Secure Talk Podcast

My first SOC 2 audit as a Chief Technology Officer felt like performance art. Here we were, dancing to the tune of an auditor that had never built a web application, let alone a business. So many of their playbooks were repeated from other businesses and didn’t make us more secure. When we were done I was certainly glad to show off our new ‘certification’ but I wondered how I could implement great security and create value for my company. In this compelling episode of Secure Talk, host Justin interviews Bob Chaput, a seasoned CISO and cybersecurity leader with a rich background in the healthcare sector. The conversation traverses Bob’s extensive career, from his early days at GE to establishing Johnson & Johnson’s first information security program. Bob shares profound insights from his book, 'Cyber Risk Management as a Value Creator,' illustrating the shift of cybersecurity from a defensive necessity to a strategic business driver. They explore the critical role of governance, regulatory accountability, and the implementation of risk management frameworks like the NIST cybersecurity framework. Using real-world cases like Equifax’s post-breach recovery, Bob elucidates the tangible business value of robust cybersecurity measures. Learn about budgeting for cybersecurity, fostering organizational engagement, and integrating security into business operations for enhanced resilience and customer trust. This episode is a treasure trove for experts looking to transform their cybersecurity approach into a strategic advantage. Book:  Enterprise Cyber Risk Management as a Value Creator  https://bobchaput.com/enterprise-cyber-risk-management-as-a-value-creator/ 00:00 Welcome to SecureTalk: Introduction and Host Overview 00:41 The Importance of Scope in Cybersecurity 02:58 Introducing Bob Chaput: Cybersecurity Expert 04:45 Bob Chaput's Career Journey 08:17 Enterprise Cyber Risk Management as a Value Creator 12:20 The Role of Regulations and Accountability in Cybersecurity 17:26 Strategic Approach to Enterprise Cyber Risk Management 21:33 Risk and Opportunity Assessment in Cybersecurity 26:47 Leveraging Security Practices for Business Value 27:58 The Impact of Cybersecurity on Business Value 28:56 Clearwater's Role in Enhancing Cybersecurity 31:03 The ECRM Budget Philosophy 32:59 Maxims for Effective Cyber Risk Management 35:59 Building a Team Sport Culture in Cybersecurity 40:47 Foundational Components of ECRM 44:19 Challenges in Third-Party Risk Management 49:25 Clearwater's Journey and Future Prospects

In the never-ending vortex of Silicon Valley's hype cycle, it's easy to get lost in the sea of superficial success stories and forget that true innovation often requires patience, persistence, and a willingness to disrupt the status quo – not just a fancy logo or a tweet from a billionaire CEO. Inside of the froth however, there are investors and venture capitalists that think carefully about who they are investing in, why it is a durable venture and how to create the best impact for everyone. In this episode of Secure Talk, host Justin Beals welcomes Rey Kirton from Forge Point Capital to discuss venture capital's unique role in the cybersecurity industry. Rey shares his journey from consulting to venture capital, outlining the importance of building meaningful long-term relationships with companies he invests in. He explains how Forge Point Capital develops investment theses and highlights the value of solution-based, data-driven AI applications. The conversation delves into the significance of listening to customer feedback, industry patterns, and emerging themes like edge computing and AI in cybersecurity. The episode is a must-listen for founders and investors navigating the current market landscape, offering insights into building successful business partnerships and understanding evolving technology trends. 00:00 Welcome to SecureTalk 00:36 Introducing Our Guest: Ray Kirton 01:30 Rey Kirton's Career Journey 02:25 Venture Capital Insights 05:14 The Role of ForgePoint Capital 06:55 Investment Strategies and Challenges 17:01 AI in Cybersecurity 21:45 Leveraging Proprietary Data for AI and Data Science 23:19 The Rise and Fall of Blockchain and Crypto Hype 28:10 Understanding Venture Capital Dynamics 34:31 Future Trends in Technology and Investment 37:56 Advice for Aspiring Founders 39:09 The Importance of Customer Feedback 42:47 Building Strong Investor Relationships

"If you torture the data long enough, it will confess to anything" said Ronald Coase. Certainly the advent of AI has created some spectacular progress and failures. In the realm of patient care AI tools can have a powerful impact and there is little room for error. How do professionals in the Medical Device and Medical Software space prepare their solutions for the market? In the latest episode of SecureTalk, Justin is joined by Dr. Paul Campbell, who serves as the Head of Software and AI at the UK's Medicines and Healthcare products Regulatory Agency (MHRA). Dr. Campbell discusses his journey from pharmacy to becoming a prominent figure in healthcare IT and regulated software. The conversation covers the development of AI in healthcare, the global standardization of regulations, and the MHRA’s innovative initiatives such as AI Airlock, which are driving progress in medical technology. The discussion also delves into the vital role of data representation, ethical considerations in AI, and the complexities of implementing advanced technologies in real-world medical settings.

Much of the United States' progress since World War II on the global stage is due to a powerful partnership between private industry and the US government. The internet itself was a DARPA research project now turned into an economic juggernaut. How do we feed and support this powerful partnership? In this episode of SecureTalk, host Justin Beals welcomes Jason Healey, a senior research scholar at Columbia's School for International and Public Affairs. Jason, a pioneer in the field of cyber threat intelligence and former intelligence officer, discusses his extensive career and the evolution of cyber defense from the late 1990s to today. Topics include the origins of cybersecurity, the challenges of cyber warfare and policy, and the balance between defense and innovation. Jason elaborates on the critical role of metrics such as mean time to detect in measuring cybersecurity effectiveness and emphasizes the importance of harmonizing regulations and frameworks in the U.S. A detailed analysis of recent cyber incidents and the necessity for more robust cyber policies underlines the insightful conversation, making it essential listening for cybersecurity professionals.

I’ve participated or led technology product teams for 25 years. And engaging in effective security practices was three simple activities: least privileges, change management and network/server configurations. But in an ever-changing security environment, how do security leaders engage product teams in effective practices? Join us on Secure Talk with Naomi Buckwalter, the Senior Director of Product Security at Contrast Security. Throughout our conversation, Naomi shares her intriguing journey into the field of cybersecurity, from her early interest in tech and her educational background to landing a significant role at Vanguard Financial and eventually becoming a thought leader in cybersecurity. She explains the critical distinction between secure architecture reviews and secure code reviews and delves into the importance of trust and collaboration between developers and security engineers. Naomi also emphasizes the importance of inclusive hiring and discusses how she has successfully integrated individuals from non-traditional backgrounds into cybersecurity roles. As the founder of Cybersecurity Gatebreakers she helps technology teams find “young-in-career” talent ready to make an effective contribution. A poignant part of the discussion revolves around the concept of 'sec-splaining,' the need for excellent communication, and why security should be seen as a service to the business. This conversation is a must-listen for cybersecurity experts looking to enhance their understanding of team building and effective security management for software development. ----- Additional Resources:  Books: "The Smartest Person in The Room" by Christian Espinosa https://christianespinosa.com/books/the-smartest-person-in-the-room/ "Five Disfunctions of a Team" by  Patrick Lencioni https://www.amazon.com/Five-Dysfunctions-Team-Leadership-Fable/dp/0787960756