Skip to main content
Spotify for Podcasters
The Cyber Security Transformation Podcast

The Cyber Security Transformation Podcast

By Corix Partners

Become a Paid Subscriber: https://podcasters.spotify.com/pod/show/tcybercast/subscribe JC Gaillard and his guests share their views on both the interesting cybersecurity news stories of the week and their own experiences. Now entering its fourth series with a stronger focus on cyber security leadership, governance and related board-level matters Released every Thursday
Available on
Apple Podcasts Logo
Google Podcasts Logo
Overcast Logo
Pocket Casts Logo
RadioPublic Logo
Spotify Logo
Currently playing episode

Series 4 - "What's going on with CISOs and their budgets?" - Episode 3

The Cyber Security Transformation PodcastJun 01, 2023

00:00
08:48
Series 4 - "What's going on with CISOs and their budgets?" - Episode 3

Series 4 - "What's going on with CISOs and their budgets?" - Episode 3

In this third episode of our fourth series, JC Gaillard looks back at cybersecurity budgets and analyzes the reasons behind the considerable underspent highlighted by a recent survey

Jun 01, 202308:48
Series 4 - "Zero-Trust is not about Zero; it's about Trust" - Episode 2

Series 4 - "Zero-Trust is not about Zero; it's about Trust" - Episode 2

JC Gaillard looks back at a number of aspects involving zero-trust technology and why putting technology first is probably the biggest mistake you can make in that space

May 25, 202309:08
Series 4 - "Time to Go Back to Basics with Cyber Security" - Episode 1

Series 4 - "Time to Go Back to Basics with Cyber Security" - Episode 1

Welcome to the 1st episode of our 4th Series - JC Gaillard starts to look back at the various topics that have been catching his eye since the end of the previous series: In this episode, why it is key to look beyond the hype on a number of tech matters and refocus our approach to cyber security on key concepts.

May 18, 202309:25
Series 3 - "Process and People first, then Technology" - Episode 24

Series 3 - "Process and People first, then Technology" - Episode 24

JC Gaillard reaches the final episode in this third series of the Corix Partners Cyber Security Transformation Podcast, and revisits a few key aspects highlighted throughout the series, in particular the importance of the "Process and People first, then Technology" principle

Oct 18, 202207:45
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 23

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 23

JC Gaillard continues to analyze the way the various aspects highlighted in earlier episodes of the Series are interlinked; in this episode, he goes back to the "when-not-if" paradigm around cyber attacks and why tactical and strategic execution is paramount for the new CISO

Oct 11, 202209:42
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 22

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 22

JC Gaillard reaches the final episodes in this Series and starts to look at how the various aspects highlighted in earlier episodes are interlinked; in this episode, the key traits senior execs and Board members need to focus on when hiring a new CISO

Oct 04, 202212:37
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 21

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 21

JC Gaillard looks at the way the cyber security agenda needs to be framed at Board level, to enable the best positioning of the role and profile of the new CISO ahead of the "First 100 Days"

Sep 27, 202212:43
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 20

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 20

JC Gaillard digs into the concept and definition of a Security Operating Model, why it needs to underpin the "First 100 Days of the New CISO", and why "Process and People first, then Technology" has to be the main guiding principle here

Sep 20, 202209:38
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 19

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 19

JC Gaillard continues exploring a few specific topics surrounding the "First 100 Days of the New CISO"; in this episode, the reporting line of the CISO, why it matters and how to determine which would work best

Sep 13, 202212:19
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 18

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 18

As part of his continuing exploration of the "First 100 Days of the New CISO", JC Gaillard looks into the profile of the CISO and why management experience is of paramount importance, over and above technical knowledge.

Sep 05, 202209:04
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 17

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 17

JC Gaillard continues exploring the topics surrounding the "First 100 Days of the New CISO"; in this episode, he dives into the aspects surrounding the tenure of the CISO and why it is key to driving security transformation

Aug 30, 202210:57
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 16 - with guest Neil Cordell

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 16 - with guest Neil Cordell

JC Gaillard is joined by Head of Cyber and Information Security at Swansea University Neil Cordell, to discuss his real-life experience of taking up a new CISO position in the midst of the Covid pandemic, and the lessons that can be learnt about bringing all stakeholders on board the cyber security transformation journey

Neil's details can be found here on Linkedin >> https://www.linkedin.com/in/neilcordell/


Aug 23, 202225:51
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 15

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 15

JC Gaillard reaches the end of his exploration of the "First 100 Days of the New CISO" and before moving on to a number of episodes with guests on the theme, he digs into "expectations vs. reality" and explores the root causes of the disconnect which may exist between what the CISO finds on arrival and what they were sold at interview time

Aug 16, 202210:39
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 14

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 14

JC Gaillard continues its exploration of the "First 100 Days of the New CISO" with an analysis on how tactical firefighting and the unavoidable handling of cybersecurity incidents must not be seen just as a "curse" throughout the first 100 days, but can be used to build up trust with stakeholders

Aug 09, 202211:32
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 13

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 13

JC Gaillard reaches the end of the "6 days-6 weeks-6 months" cycle he explored around "The First 100 Days of the New CISO", and looks at what happens next, and how CISOs can continue to drive change

Aug 02, 202209:41
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 12

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 12

JC Gaillard reaches the "6 months" part of his journey throughout the "First 100 Days of the New CISO"; in this episode, how to build an execution framework to support the strategic vision defined earlier, and why governance is key at this stage to support lasting change

Jul 26, 202215:15
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 11

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 11

JC Gaillard continues developing his "6 days - 6 weeks - 6 months" model, framing the first 100 days of the new CISO; in this episode, the six weeks horizon, and how to continue building a strategic framework addressing the key challenges of the new CISO role

Jul 19, 202215:08
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 10

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 10

JC Gaillard continues to look back at his 2017-2018 series of articles about "The First 100 Days of the New CISO"; in this episode, he looks into the challenges of the first week, and why it is key to understand the firm, its people and its culture from the start

Jul 12, 202213:55
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 9

Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 9

We enter the second part of our third series and JC Gaillard starts exploring and revisiting his 2017-2018 series of articles entitled "The First 100 Days of the New CISO"; in this episode, why context is key and how to assess it, looking in turn at the profile of the person, the nature of the role and the maturity of the firm

Jul 05, 202210:14
Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 8

Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 8

JC Gaillard reaches the final part in the re-examination of his 2015 series titled "The CIO Guide to a Successful Cyber Security Practice"; in this episode, why it is key to think in terms of process first when architecting a cyber security practice, and not in terms of technical tools

Jun 28, 202208:36
Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 7

Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 7

JC Gaillard reaches the 7th key management pitfall to avoid in his re-assessment of his 2015 series of articles entitled "The CIO Guide to a Successful Cyber Security Practice"; in this episode, why it is key to look at cyber security as a structured practice, and not just a collection of tactical activities and technical projects

Jun 21, 202211:37
Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 6

Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 6

JC Gaillard reaches a key point in his journey through the 8 key management pitfalls for CIOs and CTOs to avoid when building or rebuilding cyber security practices; in this episode, why it is key to see cyber security not just as a technology discipline, and to build it as a cross-silo practice from the start

Jun 14, 202210:33
Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice - Episode 5

Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice - Episode 5

JC Gaillard moves onto his 5th key management pitfall to avoid when building or rebuilding effective and efficient cyber security practices; in this episode, why it is key to think in terms of operating model and work with all stakeholders including HR, in the definition and distribution of cyber security accountabilities and responsibilities

Jun 07, 202211:36
Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 4

Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 4

JC Gaillard continues his re-examination of his 2015 series of articles titled "The CIO Guide to a Successful Cyber Security Practice"; in this episode, why it is key to look beyond the short term and think in terms of process to drive effective and lasting change

May 31, 202210:48
Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 3

Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 3

JC Gaillard continues exploring and updating his 2015 series on the "CIO Guide to a Successful Cyber Security Practice"; in this episode, why throwing money at the problem is rarely the solution to maturity development around cyber security and why trust is paramount in the relation between the CISO and senior execs

May 24, 202211:31
Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 2

Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 2

JC Gaillard continues to look back at his 2015 articles series "The CIO Giude to a Successful Cyber Security Practice" and highlights why risk management alone can no longer be the beating heart of cyber security practices

May 17, 202212:25
Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 1

Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 1

JC Gaillard looks back at his 2015 series of articles published on the Corix Partners blog under the title of "The CIO Guide to a Successful Cyber Security Practice"; in this episode, he re-examines the first pitfall to avoid for CIOs and why cyber security cannot just be seen as an "enabler"

May 10, 202211:43
Series 2 - Episode 15 - A Look Back at the log4j Incident - with guest Chris Burtenshaw

Series 2 - Episode 15 - A Look Back at the log4j Incident - with guest Chris Burtenshaw

JC Gaillard is joined by Chris Burtenshaw from Strata Security to discuss how the log4j incident unfolded and was handled, and the lessons that can be learnt from the pas few months

Feb 03, 202216:47
Series 2 - Episode 14 - Where are we now with GDPR? - with guest Cristina Contero

Series 2 - Episode 14 - Where are we now with GDPR? - with guest Cristina Contero

JC Gaillard is joined by Cristina Contero from Aphaia to follow up on earlier podcasts episodes on GDPR and review what has changed over the past 6 to 8 months since our last podcast on the theme with Bostjan Makarovic

Jan 11, 202216:23
Series 2 - Episode 13 - A Look Back at Cyber Security in 2021 - with guest Steve Lamb

Series 2 - Episode 13 - A Look Back at Cyber Security in 2021 - with guest Steve Lamb

JC Gaillard is joined again by guest Steve Lamb, who animated the launch of the first series of the podcast last year; together they look back at the drivers that have shaped cyber security throughout 2021, and more generally throughout the COVID pandemic

Dec 30, 202117:43
Series 2 - Episode 12 - Cyber Security, Governance & Risk for the Digital Age - with guest Richard Preece

Series 2 - Episode 12 - Cyber Security, Governance & Risk for the Digital Age - with guest Richard Preece

JC Gaillard is joined by Richard Preece, Founder & Director, DA Resilience to discuss how the pandemic has affected cybersecurity governance, controls appetite and risk management from the Board down, and how exponential changes over the next decade are going to impact those trends

Nov 02, 202105:16:21
Series 2 - Episode 11 - Cyber Security, the CISO and the CIO: Seeing it From Both Sides of the Fence - with guest Natasha McCabe

Series 2 - Episode 11 - Cyber Security, the CISO and the CIO: Seeing it From Both Sides of the Fence - with guest Natasha McCabe

JC Gaillard is joined by Natasha McCabe to discuss the leadership  lessons which can be learned from having held both CISO and CIO roles,  and having seen cyber security from the two sides of the fence

Sep 30, 202117:58
Series 2 - Episode 10 - Oscar O'Connor and JC Gaillard on Security Transformation, Covid-19, People and Trust

Series 2 - Episode 10 - Oscar O'Connor and JC Gaillard on Security Transformation, Covid-19, People and Trust

JC Gaillard is joined by Oscar O'Connor to discuss "Playing the Triangles", his latest piece on the Corix Partners blog: A reflection on business and security transformation dynamics in the post-covid era

Aug 12, 202130:27
Series 2 - Episode 9 - Looking Back at the Cyber Security Skills Gap: Real Problem or Self-inflicted Pain? - with guest Rayna Stamboliyska

Series 2 - Episode 9 - Looking Back at the Cyber Security Skills Gap: Real Problem or Self-inflicted Pain? - with guest Rayna Stamboliyska

JC Gaillard is joined by Rayna Stamboliyska to look back at the cyber security skills back, its implications and how to address it through better talent management, clearer career paths and a greater emphasis on diversity

Jul 20, 202139:09
Series 2 - Episode 8 - The Impact of the COVID Pandemic on Cyber Insurance: What has changed and what to expect? - with guest Hani Banayoti

Series 2 - Episode 8 - The Impact of the COVID Pandemic on Cyber Insurance: What has changed and what to expect? - with guest Hani Banayoti

JC Gaillard is joined with Hani Banayoti from CyberSolace to explore the impact the COVID-19 pandemic has had on the cyber insurance sector and what can be expected going forward in terms of new dynamics

Jul 06, 202119:18
Series 2 - Episode 7 - Cyber Security Career Paths: How do you bridge between security roles and IT management roles? - with guest Alexa Glynn

Series 2 - Episode 7 - Cyber Security Career Paths: How do you bridge between security roles and IT management roles? - with guest Alexa Glynn

JC Gaillard is joined by Alexa Glynn, from Rabobank Australia & New Zealand, to discuss how you transition from security roles into IT management roles and why security professionals don't have to feel condemned to hopping between security jobs

Jun 15, 202113:12
Series 2 - Episode 6 - GDPR and the Schrems II ruling: Where are we now around data transfers between the EU and the US? - with guest Bostjan Makarovic

Series 2 - Episode 6 - GDPR and the Schrems II ruling: Where are we now around data transfers between the EU and the US? - with guest Bostjan Makarovic

JC Gaillard is joined again by guest Bostjan Makarovic from Aphaia to discuss the impact of the Schrems II ruling on GDPR compliance and data transfers between the EU and the US

May 25, 202116:23
Series 2 - Episode 5 - IT Security vs. OT Security: What's the state of play? - with guest Steven O'Sullivan

Series 2 - Episode 5 - IT Security vs. OT Security: What's the state of play? - with guest Steven O'Sullivan

JC Gaillard is joined by cyber security expert Steven O'Sullivan to explore the issues surrounding IT and OT convergence and their implications for cyber security at large across industry sectors

Apr 20, 202111:49
Series 2 - Episode 4 - Observability: What does it really mean for cyber security? - with guest Chris Burtenshaw

Series 2 - Episode 4 - Observability: What does it really mean for cyber security? - with guest Chris Burtenshaw

JC Gaillard is joined by Chris Burtenshaw from Strata Security; together they explore the meaning of observability in the cyber security space: Is it just hype over substance? or is there more to it than meet the eye?

Mar 30, 202110:35
Series 2 - Episode 3 - Where are we now with GDPR? - with guest Bostjan Makarovic

Series 2 - Episode 3 - Where are we now with GDPR? - with guest Bostjan Makarovic

JC Gaillard is joined by Bostjan Makarovic from Aphaia for a great discussion on GDPR, the size of fine and role of regulators, the risk of irrelevance they may face if they keep things imbalanced, and the impact of the Schrems II ruling

Mar 09, 202119:29
Series 2 - Episode 2 - Resilience: What Does It Really Mean in Business Terms? - with guest Nick Simms

Series 2 - Episode 2 - Resilience: What Does It Really Mean in Business Terms? - with guest Nick Simms

JC Gaillard is joined by experienced operational resilience consultant Nick Simms to explore what resilience really means in business terms and where cyber resilience needs to fit within a broader business resilience framework

Feb 25, 202116:29
Series 2 - Episode 1 - How to Frame the Cyber Security Conversation at Board Level? - with guest Richard Preece

Series 2 - Episode 1 - How to Frame the Cyber Security Conversation at Board Level? - with guest Richard Preece

JC Gaillard is joined by Richard Preece, director of DA Resilience, to explore how best to frame the conversation at Board level around cyber security in order to engineer effective and efficient engagement and top-down dynamics

Feb 16, 202115:40
What did we learn about cyber in the crazy year that was 2020?

What did we learn about cyber in the crazy year that was 2020?

.By any account the last year has been crazy. So much had to change so quickly and that included cyber security. In this episode we discuss the key lessons learned about security and privacy.

Dec 11, 202017:25
Digital transformation - is the role of the CISO becoming an outdated concept?

Digital transformation - is the role of the CISO becoming an outdated concept?

COVID has led many organizations to rush their provision or remote access to their employees and many have accelerated their digital transformation programmed. We discuss the role of the CISO in this context.
Nov 27, 202010:30
Ransomware: Why is defense in depth so important?

Ransomware: Why is defense in depth so important?

We discuss a recent survey that reveals the continued prevalence of ransomware and the shocking amount that organizations typically pay. We talk about how to protect organizations from becoming victims
Nov 20, 202010:22
How to embed security and privacy on the board agenda?

How to embed security and privacy on the board agenda?

In this episode we discuss the need for top down engagement by the board to bring life into the to security and privacy strategy of their organisation. We look at the importance of embedding these important considerations into the Environmental, Social and Governance (ESG). 

Nov 13, 202009:34
GDPR - when are the regulators going to show their muscles?

GDPR - when are the regulators going to show their muscles?

Following the recent announcement from the ICO of significantly reduced fines for BA and Marriott the question has to be asked "Where are the landmark cases of fines in the order of 4% of revenue for huge scale breaches?". Clearly during the pandemic the travel and hospitality industries are under great financial strain but since GDPR came in over two years ago there haven't been any fines that have been anywhere near the expected magnitude.
Nov 06, 202012:51
From Cyber Security Awareness to Genuine Cultural Change: What do you need to make this work?

From Cyber Security Awareness to Genuine Cultural Change: What do you need to make this work?

.We’re joined by Zsuzsanna Berenyi from the London Stock Exchange Group who shares her experience on how to drive cultural change to embed security awareness into organizations.
Oct 22, 202015:06
Where are we with Cyber Insurance?

Where are we with Cyber Insurance?

In this episode we are joined by Hani Banayoti (hani.banayoti@cybersolace.co.uk) from Cyber Solace to discuss the ways in which the cyber insurance market has changed over the last ten years. We look at the drivers towards organisations choosing to pay for cyber insurance, it's role in helping them keep the lights on if they are breached and the trends with regard to ransomware and GDPR.
Oct 16, 202023:39
Why it’s important for CISOs not to get lost firefighting

Why it’s important for CISOs not to get lost firefighting

Incoming CISOs clearly have to identify and put out fires. In this episode we discuss why many CISOs get stuck in this phase. We look at ways to enable transformative change.
Oct 09, 202011:57
Why should security and privacy be included in the MVP of startups

Why should security and privacy be included in the MVP of startups

We discuss why it’s important to think carefully about how to ensure the Minimum Viable Product (MVP) software written by startups pays attention to the requirements of privacy and security
Oct 02, 202011:32
How to address the proliferation of security tools

How to address the proliferation of security tools

Chris Burtenshaw, CEO of Strata Security joins us to discuss how many organizations have far too many security products and how to address the complexity and management overhead they often bring.
Sep 25, 202014:59
Cyber security skills gap - what skills gap?

Cyber security skills gap - what skills gap?

We discuss the extent to which there are opportunities in the cyber industry and how to encourage people to join
Sep 11, 202010:49
Where are we with GDPR?

Where are we with GDPR?

Given the financial strain caused by COVID-19 which has been especially severe on the hospitality and airline sectors the likelihood of large fines being imposed on Marriot and BA looks low - what does this mean for compliance?
Sep 04, 202013:47
Is it the right time to adopt Zero Trust Networking?

Is it the right time to adopt Zero Trust Networking?

Zero Trust Networking promises much and is being touted extensively... how much sense does it make at the moment?
Aug 13, 202010:11
Ransomware - key elements to bear in mind and how to respond

Ransomware - key elements to bear in mind and how to respond

The threat to business continuity posed by malicious actors using ransomware isn’t new but it’s causing pain to many. The most recent high profile attack was on Garmin - a company Steve relies upon to help with his marathon training
Aug 07, 202011:06
The importance of data privacy

The importance of data privacy

I’m this episode we discuss the need for privacy to be carefully considered and for appropriate controls to be applied together with the challenges for GDPR regulators in light of the COVID pandemic.
Jul 24, 202010:20
Does the role of the "Virtual CISO" make any sense

Does the role of the "Virtual CISO" make any sense

Faced by constant reports of cyber-attacks in the media, most small and medium-size organisations have woken up to the reality of cyber threats over the past few years.
Many still don’t really know what to do to protect themselves and turn to “virtual CISO” services for assistance.
While this is better than doing nothing or relying blindly on the security of cloud providers, those externalised, part-time services – often delivered remotely – are rarely the magic bullet they pretend to be…
Jul 17, 202011:14
The hard truth around cyber security awareness programmes

The hard truth around cyber security awareness programmes

In this episode we discuss how to bring constructive change by culture and top down leadership
Jul 10, 202010:10
The tenure of CISOs

The tenure of CISOs

We discuss the likely reasons for the trend towards CISOs having short tenure
Jul 03, 202009:40
Ensuring security and privacy for bespoke software

Ensuring security and privacy for bespoke software

We discuss the challenges of ensuring that code that’s written either in-house or commissioned from a third party follows the Security Development Life Cycle
Jun 26, 202010:06
Episode 1

Episode 1

This is the first in a series of Cyber Security Transformation Podcasts. Each week JC and Steve will discuss the interesting cyber next stories and our own experiences with clients.

 

Jean Christophe Gaillard

M: +44 (0)7733 001 530

E: jcgaillard@corixpartners.com

https://twitter.com/@Corix_JC


Steve Lamb

M: +44 (0)75 0800 8864

E: steve.lamb@corixpartners.com

https://twitter.com/actionlamb

Jun 19, 202011:39