
The Cyber Security Transformation Podcast
By Corix Partners

The Cyber Security Transformation PodcastJun 01, 2023

Series 4 - "What's going on with CISOs and their budgets?" - Episode 3
In this third episode of our fourth series, JC Gaillard looks back at cybersecurity budgets and analyzes the reasons behind the considerable underspent highlighted by a recent survey

Series 4 - "Zero-Trust is not about Zero; it's about Trust" - Episode 2
JC Gaillard looks back at a number of aspects involving zero-trust technology and why putting technology first is probably the biggest mistake you can make in that space

Series 4 - "Time to Go Back to Basics with Cyber Security" - Episode 1
Welcome to the 1st episode of our 4th Series - JC Gaillard starts to look back at the various topics that have been catching his eye since the end of the previous series: In this episode, why it is key to look beyond the hype on a number of tech matters and refocus our approach to cyber security on key concepts.
Series 3 - "Process and People first, then Technology" - Episode 24
JC Gaillard reaches the final episode in this third series of the Corix Partners Cyber Security Transformation Podcast, and revisits a few key aspects highlighted throughout the series, in particular the importance of the "Process and People first, then Technology" principle
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 23
JC Gaillard continues to analyze the way the various aspects highlighted in earlier episodes of the Series are interlinked; in this episode, he goes back to the "when-not-if" paradigm around cyber attacks and why tactical and strategic execution is paramount for the new CISO
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 22
JC Gaillard reaches the final episodes in this Series and starts to look at how the various aspects highlighted in earlier episodes are interlinked; in this episode, the key traits senior execs and Board members need to focus on when hiring a new CISO
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 21
JC Gaillard looks at the way the cyber security agenda needs to be framed at Board level, to enable the best positioning of the role and profile of the new CISO ahead of the "First 100 Days"
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 20
JC Gaillard digs into the concept and definition of a Security Operating Model, why it needs to underpin the "First 100 Days of the New CISO", and why "Process and People first, then Technology" has to be the main guiding principle here
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 19
JC Gaillard continues exploring a few specific topics surrounding the "First 100 Days of the New CISO"; in this episode, the reporting line of the CISO, why it matters and how to determine which would work best
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 18
As part of his continuing exploration of the "First 100 Days of the New CISO", JC Gaillard looks into the profile of the CISO and why management experience is of paramount importance, over and above technical knowledge.
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 17
JC Gaillard continues exploring the topics surrounding the "First 100 Days of the New CISO"; in this episode, he dives into the aspects surrounding the tenure of the CISO and why it is key to driving security transformation
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 16 - with guest Neil Cordell
JC Gaillard is joined by Head of Cyber and Information Security at Swansea University Neil Cordell, to discuss his real-life experience of taking up a new CISO position in the midst of the Covid pandemic, and the lessons that can be learnt about bringing all stakeholders on board the cyber security transformation journey
Neil's details can be found here on Linkedin >> https://www.linkedin.com/in/neilcordell/
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 15
JC Gaillard reaches the end of his exploration of the "First 100 Days of the New CISO" and before moving on to a number of episodes with guests on the theme, he digs into "expectations vs. reality" and explores the root causes of the disconnect which may exist between what the CISO finds on arrival and what they were sold at interview time
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 14
JC Gaillard continues its exploration of the "First 100 Days of the New CISO" with an analysis on how tactical firefighting and the unavoidable handling of cybersecurity incidents must not be seen just as a "curse" throughout the first 100 days, but can be used to build up trust with stakeholders
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 13
JC Gaillard reaches the end of the "6 days-6 weeks-6 months" cycle he explored around "The First 100 Days of the New CISO", and looks at what happens next, and how CISOs can continue to drive change
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 12
JC Gaillard reaches the "6 months" part of his journey throughout the "First 100 Days of the New CISO"; in this episode, how to build an execution framework to support the strategic vision defined earlier, and why governance is key at this stage to support lasting change
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 11
JC Gaillard continues developing his "6 days - 6 weeks - 6 months" model, framing the first 100 days of the new CISO; in this episode, the six weeks horizon, and how to continue building a strategic framework addressing the key challenges of the new CISO role
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 10
JC Gaillard continues to look back at his 2017-2018 series of articles about "The First 100 Days of the New CISO"; in this episode, he looks into the challenges of the first week, and why it is key to understand the firm, its people and its culture from the start
Series 3 - Looking back at "The First 100 Days of the New CISO" - Episode 9
We enter the second part of our third series and JC Gaillard starts exploring and revisiting his 2017-2018 series of articles entitled "The First 100 Days of the New CISO"; in this episode, why context is key and how to assess it, looking in turn at the profile of the person, the nature of the role and the maturity of the firm
Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 8
JC Gaillard reaches the final part in the re-examination of his 2015 series titled "The CIO Guide to a Successful Cyber Security Practice"; in this episode, why it is key to think in terms of process first when architecting a cyber security practice, and not in terms of technical tools
Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 7
JC Gaillard reaches the 7th key management pitfall to avoid in his re-assessment of his 2015 series of articles entitled "The CIO Guide to a Successful Cyber Security Practice"; in this episode, why it is key to look at cyber security as a structured practice, and not just a collection of tactical activities and technical projects
Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 6
JC Gaillard reaches a key point in his journey through the 8 key management pitfalls for CIOs and CTOs to avoid when building or rebuilding cyber security practices; in this episode, why it is key to see cyber security not just as a technology discipline, and to build it as a cross-silo practice from the start
Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice - Episode 5
JC Gaillard moves onto his 5th key management pitfall to avoid when building or rebuilding effective and efficient cyber security practices; in this episode, why it is key to think in terms of operating model and work with all stakeholders including HR, in the definition and distribution of cyber security accountabilities and responsibilities
Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 4
JC Gaillard continues his re-examination of his 2015 series of articles titled "The CIO Guide to a Successful Cyber Security Practice"; in this episode, why it is key to look beyond the short term and think in terms of process to drive effective and lasting change
Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 3
JC Gaillard continues exploring and updating his 2015 series on the "CIO Guide to a Successful Cyber Security Practice"; in this episode, why throwing money at the problem is rarely the solution to maturity development around cyber security and why trust is paramount in the relation between the CISO and senior execs
Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 2
JC Gaillard continues to look back at his 2015 articles series "The CIO Giude to a Successful Cyber Security Practice" and highlights why risk management alone can no longer be the beating heart of cyber security practices
Series 3 - Looking back at "The CIO Guide to a Successful Cyber Security Practice" - Episode 1
JC Gaillard looks back at his 2015 series of articles published on the Corix Partners blog under the title of "The CIO Guide to a Successful Cyber Security Practice"; in this episode, he re-examines the first pitfall to avoid for CIOs and why cyber security cannot just be seen as an "enabler"
Series 2 - Episode 15 - A Look Back at the log4j Incident - with guest Chris Burtenshaw
JC Gaillard is joined by Chris Burtenshaw from Strata Security to discuss how the log4j incident unfolded and was handled, and the lessons that can be learnt from the pas few months
Series 2 - Episode 14 - Where are we now with GDPR? - with guest Cristina Contero
JC Gaillard is joined by Cristina Contero from Aphaia to follow up on earlier podcasts episodes on GDPR and review what has changed over the past 6 to 8 months since our last podcast on the theme with Bostjan Makarovic
Series 2 - Episode 13 - A Look Back at Cyber Security in 2021 - with guest Steve Lamb
JC Gaillard is joined again by guest Steve Lamb, who animated the launch of the first series of the podcast last year; together they look back at the drivers that have shaped cyber security throughout 2021, and more generally throughout the COVID pandemic
Series 2 - Episode 12 - Cyber Security, Governance & Risk for the Digital Age - with guest Richard Preece
JC Gaillard is joined by Richard Preece, Founder & Director, DA Resilience to discuss how the pandemic has affected cybersecurity governance, controls appetite and risk management from the Board down, and how exponential changes over the next decade are going to impact those trends
Series 2 - Episode 11 - Cyber Security, the CISO and the CIO: Seeing it From Both Sides of the Fence - with guest Natasha McCabe
JC Gaillard is joined by Natasha McCabe to discuss the leadership lessons which can be learned from having held both CISO and CIO roles, and having seen cyber security from the two sides of the fence
Series 2 - Episode 10 - Oscar O'Connor and JC Gaillard on Security Transformation, Covid-19, People and Trust
JC Gaillard is joined by Oscar O'Connor to discuss "Playing the Triangles", his latest piece on the Corix Partners blog: A reflection on business and security transformation dynamics in the post-covid era
Series 2 - Episode 9 - Looking Back at the Cyber Security Skills Gap: Real Problem or Self-inflicted Pain? - with guest Rayna Stamboliyska
JC Gaillard is joined by Rayna Stamboliyska to look back at the cyber security skills back, its implications and how to address it through better talent management, clearer career paths and a greater emphasis on diversity
Series 2 - Episode 8 - The Impact of the COVID Pandemic on Cyber Insurance: What has changed and what to expect? - with guest Hani Banayoti
JC Gaillard is joined with Hani Banayoti from CyberSolace to explore the impact the COVID-19 pandemic has had on the cyber insurance sector and what can be expected going forward in terms of new dynamics
Series 2 - Episode 7 - Cyber Security Career Paths: How do you bridge between security roles and IT management roles? - with guest Alexa Glynn
JC Gaillard is joined by Alexa Glynn, from Rabobank Australia & New Zealand, to discuss how you transition from security roles into IT management roles and why security professionals don't have to feel condemned to hopping between security jobs
Series 2 - Episode 6 - GDPR and the Schrems II ruling: Where are we now around data transfers between the EU and the US? - with guest Bostjan Makarovic
JC Gaillard is joined again by guest Bostjan Makarovic from Aphaia to discuss the impact of the Schrems II ruling on GDPR compliance and data transfers between the EU and the US
Series 2 - Episode 5 - IT Security vs. OT Security: What's the state of play? - with guest Steven O'Sullivan
JC Gaillard is joined by cyber security expert Steven O'Sullivan to explore the issues surrounding IT and OT convergence and their implications for cyber security at large across industry sectors
Series 2 - Episode 4 - Observability: What does it really mean for cyber security? - with guest Chris Burtenshaw
JC Gaillard is joined by Chris Burtenshaw from Strata Security; together they explore the meaning of observability in the cyber security space: Is it just hype over substance? or is there more to it than meet the eye?
Series 2 - Episode 3 - Where are we now with GDPR? - with guest Bostjan Makarovic
JC Gaillard is joined by Bostjan Makarovic from Aphaia for a great discussion on GDPR, the size of fine and role of regulators, the risk of irrelevance they may face if they keep things imbalanced, and the impact of the Schrems II ruling
Series 2 - Episode 2 - Resilience: What Does It Really Mean in Business Terms? - with guest Nick Simms
JC Gaillard is joined by experienced operational resilience consultant Nick Simms to explore what resilience really means in business terms and where cyber resilience needs to fit within a broader business resilience framework
Series 2 - Episode 1 - How to Frame the Cyber Security Conversation at Board Level? - with guest Richard Preece
JC Gaillard is joined by Richard Preece, director of DA Resilience, to explore how best to frame the conversation at Board level around cyber security in order to engineer effective and efficient engagement and top-down dynamics
What did we learn about cyber in the crazy year that was 2020?
.By any account the last year has been crazy. So much had to change so quickly and that included cyber security. In this episode we discuss the key lessons learned about security and privacy.
Digital transformation - is the role of the CISO becoming an outdated concept?
Ransomware: Why is defense in depth so important?
How to embed security and privacy on the board agenda?
In this episode we discuss the need for top down engagement by the board to bring life into the to security and privacy strategy of their organisation. We look at the importance of embedding these important considerations into the Environmental, Social and Governance (ESG).
GDPR - when are the regulators going to show their muscles?
From Cyber Security Awareness to Genuine Cultural Change: What do you need to make this work?
Where are we with Cyber Insurance?
Why it’s important for CISOs not to get lost firefighting
Why should security and privacy be included in the MVP of startups
How to address the proliferation of security tools
Cyber security skills gap - what skills gap?
Where are we with GDPR?
Is it the right time to adopt Zero Trust Networking?
Ransomware - key elements to bear in mind and how to respond
The importance of data privacy
Does the role of the "Virtual CISO" make any sense
Many still don’t really know what to do to protect themselves and turn to “virtual CISO” services for assistance.
While this is better than doing nothing or relying blindly on the security of cloud providers, those externalised, part-time services – often delivered remotely – are rarely the magic bullet they pretend to be…
The hard truth around cyber security awareness programmes
The tenure of CISOs
Ensuring security and privacy for bespoke software
Episode 1
This is the first in a series of Cyber Security Transformation Podcasts. Each week JC and Steve will discuss the interesting cyber next stories and our own experiences with clients.
Jean Christophe Gaillard
M: +44 (0)7733 001 530
E: jcgaillard@corixpartners.com
https://twitter.com/@Corix_JC
Steve Lamb
M: +44 (0)75 0800 8864
E: steve.lamb@corixpartners.com
https://twitter.com/actionlamb