Reimagining Cyber - real world perspectives on cybersecurity

"For nation states today their biggest bang for the buck is going to be to attack the perception of voting system security much more than the reality of voting system security." Stan Wisseman and Rob Aragao delve into the critical realm of election security with Dr. Ben Adida, the co-founder and executive director of VotingWorks, renowned for his expertise in safeguarding our voting processes. Dr. Adida shares insights from his two-decade journey at the forefront of election security, offering a deep dive into the complexities of ensuring the integrity of our democratic process.From the challenges of balancing ballot secrecy with verifiability to the evolving landscape of election security concerns, the conversation navigates through the intricate web of issues surrounding voting systems. Dr. Adida sheds light on the pivotal role of voter-verifiable paper ballots and post-election audits in bolstering trust and transparency, emphasizing the need for modernizing voting technology to align with current security standards.As the discussion unfolds, topics ranging from external influences on elections to the role of federal guidelines versus state autonomy are explored, providing a comprehensive overview of the multifaceted efforts to fortify election integrity. Dr. Adida's vision for the perfect voting system, grounded in openness, transparency, and layered defense mechanisms, offers a compelling roadmap for safeguarding democracy in the digital age.https://www.eac.gov/voting-equipment/voluntary-voting-system-guidelinesFollow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

In this episode  Stan Wisseman and Rob Aragao delve into the critical yet often overlooked realm of API security. APIs, the linchpin of today's digital landscape, facilitate seamless communication between diverse software components, but they also present enticing targets for cyber threats. Through real-world examples and insightful analysis, Stan and Rob explore the escalating risks associated with APIs and offer strategies for fortifying your organization's defenses. From understanding your API inventory to implementing robust security measures, this episode equips listeners with essential knowledge to navigate the complex terrain of API security and safeguard their digital assets effectively.Helpful links relevant to this episode:Growing Concern Over API SecurityFastly API Security 2024 studyOWASP Top 10 API Security Risks—2023Developer Guide to the 2023 OWASP Top 10 for API SecurityFortify API SecurityNetIQ Secure API ManagerFollow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

“It’s only going to get worse if we don't pump the brakes and go, nope, we need to make sure we're doing this the right way.”In this episode, Tim Fowler, an accomplished offensive security analyst and penetration tester from Black Hills Information Security, joins the podcast to discuss the intersection of cybersecurity and space systems. Tim sheds light on:The unique challenges posed by the space environment,How the design of space systems differs from terrestrial systems The importance of threat modeling in shaping cybersecurity protocols for space systems. The biggest threats to cybersecurity in space both now and in the future.  Drawing from real-world examples like the ViaSat hack, Tim underscores the need for proactive cybersecurity measures, especially in the face of evolving threats and the increasing democratization of space technology.The conversation also touches upon international collaboration and regulatory efforts in space cybersecurity, with Tim mentioning standards set by bodies like the Consultative Committee for Space Data Systems (CCSDS). However, challenges persist, including the cultural shift required to prioritize cybersecurity early in the space system lifecycle and address emerging threats effectively.For details on Tim's Introduction to Cybersecurity and Space Systems class go to: https://www.antisyphontraining.com/Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

Join hosts Stan Wisseman and Rob Aragao as they explore the evolution of payment card security standards. With insights on PCI DSS 4.0, they dive into key changes and technology considerations. From data protection to application security, this episode offers crucial insights for organizations navigating compliance in an ever-evolving landscape.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

In this episode, the Rob and Stan delve into a recent cyber attack targeting Change Healthcare, a key player in the healthcare sector. They highlight the unprecedented nature of the breach, its implications, and the collaborative efforts undertaken to mitigate its impact.Change Healthcare, based in Nashville, Tennessee, disclosed the cyber attack on February 21st, causing significant disruptions across the healthcare ecosystem. The breach impacted various services, including claims processing and clinical decision support, affecting hospitals, pharmacies, and patients alike.The attackers, identified as the ransomware group BlackCat, operated on a ransomware-as-a-service model. The hosts discuss the complex web of ransomware operations and affiliate relationships, shedding light on the intricate nature of cyber threats facing the healthcare industry.The breach triggered a swift response from government agencies, with the Medical Group Management Association requesting assistance from the Department of Health and Human Services (HHS). HHS issued statements and provided alternative electronic data interchange options to minimize disruptions in patient care.Rob and Stan look at the critical need for cybersecurity resiliency in the healthcare sector. They discuss proposed measures, including the adoption of HHS cybersecurity performance goals and the streamlining of funding opportunities to bolster cybersecurity defenses.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

What is the impact of open-source software (OSS) on modern software development? This episode delves into the findings of a recent study commissioned by Open Text and conducted by Forrester called "Unlock Resources With Automated Open-Source Discovery And Intake". Stan and Rob unpack the evolving role of OSS, shedding light on both its opportunities and challenges.With 70% of organizations reporting that over half of their coding efforts involve OSS, it's evident that OSS plays a pivotal role in accelerating innovation and reducing costs in software development. However, as the hosts discuss, this rapid adoption isn't without its hurdles.From ensuring security and compliance to navigating through the complexities of OSS licensing, organizations face a myriad of challenges. Stan and Rob examine the ramifications of overlooking security vulnerabilities, compliance standards, and licensing terms, drawing from real-world examples to underscore the importance of diligent management practices.But amidst the challenges lies a beacon of hope: automation. The hosts explore how automation is revolutionizing the discovery and integration of OSS components, paving the way for more secure and compliant software development processes. From streamlining discovery to prioritizing security early in the development cycle, automation holds the key to enhancing productivity and mitigating risks.Looking ahead, Stan and Rob speculate on future directions in OSS management, emphasizing the need for collaboration, early detection of security issues, and continued innovation in the space. Whether you're a developer, a legal expert, or a cybersecurity enthusiast, this episode offers valuable insights into the ever-evolving landscape of open source software.Tune in to gain a deeper understanding of the opportunities and challenges presented by open source software, and discover how organizations can navigate the open source seas with confidence and agility.Report:https://www.microfocus.com/en-us/assets/cyberres/automating-open-source-complianceDebricked Open Source Select - a search engine where you can find, filter for and evaluate open source packages and repositories.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

In this episode of Reimagining Cyber, hosts Rob Aragao and Stan Wisseman are joined by Dorota Wrobel, Chief R&D Officer for G2A, the world's largest digital marketplace for video games and software. Dorata discusses G2A's evolution from a regular online store to a two-sided marketplace for digital products, emphasizing the need for robust cybersecurity measures in the digital environment.Dorota highlights the vulnerability of digital products to outside attacks and explains G2A's partnerships with top security companies to enhance security. She discusses G2A's strict seller verification processes and proof of purchase requirements to ensure trustworthiness and prevent fraud.The conversation delves into G2A's regulatory compliance efforts, including adherence to security standards required by Payment Service Providers and membership in organizations like the Merchant Risk Council. Dorata explains how AI technology is utilized for fraud detection and response, augmented by human interaction and step-up authentication processes.Looking to the future, Dorota discusses G2A's plans for further investment in monitoring systems and tokenizing payment optionsFollow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

 In this conversation about threat hunting, Stan and Rob dive into why it's become such a crucial part of cybersecurity. They talk about how threat hunting isn't just about reacting to problems anymore, but it's become this proactive, creative way of spotting and tackling security issues before they become big headaches.They reflect on how the role of a threat hunter has changed over the years. It used to be all about reacting to alerts, but now it's more about actively seeking out threats and analyzing them. And with the threat landscape changing so quickly, threat hunters have had to evolve their methods to keep up.Stan and Rob also discuss the day-to-day workflow of a threat hunter. It's not just about sitting in front of a computer all day. It involves reviewing alerts, prioritizing threats, and collaborating with the team to share insights and strategies.But it's not all smooth sailing. They talk about the challenges threat hunters face, like dealing with huge amounts of data and making sure their tools all work together seamlessly. Plus, there's the added pressure of compliance and legal considerations.On the bright side, there's a whole arsenal of tools available to threat hunters, from fancy analysis platforms to simple note-taking apps. And with emerging tech like blockchain and quantum computing on the horizon, there's a lot of excitement about the future of threat hunting.They also touch on the importance of team dynamics and management in threat hunting. It's not just about having the right tools—it's about having the right mindset and culture within the team. And diversity and inclusion play a big role in that, bringing different perspectives to the table and making the team stronger.Overall, it's clear that threat hunting is more than just a job—it's a passion. And as long as there are cyber threats out there, there will always be a need for skilled threat hunters to track them down and neutralize them.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

In this episode, Stan and Rob sit down with Felix Asare, a seasoned cybersecurity leader with extensive experience in the financial sector, including roles at Allianz and Putnam Investments. They delve into the cybersecurity landscape within the financial industry, exploring why it's a prime target for cybercriminals.Felix breaks down the appeal of targeting the financial sector,emphasizing the shift from physical to digital methods of theft due to thelucrative nature of financial data. He highlights the importance of regulationsin setting security standards and explains how compliance, while necessary,isn't sufficient for robust cybersecurity.The conversation extends to the risks posed by the softwaresupply chain, particularly third-party vendors, and the challenges ofmaintaining oversight in a complex ecosystem. Felix shares insights intomitigating risks associated with open-source software and the need for rigorousapproval processes.They also discuss the emergence of smart contracts and thesecurity implications of blockchain technology. Felix underscores theimportance of auditing smart contracts and maintaining vigilance in the face ofevolving threats like deepfake technology.Lastly, the discussion turns to the role of AI in cybersecuritydefense, with Felix emphasizing its potential to enhance response times andanalyze data. However, he also cautions against overreliance on AI and the needfor human validation to combat emerging threats effectively.Overall, the episode provides valuable insights into theevolving cybersecurity landscape within the financial sector and the strategiesemployed to mitigate risks and enhance security posture.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

In this episode, hosts Rob and Stan explore the EU's Digital Operational Resiliency Act (DORA) with Dominic Brown, a cybersecurity expert. DORA addresses cyber threats to EU financial systems, emphasizing risk management, incident response, and third-party oversight. Dominic compares DORA to US regulations and advises organizations to build risk management teams and enhance cyber resilience before the 2025 deadline.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

In this episode of "Reimagining Cyber," Rob Aragao and Stan Wisseman welcome Adeel Saeed, discussing the importance of data protection in the evolving cybersecurity landscape. Adeel emphasizes the need to understand data sovereignty, navigate regulatory challenges like DORA, and implement a comprehensive data lifecycle strategy. The conversation delves into the nuances of technical debt related to data, the significance of cyber resilience, and the imperative for organizations to embrace a proactive approach in safeguarding their data assets.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

Mother of All Breaches. The Midnight Blizzard attack. Nation state cyber conflicts. January 2024 has seen a blitz in cyber  attacks. In this week's episode, hosts Stan Wisseman and Rob Aragao delve into the alarming start to the new year.1.    Mother of All Breaches (MOAB):·       Unprecedented Scale: Over 26 billion records compromised, impacting major platforms like Twitter, LinkedIn, Adobe, and Dropbox, along with government agencies worldwide.·       Data Complexity: The breach includes not only credentials but also sensitive data, creating substantial value for malicious actors.·       Organization: The breach was meticulously organized, posing a significant threat to data security and privacy.2.    Midnight Blizzard Attack:·       Notorious Group: Midnight Blizzard, also known as Cozy Bear and APT29, resurfaces ·       Targeted Organizations: Microsoft and HPE were among the targets, with a focus on compromising Office 365 exchange environments.·       Attack Strategy: Utilizing password spraying and brute force, the attackers gained access to a legacy test nonproduction account, subsequently creating malicious OAuth applications.·       Specific Targeting: The attackers selectively targeted executives, cybersecurity teams, and legal teams, aiming to gather intelligence on Microsoft's activities.3.    State-Sponsored Cyber Warfare (Russia vs. Ukraine):·       Escalating Tensions: Ongoing cyber warfare activities between Russia and Ukraine intensify, with a warning of disruptive and destructive attacks.·       Advanced Tactics: Russian cyber forces, particularly Midnight Blizzard, demonstrate advanced capabilities, impacting Ukrainian e-services, utility companies, and online banking.·       AI Integration: Ukraine effectively employs AI in its defense, utilizing facial recognition and cyber capabilities to counter cyber threats.The hosts emphasize the importance of proactive measures, including password changes, multi-factor authentication adoption, and vigilant identity governance. The discussion underscores the evolving landscape of cyber warfare, encompassing both kinetic and cyber threats. Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

In this episode, hosts Rob and Stan explore the World Economic Forum's Global Cybersecurity Outlook 2024, a favorite annual report providing valuable insights into the cybersecurity landscape. Released early in the new year, the episode looks at the key themes, findings, and implications outlined in the report.Main Themes:1.    Geopolitical and Technological Environment:·       Report highlights dynamic changes and advancements in geopolitics and technology.·       Emphasis on impacts of geopolitical tensions, economic uncertainties, and technological advancements, especially in AI.2.    Cyber Skill Shortage:·       Discussion on persistent challenges related to the shortage of cybersecurity skills.·       Acknowledgment of the critical role of cybersecurity in business, operations, and executive decision-making.3.    Cyber Resilience:·       Exploration of the growing importance of cyber resilience.·       Positive indicators of increased confidence among leaders in the resilience of cybersecurity programs.4.    Cyber Inequity:·       Examination of the disparity in cyber capabilities between larger and smaller organizations.·       Insights into challenges faced by smaller organizations, including resource constraints, skill shortages, and technology requirements.5.    Cyber Ecosystem:·       Discussion on the interconnected nature of cyber ecosystems.·       Emphasis on collaboration, threat intelligence sharing, and third-party assessments.·       Highlighting the significant impact of cyber attacks originating from third-party relationships.Key Findings and Insights:1.    Generative AI Concerns:·       Grave concerns among executives about advances in adversarial capabilities due to generative AI.·       Less than 10% believe generative AI will give an advantage to defenders over attackers.2.    Cyber Insurance and Risk Mitigation:·       Observations on the changing landscape of cyber insurance, with a 24% drop in organizations obtaining cyber insurance.·       Recognition of cyber and privacy regulations as effective for risk reduction, though harmonization is needed.3.    CEO Involvement and Alignment:·       Increased involvement of CEOs and business leaders in prioritizing cybersecurity.·       93% trust CEOs to speak externally about cyber risk, indicating growing alignment between cybersecurity and business strategy.4.    Impact on the Business:·       Insights into executive concerns about operational disruption, financial impact, and brand reputation from cyber attacks.·       Balanced consideration of regulatory scrutiny, focusing on operational aspects and financial loss.Conclusion: Rob and Stan encourage listeners to explore the detailed report for a deeper understanding of the evolving cybersecurity landscape. They emphasize the need for collaboration, proactive cybersecurity measures, and efforts to bridge the gap between larger and smaller organizations in building cyber resilience.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

Welcome to another episode of "Reimagining Cyber." In this session, Rob and Stan dive into the critical role of IT auditors, a perspective rarely explored on the show. Their guest, Veronica Rose, brings extensive experience in shaping risk-based information security audit programs. She emphasizes the evolving nature of the IT audit environment and urges IT auditors to prioritize upskilling as technology and controls advance.Veronica highlights the significance of professional communities, recommending affiliation with bodies like NACD and ISACA. Engaging in these communities not only provides access to valuable resources but also fosters global connections with like-minded professionals.The discussion shifts to well-being, a crucial aspect often overlooked in the demanding field of IT audit. Veronica stresses the importance of mental health, exercise, and unplugging to maintain a clear mindset.The conversation wraps up by addressing the career paths of IT auditors. Veronica encourages a mindset shift for those considering a transition, emphasizing the value of certifications and continuous upskilling.Tune in to gain insights into the evolving world of IT audit, professional development, and holistic well-being.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

In this episode, Rob Aragao and Stan Wisseman unravel the dynamic world of cybersecurity regulations, providing a sneak peek into the changes expected in 2024. From the upcoming PCI DSS 4.0 release strengthening cybersecurity postures to the FTC's push for timely breach notifications, and the SEC's implementation of breach disclosure rules, they navigate through the intricacies of compliance.They shed light on the NIS2 directive, emphasizing the continuous evolution of cybersecurity practices, and delve into the EU Cyber Resiliency Act, encouraging security by design principles for products and services sold within the EU. The duo also examines the state-level privacy laws emerging across the United States, emphasizing the complexities organizations face in navigating this patchwork of regulations.Tune in for insights on how these regulations impact businesses, the penalties associated with non-compliance, and the importance of a proactive, risk-based approach. Stay informed and ready for the evolving cybersecurity landscape in 2024!Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

In this episode, hosts Stan Wisseman and Rob Aragao reflect on the cybersecurity landscape of 2023 and discuss its potential impacts on the upcoming year, 2024. They delve into the alarming increase in incidents and breaches, noting a 30% rise. The conversation covers major breaches, such as the MOVEit and Okta incidents, emphasizing the growing threat of ransomware across various sectors.The hosts highlight the interconnectedness of organizations, raising concerns about dependency on common platforms and the resulting ripple effect during security breaches. They stress the importance of reevaluating security controls and adopting a layered approach to mitigate vulnerabilities.The episode also explores the escalating cyber warfare between nation-states, citing the ongoing conflict between Ukraine and Russia. Stan and Rob anticipate an increase in nation-state cyber threats, emphasizing the need for enhanced threat intelligence and proactive cyber defense measures.Regulations, including the SEC cyber rule and the EU Act, are discussed as significant factors shaping the cybersecurity landscape. The hosts predict a continued evolution of regulations, emphasizing the need for organizations to adapt to changing compliance requirements.The conversation touches on the emergence of generative AI and its impact on various industries, especially in cybersecurity. Stan and Rob acknowledge the dual nature of AI as both a tool for efficiency and a potential threat in the hands of malicious actors. They predict ongoing discussions about the regulation of AI and its implications.Other topics include cyber insurance, where the hosts anticipate increased scrutiny and tighter requirements, and the importance of leveraging insurance requirements to drive cybersecurity improvements within organizations.As the hosts look ahead to 2024, they emphasize the race between cybersecurity defenders and threat actors, acknowledging the potential for increased efficiency on the defenders' side but recognizing the challenges posed by the evolving threat landscape.Other episodes mentioned in this edition:Time to Take Them More Seriously - What's Iran Doing in Cyber?  - EP 11https://www.buzzsprout.com/2004238/episodes/10791018Progress Over Perfection - Implementing the Executive Order - EP18https://www.buzzsprout.com/2004238/episodes/10791011SEC Cyber Rules Just Got Real - EP 69https://www.buzzsprout.com/2004238/episodes/13875180SEC Cyber Rules Forcing Boards to Pivot - EP 57https://www.buzzsprout.com/2004238/episodes/12344694US National Cybersecurity Strategy and EU Cyber Resilience Act - EP 61https://www.buzzsprout.com/2004238/episodes/12532348NIS2 Directive: Cyber Insights - EP 76https://www.buzzsprout.com/2004238/14173706AI and ChatGPT - Security, Privacy and Ethical Ramifications - EP 62Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

In this episode, join hosts Rob Aragao and Stan Wisseman as they delve into the world of cybersecurity and data privacy with their esteemed guest, Shawn Tuma. Shawn, a seasoned cybersecurity and data privacy attorney, and partner at Spencer Fane, brings over two decades of experience to the table. As the co-chair of the firm's Cybersecurity and Data Privacy Practice Group, Shawn discusses his journey in the field, from the Y2K era to the present day.The conversation covers key elements of cybersecurity, emphasizing the importance of a continuous, strategic approach to evaluating and managing risks. Shawn shares insights into prevalent issues such as RDP access, backup strategies, and the critical role of multifactor authentication, especially for users of Microsoft Office 365 and Google web-based email.Reflecting on the evolution of cybersecurity, Shawn  highlights the pivotal moment in 2013 with major data breaches at Target, Home Depot, and Neiman Marcus. He emphasizes the need for a proactive risk management framework and the significance of cybersecurity insurance in today's landscape.The hosts and Shawn  discuss the changing role of Chief Information Security Officers (CISOs) and the growing recognition of their strategic importance within organizations. Sean stresses the value of building relationships with law enforcement, particularly federal agencies like the FBI and Secret Service, to enhance incident response capabilities.Throughout the episode, Shawn Tuma's passion for cybersecurity and practical, actionable advice shines through, making this conversation a must-listen for anyone navigating the complexities of cybersecurity in the modern business landscape.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

Welcome to another episode of "Reimagining Cyber," where Stan and Rob explore the transformative landscape of cybersecurity regulations. In this insightful episode, they delve into the intricacies of the upcoming NIS2 directive from the EU, set to take effect in October 2024. Joining them is Bjørn Watne, Senior Vice President and Chief Security Officer at Telenor Group and an advisor to Europol, offering over 20 years of expertise in information security and cyber risk management.The discussion revolves around the key changes introduced by NIS2, emphasizing a baseline cybersecurity approach across essential entities in diverse sectors. Bjorn sheds light on the directive's requirements for systematic security risk management, crisis management, and heightened resilience. The episode also navigates through the complexities of supply chain control, collaboration, and reporting vulnerabilities.Drawing from Telenor Group's experience as a telecom operator, the hosts and guest unravel the distinct threat landscape faced by telecom companies, especially in dealing with advanced persistent threats and the significance of call detail records. Beyond traditional sectors, the conversation touches upon the implications of NIS2 on organizations, highlighting Telenor Group's compliance efforts.Exploring the penalties associated with NIS2 noncompliance, the episode draws parallels with GDPR, underscoring the importance of these regulations in fortifying a secure digital infrastructure. As organizations prepare for NIS2, Bjorn shares practical advice, urging a proactive approach with asset inventory, business impact analysis, and comprehensive risk assessments.Don't miss this episode packed with valuable insights into the NIS2 directive and actionable steps for organizations to elevate their cybersecurity readiness. Stay tuned and reimagine cybersecurity with Stan, Rob, and Bjorn on this informative podcast.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

Welcome to another episode of Reimagining Cyber with Rob and Stan. In this episode, we dive deep into the crucial topic of data security. Stan shares insights from a recent cybersecurity event in Texas, emphasizing the growing threat of ransomware and the need for a dynamic approach to protect sensitive data.Key Points:1.    Ransomware Challenges: Stan highlights the evolving landscape of ransomware attacks, where bad actors not only encrypt data but also extract and blackmail organizations. The importance of a robust backup strategy, including tiered storage with offline or air-gapped options, is emphasized.2.    Classification and Categorization of Data: Rob and Stan discuss the significance of understanding the types of sensitive data within an organization. They draw parallels to the Defense Department's classification system and stress the need for businesses to categorize their data to implement effective security measures.3.    SEC Cyber Ruling: The upcoming SEC ruling becomes a focal point, driving organizations to reassess their data security strategies. Rob explains how privacy regulations and regulatory actions, like the SEC ruling, act as catalysts for organizations to enhance their data security.4.    Discovering Hidden Risks: The hosts underscore the importance of comprehensive data discovery, revealing hidden risks and outdated systems. Stan likens undiscovered data to "toxic data" and emphasizes the need for continuous clean-up efforts to reduce both risk and costs.5.    AI and Bias in Data: The conversation shifts to the integration of AI in cybersecurity and the challenges of preventing bias in AI models. Stan discusses the importance of cleansing sensitive data before ingestion into AI models and the broader issue of unintentional biases in AI.Conclusion: Rob and Stan wrap up the episode by reflecting on the evolution of cybersecurity terminology, from computer security to information assurance and now cyber security. They stress the multi-faceted nature of protecting information and the continuous effort required in today's dynamic threat environment.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

Welcome to Reimagining Cyber, where we explore the evolving role of the Chief Information Security Officer (CISO). In this special episode, Stan and Rob present a compilation of insightful clips from previous episodes.First up, Parham Eftekhari, Executive Vice President of the Cyber Risk Alliance, discusses the transformation of the CISO role into that of a business leader. He emphasizes the importance of understanding the business side of the organization and acting as a liaison between security priorities and business leaders.Next, Tim Rohrbaugh, former CISO of JetBlue, shares his perspective on the budgeting process for information security organizations. He emphasizes the need for the CISO to have face time with the audit committee and stakeholders, suggesting that the budget should be tied to IT metrics.Moving to the federal sector, Nick Ward, former CISO for the Department of Justice, discusses the executive order focused on enhancing cybersecurity. He delves into supply chain risk management and the tools provided by the executive order to prioritize and secure critical software.Roland Cloutier, former TikTok CISO, explores the challenges of securing artificial intelligence implementations. He emphasizes the importance of understanding AI infrastructure, data stores, and API connections while highlighting the need for effective network protection.Jeff Brown, CISO of the state of Connecticut, contrasts the role of a CISO in state government with that in the private sector. He emphasizes the benefits of information sharing and collaboration among state CISOs.Taylor Hersom explores the concept of virtual CISOs, discussing the value of leveraging external expertise, especially for startups and scale-ups. He suggests that smaller companies can benefit from third-party resources before considering a full-time CISO.In a special segment featuring female leaders in information security, Phyllis Woodruff, Tammy Schuring, and Lori Sussman share their experiences and insights. They highlight the importance of women owning their skills, embracing their unique attributes, and creating new pictures of leadership.This episode provides a comprehensive overview of the evolving CISO role, covering topics such as business alignment, budgeting, federal cybersecurity initiatives, AI security, virtual CISOs, and the contributions of female leaders in the field. Join us as we continue to reimagine cyber in the ever-changing landscape of information security.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com