The Voice of Cyber® KBKast brings you interviews, discussions, and presentations from global leaders across information security and emerging technology. We spend time understanding what they do, and unpacking their thoughts on the constantly evolving technology and people elements in the security industry as they pertain to an executive audience. Unlike every other security podcast, we don’t get stuck down in the technical weeds. Our remit is to speak with experts around the globe at the strategic level – how security technology can improve the experience and risk optimisation for every organisation.
Episode 244 Deep Dive: Mark McClain | Enhancing Security Resilience: Identity as the Key Accelerant for Business Success
In this episode, we are joined by Mark McClain (CEO and Founder of SailPoint), as we dive deep into the pivotal role of identity as a fundamental control point and lens for understanding security in organizations. Mark emphasises that while traditional security measures such as firewalls and network security remain vital, identity security and access privileges are equally critical for protecting data and driving business momentum. Moreover, the conversation delves into the challenges of balancing convenience and security, particularly with the rise of AI and machine learning in security measures. Mark highlights the limitations of current security tools in being "identity blind," stressing the need for better tooling and processes to identify and respond to security threats more efficiently.
Episode 243 Deep Dive: Dean Houari | Addressing Vulnerabilities and Data Exposure: Expert Insights on the Evolution of the API Attack Surface
In this episode, we are joined by Dean Houari from Akamai, as we dive deep into the continuously evolving landscape of API security. The discussion delves into the growing concern of API attacks and the increasing recognition of the need for "security by design" at the board level. Dean shares insights on the shifting nature of application architecture, the vulnerabilities of APIs, and the impact of cloud-native and modern applications on security measures. The conversation emphasizes the need for a comprehensive approach to securing API attack surfaces and preparing for potential breaches. Tune in as Dean provides practical advice and expert perspectives on navigating the complexities of API security.
Episode 242 Deep Dive: Nick Schneider | Unpacking Challenges: A Discussion on Legacy Approaches, Talent Shortage, Alert Fatigue, and Over-layered Security Systems
In this episode, we are joined by Nick Schneider, as we explore the challenges organizations face in managing cybersecurity with multiple point solutions. Nick discusses the complexity of handling 30-50 different tools, and the necessity of integrating and aggregating telemetry and alerts onto a centralized platform. The episode delves into the evolution of cybersecurity, the use of AI, addressing talent shortages, and combating alert fatigue. Join us as we unravel the complexities of cybersecurity and the strategic approach needed to mitigate risks in a rapidly changing landscape.
Episode 241 Deep Dive: Mary Carmichael | Workplace Evolution: Addressing AI Skepticism, Embracing Advancements, and Navigating New Realities
Mary Carmichael, CISA, CFE, CPA, is Director, Risk Advisory, at Momentum Technology (Vancouver Canada), and member of ISACA's Emerging Trends Working Group and Risk Advisory Committee.
Episode 240 Deep Dive: Cricket Liu | The Past, Present, and Future of DNS: Security Evolution, Collaboration, and Maximizing Infrastructure Efficiency
In this episode, we are joined by Cricket Liu (EVP Engineering, Chief DNS Architect - Infoblox) as we dive deep into the critical role of Domain Name System (DNS) security in closing the gap in today's interconnected world. Cricket sheds light on the importance of protecting critical infrastructure and the significant role DNS plays in enhancing visibility and blocking threats. Brought about by his unexpected entry into the field of DNS, his extensive experience in the evolution of the internet from its nascent stages brings historical context to the dialogue, uncovering parallels between the apprehension surrounding generative AI technology and early sentiments toward the internet's unknown prospects.
Episode 239 Deep Dive: James Campbell | Cloud Security Complexity and the Role of Automation in Digital Forensics
In this episode, we are joined by James Campbell (CEO and Co-Founder of Cado Security) as we explore modern digital forensics and the complexity of the cloud. They discuss the transition from on-premise to cloud operations, the unique risks associated with ephemeral cloud infrastructure, and the growing need for automation in digital forensics to streamline routine tasks and enable security professionals to focus on advanced problem-solving. Join us as we unravel the intricacies of cloud security, automation in digital forensics, and the continuous learning and adaptation necessary to stay ahead in the rapidly evolving industry.
Episode 238 Deep Dive: Alex Tilley | Building a Stronger Cyber Culture: Expert Advice on Collaboration and Ownership in Security
In this episode, we are joined by Alex Tilley (Head of Threat Intelligence, Asia Pacific and Japan - Secureworks) as we dive deep into the challenges that come with fostering a strong security culture within organizations. We explore the importance of cross-departmental collaboration, the need for clear and engaging cybersecurity training, and the emotional hurdles of dealing with security incidents. Alex shares valuable insights of handling crises, addressing ego-driven conflicts, and the crucial role of the board in cyber. Join us as we unravel the intricate layers of today's security culture and learn from his experiences and expertise.
Episode 237 Deep Dive: Rachael Greaves | From Compliance to Consequences: Safeguarding Records in Today's Virtual Environment
Rachael Greaves is CEO and Co-Founder at Castlepoint Systems, and has consulted on large-scale records, security and audit projects in government and regulated industries with complex integrated environments. Rachael's credentials include: Certified Information Systems Auditor (CISA), PRINCE2 (Practitioner), Certified Data Privacy Systems Engineer (CDPSE) ITIL v3 (Foundation), AIIM Certified Information Professional (CIP), and AIIM SharePoint Information Management Specialist. She is also an IIBA member.
Episode 236 Deep Dive: Jenai Marinkovic | AI Governance Unveiled: Managing Risks, Setting Policies, and Upholding Ethical Standards
In this episode, we are joined by Jenai Marinkovic (Executive Director & Chairman of the Board – GRC for Intelligent ecosystems or GRCIE) as we discuss ISACA’s White Paper – The Promise and Peril of the AI Revolution: Managing Risk. We discuss the risks, challenges, and societal impact of generative AI, while also touching on the urgent need for policies, frameworks, and control structures to address these evolving concerns. Jenai also talks about the crucial role of ethical standards in the deployment of AI, the implications of job displacement and skills adaptation, and the future of AI through the lens […]
Episode 235 Deep Dive: Dan Elliott | Understanding Cyber Risk Management: Strategies for Effective Communication
Dan Elliott is the Principal for Cyber Security Risk Consulting at Zurich Resilience Solutions (ZRS) Canada and is responsible for supporting ZRS’s clients in making risk-based cybersecurity decisions to improve their overall organizational resilience. Dan has over 15 years of experience in national security and risk management and brings a unique perspective to cyber risk, having spent six years as an Intelligence Officer with the Canadian Security Intelligence Service (CSIS). Prior to that, he spent nearly a decade in law enforcement and intelligence, investigating multinational criminal organisations both online and in person. He evaluates cyber risk with the knowledge of international threat actors and the potential impact they pose to businesses and critical infrastructure, helping organizations improve their overall risk posture. Dan is also trained in multiple cyber risk management frameworks and holds specialized expertise in stakeholder management and strategic program design. He speaks internationally about the communication challenges that exist between traditional technical professionals and business leaders. He is a regional board member of the Risk and Insurance Management Society (RIMS), a Risk Fellow (RF) and is a Certified Risk Management Professional (CRMP and CRM). Dan is a contributing member of the Cybersecurity Advisors Network (CyAN), a volunteer member with ISACA and is accredited as Certified in Risk and Information Systems Controls (CRISC).
Episode 234 Deep Dive: Tulin Sevgin | Tackling Third-Party Risk Management: Crucial Insights for Effective Due Diligence
In this episode, we are joined by Tulin Sevgin (Director - National Cyber Security Practice, MinterEllison) as we unravel the complexities and potential oversights in working with vendors. Tulin sheds light on the critical need for due diligence in the procurement process to mitigate future risks, emphasising the impact of vendor changes on data access and infrastructure. Tulin navigates the labyrinth of vendor risk governance and emphasizes the significance of ongoing monitoring. Join us as we delve into the intricacies of vendor assessments, the challenges involved, and the supply chain landscape.
Episode 233 Deep Dive: Geoff Schomburgk | Securing Digital Identity: A Discussion on The Use of Passwords and Their Future
At Yubico, Geoff is responsible for driving the Yubico business across Australia and New Zealand, working with partners and enterprise customers to implement secure modern authentication, helping make the internet safer for all. Geoff brings a strong customer focus and a proven ability to implement complex technology solutions across a range of industries, including telecommunications, utility and transport sectors across Australia, Asia and Europe. Critical to the success of these projects is the definition and realisation of tangible business value, where the combination of Geoff’s business consulting approach and project delivery experience consistently deliver business value. Geoff is an experienced senior executive with a background in engineering and strategy consulting and over 30 years’ experience in the global information and communications technology (ICT) industry. Geoff has a Bachelor of Engineering and MBA and is also a Non-Executive Director and business mentor to several Not For Profit (NFP) organisations. He is a Fellow of the Australian Institute of Company Directors (GAICD), with B.E. (Hons) and M.B.A.
Episode 232 Deep Dive: Pierre Liddle | Future-Proofing Security: Unpacking Cloud Native Application Protection Platforms (CNAPP)
Pierre Liddle is a distinguished expert with over 20 years of dedicated experience in the dynamic field of security. As the Co-founder and CTO of Plerion, he serves as the guiding force behind the company's strategic vision. Pierre's extensive career includes an impressive seven-year tenure at AWS, where he played a crucial role in driving global internal security programs and collaborating with customers to design, build, and manage secure cloud workloads. This direct and hands-on engagement has equipped him with an unparalleled understanding of the precise challenges and pain points that organisations encounter in the realm of cloud security. With a profound commitment to enhancing cloud security practices, and a vision to make the world a safer place by empowering customers to conquer the future, Pierre brings his wealth of knowledge to the forefront at Plerion. His leadership and domain expertise empower the company to provide cutting-edge solutions that address the evolving needs of businesses in an increasingly digital world. Pierre's invaluable insights and dedication to innovation underscore his role as a driving force behind Plerion's mission to revolutionise cloud security.
Episode 231 Deep Dive: Ashwin Ram | Overcoming Evolving Threats: Expert Advice for Executive Cyber Awareness
Ashwin Ram is a seasoned cyber security expert and thought leader with a unique blend of CISO consulting experience and technical know-how. He is widely regarded as a trusted advisor by industry titans, startups, and industry collectives due to his ability to translate technical threats into business contexts to evaluate overall risk to organisations. With his deep security knowledge, Ashwin can switch effortlessly between "tech talk" and "business talk," making him a go-to person for organisations looking to bolster their cyber resilience. In his current role at Check Point Software Technologies, Ashwin assists cyber executives understand, prioritise, communicate, and address cyber risks.
Episode 230 Deep Dive: Alen Zenicanin | Perspectives on Vendor and Third-Party Risk Management
Hailing from Eastern Europe, Alen arrives in Austrlaia in 1996 and has been a daily contributor to Australia's Cybersecurity scene for a over 15 years now. Having helped hundeds of organisations improve their threat landscape and avoid costly breaches, Alen is a leader in the spaces of cyber security, information security, risk management and governance/compliance. Being a regular guest speaker at webinars, summits and industry events - Alen is considered a valuable asset in helping non-technical people understand the value of technology risk management. Experienced accross various industries including aerospace, renewable energies, legal, and our government; Alen is highly sought after as an industry subject-matter expert.
Episode 229 Deep Dive: Rad Kanapathipillai | Enhancing Security Posture: Prioritising Data Protection in Organisations
Rad, Head of Engineering at DevOps1, is a seasoned tech expert with 15+ years in the industry. Specialising in Platforms and Security, Rad has led platform and devsecops transformations at organisations like Spark New Zealand, ANZ Government, and top financial institutions. With a strong track record in project management and ethics, Rad has also contributed significantly at Ampion/Wipro's cybersecurity division, Shelde where he was a Cloud Consulting partner.
Episode 228 Deep Dive: Rob Rashotte | Diversifying the Cybersecurity Talent Pool: A Discussion on Making Cybersecurity Roles Inclusive and Accessible to All
Rob Rashotte is the vice president of the Fortinet Training Institute and the Fortinet Technical Field Enablement Program. Rob has more than 20 years of experience developing training and education strategies for startups as well as complex global organisations. He also has more than 15 years of experience working with some of the most innovative, fast-paced companies in the cybersecurity field. Rob has an Executive MBA from the University of Ottawa and is a regular speaker at a number of business schools on the topic of cyber risk and corporate impact.
Episode 227 Deep Dive: Jaya Baloo | Discussing New Cyber Disclosure Rules, Understanding the Cost of Breaches, and Building a Long-term Security Strategy for Organisations
Jaya Baloo is the CSO of Rapid7 and has been working in the field of Info Security with a focus on secure network architecture for more than 20 years. She is the former CISO of Avast, and prior to that was CISO at KPN, the largest telco carrier in The Netherlands. Jaya serves on the boards of the NL’s National Cyber Security Centre, TIIN Capital, the NOS, and was former Vice Chair of the EU Quantum flagship. Shie is also on the faculty of the Singularity University. Jaya is recognised as a top 100 security influencer worldwide. In 2019, she was selected as one of the 50 most inspiring Fifty. In 2022 she received an honorary doctorate from the Uni of Twente for her contributions to the field of Cybersecurity.
Episode 226 Deep Dive: Raj Sharma | Rethinking the Reseller Role: Adapting to the Shifting Dynamics of the Technology Market
Over 25 years in sales and 20 years of cyber security/IT experience Selling to all customer types across AN/Z. Currently managing the NSW branch across the Enterprise & State Government sales business for Palo Alto Networks Australia. He is passionate about continued growth, self-development and the success of all his teams and customers. Leading with authentic human elements & 100% committed to customer intimacy.
Episode 225 Deep Dive: Toby Jones | Discussing a Game-Changing Approach to Private and Public Sector Collaboration
In this episode, we dive deep into the ACE initiative, and how it acts as a facilitator for the public sector, encouraging diversity and collaboration among businesses to deliver the required outcomes. Toby shares how the platform has changed the dynamic with larger companies, leading to adaptations and a shift towards acquiring smaller companies for innovation. We also explore the impact of ACE on smaller businesses, the importance of protecting intellectual property, and the role of collaborations between businesses, academia, and mission customers in addressing shared problems and creating commercial opportunities. Toby also takes us on a journey from the UK to Australia, discussing the opportunities for collaboration and knowledge exchange between countries and the plans to expand ACE’s platform overseas. Toby Jones, a former UK senior civil servant, leads the UK Home Office’s transformation of mission-led innovation for public safety and security with science, digital technology and data. He co-founded ACE, the UK’s Accelerated Capability Environment, a Home Office-sponsored partnership between industry, academia and government, to push smart technologies and skills to front-line public services with operational tempo. He brings experience from the national security and resilience sector, combined with public policy development including legislation for investigatory powers and telecommunications regulation and compliance. His professional background is in systems engineering and computer science.
Episode 224 Deep Dive: Ben Gestier | Understanding Converging Threats: A Discussion on Cyber and Physical Security Awareness
In this episode, we are joined by Ben Gestier (Senior Intelligence Analyst and Team Lead APAC/EMEA – Flashpoint) as we dive deep into the complex and often underappreciated intersection of cyber and physical security. We explore the challenges of understanding and addressing cyber threats in the Australian context and the need to educate and empower individuals and organizations to navigate these evolving dangers. From the use of open source forums by threat actors to the convergence of online communication on real-world actions, Ben sheds light on the vital importance of collaboration and awareness in combating cyber and physical security threats. Tune in as Ben Gestier shares insights and experiences that highlight the critical nexus between the digital and physical realms, and learn from his call to action to enhance our understanding and preparedness in the face of converging security risks. Ben is Senior Intelligence Analyst and Team Lead APAC/EMEA with risk intelligence firm Flashpoint. He’s former intelligence with Australian Federal Police and Australian Defence Force. In his current role, Ben seeks to synchronise efforts across time zones and threat types to assist in protecting businesses and government elements from threats. This can include identification of risks, vulnerabilities, advanced persistent threats, and how these can manifest in the real world. The nexus between the online threat and the physical world is where Flashpoint strives to provide assistance to its clients to help in protecting people, assets, information, and infrastructure. Prior to joining Flashpoint, Ben was a Criminal Intelligence Analyst with the Australian Federal Police. As part of his work with AFP, Ben established the Aviation Protection Assessment Team (APAT), which was responsible for undertaking physical vulnerability assessments at airports across Australia. An integral part of this role included understanding the online communication methodology of criminal and threat elements. During his time with the ADF, Ben worked as part of the intelligence capability, in operations both domestically and internationally.
Episode 223 Deep Dive: Puneeta Chellaramani | The Road to Smart Cities: Challenges, Sustainability, and Citizen Impact
In this episode, we delve into the dynamic landscape of smart cities with a captivating discussion featuring Puneeta Chellaramani. Puneeta enlightens us on the potential benefits, ethical implications, and the evolving challenges associated with the implementation of smart city initiatives. We explore every angle from the increasing threat landscape to the potential impact on sustainability and citizens. Tune in now and learn more about digital twins, spatial services, and the implications of smart cities to everyday life. Puneeta offers management consulting and cyber security experience with a pragmatic approach in implementing sustainable change. She is both a coach and advisor to clients across diverse industries advocating a 2-speed approach when navigating through their cyber, digital and innovation journey. Connecting vision and reality – she helps organisations move with confidence to overcome the challenges of an ever changing threat landscape, and work with them all the way from business intent to value realisation & combat business risks. Puneeta has been a cyber security Practitioner helping CISOs & CROs adopt pragmatic solutions that Reduce business & Compliance Risks; harnessing her exuberant skills & experience across consultative selling, building security business solutions, customer management, security advisory & roadmaps across large transformation programs. She has provided leadership and managed large and distributed teams, managing a multi-vendor and rightshore delivery model, be seen as a cyber/technology enablement advisor in a diverse and geographically dispersed working environment partnering seamlessly across business and IT.
Episode 222 Deep Dive: David Chow | A Conversation on the Impact of Geopolitics on Cybersecurity
In this episode, we dive deep into the intersection of global events and issues and cybersecurity. David discusses the impact of geopolitical risks on cybersecurity, the urgent need for collaboration, comprehensive risk management, and the adoption of security strategies such as zero-trust. From international trade tension to the Ukraine-Russia conflict, David and KB delve into the complex interdependencies and challenges in safeguarding organizations worldwide. David Chow brings over 20 years of experience in the federal government to his role as Chief Technology Strategy officer. His focus includes analysing, managing, and implementing technologies to assist with building and maintaining a global cybersecurity strategy. Much of his expertise stems from working alongside the Federal Housing Administration (FHA) to modernise the agency’s mortgage loan systems and mature its cybersecurity program. He served on a number of additional roles within the federal government, including executive and leadership positions at the Department of Transportation and the White House. Prior to joining Trend Micro, David demonstrated success in accelerated digital transformation through secured cloud adoption as the Global SVP on NextGen Solutions at CoreLogic, a FinTech data company. David Chow is on the Advisory Board of George Mason College of Engineering and Computing.
Episode 221 Deep Dive: Mike Zachman | Rethinking Metrics: From Activity to Outcomes, Leveraging Automation in Security Reporting
In this episode, we are joined by Mike Zachman (VP & CISO – Zebra Technologies), as we delve into the untapped potential of automation in security processes. Mike discusses how automation enhances data protection by reducing human error and facilitating faster threat detection and response. He emphasizes the importance of consistency in processes and the need to free up resources for more strategic tasks. The conversation explores challenges in implementing automation, the value of accurate and timely reporting, and the relevance of high fidelity signals in automation. Tune in to discover the key takeaways and insights on driving change and leveraging automation for improved security measures. Mike Zachman is currently the Chief Security Officer (CSO) at Zebra Technologies, where he has global responsibility for its enterprise-wide product security, information security, corporate security and business continuity programs. Zachman is an experienced global leader with over 30 years of information security, risk management and information technology expertise. Previously, Zachman was Chief information Security Officer (CISO) at Caterpillar, Ecolab, and Forsythe Technologies. Zachman holds an undergraduate degree in management information systems from Millikin University, and a master’s degree in business administration from Bradley University. He is a Certified Information Security Manager, Certified Internal Auditor and is Certified in the Governance of Enterprise IT. He is an active volunteer with Junior Achievement and Easter Seals.
Episode 220 Deep Dive: Jamil Farshchi | Going Back to Basics, Breaking Barriers, and Nurturing Partnerships: A Discussion on Effective Leadership with Cyber in Focus
In this episode, we are joined by Jamil Farshchi (EVP & CISO – Equifax), as we dive deep into the world of leadership and the importance of driving the right behaviors in your team. We also explored the strategic partnerships between the government and corporate community, focusing on improving public-private collaboration to tackle cybersecurity threats. We discuss the challenges and progress made in information sharing, especially for small to medium-sized businesses. Jamil also shares their groundbreaking initiatives, including their open and honest approach to security reporting and real-time visibility for customers. Jamil emphasises the need for dialogue, diverse perspectives, and breaking down barriers in the security field, and highlights how cybersecurity has become a top priority for organizations worldwide, stressing the importance of investing proactively to avoid breaches. Jamil Farshchi is EVP and Chief Information Security Officer of Equifax (NYSE: EFX). Farshchi joined Equifax in the aftermath of one of the most consequential data breaches in history. During his tenure, he led an unprecedented $1.5 billion transformation and has built what is regarded as one of the most advanced, effective, and transparent cybersecurity and privacy programs in business today. Prior to Equifax, Farshchi was Chief Information Security Officer of The Home Depot, Chief Information Security Officer of Time Warner, Vice President of Global Information Security for Visa, Chief Information Security Officer of the Los Alamos National Laboratory, and Deputy Chief Information Assurance Officer of NASA. Farshchi serves on the Board of Directors for UKG, is a Strategic Advisor for the FBI and serves on the Board of Directors for the National Technology Security Coalition. He was named a Top Voice in Technology and Innovation by LinkedIn.
Episode 219 Deep Dive: Amy Meyer | Assessing Value and Overcoming Challenges: A Journey from Sydney to San Francisco
In this episode, we take a deep dive into the fascinating world of international careers and the challenges and triumphs that come with them. KB sits down with Amy Meyer (Founder – Aussie Recruit), who shares her experiences and insights, reflecting on how Australians can navigate the US job market, capitalize on their unique value proposition, and build successful careers across various industries. From cultural nuances to visa processes and the power of networking, this episode is a goldmine of advice for anyone considering making the move from Down Under to the land of opportunity. If you’ve been thinking about taking the leap necessary for your own international career breakthrough, tune in. Amy is the founder of Aussie Recruit and has supported thousands of Australians with their US job search. She specializes in connecting Australians with jobs in the US at companies hiring Aussies on E-3 visas. Amy has 7+ years of experience recruiting in the US market. Amy is a dual Australian-American. She relocated from Sydney to San Francisco 10 years ago. She has first-hand experienced and overcome the challenges Australians face getting jobs in the US. Prior to starting Aussie Recruit, she was Head of People at an early-stage tech company and hired many Australians on E-3 visas. She also started and runs the Australians In San Francisco Bay Area. You can find Amy sharing tips & stories on Instagram almost every day. Amy is also a full-time mum of 3 and started Aussie Recruit when her 1st child was just a few months old.
Episode 218 Deep Dive: Annie Haggar | Putting Together A Complex and Evolving Jigsaw Puzzle: A Discussion on the Intersection of Cyber and the Law
In this episode, we dive deep into the intersection of cybersecurity and the legal world, as Annie Haggar of Cyber GC takes us through the pros and cons of additional barriers to entry in the industry, the impact of regulations on quality assurance, diversity, and the existing skills gap. Annie also discusses how businesses can navigate and strategise in terms of compliance with industry-specific legislations, and how governments can strike a balance between effective regulation and reasonable costs for compliance. Annie is the founder and principal of Cyber GC – a legal and consulting practice dedicated to helping Australian businesses prepare for and fight cyberattacks. Annie is a multi-award-winning cybersecurity lawyer and was recently awarded General Counsel of the Year (Australian Law Awards – Lawyers Weekly – 2021). She brings to Cyber GC the experience gained in 20 years as a technology lawyer, 12 years working for one of the largest technology companies in the world and 6 years as global legal counsel for Accenture Security, one of the largest security companies in the world. She specialises in advising on enterprise security risk, cyber regulation, procurement risk management, and the impact on the whole organisation of cybersecurity issues. Based in Canberra, Australia, she lives with her two little girls (3 and 5), husband Tony and fur baby, Scout the Jack Russell-Foxy cross. Outside of work and volunteering, you will find her tending to her bees, cooking Ottolenghi, tending her veggie patch and sewing, quilting, knitting and crafting.
Episode 217 Deep Dive: EJ Wise | Beyond Policies: Creating a Culture of Cybersecurity Awareness and Engagement
In this episode, we are joined by EJ WISE (Principal and Founder – Wise Law). From tailoring preparedness measures for different audiences to the importance of customizing business continuity plans, EJ Wise highlights the pitfalls of generic templates and the need for proper training. She also explores the parallel between physical safety measures and cyber security preparedness, challenging organizations to identify their cyber wardens. Plus, we’ll discuss the potential HR and morale problems associated with neglecting policy updates and the importance of keeping policies relevant and engaging. Don’t miss out on the valuable advice EJ has to offer as she addresses the legal aspect of cyber preparedness, the role of communication teams during incidents, and the necessity of regular practice in handling cyber incidents effectively. Professor EJ Wise (she/her) is Principal and Founder of Wise Law in Melbourne and: Adjunct Professor, Faculty of Science, Engineering & Built Environment, Deakin University Lecturer, School of Law, Society and Criminology, Faculty of Law and Justice, UNSW Lecturer, Melbourne Business School (Public Policy)
Episode 216 Deep Dive: Adam O’Donnell | Balancing Usability and Complexity: The Eternal Dilemma in Cybersecurity
In this episode, we are joined by Special Forces team commander, Adam O’Donnell (CEO, Convergence Systems), as we explore the challenges and opportunities faced by SMBs in understanding their cybersecurity needs and finding affordable solutions. Together, we explore the complex ecosystem of cyber and the intricacies in finding the right balance between usability and security, which is no easy feat! As a Special Forces team commander, Adam O’Donnell successfully led high-performing teams in some of the most hostile and volatile places on earth. Looking back, he’d be the first to agree that his transition into the world of cybersecurity was something of an accident but he soon found that the decision-making, planning and leadership skills that served him so well leading combat operations and peacekeeping missions around the world also paved the way to a very successful corporate career leading cyber resilience uplift programs across government and large enterprise. The challenge, he realised, was that his work was actually creating another problem – small and medium enterprises were being left behind in the cyber arms race and becoming increasingly vulnerable to attackers who only ever seem to grow in their sophistication and numbers. As CEO of Convergence Systems, a Melbourne-based startup, he’s leading the creation of an eXtended Detection & Response system designed specifically for the cloud-based SME market and delivered at a price they can afford.
Episode 215 Deep Dive: Edwin Kwan | Navigating the Wild West: Tools and Techniques to Assess the Security and Integrity of Open Source Software
In this episode, we are joined by Edwin Kwan (Head of Application Security and Advisory – Tyro Payments), as he sheds light on the meticulous risk acceptance process and shares his insights on using open source software to build applications swiftly with freely available parts. We explore the challenges of ensuring the security of open source software and the need for due diligence when downloading such software. Edwin raises thought-provoking questions about software verification, maintenance, and security, highlighting the tricky balance between maintaining security protocols and accommodating a wide range of individuals in the workplace. Stay tuned as we examine the potential risks of using open source software and the complexities of explaining security issues to individuals who may not fully grasp their implications. Edwin shares captivating stories and real-life examples, including incidents where businesses chose to accept high-severity risks rather than investing in their mitigation. Edwin a cybersecurity specialist whose approach towards security is to raise awareness, provide light touch controls to the software development life cycle to increase visibility of security issues, and work closely with engineering teams to quickly develop secure applications. He started out as a software engineer and transitioned into application and information security to lead a range of security initiatives when the company was working towards obtaining an unrestricted banking licence. He has presented at several events, including RSA, AISA, All Day Dev Ops, AppSec Day, OWASP and DevSecOps Leadership Forums. Edwin is also a contributing journalist to the It’s 5:05 Podcast, a daily podcast on open source and cybersecurity news.