI.  Predictions for cybersecurity in the next 2-4 years.  Some Questions We Ask:      What is the top risk that organizations tend to overlook?  What are some tips for how cybersecurity leaders should engage with the c-suite?   Can cybersecurity contribute to an organization's bottom line or mission?    Resources:     View Nash Shaker on LinkedIn  View Antonio Maio on LinkedIn  View Erica Toelle on LinkedIn    Related Microsoft Podcasts:                    Listen to: Afternoon Cyber Tea with Ann Johnson    Listen to: Security Unlocked       Listen to: Security Unlocked: CISO Series with Bret Arsenault        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Uncovering Hidden Risks is produced by Microsoft and distributed as part of The CyberWire Network.

As data volumes continue to balloon, it's becoming clear that the quickest path to victory does not involve the fewest steps. This month's episode of Uncovering Hidden Risks explores ways to defensibly move data minimization decisions upstream to collaboratively expedite the eDiscovery process. EJ Bastien, Director of Discovery Programs at Microsoft, joins Erica Toelle and guest host Caitlin Fitzgerald for the discussion. EJ leads the eDiscovery and Litigation Support team at Microsoft. EJ shares his experience using technology to address the challenges of eDiscovery in the modern cloud world and shares some strategies and best practices to help mitigate risk.       In This Episode You Will Learn:       Advice for organizations trying to handle the growing amount of new data types   Best practices for implementing an effective eDiscovery strategy  Why you should be excited about the future of eDiscovery      Some Questions We Ask:      What trends are you seeing that are affecting the eDiscovery space?  How you are approaching some of the new technology innovations?   What benefits are there to using Purview eDiscovery Premium internally at Microsoft?     Resources:     View EJ Bastien on LinkedIn  View Caitlin Fitzgerald on LinkedIn  View Erica Toelle on LinkedIn    Related Microsoft Podcasts:            Listen to: Afternoon Cyber Tea with Ann Johnson    Listen to: Security Unlocked       Listen to: Security Unlocked: CISO Series with Bret Arsenault          Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Uncovering Hidden Risks is produced by Microsoft and distributed as part of The CyberWire Network.

This month's episode of Uncovering Hidden Risks discusses the risks of running a multicloud strategy and how customers can think about this as they accelerate their digital transformation.   Ashish Kumar, Principal PM Manager at Microsoft, joins Erica Toelle and guest host Daniel Hidalgo on this week's episode of Uncovering Hidden Risks. Ashish has over 25 years of experience in Engineering, Consulting, and Technology sales, helping businesses build products, increase revenue and market share, enhance branding, and lower operational costs. Ashish discusses the intersection between security and compliance, why knowing your posture is essential, and how we can have a safer digital world. You can also check out Ashish's book, "Managing Risks in digital transformation."    In This Episode You Will Learn:       The risks involved when you operate a multi-cloud environment  The importance of having real-time view of your cloud configuration and associated threats    Some Questions We Ask:      What is multi-cloud, and why is it important?   Can you share some takeaways for listeners looking to implement a multi-cloud strategy?  What is the main difference between hybrid and multi-cloud?      Resources:     View Ashish Kumar on LinkedIn  View Daniel Hidalgo on LinkedIn  View Erica Toelle on LinkedIn    Related Microsoft Podcasts:            Listen to: Afternoon Cyber Tea with Ann Johnson    Listen to: Security Unlocked       Listen to: Security Unlocked: CISO Series with Bret Arsenault          Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Randolph Kahn, a globally recognized leader in information governance and President of Khan Consulting, joins Erica and guest host Natalie Noonan on this week's episode of Uncovering Hidden Risks. Randolph has been an expert witness in significant court cases and is a trusted advisor to corporations and governmental agencies. He is also an accomplished author, speaker, and adjunct professor of Law and Policy of Electronic Information and The Politics of Information. Randolph and Erica discuss Information Governance and the industry trends they are currently seeing in this space.    In This Episode You Will Learn:       How the increase in regulations affects current data management trends  Why organizations are suffering information mismanagement failures    If current technology capabilities and functionality are sufficient    Some Questions We Ask:      What requirements are important for information governance?   Why should organizations take advantage of newer technologies?   What's next after an organization has clearly identified its new requirements?      Resources:     View Randolph Kahn on LinkedIn  View Natalie Noonan on LinkedIn  View Erica Toelle on LinkedIn    Related Microsoft Podcasts:            Listen to: Afternoon Cyber Tea with Ann Johnson    Listen to: Security Unlocked       Listen to: Security Unlocked: CISO Series with Bret Arsenault          Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Uncovering Hidden Risks is produced by Microsoft and distributed as part of The CyberWire Network.

Maithili Dandige, Partner Group Product Manager at Microsoft, joins Erica Toelle and guest host Shilpa Bothra on this week's episode of Uncovering Hidden Risks. Maithili's team is behind Microsoft Purview products such as Information Protection, Data Loss Prevention, Data Lifecycle Management, Records Management, eDiscovery, and Audit. Maithili discusses Data Loss Prevention, some recent DLP research, and what's upcoming in this space.     In This Episode You Will Learn:       The journey of DLP solutions and where the market is today  What customers should be expecting from DLP solution providers  The benefits of adopting a cloud-native solution    Some Questions We Ask:      What do you see as the future of DLP space?   How can you empower your users to make the right data-handling decisions?    What trends do you currently see evolving?     Resources:     View Maithili Dandige on LinkedIn  View Shilpa Bothra on LinkedIn  View Erica Toelle on LinkedIn    Related Microsoft Podcasts:            Listen to: Afternoon Cyber Tea with Ann Johnson    Listen to: Security Unlocked       Listen to: Security Unlocked: CISO Series with Bret Arsenault        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Uncovering Hidden Risks is produced by Microsoft and distributed as part of The CyberWire Network.

Raman Kalyan, Director of Product Marketing, Microsoft and former podcast host, joins Erica Toelle and guest host Liz Willets on this week's episode of Uncovering Hidden Risks. Raman's team leads product marketing initiatives to increase broad enterprise adoption and awareness of Microsoft 365 Risk Management and Investigation solution categories while partnering closely with leaders across engineering, planning, and strategy teams to determine and recommend critical product/service investments. Raman discusses why a comprehensive data security approach is an essential consideration for companies, how to implement an effective data security strategy, and what he sees as the future of the data security space.    In This Episode You Will Learn:       What it means to have a comprehensive data security approach  How you can leverage insights from risky insider activities  Why comprehensive data security should matter Some Questions We Ask:      What does an end-to-end data protection strategy look like?  How do you balance data security without hindering employee productivity?   When should teams get started on their data security strategy?     Resources:     View Raman Kalyan on LinkedIn  View Liz Willets on LinkedIn  View Erica Toelle on LinkedIn    Related Microsoft Podcasts:            Listen to: Afternoon Cyber Tea with Ann Johnson    Listen to: Security Unlocked       Listen to: Security Unlocked: CISO Series with Bret Arsenault          Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Uncovering Hidden Risks is produced by Microsoft and distributed as part of The CyberWire Network.

Randyll Newman, Supervisor of Student Data and Information Security for Prince William County Public Schools in Virginia, joins host Erica Toelle and guest host Christophe Fiessinger on this week's episode of Uncovering Hidden Risks. Randyll oversees the planning, operation, and management of security for the school division's network infrastructure, data, and student information systems. He also served 10 years as a police officer and detective in Fairfax County, Va., retiring from the United States Naval Reserves after serving 26 years. Randyll discusses how organizations approach internal investigations, how important it is to maintain privacy for students and faculty during these investigations, and examples from previous case studies.    In This Episode You Will Learn:       Prince William County Public Schools' reputation for innovative education   How important it is to maintain privacy for students and faculty   Business requirements for internal investigations  Considerations and adherence to regulatory compliance: Family Educational Rights and Privacy Act (FERPA); and Children’s Internet Protection Act (CIPA)  Tips and advice for other organizations     Some Questions We Ask:      What principles guided the initiative to ensure user privacy?  Can you outline the privacy principles you follow during investigations?   How did you design the technical solution to meet these business requirements?      Resources:     For more background, read the PWCS Case Study  View Randyll Newman on LinkedIn  View Christophe Fiessinger on LinkedIn  View Erica Toelle on LinkedIn    Related Microsoft Podcasts:            Listen to: Afternoon Cyber Tea with Ann Johnson    Listen to: Security Unlocked       Listen to: Security Unlocked: CISO Series with Bret Arsenault        Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Uncovering Hidden Risks is produced by Microsoft and distributed as part of The CyberWire Network.

Alym Rayani, General Manager for Compliance and Privacy Marketing at Microsoft, joins host Erica Toelle and guest host Hammad Rajjoub on this week's episode of Uncovering Hidden Risks. Alym works closely with engineering leadership to drive product strategy and roadmap while overseeing the product value proposition, marketing efforts, and customer experience. Due to these changes in regulations and increased cybersecurity risk, these areas are converging. Erica, Hammad, and Alym are taking a closer look at a top industry trend: convergence of compliance, data protection, and privacy requirements, and discussing what this means for Chief Information Security Officers.    In This Episode You Will Learn:      What areas create quick wins for organizations that create momentum for larger initiatives What the answer is for CISOs to stay in compliance with regulations Risks CISOs will face focusing on data protection without considering compliance and privacy   Some Questions We Ask:     What challenges are CISOs, privacy officers, and CCOs seeing from this convergence? How are data protection and privacy changing the way CISOs approach new problems?   What should CISOs look for in a data protection technology solution?   Resources:    View Alym Rayani on LinkedIn View Hammad Rajjoub on LinkedIn View Erica Toelle on LinkedIn   Related Microsoft Podcasts:          Listen to: Afternoon Cyber Tea with Ann Johnson   Listen to: Security Unlocked      Listen to: Security Unlocked: CISO Series with Bret Arsenault       Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Uncovering Hidden Risks is produced by Microsoft and distributed as part of The CyberWire Network.

Igor Tsyganskiy, President and CTO of Bridgewater Associates, joins Erica Toelle and Rudra Mitra on this week's episode of Uncovering Hidden Risks. Igor joined Bridgewater in 2016 and is currently President and Chief Technology Officer with executive company-wide responsibility for the overall architecture, technology, infrastructure, and data centers. He also ran an advanced technology group at SAP, holds more than 20 patents in enterprise software, process automation, and security, and is a Computerworld Smithsonian Award Laureate. Igor chats with Erica and Rudy about understanding the data across your estate, protecting and overseeing data, and managing risk posture.   In This Episode You Will Learn:     Core security and compliance principles  Why to take a comprehensive approach to security and data management  The pillars of data protection    Some Questions We Ask:     What are your biggest concerns or challenges as President & CTO around data governance?  What advice can you provide to companies about managing governance and securing data?  How do you navigate data security requirements and regulations?       Resources:    View Igor Tsyganskiy on LinkedIn  View Rudra Mitra on LinkedIn  View Erica Toelle on LinkedIn    Related Microsoft Podcasts:     Listen to: Afternoon Cyber Tea with Ann Johnson   Listen to: Security Unlocked      Listen to: Security Unlocked: CISO Series with Bret Arsenault       Discover and follow other Microsoft podcasts at microsoft.com/podcasts Uncovering Hidden Risks is produced by Microsoft and distributed as part of The CyberWire Network.

Bret Arsenault, CVP, CISO at Microsoft, joins us on this week's episode of Uncovering Hidden Risks to discuss how a holistic approach to data protection can deliver better results across your organization and the three steps that can get you there. Erica Toelle and Talhah Mir host this week's episode to chat with Bret about current trends in the data protection space, what data protection issues are top of mind, and how teams should get started on their data protection strategy.     In This Episode You Will Learn:     How to take a holistic approach to data protection  What data protection issues are top of mind  How teams can get started on their data protection strategy    Some Questions We Ask:     How do you view the data protection landscape?  What trends do you see in the data protection space?   What challenges have you faced in understanding your data estate?     Resources:    View Bret Arsenault on LinkedIn  View Talhah Mir on LinkedIn  View Erica Toelle on LinkedIn     Related Microsoft Podcasts: Listen to: Afternoon Cyber Tea with Ann Johnson  Listen to: Security Unlocked   Listen to: Security Unlocked: CISO Series with Bret Arsenault   Discover and follow other Microsoft podcasts at microsoft.com/podcasts Uncovering Hidden Risks is produced by Microsoft and distributed as part of The CyberWire Network.

Jeff Teper, Corporate Vice President of Microsoft 365 Collaboration, including Teams, SharePoint, and OneDrive, join's Erica Toelle and Chris McNulty on this week's episode of Uncovering Hidden Risks. Jeff leads product, design, and engineering teams for Microsoft 365, including Teams, SharePoint, OneDrive, Viva, and more which empower people and organizations worldwide to collaborate at work, home, and school. Erica and Chris speak with Jeff about empowering users to do more through collaboration technology, a zero-trust model for collaboration, and how we can make powerful things simple.      In This Episode You Will Learn:     The connection between collaboration and data governance  Top three ways we can prepare for the future of data governance  Balancing a great employee experience with data governance       Some Questions We Ask:     How do you define data governance?   What are the top three ways we can prepare for the future of data governance and collaboration?  What excites you the most about the future of collaboration and data governance?   Resources:    View Jeff Teper on LinkedIn  View Chris McNulty on LinkedIn  View Erica Toelle on LinkedIn  Related Microsoft Podcasts: Listen to: Afternoon Cyber Tea with Ann Johnson  Listen to: Security Unlocked   Listen to: Security Unlocked: CISO Series with Bret Arsenault   Discover and follow other Microsoft podcasts at microsoft.com/podcasts Uncovering Hidden Risks is produced by Microsoft and distributed as part of The CyberWire Network.

On Uncovering Hidden Risks, host Erica Toelle, senior product marketing manager on Microsoft's Purview Team, explores how enterprises can reduce their risk by moving to a more holistic approach to data protection. Each episode will feature a panel of Microsoft security professionals and community security experts diving into topics like data governance, internal and external threats, risk management and compliance, industry trends, and customer challenges. Listen and subscribe to the podcast wherever you get your favorite shows. Discover and follow other Microsoft podcasts at microsoft.com/podcasts