This is a very special episode because we’re celebrating a milestone! Excluding the EXTRA! episodes, we’ve released 50 Reimagining Cyber podcast episodes since our start in December of 2020. My co-host Rob Aragao and I cannot believe it’s flown by so quickly.
We started the podcast to explore the next generation of thinking on where cybersecurity is heading, as well as to talk about some of the key issues threat defenders face. Rob and I try and keep the episodes tight and below 30 minutes. In Journey to 50 we summarize some of the key themes that we’ve covered over the last two years.
In the Beginning
The podcast had its start during the COVID-19 pandemic. So, it seemed appropriate to begin the 50th episode with a clip from someone who was very familiar with the impact of cyber threats to the healthcare sector at the time. The guest for COVID-19, The Cavalry, and Cyber – No one is Coming to Save You was Joshua Corman who had served as a Chief Strategist for CISA regarding COVID, healthcare, and public safety. When addressing cyber resilience, Josh also used a memorable analogy about how you prepare for a zombie apocalypse.
Understanding the Threat Landscape
The cyber threat landscape is continuously evolving with threat actors expanding their capabilities to exploit new (and old) vulnerabilities in our defenses. We felt it was important to have some podcast episodes focused on these threats to raise awareness on how to prepare and to respond to them more effectively, including:
- Time to take them seriously... what's Iran doing in cyber? – Bill Hagestad, an internationally recognized expert on nation state cyber threat actors, postulates that Iran has the time, patience, and passion to have a severe impact on the cybersecurity landscape.
- Inside Cybercrime – In this episode Raveed Laeb (VP, KELA) shares how threat actors are putting more effort into building lasting business-like enterprises — investing more in branding, customer support, cybercrime-as-a-service, specialization, and even intuitive user interfaces.
- Colonial Pipeline fuels the fire: not the first, not the last, and how to protect for the future – Brett Thorson (Principal, Platinion) does a deep dive into the Colonial Pipeline attack and shares general best practices on how organizations can better prepare and respond to cyberattacks.
- Solarwinds: Bringing down the building... Software supply-chain pressure points - John Pescatore (Director of Emerging Technology at SANS) breaks down the Solarwinds attack and vulnerabilities in the software supply chain.
- So you’ve been hacked, now what? – Shawn Tuma (Cybersecurity and Data Privacy Attorney and Partner, Spencer Fane, LLP) deals with support clients who have suffered cyberattacks on a daily basis. In this episode he shares his experiences and best practices about what to do once you’ve been breached.
Cybersecurity Leadership Perspectives
Chief Information Security Officers (CISOs) are at the forefront of protecting the organizations they serve from cyber threats. Having been in the seat myself, I know how challenging this can be. We’ve been fortunate to have leaders on the podcast that have helped our listeners better understand how CISOs establish priorities and how their role is evolving, including:
- Unconventional approaches to improve Enterprise resilience - Jim Routh (Head of Enterprise Cybersecurity at MassMutual at the time of the podcast) discusses the importance of understanding your risk profile and how to augment standards-based controls as well as non-conventional controls to thwart threats.
- Cybersecurity and the Modern CISO - Parham Eftekhari (EVP of the CISO Community for the CyberRisk Alliance) discusses the changes he’s seen in the CISO role and how the modern CISO needs to align with the business objectives to have a seat at the table.
- Aligning cybersecurity with startup business goals - Ty Sbano (CISO for Vercel) shares his unique perspective on running the security business in the start-up space, from how to approach the interview process, how to gain trust early, and how to remain focused on the right priorities.
- Cyber Challenges in Healthcare - Louis Lerman (VP and CISO of Pediatrix Medical Group) shares how his team supported the business as they adapted to the needs of the pandemic response.
- Today, everyone needs to be cyber savvy - Bob Guay (CISO at Momenta Pharmaceuticals at the time of the podcast) who discusses the importance of being cyber-savvy, having skin in the game, and getting buy-in from non-technical people in your organization.
- Digital Government - How the state of Connecticut has driven digital transformation- Jeff Brown (CISO for State of Connecticut) discussed the differences between being a cybersecurity leader in the private sector vs. for a state government.
- Virtual meetings, virtual concerts, and now virtual CISOs? - Taylor Hersom (CEO, and co-founder of Eden Data) provides startups and next-gen organizations with virtual CISO support.
We’ve had so many wonderful guests on the podcast covering a wide range of topics that it’s very difficult to choose a favorite. We’ve had podcasts on cyber resilience, maturing application security programs, cyber insurance, building the cybersecurity talent pool, managing software supply chain risks, the impact of quantum computing on encryption, cybersecurity in connected vehicles, and more.
For me, one of my favorites was the episode with my friend Jeremy Epstein (Lead Program Officer at the National Science Foundation). Jeremy and I worked together years ago, but I was amazed by the cybersecurity research examples he highlighted in What does sociotechnical research have to do with cybersecurity.
It was a difficult decision for Rob as well, but he decided upon a recent episode with Virginia “Ginger” Wright. Wright is the Energy Cybersecurity Portfolio Manager for Idaho National Laboratory’s Cybercore division within its National and Homeland Security directorate. She’s leading the approach to engineer security and resilience into operational technology (OT) components supporting the energy infrastructure. The OT world is different, and she highlighted some fascinating challenges in Energizing Cybersecurity.
What Have We Learned?
One of the lessons we’ve learned over the last two years is that it’s important to have a regular cadence for our podcast episodes. Initially we’d target having an episode drop every two weeks or so, but sometimes that stretched to three or four weeks between episodes. Listeners like predictability. We now drop an episode every Wednesday.
Listeners also wanted more from Rob and me. The podcast format we’ve selected for our guests doesn’t lend itself to much banter between the two of us. So, we introduced the EXTRA! episodes that are just the two of us talking about various cybersecurity related topics. A fun example is our take on our favorite cybersecurity/hacking movies in EXTRA! And the Oscar for best cybersecurity movie goes to…
More to Come
We plan on continuing to explore the world of cybersecurity. In addition to our bi-weekly EXTRA! episodes, we’ll have guests to discuss the cybersecurity ramifications of ChatGPT, risk management of modern application portfolios, early warnings of cyber threats, and data risk identification from a privacy lens.
Again, you can listen to our 50th anniversary episode: Journey to 50.
You can find the latest episodes of Reimagining Cyber on Apple, Spotify, Google, Stitcher, and Buzzsprout. Give it a listen and subscribe. Log in or register to comment below.