The CISO Stories Podcast
Subscribe52,000 Suppliers:Third-Party Supply Chain CyberRisk Approach – Cassie Crossley – CSP #166
Schneider Electric has over 52,000 suppliers and sells hundreds of thousands of products of which 15,000 would be classified as intelligent products. To address risks stemming from third-party suppliers, and in recognition of the risks posed to customers, we have a holistic approach to value chain security, by implementing security controls at every level (R&D, Design, Manufacturing, Distribution, Staging, Commissioning and Operating). This approach is guided by policies and regulations, continuously evolving to improve our maturity. On the Third-party Cyber posture level, Schneider Electric partners across the industry to raise cybersecurity maturity, with the World Economic Forum (WEF), ISA Global Cybersecurity Alliance (ISAGCA), and Cyber Tech Accord. We specifically have a tiered third-party risk management program which evaluates suppliers through evidenced-based reviews of their secure development processes and cybersecurity posture.
Visit https://cisostoriespodcast.com for all the latest episodes!
Segments
52,000 Suppliers:Third-Party Supply Chain CyberRisk Approach – Cassie Crossley – CSP #166
Securing Connections: 3rd Party Risk Mgmt Expert Insights – Charles Spence – CSP #165
Breaches at software vendors used by many organizations have highlighted the external software supplier risk, requiring organizations to be even more diligent. Join us as we discuss the supply chain issues and their relationship to software supply chain issues and how organizations should approach environment with supplier software risk, geo-political risk, environmental concerns to maintain business resiliency.
This segment is sponsored by VISO TRUST. Visit https://cisostoriespodcast.com/visotrust to learn more about them!
Visit https://cisostoriespodcast.com for all the latest episodes!
Segments
Securing Connections: 3rd Party Risk Mgmt Expert Insights – Charles Spence – CSP #165
A Printout on Secure by Design When Utilizing 3rd Parties – Bryan Willett – CSP #164
With CISA just putting out new “secure by design” guidance, Lexmark CISO Bryan Willett pulls the curtain back on the curtain back on how Lexmark is approaching secure-by-design in its products Lexmark is at the forefront of secure by design as their products constantly touch highly confidential information in regulated industries, along with an established security record validated by IDC, Quocirca, and Bitsight. Bryan talks about the impact of secure by design on hardware manufacturers; the steps his company has taken to secure its products, monitor suppliers, and push updates; and his thoughts on the CISA guidance.
Visit https://cisostoriespodcast.com for all the latest episodes!
Segments
A Printout on Secure by Design When Utilizing 3rd Parties – Bryan Willett – CSP #164
Intelligent Generative AI Handling – Aaron Weismann – CSP #163
Generative AI security and integrity. This is important to me because it's a cool new commercially available technology that promises efficiency and time savings--and therefore everyone wants to use it without a thorough understanding of how to secure data used with it or correcting model bias introduced through improper governance. The implications, particularly in the healthcare space, are significant where AI-driven care decisions can drift away from optimal care and have the potential to expose significant care gaps.
Visit https://cisostoriespodcast.com for all the latest episodes!
Segments
Intelligent Generative AI Handling – Aaron Weismann – CSP #163
Responsible Use and Vetting of AI Solutions – Jon Washburn – CSP #162
Responsible use and governance of AI are key issues today, as training data limitations and data retention issues must be addressed. The risk of exposing PII or other confidential data, managing bias, hallucination, misinterpretation risks and other AI considerations are discussed.
Fitzgerald, T. 2019. Chapter 4: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-125. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.
This segment is sponsored by Darktrace. Visit https://cisostoriespodcast.com/darktrace to learn more about them!
Visit https://cisostoriespodcast.com for all the latest episodes!
Segments
Responsible Use and Vetting of AI Solutions – Jon Washburn – CSP #162
The Business Side of AI – Edward Contreras – CSP #161
Artificial Intelligence: Currently these two words can mean a world of difference to different people. How do you bring this topic to the board, to executives, or to business partners, and help them understand the risks without the FUD or technical language that so often creeps into the conversation? The goal is to engage in an action driven conversation and not lead it down a theoretical path. As a CISO in a financial institution, understanding the boundaries and limitations is key to corporate success.
Fitzgerald, T. 2019. Chapter 4: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-125. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.
This segment is sponsored by Darktrace. Visit https://cisostoriespodcast.com/darktrace to learn more about them!
Visit https://cisostoriespodcast.com for all the latest episodes!
Segments
The Business Side of AI – Edward Contreras – CSP #161
Generative AI and Corporate Security – Getting it Right – Bill Franks – CSP #160
Generative AI has hit the world by storm, but unfortunately is widely misunderstood. While it brings great promise for companies, it also has risks. As employees and corporate applications begin making use of generative AI, it is important to ensure that proper safety and security mechanisms are put in place to allow value to be obtained while minimizing risk.
Fitzgerald, T. 2019. Chapter 4: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-125. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.
You can learn more at http://www.bill-franks.com.
This segment is sponsored by Darktrace. Visit https://cisostoriespodcast.com/darktrace to learn more about them!
Visit https://cisostoriespodcast.com for all the latest episodes!
Segments
Generative AI and Corporate Security – Getting it Right – Bill Franks – CSP #160
Better CISO Health in the New Year: From Burnout to Balance – Steve Shelton – CSP #159
Heidrick and Struggles released a global CISO survey last year, stating 53% of CISOs were most concerned about significant stress and 60% were concerned about burnout.
In Steve’s 20 years of software sales, significant stress and burnout have been longstanding issues that have yet to be effectively addressed and have negatively impacted his own life and those in the industry. There exists an opportunity to help cyber defenders protect themselves and their teams from these issues, enhancing both their jobs and personal lives. Join us as we discuss this critical issue as we navigate 2024 for better CISO and team health.
Fitzgerald, T. 2019. Chapter 14: CISO Soft Skills in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 463-487. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.
Visit Steve’s Website: www.greenshoeconsulting.com for more information.
This segment is sponsored by Darktrace. Visit https://cisostoriespodcast.com/darktrace to learn more about them!
Visit https://cisostoriespodcast.com for all the latest episodes!
Segments
Better CISO Health in the New Year: From Burnout to Balance – Steve Shelton – CSP #159
Cloud Security Staffing in a Hybrid World – It Can Be Done! – Larry Lidz – CSP #158
Over the course of two years, and during the pandemic, we established a new security team and grew that team from five cloud security people to over eighty. What was our talent strategy to enable that rapid growth, how did we find the right talent in a tight market, and what did we learn from the approach? Additionally, what rituals and tactics served us well to build team identity and collaboration in a hybrid world? Through all this, how do we ensure we prioritize diversity and inclusion in our teams?
Fitzgerald, T. 2019. Chapter 4 Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-127. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.
Visit https://cisostoriespodcast.com for all the latest episodes!
Segments
Cloud Security Staffing in a Hybrid World – It Can Be Done! – Larry Lidz – CSP #158
You want the CISO Title & Pay? Responsibility Comes Also! – Malcolm Harkins – CSP #157
Integrity & Materiality. Get them wrong, you jeopardize your organization, its shareholders, possibly customers, as well as yourself. Join us as we discuss CISO role and accountability, Geopolitics, SEC Regulation and materiality, AI Impact, and seismic changes occurring in the past 5 Years as articulated in the 5 year CyberRisk Alliance Blog dated 12/7/23, https://www.cyberriskalliance.com/blog/5-years-of-reflection-5-seismic-industry-shifts-why-im-on-the-board-at-cra
Fitzgerald, T. 2019. Chapter 1: CISO Role: Evolution or Revolution? in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 3-36. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.
Visit https://cisostoriespodcast.com for all the latest episodes!