The Cyber Security Transformation Podcast

JC Gaillard reaches the final episode in this third series of the Corix Partners Cyber Security Transformation Podcast, and revisits a few key aspects highlighted throughout the series, in particular the importance of the "Process and People first, then Technology" principle

JC Gaillard continues to analyze the way the various aspects highlighted in earlier episodes of the Series are interlinked; in this episode, he goes back to the "when-not-if" paradigm around cyber attacks and why tactical and strategic execution is paramount for the new CISO

JC Gaillard reaches the final episodes in this Series and starts to look at how the various aspects highlighted in earlier episodes are interlinked; in this episode, the key traits senior execs and Board members need to focus on when hiring a new CISO

JC Gaillard looks at the way the cyber security agenda needs to be framed at Board level, to enable the best positioning of the role and profile of the new CISO ahead of the "First 100 Days"

JC Gaillard digs into the concept and definition of a Security Operating Model, why it needs to underpin the "First 100 Days of the New CISO", and why "Process and People first, then Technology" has to be the main guiding principle here

JC Gaillard continues exploring a few specific topics surrounding the "First 100 Days of the New CISO"; in this episode, the reporting line of the CISO, why it matters and how to determine which would work best

As part of his continuing exploration of the "First 100 Days of the New CISO", JC Gaillard looks into the profile of the CISO and why management experience is of paramount importance, over and above technical knowledge.

JC Gaillard continues exploring the topics surrounding the "First 100 Days of the New CISO"; in this episode, he dives into the aspects surrounding the tenure of the CISO and why it is key to driving security transformation

JC Gaillard is joined by Head of Cyber and Information Security at Swansea University Neil Cordell, to discuss his real-life experience of taking up a new CISO position in the midst of the Covid pandemic, and the lessons that can be learnt about bringing all stakeholders on board the cyber security transformation journey

Neil's details can be found here on Linkedin >> https://www.linkedin.com/in/neilcordell/

JC Gaillard reaches the end of his exploration of the "First 100 Days of the New CISO" and before moving on to a number of episodes with guests on the theme, he digs into "expectations vs. reality" and explores the root causes of the disconnect which may exist between what the CISO finds on arrival and what they were sold at interview time

JC Gaillard continues its exploration of the "First 100 Days of the New CISO" with an analysis on how tactical firefighting and the unavoidable handling of cybersecurity incidents must not be seen just as a "curse" throughout the first 100 days, but can be used to build up trust with stakeholders

JC Gaillard reaches the end of the "6 days-6 weeks-6 months" cycle he explored around "The First 100 Days of the New CISO", and looks at what happens next, and how CISOs can continue to drive change

JC Gaillard reaches the "6 months" part of his journey throughout the "First 100 Days of the New CISO"; in this episode, how to build an execution framework to support the strategic vision defined earlier, and why governance is key at this stage to support lasting change

JC Gaillard continues developing his "6 days - 6 weeks - 6 months" model, framing the first 100 days of the new CISO; in this episode, the six weeks horizon, and how to continue building a strategic framework addressing the key challenges of the new CISO role

JC Gaillard continues to look back at his 2017-2018 series of articles about "The First 100 Days of the New CISO"; in this episode, he looks into the challenges of the first week, and why it is key to understand the firm, its people and its culture from the start

We enter the second part of our third series and JC Gaillard starts exploring and revisiting his 2017-2018 series of articles entitled "The First 100 Days of the New CISO"; in this episode, why context is key and how to assess it, looking in turn at the profile of the person, the nature of the role and the maturity of the firm

JC Gaillard reaches the final part in the re-examination of his 2015 series titled "The CIO Guide to a Successful Cyber Security Practice"; in this episode, why it is key to think in terms of process first when architecting a cyber security practice, and not in terms of technical tools

JC Gaillard reaches the 7th key management pitfall to avoid in his re-assessment of his 2015 series of articles entitled "The CIO Guide to a Successful Cyber Security Practice"; in this episode, why it is key to look at cyber security as a structured practice, and not just a collection of tactical activities and technical projects

JC Gaillard reaches a key point in his journey through the 8 key management pitfalls for CIOs and CTOs to avoid when building or rebuilding cyber security practices; in this episode, why it is key to see cyber security not just as a technology discipline, and to build it as a cross-silo practice from the start

JC Gaillard moves onto his 5th key management pitfall to avoid when building or rebuilding effective and efficient cyber security practices; in this episode, why it is key to think in terms of operating model and work with all stakeholders including HR, in the definition and distribution of cyber security accountabilities and responsibilities

JC Gaillard continues his re-examination of his 2015 series of articles titled "The CIO Guide to a Successful Cyber Security Practice"; in this episode, why it is key to look beyond the short term and think in terms of process to drive effective and lasting change

JC Gaillard continues exploring and updating his 2015 series on the "CIO Guide to a Successful Cyber Security Practice"; in this episode, why throwing money at the problem is rarely the solution to maturity development around cyber security and why trust is paramount in the relation between the CISO and senior execs

JC Gaillard continues to look back at his 2015 articles series "The CIO Giude to a Successful Cyber Security Practice" and highlights why risk management alone can no longer be the beating heart of cyber security practices

JC Gaillard looks back at his 2015 series of articles published on the Corix Partners blog under the title of "The CIO Guide to a Successful Cyber Security Practice"; in this episode, he re-examines the first pitfall to avoid for CIOs and why cyber security cannot just be seen as an "enabler"

JC Gaillard is joined by Chris Burtenshaw from Strata Security to discuss how the log4j incident unfolded and was handled, and the lessons that can be learnt from the pas few months

JC Gaillard is joined by Cristina Contero from Aphaia to follow up on earlier podcasts episodes on GDPR and review what has changed over the past 6 to 8 months since our last podcast on the theme with Bostjan Makarovic

JC Gaillard is joined again by guest Steve Lamb, who animated the launch of the first series of the podcast last year; together they look back at the drivers that have shaped cyber security throughout 2021, and more generally throughout the COVID pandemic

JC Gaillard is joined by Richard Preece, Founder & Director, DA Resilience to discuss how the pandemic has affected cybersecurity governance, controls appetite and risk management from the Board down, and how exponential changes over the next decade are going to impact those trends

JC Gaillard is joined by Natasha McCabe to discuss the leadership  lessons which can be learned from having held both CISO and CIO roles,  and having seen cyber security from the two sides of the fence

JC Gaillard is joined by Oscar O'Connor to discuss "Playing the Triangles", his latest piece on the Corix Partners blog: A reflection on business and security transformation dynamics in the post-covid era

JC Gaillard is joined by Rayna Stamboliyska to look back at the cyber security skills back, its implications and how to address it through better talent management, clearer career paths and a greater emphasis on diversity

JC Gaillard is joined with Hani Banayoti from CyberSolace to explore the impact the COVID-19 pandemic has had on the cyber insurance sector and what can be expected going forward in terms of new dynamics

JC Gaillard is joined by Alexa Glynn, from Rabobank Australia & New Zealand, to discuss how you transition from security roles into IT management roles and why security professionals don't have to feel condemned to hopping between security jobs

JC Gaillard is joined again by guest Bostjan Makarovic from Aphaia to discuss the impact of the Schrems II ruling on GDPR compliance and data transfers between the EU and the US

JC Gaillard is joined by cyber security expert Steven O'Sullivan to explore the issues surrounding IT and OT convergence and their implications for cyber security at large across industry sectors

JC Gaillard is joined by Chris Burtenshaw from Strata Security; together they explore the meaning of observability in the cyber security space: Is it just hype over substance? or is there more to it than meet the eye?

JC Gaillard is joined by Bostjan Makarovic from Aphaia for a great discussion on GDPR, the size of fine and role of regulators, the risk of irrelevance they may face if they keep things imbalanced, and the impact of the Schrems II ruling

JC Gaillard is joined by experienced operational resilience consultant Nick Simms to explore what resilience really means in business terms and where cyber resilience needs to fit within a broader business resilience framework

JC Gaillard is joined by Richard Preece, director of DA Resilience, to explore how best to frame the conversation at Board level around cyber security in order to engineer effective and efficient engagement and top-down dynamics

.By any account the last year has been crazy. So much had to change so quickly and that included cyber security. In this episode we discuss the key lessons learned about security and privacy.

In this episode we discuss the need for top down engagement by the board to bring life into the to security and privacy strategy of their organisation. We look at the importance of embedding these important considerations into the Environmental, Social and Governance (ESG). 

This is the first in a series of Cyber Security Transformation Podcasts. Each week JC and Steve will discuss the interesting cyber next stories and our own experiences with clients.

Jean Christophe Gaillard

M: +44 (0)7733 001 530

E: jcgaillard@corixpartners.com

https://twitter.com/@Corix_JC

Steve Lamb

M: +44 (0)75 0800 8864

E: steve.lamb@corixpartners.com

https://twitter.com/actionlamb