
After a nearly 21-year career in the FBI, Roberts joined Bristol Myers Squibb in April, 2020, and has spent the past 7 months navigating the pandemic impact on the pharmaceutical giant. For BMS, like many organizations, the rapid shift to wide-scale work from home brought some unique challenges. "We're putting a lot more resources into protecting our systems, our information, and a lot more resources into educating our employees that maybe didn't have to worry about securing information themselves," Roberts says. "Our adversaries, not just nation-states, but also criminal organizations are very active ... and relentless." This is, of course, not unique to the pharmaceutical industry, but it is why there needs to be a constant focus on educating the workforce and reinforcing protections, says Roberts.
Oct 28, 2020
20 min

In addition to being the largest fast food restaurant in the world, McDonald's is also one of the world's largest employers, real estate companies, and toy companies, thanks to the Happy Meal. It has also been transitioning into a tech company over the past several years, introducing a mobile app, kiosk systems, and digital menu boards, and investing in a data analytics company, a mobile tech company, and a voice analytics company. For CISO Tim Youngblood that means driving a framework for understanding and managing risk, and building a risk-aware culture at the fast food giant. Tune in to learn how he approaches risk management and how he believes the pandemic changed the security landscape.
Oct 16, 2020
27 min

Over the past decade, CSOs have had significantly more interaction with their boards of directors, becoming critical partners and driving risk management in many organizations. And cybersecurity, information security and privacy have become key topics of board meetings today, says Mark Weatherford, chief strategy officer at the National Cyber Security Center. Why the shift? "Just a few years ago... information security was background noise [to the board]. Now it's right in their face," he says.
Still, a board's time is limited and CSOs need to make the most of their time in front of the board. In this podcast episode, Weatherford shares his six guidelines for building board relationships, starting with inspiring confidence, which he says is the single most important thing a CSO can do.
Oct 14, 2020
22 min

After 10 years as CSO of payroll and HR solutions provider ADP, Roland Cloutier was looking for a challenge. He found one in his new role as Global CSO at TikTok, the fast-growing social media startup that has found itself in the news over privacy concerns. For Cloutier, who joined TikTok in April, dispelling disinformation and being transparent about how user data is protected quickly become job number one. In this interview, he calls on the security industry to take on a shared responsibility for transparency, to have the conversations and hold each other accountable.
Aug 10, 2020
16 min

In this second half, Akamai CISO Andy Ellis and host Bob Bragdon continue their talk about the good guy/bad guy dynamic in the infosec community and why it can result in you being marginalized in your organization. Ellis’ advice: Don’t try to be the hero; be the sidekick.
Produced by IDG Communications, Inc.
May 27, 2020
19 min

There is a prevailing attitude in the infosec community that security pros are the good guys and the bad guys are, well, just about everyone else — users, developers, senior leadership. This good guy/bad guy dynamic can result in you being marginalized in your organization, says Akamai CISO Andy Ellis. His advice: Don’t try to be the hero; be the sidekick.
Produced by IDG Communications, Inc.
May 13, 2020
18 min

Balancing security and business needs is challenging in the best of times, but in the midst of a global pandemic it takes on new urgency. For Gary Gooden, CISO at Seattle Children’s, this means protecting patient data while enabling frontline workers to service patients and families using new collaboration tools. Also pushed to the front burner for Gooden and his team are issues with remote work, as all non-essential staff (40% of the workforce and including Gooden himself) is now remote.
May 1, 2020
23 min

The biggest risk from the scramble to move to remote work at scale will likely be an increase in data exposed from misconfigured cloud storage buckets, says Christopher Burgess, a writer and speaker on security issues and former senior security adviser to Cisco. “You can choke a horse on the number
of AWS storage regimes that have been misconfigured to allow the general public into data. Pick an industry and they’ve been affected by it.” But Burgess sees a silver lining outcome from the current crisis: “I think we’re going to also see a great deal of clever innovation on dumbing down the security infrastructure so that it can actually be understood.”
Apr 8, 2020
29 min

We can all remember a time not so long ago when security was the
department of no. “We have moved past that to ‘yes, but,’" says Mike
Towers, CSO at Takeda Pharmaceuticals International. For Towers, getting
to a place where it is easy for the business to do the secure thing has
meant placing a strong focus on business leadership and regular
conversations about risks. The end result: Security can be built in from the
beginning. “From a security perspective that’s a pretty big challenge,” says
Towers. As for where the security industry could be doing a better job: “I
think the biggest risk to security right now is arrogance,” says Towers. “And
now we’re almost pushing ourselves away from the business because
there’s a mentality of spending without understanding the true business
value.”
Mar 25, 2020
17 min

For Chad Teat, CISO of Atlanta-based specialty retailer Floor & Decor, the secret to balancing risk and business opportunity comes down to reducing friction with the business. To do that, Teat says, the CISO, engineers, and analysts all need to make it their day-to-day job to build relationships and influence with the business. “I think every security professional has been a part of highly complex projects that succeeded because everybody was rowing in the same direction. And we’ve also been a part of short puts that fail miserably because of internal squabbles.” As for where security could be doing a better job, Teat points to risk quantification and communication. “We’ve got to be speaking the same language as the rest of the business and right now in the industry a lot of times we’re not even speaking the same language as IT.”
Mar 11, 2020
18 min
Load more
