Manufacturing environments rely heavily on Operational Technology (OT) systems – such as industrial control systems, supervisory control, PLCs etc. to manage production processes. Compromises of these networks and systems can have devastating consequences, including: • Production disruptions and downtime • Safety hazards: • Data breaches and intellectual property theft: • Financial losses: Ransomware attacks can cripple operations and demand hefty payments. Manufacturing is a lucrative target...

The cybersecurity threat landscape is constantly evolving, and experience has shown that everyone and every organization is prone to being breached. How do you prepare for what seems inevitable? You assume breach and plan accordingly. Cyber resilience has become a top priority as organizations figure out how to build a network that can either continue functioning or can recover quickly when faced with cybersecurity attack. This segment is sponsored by Arctic Wolf. Visit...

Operational Technology (OT) security is concerned with protecting embedded, purpose-built technologies enabling our industrial processes. You also may have heard “adjacent” buzzwords like Internet of Things (IOT) and Fog (like “cloud” but close to the ground). OT security has significant challenges in terms of cost/size/weight, capability, ability to be updated, and robustness (often, OT failures can endanger lives). More recently, as cyber warfare evolves, OT is one of two main attack...

Third-Party Risk Management is essential for safeguarding an organization's assets, reputation, and operations. By identifying, assessing, and managing risks associated with external partners, organizations can enhance their resilience, protect sensitive information, and maintain the trust of stakeholders in an increasingly interconnected business ecosystem. We have seen the threat landscape change in the last few years. It has always been important to properly identify, categorize, and...

Schneider Electric has over 52,000 suppliers and sells hundreds of thousands of products of which 15,000 would be classified as intelligent products. To address risks stemming from third-party suppliers, and in recognition of the risks posed to customers, we have a holistic approach to value chain security, by implementing security controls at every level (R&D, Design, Manufacturing, Distribution, Staging, Commissioning and Operating). This approach is guided by policies and regulations,...

Breaches at software vendors used by many organizations have highlighted the external software supplier risk, requiring organizations to be even more diligent. Join us as we discuss the supply chain issues and their relationship to software supply chain issues and how organizations should approach environment with supplier software risk, geo-political risk, environmental concerns to maintain business resiliency. This segment is sponsored by VISO TRUST. Visit...

With CISA just putting out new “secure by design” guidance, Lexmark CISO Bryan Willett pulls the curtain back on the curtain back on how Lexmark is approaching secure-by-design in its products Lexmark is at the forefront of secure by design as their products constantly touch highly confidential information in regulated industries, along with an established security record validated by IDC, Quocirca, and Bitsight. Bryan talks about the impact of secure by design on hardware manufacturers; the...

Generative AI security and integrity. This is important to me because it's a cool new commercially available technology that promises efficiency and time savings--and therefore everyone wants to use it without a thorough understanding of how to secure data used with it or correcting model bias introduced through improper governance. The implications, particularly in the healthcare space, are significant where AI-driven care decisions can drift away from optimal care and have the potential to...

Responsible use and governance of AI are key issues today, as training data limitations and data retention issues must be addressed. The risk of exposing PII or other confidential data, managing bias, hallucination, misinterpretation risks and other AI considerations are discussed. Fitzgerald, T. 2019. Chapter 4: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-125. Fitzgerald, T. CRC Press, Boca...

Artificial Intelligence: Currently these two words can mean a world of difference to different people. How do you bring this topic to the board, to executives, or to business partners, and help them understand the risks without the FUD or technical language that so often creeps into the conversation? The goal is to engage in an action driven conversation and not lead it down a theoretical path. As a CISO in a financial institution, understanding the boundaries and limitations is key to...

Generative AI has hit the world by storm, but unfortunately is widely misunderstood. While it brings great promise for companies, it also has risks. As employees and corporate applications begin making use of generative AI, it is important to ensure that proper safety and security mechanisms are put in place to allow value to be obtained while minimizing risk. Fitzgerald, T. 2019. Chapter 4: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with...

Heidrick and Struggles released a global CISO survey last year, stating 53% of CISOs were most concerned about significant stress and 60% were concerned about burnout. In Steve’s 20 years of software sales, significant stress and burnout have been longstanding issues that have yet to be effectively addressed and have negatively impacted his own life and those in the industry. There exists an opportunity to help cyber defenders protect themselves and their teams from these issues, enhancing...

Over the course of two years, and during the pandemic, we established a new security team and grew that team from five cloud security people to over eighty. What was our talent strategy to enable that rapid growth, how did we find the right talent in a tight market, and what did we learn from the approach? Additionally, what rituals and tactics served us well to build team identity and collaboration in a hybrid world? Through all this, how do we ensure we prioritize diversity and inclusion in...

Integrity & Materiality. Get them wrong, you jeopardize your organization, its shareholders, possibly customers, as well as yourself. Join us as we discuss CISO role and accountability, Geopolitics, SEC Regulation and materiality, AI Impact, and seismic changes occurring in the past 5 Years as articulated in the 5 year CyberRisk Alliance Blog dated 12/7/23, https://www.cyberriskalliance.com/blog/5-years-of-reflection-5-seismic-industry-shifts-why-im-on-the-board-at-cra Fitzgerald, T....

More and more services and products are being cloud-delivered. This leads to a concentration of risk in the hands of a few industry players and a few jurisdictions. It means risk needs to be addressed and thought about differently. Join us as we discuss managing cloud risk from a Governance, Risk and Compliance (GRC) perspective. Fitzgerald, T. 2019. Chapter 1: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st...

Identity & Access Management - Why do organizations still insist that provisioning/deprovisioning is an IT function? Effective IAM requires collaboration across the business units and responsibilities for multiple departments. Join us as we discuss IAM and some of the challenges organizations are facing today to secure the perimeter – the identity perimeter. Fitzgerald, T. 2019. Chapter 5 Cybersecurity Organization Structure in CISO COMPASS: Navigating Cybersecurity Leadership Challenges...

“High Consequences Cyber” are high-risk, high-stakes cyber projects that can make or break a company or make or break the CISO’s reputation. These include issues such as, how do you architect your networks if you are a multinational with exposure to high-risk countries? What are key choices you can make when moving critical workloads such as email and collaboration to the cloud? What's the role of authentication in the age of cloud, and why do companies keep messing it up? How do you educate...

There’s been a boom of sudden CISOs for regulatory and practical reasons — forcing technical security leaders to transition. And the transition isn't easy. Join us, as Sean shares the lessons he has learned as he moved into the CISO role from technologist. As CISO Stories also focuses on Identity Management this month, we also discuss architecting identities to meet the needs of many different types of users vs a one-size-fits-all approach. Fitzgerald, T. 2019. Chapter 1: CISO Role:...

Are there really millions of open information security jobs available? Or is much of the numbers hyped up? Join us as we discuss these numbers , boot camps, regional differences, and where these job openings come from. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://cisostoriespodcast.com for all the latest episodes! ...

Prioritizing identity and getting the fundamentals right. We are managing more identities than ever – people-people, machine-to-machine, and people-machines. What actions should CISOs be ensuring are being done within the environment to prioritize identities? Join us as we discuss where Bezwit has focused to enhance the identity management process. This segment is sponsored by Saviynt. Visit https://cisostoriespodcast.com/saviynt to learn more about them! This segment is sponsored by...

Reaching the level of CISO in a large corporation requires time and determined application as well as aptitude and very specific professional and personal attributes. It's the role against which many security professionals set their career sights without really knowing what they'll be getting themselves into. Fitzgerald, T. 2019. Chapter 14. CISO Soft Skills in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 463-487. Fitzgerald, T. CRC...

As a CISO, the opportunities we must positively cultivate the cybersecurity landscape for our organizations are endless. From driving projects to implementing innovative technologies to strengthening basic cybersecurity hygiene, reshaping the organization's culture, protecting from ransomware, and diversifying the cyber workforce, the CISO is a certified change-maker! Let's get excited about security! This segment is sponsored by Arctic Wolf. Visit...

In security, we can get buried in the tools, standards, issues and risks. But an effective security program is built upon people, process, and technology. Let's talk about how you can approach your security program in a way that is focused on the people who use and manage your company assets and data. Fitzgerald, T. 2019. Chapter 13. Multigenerational Workforce Dynamics in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 419-459....

Veterans bring along some valuable skills from the military that organizations can greatly benefit from. From loyalty, executing to a playbook, incident response, responding to crisis’s, to supporting the organizational mission – Veterans are a resource that is eager to transition to organizations and apply their skills and continuously learn. With Veterans Day upon us, join us as we discuss the strengths of hiring Veterans for the cybersecurity program. Fitzgerald, T. 2019. Chapter 13....