Future of Threat Intelligence

In this episode, David speaks to Norman Levine, Senior Manager of Cyber Risk Management at Omnicom. During the episode, they discuss the evolution of security since the 1990s, new technology security practitioners should be paying attention to, and key skills needed to be a successful security practitioner.
Topics discussed:
Norman's history in cybersecurity, from purchasing a book written about the internet in 1994, to starting a website that sold the first HTML editor, to being the senior manager of cyber risk at the top advertising and marketing company.
How cyber security has evolved over the past thirty years, including the changes in complexity, landscape, and sentiments.
How the rise in Internet of Things and connected devices is adding to the complexity of cyber security approaches.
How the emergence of artificial intelligence and machine learning will impact security in both positive, helpful ways, and potentially harmful ways.
How Norman's background in auditing influences his security approaches, especially when it comes to evaluating third-party vendor risk.
Advice for those managing cyber risk at public companies, and why paranoia can be a helpful tool.
A list of the most critical skills a security professional can possess, and how security professionals need to keep their skills updated because of the industry continuous changes.
Resources Mention: 
LinkedIn: Norman J. Levine https://www.linkedin.com/in/normanjlevine/

In this episode, David Monnier speaks to Cassio Goldschmidt, Chief Information Security Officer at ServiceTitan. During the episode, they discuss strategies and challenges of being a CISO for a modern company.
Topics discussed:
ServiceTitan is a vertical SaaS B2B company. David asks Cassio to share what a day in the life of a CISO looks like for him.
Cassio explains that security must come before compliance, but, in the end, business success should be the priority.
He shares his views on cyber risk management.
ServiceTitan recently launched a bug bounty program. Cassio talks about how that's going for the.
Cassio is excited about potential uses for machine learning and artificial intelligence. He discusses some of the current breakthroughs.

In this episode, David is joined by Stephen Fridakis, Deputy Chief Information Security Officer, Verily, an Alphabet Company focused on delivering precision health. As a deputy CISO, Stephen concentrates on governance, risk, and compliance.
Topics discussed:
Stephen became a CISO in 2006. He describes how he has seen this role evolve from being focused on technology to being risk-centric. 
Stephen highlights some misalignments between what security operations aim to do and a company's business strategy.
Accurately assessing an organization's asset inventory can be a challenge. Stephen discusses some difficulties associated with assessing risk without an accurate IT inventory.
David and Stephen explore why equating compliance and security is often a mistake businesses make. 
Stephen explains his views on cyber risk management and how to measure a risk management program's effectiveness.
Zero Trust is a popular security model. Stephen explains what that means to him and how he implements it. 
Listeners can keep up with Stephen Fridakis on LinkedIn:
https://www.linkedin.com/in/stephen-fridakis-96184b/

In this episode, David Monnier is joined by Charles Nwatu, Engineering Manager, Corporate Security & Security, Technology Assurance & Risk at Netflix. In his role at Netflix, Charles is focused on turning risk into something actionable for the business. 
Topics discussed:
How Charles has seen the cyber risk landscape change over his long career. 
He offers his perspective on some of the industry's new tools and technologies and which ones he is excited about for the future.
How and why security enables the business.
The necessary skills for practitioners to keep up with the pace of change in today's business world. 
Charles shares his views on what the future of cyber risk management might look like.
His actionable advice to succeed in cyber risk, focused on understanding what’s around you, what you have to protect, why it’s critical to demand assurance and then celebrate the wins in the wins. 
Charles Nwatu invites security professionals to follow and engage with him on Twitter and LinkedIn.

In this episode, David is joined by Andrew Cormack, Chief Regulatory Adviser at Jisc, where he keeps the organization, its members, and customers informed about the legal, policy and security issues around their research and education networks in the UK. Jisc connects all universities, colleges, and school regional networks with over 18 million uses. 
Topics in this episode include: 
Why Andrew is so passionate about the human side of policy and technology  
What’s surprised him about policy makers, how they understand risk, and what they think of cybersecurity 
Why incident response is critical to privacy and why reducing risk for individuals is key to reducing nearly every other kind of risk 
How Andrew’s perception of risk has changed as he’s moved from being a technologist and practitioner to a more strategic position 
Andrew’s advice for others who are advising policy groups 
The craziest policy proposal Andrew has seen
Andrew shares the messages he would give himself if he could go back in time to when he was just starting out 
Keep in touch with Andrew on LinkedIn at: https://www.linkedin.com/in/andrew-n-cormack/?originalSubdomain=uk

In this episode, we speak with Brian Honan, founder and CEO of BH Consulting which he started nearly 20 years ago to provide companies with business knowledge, technical expertise and insight into how to maximize the potential of their business and their company's revenues using the IT solutions that are available. 
He is also the founder of Irish Reporting And Information Security Service, Ireland's first CERT (Computer Emergency Response Team) that provides a range of services and information to better protect information systems in Ireland and make the Irish internet space a safer environment for all.
Brian is a recognized expert in the field of Information Security and has provided advice to government departments, companies of varying sizes, the European Commission and has had numerous articles published. Brian is also on the editor board for the SANS Institute’s NewsBites electronic newsletter.
 
Topics discussed:
Brian’s experience helping organizations getting certified by regulatory bodies like ISO 2701
The importance of certification, what to look out for, and how certification helps with risk 
What Brian paints as a good audit, how to know if you’ve received a good audit, and why trust is critical sourcing an auditor  
Questions people can ask to help vet audit organizations
The craziest findings (or lack thereof) Brian has seen in a compliance audit 
Vendor management and how you manage risk with third parties 
Brian’s advice to succeed in certification in the future

Brad LaPorte has spent time in US Cyber Intelligence, large technology companies like IBM, research firm Gartner where he coined the term “Attack Surface Management” during his tenure, and today is a partner at High Tide Advisors, a firm specializing in go-to-market consulting.
In this first episode, Brad shares the top challenges he’s hearing from the CISOs he talks to every day, how to navigate industry consolidation, and his top three pieces of tactical advice to implement today. 
Topics discussed in this episode:
- Brad’s background and how he transitioned from the front lines of military intelligence to an analyst role to an advisor
- Top challenges he’s hearing from CISOs 
- His perspective on attack surface management 
- Brad’s favorite Simpsons quote and how it relates to security 
- The 5 levels of security maturity, where we are now, and what Brad thinks the future holds 
- The main drivers pushing cybersecurity forward and the evolution of threat actors 
- The tools and technologies he’s paying attention to and the #1 thing that is on every CISOs mind 
- How consolidation is shaping the future and what security companies must do to stay competitive 
- Garnter’s #1 priority for 2022 and how this will evolve 
- 3 pieces of advice for how to succeed in the future of cyber risk 
Resources mention on the episode: 
- Brad’s LinkedIn: https://www.linkedin.com/in/brad-laporte
- Brad’s Twitter: @LaporteBrad