Episodes
Wednesday Sep 07, 2022
Risk or reward: can we control cyber risks?
Wednesday Sep 07, 2022
Wednesday Sep 07, 2022
How can we control cyber risks? And how do cyber risks stack up, against the other challenges facing business?
Cyber threats have risen steadily over the last few years, and the move to digital business has created its own security challenges.
But at the same time, conventional risks have not gone away. Only recently we've seen wildfires and floods. And we are still feeling the after effects of the global pandemic.
How does an organisation balance physical threats and cyber risks, against the need to become more efficient and to grow? And how do we measure the risks we have to accept? Our guests this week are Pauline Losson, director of cyber operations, and Todd Carroll, CISO, at CybelAngel.
Interview by Stephen Pritchard
Wednesday Aug 24, 2022
Closing the skills gap – part 4: Michael Smith, Neustar
Wednesday Aug 24, 2022
Wednesday Aug 24, 2022
Is there a "hiring gap" in cybersecurity?
Over the last few episodes on Security Insights, we’ve looked more deeply at the skills skills shortage. But is the problem as much down to matching candidates to roles, as it is finding the right people?
And are organisations failing to do enough to develop the staff they do recruit, and so ensuring they stay?
In week's episode, our guest Michael Smith, field CTO at Neustar Security Services, argues that the issue goes beyond skills alone. And firms need to invest more in security, and in their staff, to keep up with the move to digital business.
Interview by Stephen Pritchard
Friday Aug 05, 2022
Closing the skills gap: part 3 - Karen Worstell, VMWare
Friday Aug 05, 2022
Friday Aug 05, 2022
How early do we need to start to awaken interest in cybersecurity, and indeed technology, as a career?
In this week's episode, VMWare's senior security advocate, Karen Worstell, argues that we might need to go back as far as early years education. Then, of course, we need to maintain and develop that interest, as a young person moves through education and on to their career.
And there's also more industry can do, from developing people at the starts of their careers to improving the levels of built-in security in any connected device, she says.
Wednesday Jul 20, 2022
Closing the security skills gap - Part 2: Tia Hopkins
Wednesday Jul 20, 2022
Wednesday Jul 20, 2022
In the second part of our series on the cyber skills crisis, we take a deeper look at the challenges around recruiting entry level staff – and the knock on effect that has on finding mid-tier and experienced hires.
Our guest this week is Tia Hopkins. Based in New York, she is field CTO and chief cyber risk strategist at eSentire.
In addition, Hopkins teaches cyber security, is working on her PhD, and is CEO of Empow(H)er Cybersecurity, which mentors women of colour in the cyber security industry.
How, then, do we encourage more people to join the cyber security world. Should we, as Hopkins says, hire for aptitude, rather than experience? And how do we look beyond the CV?
Interview by Stephen Pritchard
Wednesday Jul 06, 2022
Closing the security skills gap - part 1: Deryck Mitchelson
Wednesday Jul 06, 2022
Wednesday Jul 06, 2022
UK businesses are short of skilled cybersecurity professionals, and the number of vacancies is in the tens of thousands.
Worldwide, the shortfall is in the millions.
But what are the reasons? Is it cultural, problems with education, a lack of diversity?
And what is the impact on organisations in the public and private sector?
Over the next few weeks, Security Insights will attempt to answer at least some of these questions.
Our first guest in the series is Deryck Mitchelson, former Director of National Digital and Chief Information Security Officer at NHS Scotland, and now global CIO and CISO at Check Point.
Wednesday Jun 29, 2022
Surviving a ransomware attack
Wednesday Jun 29, 2022
Wednesday Jun 29, 2022
When IT director Tony Mendoza found his company under attack by a ransomware group, there was no playbook for how to respond. He and his team had to react -- at speed -- to a rapidly developing situation.
Fortunately his organisation, technology vendor Spectra Logic, survived the attack and was able to restore its data. But he learned some hard lessons about managing a crisis, building defences and, above all, why it pays to accept that an attack will happen.
In this episode, Mendoza recalls his experience to Security Insights editor, Stephen Pritchard.
Wednesday Jun 08, 2022
Security, SMEs, and new ways of working
Wednesday Jun 08, 2022
Wednesday Jun 08, 2022
Smaller businesses are no means immune to cyber attack.
In fact, there is growing evidence that criminal groups are targetting smaller businesses.
One reason is the changes to working practices brought on by the pandemic, with more remote access and the use of consumer IT. And smaller firms are being used as a way to infiltrate the supply chains of their larger customers.
What, though, can smaller companies do to improve their security?
Improved training, clearer IT policies and better use of security tools, including those that come with SaaS suites, all help according to this week's guest.
Lee Wrall is founder at Everything Tech, an IT services firm based in Manchester. He also believes passionately that smaller companies can be secure, withe the right planning and support. He spoke to Security Insights' Stephen Pritchard.
Wednesday May 25, 2022
Critical infrastructure, and geopolitical risk - Mathieu Gorge
Wednesday May 25, 2022
Wednesday May 25, 2022
In the current climate, operators of critical infrastructure are finding themselves in the front line.
And it is not just the obvious and traditional fields of CNI, such as energy or transport, that are under threat. The banking system, healthcare, manufacturing and food supply are all part of geopolitical risk, and at risk of cyber attack.
So just how vulnerable is critical infrastructure to cyber attack? And how should governments and industry work together to improve security?
Our guest this week is security and risk consultant Mathieu Gorge. He also runs the Vigitrust Global Advisory Board think tank. He speaks to Security Insights' editor Stephen Pritchard
We apologise for the audio quality in parts of this episode.
Wednesday May 11, 2022
Malware, security and the cloud
Wednesday May 11, 2022
Wednesday May 11, 2022
In this episode we look at the risks and threats facing the cloud, with Ray Canzanese, director at Netskope’s Threat Labs.
The firm has just released its latest Cloud and Threat Report, and Canzanese talks through some of the highlights, including the use of PDFs and search engines to deliver malware, and the (mis)use of cloud storage.
Wednesday Apr 27, 2022
Red Teams and Cyber War
Wednesday Apr 27, 2022
Wednesday Apr 27, 2022
How do organisations prepare for cyber attacks? Does “red teaming” work? And how close are we to cyber war?
Over the last few years, more firms have turned to red team security testing, putting their organisations through realistic attack simulations. But how do we balance the cost and time these tests demand, with the wider needs of the business?
Our Insights Interview guest this week is Reuven Aronashvili, founder and CEO of Israeli cybersecurity company CYE. Today, he works with large enterprises globally to help them tackle the most difficult cyber challenges.
Before that, he was one of the founders of Israel’s Red Team intelligence unit. As such, he has some unique insights into the line between a hacking incident and cyber terrorism and cyber warfare – and how close we are to crossing it.
Interview by Stephen Pritchard.